diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 785257142d..88d163d67c 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -11,7 +11,7 @@
For overall help on editing and submitting pull requests, visit:
https://kubernetes.io/docs/contribute/start/#improve-existing-content
- Use the default base branch, “master”, if you're documenting existing
+ Use the default base branch, “main”, if you're documenting existing
features in the English localization.
If you're working on a different localization (not English), see
diff --git a/Makefile b/Makefile
index bcae221430..a103f4e58e 100644
--- a/Makefile
+++ b/Makefile
@@ -6,8 +6,9 @@ NETLIFY_FUNC = $(NODE_BIN)/netlify-lambda
# but this can be overridden when calling make, e.g.
# CONTAINER_ENGINE=podman make container-image
CONTAINER_ENGINE ?= docker
+IMAGE_REGISTRY ?= gcr.io/k8s-staging-sig-docs
IMAGE_VERSION=$(shell scripts/hash-files.sh Dockerfile Makefile | cut -c 1-12)
-CONTAINER_IMAGE = kubernetes-hugo:v$(HUGO_VERSION)-$(IMAGE_VERSION)
+CONTAINER_IMAGE = $(IMAGE_REGISTRY)/k8s-website-hugo:v$(HUGO_VERSION)-$(IMAGE_VERSION)
CONTAINER_RUN = $(CONTAINER_ENGINE) run --rm --interactive --tty --volume $(CURDIR):/src
CCRED=\033[0;31m
@@ -95,4 +96,4 @@ clean-api-reference: ## Clean all directories in API reference directory, preser
api-reference: clean-api-reference ## Build the API reference pages. go needed
cd api-ref-generator/gen-resourcesdocs && \
- go run cmd/main.go kwebsite --config-dir config/v1.21/ --file api/v1.21/swagger.json --output-dir ../../content/en/docs/reference/kubernetes-api --templates templates
+ go run cmd/main.go kwebsite --config-dir ../../api-ref-assets/config/ --file ../../api-ref-assets/api/swagger.json --output-dir ../../content/en/docs/reference/kubernetes-api --templates ../../api-ref-assets/templates
diff --git a/OWNERS b/OWNERS
index 9b12305b4b..8e4e14f60c 100644
--- a/OWNERS
+++ b/OWNERS
@@ -8,7 +8,9 @@ approvers:
emeritus_approvers:
# - chenopis, commented out to disable PR assignments
+# - irvifa, commented out to disable PR assignments
# - jaredbhatti, commented out to disable PR assignments
+# - kbarnard10, commented out to disable PR assignments
# - steveperry-53, commented out to disable PR assignments
- stewart-yu
# - zacharysarah, commented out to disable PR assignments
diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES
index 2feb3cdb2d..462728069d 100644
--- a/OWNERS_ALIASES
+++ b/OWNERS_ALIASES
@@ -1,12 +1,8 @@
aliases:
sig-docs-blog-owners: # Approvers for blog content
- - castrojo
- - kbarnard10
- onlydole
- mrbobbytables
sig-docs-blog-reviewers: # Reviewers for blog content
- - castrojo
- - kbarnard10
- mrbobbytables
- onlydole
- sftim
@@ -22,31 +18,25 @@ aliases:
- annajung
- bradtopol
- celestehorgan
- - irvifa
- jimangel
- - kbarnard10
+ - jlbutler
- kbhawkey
- onlydole
- pi-victor
- reylejano
- savitharaghunathan
- sftim
- - steveperry-53
- tengqm
- - zparnold
sig-docs-en-reviews: # PR reviews for English content
- bradtopol
- celestehorgan
- daminisatya
- jimangel
- - kbarnard10
- kbhawkey
- onlydole
- rajeshdeshpande02
- sftim
- - steveperry-53
- tengqm
- - zparnold
sig-docs-es-owners: # Admins for Spanish content
- raelga
- electrocucaracha
@@ -94,7 +84,6 @@ aliases:
- danninov
- girikuncoro
- habibrosyad
- - irvifa
- phanama
- wahyuoi
sig-docs-id-reviews: # PR reviews for Indonesian content
@@ -102,7 +91,6 @@ aliases:
- danninov
- girikuncoro
- habibrosyad
- - irvifa
- phanama
- wahyuoi
sig-docs-it-owners: # Admins for Italian content
@@ -138,14 +126,14 @@ aliases:
- ClaudiaJKang
- gochist
- ianychoi
- - seokho-son
- - ysyukr
+ - jihoon-seo
+ - jmyung
- pjhwa
+ - seokho-son
- yoonian
+ - ysyukr
sig-docs-leads: # Website chairs and tech leads
- - irvifa
- jimangel
- - kbarnard10
- kbhawkey
- onlydole
- sftim
@@ -163,8 +151,10 @@ aliases:
# zhangxiaoyu-zidif
sig-docs-zh-reviews: # PR reviews for Chinese content
- chenrui333
+ - chenxuc
- howieyuen
- idealhack
+ - mengjiao-liu
- pigletfly
- SataQiu
- tanjunchen
@@ -235,10 +225,12 @@ aliases:
- parispittman
# authoritative source: https://git.k8s.io/sig-release/OWNERS_ALIASES
sig-release-leads:
+ - cpanato # SIG Technical Lead
- hasheddan # SIG Technical Lead
- jeremyrickard # SIG Technical Lead
- justaugustus # SIG Chair
- LappleApple # SIG Program Manager
+ - puerco # SIG Technical Lead
- saschagrunert # SIG Chair
release-engineering-approvers:
- cpanato # Release Manager
@@ -250,6 +242,7 @@ aliases:
release-engineering-reviewers:
- ameukam # Release Manager Associate
- jimangel # Release Manager Associate
+ - markyjackson-taulia # Release Manager Associate
- mkorbi # Release Manager Associate
- palnabarun # Release Manager Associate
- onlydole # Release Manager Associate
diff --git a/README-ja.md b/README-ja.md
index 49d0dd1bad..91e624c610 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,6 +1,6 @@
# Kubernetesのドキュメント
-[](https://app.netlify.com/sites/kubernetes-io-master-staging/deploys) [](https://github.com/kubernetes/website/releases/latest)
+[](https://app.netlify.com/sites/kubernetes-io-main-staging/deploys) [](https://github.com/kubernetes/website/releases/latest)
このリポジトリには、[KubernetesのWebサイトとドキュメント](https://kubernetes.io/)をビルドするために必要な全アセットが格納されています。貢献に興味を持っていただきありがとうございます!
diff --git a/README-ko.md b/README-ko.md
index c4038212c6..c3e1068b2e 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,6 +1,6 @@
# 쿠버네티스 문서화
-[](https://app.netlify.com/sites/kubernetes-io-master-staging/deploys) [](https://github.com/kubernetes/website/releases/latest)
+[](https://app.netlify.com/sites/kubernetes-io-main-staging/deploys) [](https://github.com/kubernetes/website/releases/latest)
이 저장소에는 [쿠버네티스 웹사이트 및 문서](https://kubernetes.io/)를 빌드하는 데 필요한 자산이 포함되어 있습니다. 기여해주셔서 감사합니다!
diff --git a/README-pl.md b/README-pl.md
index 5426aef445..06bde04303 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -1,6 +1,6 @@
# Dokumentacja projektu Kubernetes
-[](https://app.netlify.com/sites/kubernetes-io-master-staging/deploys) [](https://github.com/kubernetes/website/releases/latest)
+[](https://app.netlify.com/sites/kubernetes-io-main-staging/deploys) [](https://github.com/kubernetes/website/releases/latest)
W tym repozytorium znajdziesz wszystko, czego potrzebujesz do zbudowania [strony internetowej Kubernetesa wraz z dokumentacją](https://kubernetes.io/). Bardzo nam miło, że chcesz wziąć udział w jej współtworzeniu!
@@ -18,7 +18,7 @@ Aby móc skorzystać z tego repozytorium, musisz lokalnie zainstalować:
- [npm](https://www.npmjs.com/)
- [Go](https://golang.org/)
- [Hugo (Extended version)](https://gohugo.io/)
-- Środowisko obsługi kontenerów, np. [Docker-a](https://www.docker.com/).
+- Środowisko obsługi kontenerów, np. [Dockera](https://www.docker.com/).
Przed rozpoczęciem zainstaluj niezbędne zależności. Sklonuj repozytorium i przejdź do odpowiedniego katalogu:
@@ -43,7 +43,9 @@ make container-image
make container-serve
```
-Aby obejrzeć zawartość serwisu otwórz w przeglądarce adres http://localhost:1313. Po każdej zmianie plików źródłowych, Hugo automatycznie aktualizuje stronę i odświeża jej widok w przeglądarce.
+Jeśli widzisz błędy, prawdopodobnie kontener z Hugo nie dysponuje wystarczającymi zasobami. Aby rozwiązać ten problem, zwiększ ilość dostępnych zasobów CPU i pamięci dla Dockera na Twojej maszynie ([MacOSX](https://docs.docker.com/docker-for-mac/#resources) i [Windows](https://docs.docker.com/docker-for-windows/#resources)).
+
+Aby obejrzeć zawartość serwisu, otwórz w przeglądarce adres http://localhost:1313. Po każdej zmianie plików źródłowych, Hugo automatycznie aktualizuje stronę i odświeża jej widok w przeglądarce.
## Jak uruchomić lokalną kopię strony przy pomocy Hugo?
diff --git a/README-pt.md b/README-pt.md
index e27bf544d1..d856bf7b42 100644
--- a/README-pt.md
+++ b/README-pt.md
@@ -1,6 +1,6 @@
# A documentação do Kubernetes
-[](https://app.netlify.com/sites/kubernetes-io-master-staging/deploys) [](https://github.com/kubernetes/website/releases/latest)
+[](https://app.netlify.com/sites/kubernetes-io-main-staging/deploys) [](https://github.com/kubernetes/website/releases/latest)
Bem-vindos! Este repositório contém todos os recursos necessários para criar o [website e documentação do Kubernetes](https://kubernetes.io/). Estamos muito satisfeitos por você querer contribuir!
diff --git a/README-ru.md b/README-ru.md
index 348f92a82e..82eb96689d 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,6 +1,6 @@
# Документация по Kubernetes
-[](https://app.netlify.com/sites/kubernetes-io-master-staging/deploys) [](https://github.com/kubernetes/website/releases/latest)
+[](https://app.netlify.com/sites/kubernetes-io-main-staging/deploys) [](https://github.com/kubernetes/website/releases/latest)
Данный репозиторий содержит все необходимые файлы для сборки [сайта Kubernetes и документации](https://kubernetes.io/). Мы благодарим вас за желание внести свой вклад!
diff --git a/README-uk.md b/README-uk.md
index 2872b406d1..c1605b0c85 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,7 +1,7 @@
# Документація Kubernetes
-[](https://app.netlify.com/sites/kubernetes-io-master-staging/deploys) [](https://github.com/kubernetes/website/releases/latest)
+[](https://app.netlify.com/sites/kubernetes-io-main-staging/deploys) [](https://github.com/kubernetes/website/releases/latest)
Вітаємо! В цьому репозиторії міститься все необхідне для роботи над [сайтом і документацією Kubernetes](https://kubernetes.io/). Ми щасливі, що ви хочете зробити свій внесок!
diff --git a/README-zh.md b/README-zh.md
index ef259ef2d0..6c594b3934 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -4,7 +4,7 @@
# The Kubernetes documentation
-->
-[](https://app.netlify.com/sites/kubernetes-io-master-staging/deploys) [](https://github.com/kubernetes/website/releases/latest)
+[](https://app.netlify.com/sites/kubernetes-io-main-staging/deploys) [](https://github.com/kubernetes/website/releases/latest)
+
+{{if .ApiVersion}}`apiVersion: {{.ApiVersion}}`{{end}}
+
+{{if .Import}}`import "{{.Import}}"`{{end}}
+
+{{range .Sections}}
+{{.Description | replace "<" "\\<" }}
+
+
+{{range .Fields}}
+{{ "" | indent .Indent | indent .Indent}}- {{.Name}}{{if .Value}}: {{.Value}}{{end}}
+{{if .Description}}
+{{.Description | replace "<" "\\<" | indent 2 | indent .Indent | indent .Indent}}
+{{- end}}
+{{if .TypeDefinition}}
+{{ "" | indent .Indent | indent .Indent}}
+{{.TypeDefinition | indent 2 | indent .Indent | indent .Indent}}
+{{end}}
+{{- end}}{{/* range .Fields */}}
+
+{{range .FieldCategories}}
+### {{.Name}} {#{{"-" | regexReplaceAll "[^a-zA-Z0-9]+" .Name }}}{{/* explicitly set fragment to keep capitalization */}}
+
+{{range .Fields}}
+{{ "" | indent .Indent | indent .Indent}}- {{.Name}}{{if .Value}}: {{.Value}}{{end}}
+{{if .Description}}
+{{.Description | replace "<" "\\<" | indent 2 | indent .Indent | indent .Indent}}
+{{- end}}
+{{if .TypeDefinition}}
+{{ "" | indent .Indent | indent .Indent}}
+{{.TypeDefinition | indent 2 | indent .Indent | indent .Indent}}
+{{end}}
+{{- end}}{{/* range .Fields */}}
+
+{{- end}}{{/* range .FieldCategories */}}
+
+{{range .Operations}}
+
+### `{{.Verb}}` {{.Title}}
+
+#### HTTP Request
+
+{{.RequestMethod}} {{.RequestPath}}
+
+#### Parameters
+
+{{range .Parameters}}
+- {{.Title}}
+
+{{.Description | indent 2}}
+
+{{end}}{{/* range .Parameters */}}
+
+#### Response
+
+{{range .Responses}}
+{{.Code}}{{if .Type}} ({{.Type}}){{end}}: {{.Description}}
+{{end}}{{/* range .Responses */}}
+
+{{- end}}{{/* range .Operations */}}
+{{- end}}{{/* range .Sections */}}
diff --git a/api-ref-assets/templates/chapter.tmpl b/api-ref-assets/templates/chapter.tmpl
new file mode 100644
index 0000000000..9fb80e2209
--- /dev/null
+++ b/api-ref-assets/templates/chapter.tmpl
@@ -0,0 +1,85 @@
+---
+api_metadata:
+ apiVersion: "{{.ApiVersion}}"
+ import: "{{.Import}}"
+ kind: "{{.Kind}}"
+content_type: "api_reference"
+description: "{{.Metadata.Description}}"
+title: "{{.Metadata.Title}}"
+weight: {{.Metadata.Weight}}
+auto_generated: true
+---
+
+
+
+{{if .ApiVersion}}`apiVersion: {{.ApiVersion}}`{{end}}
+
+{{if .Import}}`import "{{.Import}}"`{{end}}
+
+{{range .Sections}}
+## {{.Name}} {#{{"-" | regexReplaceAll "[^a-zA-Z0-9]+" .Name }}}{{/* explicitly set fragment to keep capitalization */}}
+
+{{.Description | replace "<" "\\<" }}
+
+
+{{range .Fields}}
+{{ "" | indent .Indent | indent .Indent}}- {{.Name}}{{if .Value}}: {{.Value}}{{end}}
+{{if .Description}}
+{{.Description | replace "<" "\\<" | indent 2 | indent .Indent | indent .Indent}}
+{{- end}}
+{{if .TypeDefinition}}
+{{ "" | indent .Indent | indent .Indent}}
+{{.TypeDefinition | indent 2 | indent .Indent | indent .Indent}}
+{{end}}
+{{- end}}{{/* range .Fields */}}
+
+{{range .FieldCategories}}
+### {{.Name}}
+
+{{range .Fields}}
+{{ "" | indent .Indent | indent .Indent}}- {{.Name}}{{if .Value}}: {{.Value}}{{end}}
+{{if .Description}}
+{{.Description | replace "<" "\\<" | indent 2 | indent .Indent | indent .Indent}}
+{{- end}}
+{{if .TypeDefinition}}
+{{ "" | indent .Indent | indent .Indent}}
+{{.TypeDefinition | indent 2 | indent .Indent | indent .Indent}}
+{{end}}
+{{- end}}{{/* range .Fields */}}
+
+{{- end}}{{/* range .FieldCategories */}}
+
+{{range .Operations}}
+
+### `{{.Verb}}` {{.Title}}
+
+#### HTTP Request
+
+{{.RequestMethod}} {{.RequestPath}}
+
+#### Parameters
+
+{{range .Parameters}}
+- {{.Title}}
+
+{{.Description | indent 2}}
+
+{{end}}{{/* range .Parameters */}}
+
+#### Response
+
+{{range .Responses}}
+{{.Code}}{{if .Type}} ({{.Type}}){{end}}: {{.Description}}
+{{end}}{{/* range .Responses */}}
+
+{{- end}}{{/* range .Operations */}}
+{{- end}}{{/* range .Sections */}}
diff --git a/api-ref-assets/templates/part-index.tmpl b/api-ref-assets/templates/part-index.tmpl
new file mode 100644
index 0000000000..36833ee9bb
--- /dev/null
+++ b/api-ref-assets/templates/part-index.tmpl
@@ -0,0 +1,17 @@
+---
+title: "{{.Title}}"
+weight: {{.Weight}}
+auto_generated: true
+---
+
+
+
diff --git a/api-ref-generator b/api-ref-generator
index 78e64febda..55bce68622 160000
--- a/api-ref-generator
+++ b/api-ref-generator
@@ -1 +1 @@
-Subproject commit 78e64febda1b53cafc79979c5978b42162cea276
+Subproject commit 55bce686224caba37f93e1e1eb53c0c9fc104ed4
diff --git a/archetypes/blog-post.md b/archetypes/blog-post.md
new file mode 100644
index 0000000000..acad021c68
--- /dev/null
+++ b/archetypes/blog-post.md
@@ -0,0 +1,61 @@
+---
+layout: blog
+title: "{{ replace .Name "-" " " | title }}"
+date: {{ .Date }}
+draft: true
+slug:
+---
+
+**Author:** (), ()
+
+
+
+Replace this first line of your content with one to three sentences that summarize the blog post.
+
+## This is a section heading
+
+To help the reader, organize your content into sections that contain about three to six paragraphs.
+
+If you're documenting commands, separate the commands from the outputs, like this:
+
+1. Verify that the Secret exists by running the following command:
+
+ ```shell
+ kubectl get secrets
+ ```
+
+ The response should be like this:
+
+ ```shell
+ NAME TYPE DATA AGE
+ mysql-pass-c57bb4t7mf Opaque 1 9s
+ ```
+
+You're free to create any sections you like. Below are a few common patterns we see at the end of blog posts.
+
+## What’s next?
+
+This optional section describes the future of the thing you've just described in the post.
+
+## How can I learn more?
+
+This optional section provides links to more information. Please avoid promoting and over-represent your organization.
+
+## How do I get involved?
+
+An optional section that links to resources for readers to get involved, and acknowledgments of individual contributors, such as:
+
+* [The name of a channel on Slack, #a-channel](https://.slack.com/messages/)
+
+* [A link to a "contribute" page with more information]().
+
+* Acknowledgements and thanks to the contributors. ([](https://github.com/)) who did X, Y, and Z.
+
+* Those interested in getting involved with the design and development of , join the [](https://github.com/project/community/tree/master/). We’re rapidly growing and always welcome new contributors.
diff --git a/cloudbuild.yaml b/cloudbuild.yaml
new file mode 100644
index 0000000000..61b5adc5f4
--- /dev/null
+++ b/cloudbuild.yaml
@@ -0,0 +1,25 @@
+# See https://cloud.google.com/cloud-build/docs/build-config
+
+# this must be specified in seconds. If omitted, defaults to 600s (10 mins)
+timeout: 1200s
+# this prevents errors if you don't use both _GIT_TAG and _PULL_BASE_REF,
+# or any new substitutions added in the future.
+options:
+ substitution_option: ALLOW_LOOSE
+steps:
+ # It's fine to bump the tag to a recent version, as needed
+ - name: "gcr.io/k8s-testimages/gcb-docker-gcloud:v20190906-745fed4"
+ entrypoint: make
+ env:
+ - DOCKER_CLI_EXPERIMENTAL=enabled
+ - TAG=$_GIT_TAG
+ - BASE_REF=$_PULL_BASE_REF
+ args:
+ - container-image
+substitutions:
+ # _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and
+ # can be used as a substitution
+ _GIT_TAG: "12345"
+ # _PULL_BASE_REF will contain the ref that was pushed to to trigger this build -
+ # a branch like 'master' or 'release-0.2', or a tag like 'v0.2'.
+ _PULL_BASE_REF: "master"
diff --git a/config.toml b/config.toml
index e1ef9db014..eba5852abb 100644
--- a/config.toml
+++ b/config.toml
@@ -138,12 +138,12 @@ time_format_default = "January 02, 2006 at 3:04 PM PST"
description = "Production-Grade Container Orchestration"
showedit = true
-latest = "v1.21"
+latest = "v1.22"
-fullversion = "v1.21.0"
-version = "v1.21"
-githubbranch = "master"
-docsbranch = "master"
+fullversion = "v1.22.0"
+version = "v1.22"
+githubbranch = "main"
+docsbranch = "main"
deprecated = false
currentUrl = "https://kubernetes.io/docs/home/"
nextUrl = "https://kubernetes-io-vnext-staging.netlify.com/"
@@ -178,45 +178,46 @@ js = [
]
[[params.versions]]
-fullversion = "v1.21.0"
-version = "v1.21"
-githubbranch = "v1.21.0"
-docsbranch = "master"
+fullversion = "v1.22.0"
+version = "v1.22"
+githubbranch = "v1.22.0"
+docsbranch = "main"
url = "https://kubernetes.io"
[[params.versions]]
-fullversion = "v1.20.5"
+fullversion = "v1.21.4"
+version = "v1.21"
+githubbranch = "v1.21.4"
+docsbranch = "release-1.21"
+url = "https://v1-21.docs.kubernetes.io"
+
+[[params.versions]]
+fullversion = "v1.20.10"
version = "v1.20"
-githubbranch = "v1.20.5"
+githubbranch = "v1.20.10"
docsbranch = "release-1.20"
url = "https://v1-20.docs.kubernetes.io"
[[params.versions]]
-fullversion = "v1.19.9"
+fullversion = "v1.19.14"
version = "v1.19"
-githubbranch = "v1.19.9"
+githubbranch = "v1.19.14"
docsbranch = "release-1.19"
url = "https://v1-19.docs.kubernetes.io"
[[params.versions]]
-fullversion = "v1.18.17"
+fullversion = "v1.18.20"
version = "v1.18"
-githubbranch = "v1.18.17"
+githubbranch = "v1.18.20"
docsbranch = "release-1.18"
url = "https://v1-18.docs.kubernetes.io"
-[[params.versions]]
-fullversion = "v1.17.17"
-version = "v1.17"
-githubbranch = "v1.17.17"
-docsbranch = "release-1.17"
-url = "https://v1-17.docs.kubernetes.io"
-
-
# User interface configuration
[params.ui]
# Enable to show the side bar menu in its compact state.
sidebar_menu_compact = false
+# https://github.com/gohugoio/hugo/issues/8918#issuecomment-903314696
+sidebar_cache_limit = 1
# Set to true to disable breadcrumb navigation.
breadcrumb_disable = false
# Set to true to hide the sidebar search box (the top nav search box will still be displayed if search is enabled)
diff --git a/content/de/_index.html b/content/de/_index.html
index 838552b5c4..78d3b5e003 100644
--- a/content/de/_index.html
+++ b/content/de/_index.html
@@ -9,7 +9,7 @@ cid: home
{{% blocks/feature image="flower" %}}
### [Kubernetes (K8s)]({{< relref "/docs/concepts/overview/what-is-kubernetes" >}}) ist ein Open-Source-System zur Automatisierung der Bereitstellung, Skalierung und Verwaltung von containerisierten Anwendungen.
-Es gruppiert Container, aus denen sich eine Anwendung zusammensetzt, in logische Einheiten, um die Verwaltung und Erkennung zu erleichtern. Kubernetes baut auf [15 Jahre Erfahrung in Bewältigung von Produktions-Workloads bei Google] (http://queue.acm.org/detail.cfm?id=2898444), kombiniert mit Best-of-Breed-Ideen und Praktiken aus der Community.
+Es gruppiert Container, aus denen sich eine Anwendung zusammensetzt, in logische Einheiten, um die Verwaltung und Erkennung zu erleichtern. Kubernetes baut auf [15 Jahre Erfahrung in Bewältigung von Produktions-Workloads bei Google](http://queue.acm.org/detail.cfm?id=2898444), kombiniert mit Best-of-Breed-Ideen und Praktiken aus der Community.
{{% /blocks/feature %}}
{{% blocks/feature image="scalable" %}}
@@ -57,4 +57,4 @@ Kubernetes ist Open Source und bietet Dir die Freiheit, die Infrastruktur vor Or
{{< blocks/kubernetes-features >}}
-{{< blocks/case-studies >}}
\ No newline at end of file
+{{< blocks/case-studies >}}
diff --git a/content/de/docs/concepts/cluster-administration/addons.md b/content/de/docs/concepts/cluster-administration/addons.md
index f5eedeb59b..abf15e453f 100644
--- a/content/de/docs/concepts/cluster-administration/addons.md
+++ b/content/de/docs/concepts/cluster-administration/addons.md
@@ -26,7 +26,7 @@ Die Add-Ons in den einzelnen Kategorien sind alphabetisch sortiert - Die Reihenf
* [CNI-Genie](https://github.com/Huawei-PaaS/CNI-Genie) ermöglicht das nahtlose Verbinden von Kubernetes mit einer Reihe an CNI-Plugins wie z.B. Calico, Canal, Flannel, Romana, oder Weave.
* [Contiv](http://contiv.github.io) bietet konfigurierbares Networking (Native L3 auf BGP, Overlay mit vxlan, Klassisches L2, Cisco-SDN/ACI) für verschiedene Anwendungszwecke und auch umfangreiches Policy-Framework. Das Contiv-Projekt ist vollständig [Open Source](http://github.com/contiv). Der [installer](http://github.com/contiv/install) bietet sowohl kubeadm als auch nicht-kubeadm basierte Installationen.
* [Contrail](http://www.juniper.net/us/en/products-services/sdn/contrail/contrail-networking/), basierend auf [Tungsten Fabric](https://tungsten.io), ist eine Open Source, multi-Cloud Netzwerkvirtualisierungs- und Policy-Management Plattform. Contrail und Tungsten Fabric sind mit Orechstratoren wie z.B. Kubernetes, OpenShift, OpenStack und Mesos integriert und bieten Isolationsmodi für Virtuelle Maschinen, Container (bzw. Pods) und Bare Metal workloads.
-* [Flannel](https://github.com/coreos/flannel/blob/master/Documentation/kubernetes.md) ist ein Overlay-Network-Provider der mit Kubernetes genutzt werden kann.
+* [Flannel](https://github.com/flannel-io/flannel#deploying-flannel-manually) ist ein Overlay-Network-Provider der mit Kubernetes genutzt werden kann.
* [Knitter](https://github.com/ZTE/Knitter/) ist eine Network-Lösung die Mehrfach-Network in Kubernetes ermöglicht.
* [Multus](https://github.com/Intel-Corp/multus-cni) ist ein Multi-Plugin für Mehrfachnetzwerk-Unterstützung um alle CNI-Plugins (z.B. Calico, Cilium, Contiv, Flannel), zusätzlich zu SRIOV-, DPDK-, OVS-DPDK- und VPP-Basierten Workloads in Kubernetes zu unterstützen.
* [NSX-T](https://docs.vmware.com/en/VMware-NSX-T/2.0/nsxt_20_ncp_kubernetes.pdf) Container Plug-in (NCP) bietet eine Integration zwischen VMware NSX-T und einem Orchestator wie z.B. Kubernetes. Außerdem bietet es eine Integration zwischen NSX-T und Containerbasierten CaaS/PaaS-Plattformen wie z.B. Pivotal Container Service (PKS) und OpenShift.
diff --git a/content/de/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html b/content/de/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
index 7a5fe0ce4f..4b7d5ddaae 100644
--- a/content/de/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
+++ b/content/de/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
@@ -5,7 +5,7 @@ weight: 20
-
+
diff --git a/content/de/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html b/content/de/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html
index 8c74aafd78..b8eae305f3 100644
--- a/content/de/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html
+++ b/content/de/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html
@@ -5,7 +5,7 @@ weight: 20
-
+
diff --git a/content/de/docs/tutorials/kubernetes-basics/explore/explore-intro.html b/content/de/docs/tutorials/kubernetes-basics/explore/explore-intro.html
index f220ff5eb7..5e64134a44 100644
--- a/content/de/docs/tutorials/kubernetes-basics/explore/explore-intro.html
+++ b/content/de/docs/tutorials/kubernetes-basics/explore/explore-intro.html
@@ -5,7 +5,7 @@ weight: 10
-
+
diff --git a/content/de/docs/tutorials/kubernetes-basics/expose/expose-interactive.html b/content/de/docs/tutorials/kubernetes-basics/expose/expose-interactive.html
index ab5b880397..5b4c1a4ae8 100644
--- a/content/de/docs/tutorials/kubernetes-basics/expose/expose-interactive.html
+++ b/content/de/docs/tutorials/kubernetes-basics/expose/expose-interactive.html
@@ -5,7 +5,7 @@ weight: 20
-
+
diff --git a/content/de/docs/tutorials/kubernetes-basics/expose/expose-intro.html b/content/de/docs/tutorials/kubernetes-basics/expose/expose-intro.html
index 07e76654a4..ce0f9caaae 100644
--- a/content/de/docs/tutorials/kubernetes-basics/expose/expose-intro.html
+++ b/content/de/docs/tutorials/kubernetes-basics/expose/expose-intro.html
@@ -5,7 +5,7 @@ weight: 10
-
+
diff --git a/content/de/docs/tutorials/kubernetes-basics/update/update-interactive.html b/content/de/docs/tutorials/kubernetes-basics/update/update-interactive.html
index 448ddc81b9..086b90d6b7 100644
--- a/content/de/docs/tutorials/kubernetes-basics/update/update-interactive.html
+++ b/content/de/docs/tutorials/kubernetes-basics/update/update-interactive.html
@@ -5,7 +5,7 @@ weight: 20
-
+
diff --git a/content/de/docs/tutorials/kubernetes-basics/update/update-intro.html b/content/de/docs/tutorials/kubernetes-basics/update/update-intro.html
index 61ee05d662..74e3e40982 100644
--- a/content/de/docs/tutorials/kubernetes-basics/update/update-intro.html
+++ b/content/de/docs/tutorials/kubernetes-basics/update/update-intro.html
@@ -5,7 +5,7 @@ weight: 10
-
+
diff --git a/content/en/_index.html b/content/en/_index.html
index 2abc22985c..db4c966102 100644
--- a/content/en/_index.html
+++ b/content/en/_index.html
@@ -48,7 +48,7 @@ Kubernetes is open source giving you the freedom to take advantage of on-premise
diff --git a/content/en/blog/_posts/2016-08-00-Kubernetes-Namespaces-Use-Cases-Insights.md b/content/en/blog/_posts/2016-08-00-Kubernetes-Namespaces-Use-Cases-Insights.md
index 7b05c1f74c..896f2c5f84 100644
--- a/content/en/blog/_posts/2016-08-00-Kubernetes-Namespaces-Use-Cases-Insights.md
+++ b/content/en/blog/_posts/2016-08-00-Kubernetes-Namespaces-Use-Cases-Insights.md
@@ -125,7 +125,7 @@ You may wish to, but you cannot create a hierarchy of namespaces. Namespaces can
-Namespaces are easy to create and use but it’s also easy to deploy code inadvertently into the wrong namespace. Good DevOps hygiene suggests documenting and automating processes where possible and this will help. The other way to avoid using the wrong namespace is to set a [kubectl context](/docs/user-guide/kubectl/kubectl_config_set-context/).
+Namespaces are easy to create and use but it’s also easy to deploy code inadvertently into the wrong namespace. Good DevOps hygiene suggests documenting and automating processes where possible and this will help. The other way to avoid using the wrong namespace is to set a [kubectl context](/docs/reference/generated/kubectl/kubectl-commands#-em-set-context-em-).
diff --git a/content/en/blog/_posts/2016-11-00-Visualize-Kubelet-Performance-With-Node-Dashboard.md b/content/en/blog/_posts/2016-11-00-Visualize-Kubelet-Performance-With-Node-Dashboard.md
index bdb43b49b9..548c91e7b7 100644
--- a/content/en/blog/_posts/2016-11-00-Visualize-Kubelet-Performance-With-Node-Dashboard.md
+++ b/content/en/blog/_posts/2016-11-00-Visualize-Kubelet-Performance-With-Node-Dashboard.md
@@ -5,6 +5,11 @@ slug: visualize-kubelet-performance-with-node-dashboard
url: /blog/2016/11/Visualize-Kubelet-Performance-With-Node-Dashboard
---
+_Since this article was published, the Node Performance Dashboard was retired and is no longer available._
+
+_This retirement happened in early 2019, as part of the_ `kubernetes/contrib`
+_[repository deprecation](https://github.com/kubernetes-retired/contrib/issues/3007)_.
+
In Kubernetes 1.4, we introduced a new node performance analysis tool, called the _node performance dashboard_, to visualize and explore the behavior of the Kubelet in much richer details. This new feature will make it easy to understand and improve code performance for Kubelet developers, and lets cluster maintainer set configuration according to provided Service Level Objectives (SLOs).
**Background**
diff --git a/content/en/blog/_posts/2016-12-00-Statefulset-Run-Scale-Stateful-Applications-In-Kubernetes.md b/content/en/blog/_posts/2016-12-00-Statefulset-Run-Scale-Stateful-Applications-In-Kubernetes.md
index 515a3aa195..6ce3bf0044 100644
--- a/content/en/blog/_posts/2016-12-00-Statefulset-Run-Scale-Stateful-Applications-In-Kubernetes.md
+++ b/content/en/blog/_posts/2016-12-00-Statefulset-Run-Scale-Stateful-Applications-In-Kubernetes.md
@@ -37,7 +37,7 @@ If you run your storage application on high-end hardware or extra-large instance
[ZooKeeper](https://zookeeper.apache.org/doc/current/) is an interesting use case for StatefulSet for two reasons. First, it demonstrates that StatefulSet can be used to run a distributed, strongly consistent storage application on Kubernetes. Second, it's a prerequisite for running workloads like [Apache Hadoop](http://hadoop.apache.org/) and [Apache Kakfa](https://kafka.apache.org/) on Kubernetes. An [in-depth tutorial](/docs/tutorials/stateful-application/zookeeper/) on deploying a ZooKeeper ensemble on Kubernetes is available in the Kubernetes documentation, and we’ll outline a few of the key features below.
**Creating a ZooKeeper Ensemble**
-Creating an ensemble is as simple as using [kubectl create](/docs/user-guide/kubectl/kubectl_create/) to generate the objects stored in the manifest.
+Creating an ensemble is as simple as using [kubectl create](/docs/reference/generated/kubectl/kubectl-commands#create) to generate the objects stored in the manifest.
```
@@ -297,7 +297,7 @@ zk-0 0/1 Terminating 0 15m
-You can use [kubectl apply](/docs/user-guide/kubectl/kubectl_apply/) to recreate the zk StatefulSet and redeploy the ensemble.
+You can use [kubectl apply](/docs/reference/generated/kubectl/kubectl-commands#apply) to recreate the zk StatefulSet and redeploy the ensemble.
diff --git a/content/en/blog/_posts/2018-04-13-local-persistent-volumes-beta.md b/content/en/blog/_posts/2018-04-13-local-persistent-volumes-beta.md
index 71a0fa26d9..a7cabde710 100644
--- a/content/en/blog/_posts/2018-04-13-local-persistent-volumes-beta.md
+++ b/content/en/blog/_posts/2018-04-13-local-persistent-volumes-beta.md
@@ -140,7 +140,7 @@ The local persistent volume beta feature is not complete by far. Some notable en
## Complementary features
-[Pod priority and preemption](/docs/concepts/configuration/pod-priority-preemption/) is another Kubernetes feature that is complementary to local persistent volumes. When your application uses local storage, it must be scheduled to the specific node where the local volume resides. You can give your local storage workload high priority so if that node ran out of room to run your workload, Kubernetes can preempt lower priority workloads to make room for it.
+[Pod priority and preemption](/docs/concepts/scheduling-eviction/pod-priority-preemption/) is another Kubernetes feature that is complementary to local persistent volumes. When your application uses local storage, it must be scheduled to the specific node where the local volume resides. You can give your local storage workload high priority so if that node ran out of room to run your workload, Kubernetes can preempt lower priority workloads to make room for it.
[Pod disruption budget](/docs/concepts/workloads/pods/disruptions/) is also very important for those workloads that must maintain quorum. Setting a disruption budget for your workload ensures that it does not drop below quorum due to voluntary disruption events, such as node drains during upgrade.
diff --git a/content/en/blog/_posts/2018-07-16-kubernetes-1-11-release-interview.md b/content/en/blog/_posts/2018-07-16-kubernetes-1-11-release-interview.md
index 4326924029..25758bc213 100644
--- a/content/en/blog/_posts/2018-07-16-kubernetes-1-11-release-interview.md
+++ b/content/en/blog/_posts/2018-07-16-kubernetes-1-11-release-interview.md
@@ -94,7 +94,7 @@ JOSH BERKUS: That goes into release notes. I mean, keep in mind that one of the
However, stuff happens, and we do occasionally have to do those. And so far, our main way to identify that to people actually is in the release notes. If you look at [the current release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md#no-really-you-must-do-this-before-you-upgrade), there are actually two things in there right now that are sort of breaking changes.
-One of them is the bit with [priority and preemption](/docs/concepts/configuration/pod-priority-preemption/) in that preemption being on by default now allows badly behaved users of the system to cause trouble in new ways. I'd actually have to look at the release notes to see what the second one was...
+One of them is the bit with [priority and preemption](/docs/concepts/scheduling-eviction/pod-priority-preemption/) in that preemption being on by default now allows badly behaved users of the system to cause trouble in new ways. I'd actually have to look at the release notes to see what the second one was...
TIM PEPPER: The [JSON capitalization case sensitivity](https://github.com/kubernetes/kubernetes/issues/64612).
diff --git a/content/en/blog/_posts/2018-08-03-make-kubernetes-production-grade-anywhere.md b/content/en/blog/_posts/2018-08-03-make-kubernetes-production-grade-anywhere.md
index a28196d568..329b2c4de7 100644
--- a/content/en/blog/_posts/2018-08-03-make-kubernetes-production-grade-anywhere.md
+++ b/content/en/blog/_posts/2018-08-03-make-kubernetes-production-grade-anywhere.md
@@ -104,7 +104,7 @@ Master and Worker nodes should be protected from overload and resource exhaustio
Resource consumption by the control plane will correlate with the number of pods and the pod churn rate. Very large and very small clusters will benefit from non-default [settings](/docs/reference/command-line-tools-reference/kube-apiserver/) of kube-apiserver request throttling and memory. Having these too high can lead to request limit exceeded and out of memory errors.
-On worker nodes, [Node Allocatable](/docs/tasks/administer-cluster/reserve-compute-resources/) should be configured based on a reasonable supportable workload density at each node. Namespaces can be created to subdivide the worker node cluster into multiple virtual clusters with resource CPU and memory [quotas](/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/). Kubelet handling of [out of resource](/docs/tasks/administer-cluster/out-of-resource/) conditions can be configured.
+On worker nodes, [Node Allocatable](/docs/tasks/administer-cluster/reserve-compute-resources/) should be configured based on a reasonable supportable workload density at each node. Namespaces can be created to subdivide the worker node cluster into multiple virtual clusters with resource CPU and memory [quotas](/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/). Kubelet handling of [out of resource](/docs/concepts/scheduling-eviction/node-pressure-eviction/) conditions can be configured.
## Security
@@ -166,7 +166,7 @@ Some critical state is held outside etcd. Certificates, container images, and ot
* Cloud provider specific account and configuration data
## Considerations for your production workloads
-Anti-affinity specifications can be used to split clustered services across backing hosts, but at this time the settings are used only when the pod is scheduled. This means that Kubernetes can restart a failed node of your clustered application, but does not have a native mechanism to rebalance after a fail back. This is a topic worthy of a separate blog, but supplemental logic might be useful to achieve optimal workload placements after host or worker node recoveries or expansions. The [Pod Priority and Preemption feature](/docs/concepts/configuration/pod-priority-preemption/) can be used to specify a preferred triage in the event of resource shortages caused by failures or bursting workloads.
+Anti-affinity specifications can be used to split clustered services across backing hosts, but at this time the settings are used only when the pod is scheduled. This means that Kubernetes can restart a failed node of your clustered application, but does not have a native mechanism to rebalance after a fail back. This is a topic worthy of a separate blog, but supplemental logic might be useful to achieve optimal workload placements after host or worker node recoveries or expansions. The [Pod Priority and Preemption feature](/docs/concepts/scheduling-eviction/pod-priority-preemption/) can be used to specify a preferred triage in the event of resource shortages caused by failures or bursting workloads.
For stateful services, external attached volume mounts are the standard Kubernetes recommendation for a non-clustered service (e.g., a typical SQL database). At this time Kubernetes managed snapshots of these external volumes is in the category of a [roadmap feature request](https://docs.google.com/presentation/d/1dgxfnroRAu0aF67s-_bmeWpkM1h2LCxe6lB1l1oS0EQ/edit#slide=id.g3ca07c98c2_0_47), likely to align with the Container Storage Interface (CSI) integration. Thus performing backups of such a service would involve application specific, in-pod activity that is beyond the scope of this document. While awaiting better Kubernetes support for a snapshot and backup workflow, running your database service in a VM rather than a container, and exposing it to your Kubernetes workload may be worth considering.
diff --git a/content/en/blog/_posts/2019-04-16-pod-priority-and-preemption-in-kubernetes.md b/content/en/blog/_posts/2019-04-16-pod-priority-and-preemption-in-kubernetes.md
index 49516da96a..88907e3e4d 100644
--- a/content/en/blog/_posts/2019-04-16-pod-priority-and-preemption-in-kubernetes.md
+++ b/content/en/blog/_posts/2019-04-16-pod-priority-and-preemption-in-kubernetes.md
@@ -8,7 +8,7 @@ date: 2019-04-16
Kubernetes is well-known for running scalable workloads. It scales your workloads based on their resource usage. When a workload is scaled up, more instances of the application get created. When the application is critical for your product, you want to make sure that these new instances are scheduled even when your cluster is under resource pressure. One obvious solution to this problem is to over-provision your cluster resources to have some amount of slack resources available for scale-up situations. This approach often works, but costs more as you would have to pay for the resources that are idle most of the time.
-[Pod priority and preemption](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/) is a scheduler feature made generally available in Kubernetes 1.14 that allows you to achieve high levels of scheduling confidence for your critical workloads without overprovisioning your clusters. It also provides a way to improve resource utilization in your clusters without sacrificing the reliability of your essential workloads.
+[Pod priority and preemption](/docs/concepts/scheduling-eviction/pod-priority-preemption/) is a scheduler feature made generally available in Kubernetes 1.14 that allows you to achieve high levels of scheduling confidence for your critical workloads without overprovisioning your clusters. It also provides a way to improve resource utilization in your clusters without sacrificing the reliability of your essential workloads.
## Guaranteed scheduling with controlled cost
diff --git a/content/en/blog/_posts/2020-05-27-An-Introduction-to-the-K8s-Infrastructure-Working-Group.md b/content/en/blog/_posts/2020-05-27-An-Introduction-to-the-K8s-Infrastructure-Working-Group.md
index f2a74914d8..efd5e196f7 100644
--- a/content/en/blog/_posts/2020-05-27-An-Introduction-to-the-K8s-Infrastructure-Working-Group.md
+++ b/content/en/blog/_posts/2020-05-27-An-Introduction-to-the-K8s-Infrastructure-Working-Group.md
@@ -55,7 +55,7 @@ The team has made progress in the last few months that is well worth celebrating
- The K8s-Infrastructure Working Group released an automated billing report that they start every meeting off by reviewing as a group.
- DNS for k8s.io and kubernetes.io are also fully [community-owned](https://groups.google.com/g/kubernetes-dev/c/LZTYJorGh7c/m/u-ydk-yNEgAJ), with community members able to [file issues](https://github.com/kubernetes/k8s.io/issues/new?assignees=&labels=wg%2Fk8s-infra&template=dns-request.md&title=DNS+REQUEST%3A+%3Cyour-dns-record%3E) to manage records.
-- The container registry [k8s.gcr.io](https://github.com/kubernetes/k8s.io/tree/master/k8s.gcr.io) is also fully community-owned and available for all Kubernetes subprojects to use.
+- The container registry [k8s.gcr.io](https://github.com/kubernetes/k8s.io/tree/main/k8s.gcr.io) is also fully community-owned and available for all Kubernetes subprojects to use.
- The Kubernetes [publishing-bot](https://github.com/kubernetes/publishing-bot) responsible for keeping k8s.io/kubernetes/staging repositories published to their own top-level repos (For example: [kubernetes/api](https://github.com/kubernetes/api)) runs on a community-owned cluster.
- The gcsweb.k8s.io service used to provide anonymous access to GCS buckets for kubernetes artifacts runs on a community-owned cluster.
- There is also an automated process of promoting all our container images. This includes a fully documented infrastructure, managed by the Kubernetes community, with automated processes for provisioning permissions.
diff --git a/content/en/blog/_posts/2021-04-22-gateway-api/index.md b/content/en/blog/_posts/2021-04-22-gateway-api/index.md
index a7d54ad645..d9c798a5b1 100644
--- a/content/en/blog/_posts/2021-04-22-gateway-api/index.md
+++ b/content/en/blog/_posts/2021-04-22-gateway-api/index.md
@@ -186,7 +186,7 @@ metadata:
### Role Oriented Design
-When you put it all together, you have a single load balancing infrastructure that can be safely shared by multiple teams. The Gateway API not only a more expressive API for advanced routing, but is also a role-oriented API, designed for multi-tenant infrastructure. Its extensibility ensures that it will evolve for future use-cases while preserving portability. Ultimately these characteristics will allow Gateway API to adapt to different organizational models and implementations well into the future.
+When you put it all together, you have a single load balancing infrastructure that can be safely shared by multiple teams. The Gateway API is not only a more expressive API for advanced routing, but is also a role-oriented API, designed for multi-tenant infrastructure. Its extensibility ensures that it will evolve for future use-cases while preserving portability. Ultimately these characteristics will allow the Gateway API to adapt to different organizational models and implementations well into the future.
### Try it out and get involved
@@ -194,4 +194,4 @@ There are many resources to check out to learn more.
* Check out the [user guides](https://gateway-api.sigs.k8s.io/guides/getting-started/) to see what use-cases can be addressed.
* Try out one of the [existing Gateway controllers ](https://gateway-api.sigs.k8s.io/references/implementations/)
-* Or [get involved](https://gateway-api.sigs.k8s.io/contributing/community/) and help design and influence the future of Kubernetes service networking!
\ No newline at end of file
+* Or [get involved](https://gateway-api.sigs.k8s.io/contributing/community/) and help design and influence the future of Kubernetes service networking!
diff --git a/content/en/blog/_posts/2021-06-21-writing-a-controller-for-pod-labels.md b/content/en/blog/_posts/2021-06-21-writing-a-controller-for-pod-labels.md
new file mode 100644
index 0000000000..ec3934ad7d
--- /dev/null
+++ b/content/en/blog/_posts/2021-06-21-writing-a-controller-for-pod-labels.md
@@ -0,0 +1,467 @@
+---
+layout: blog
+title: "Writing a Controller for Pod Labels"
+date: 2021-06-21
+slug: writing-a-controller-for-pod-labels
+---
+
+**Authors**: Arthur Busser (Padok)
+
+[Operators][what-is-an-operator] are proving to be an excellent solution to
+running stateful distributed applications in Kubernetes. Open source tools like
+the [Operator SDK][operator-sdk] provide ways to build reliable and maintainable
+operators, making it easier to extend Kubernetes and implement custom
+scheduling.
+
+Kubernetes operators run complex software inside your cluster. The open source
+community has already built [many operators][operatorhub] for distributed
+applications like Prometheus, Elasticsearch, or Argo CD. Even outside of
+open source, operators can help to bring new functionality to your Kubernetes
+cluster.
+
+An operator is a set of [custom resources][custom-resource-definitions] and a
+set of [controllers][controllers]. A controller watches for changes to specific
+resources in the Kubernetes API and reacts by creating, updating, or deleting
+resources.
+
+The Operator SDK is best suited for building fully-featured operators.
+Nonetheless, you can use it to write a single controller. This post will walk
+you through writing a Kubernetes controller in Go that will add a `pod-name`
+label to pods that have a specific annotation.
+
+## Why do we need a controller for this?
+
+I recently worked on a project where we needed to create a Service that routed
+traffic to a specific Pod in a ReplicaSet. The problem is that a Service can
+only select pods by label, and all pods in a ReplicaSet have the same labels.
+There are two ways to solve this problem:
+
+1. Create a Service without a selector and manage the Endpoints or
+ EndpointSlices for that Service directly. We would need to write a custom
+ controller to insert our Pod's IP address into those resources.
+2. Add a label to the Pod with a unique value. We could then use this label in
+ our Service's selector. Again, we would need to write a custom controller to
+ add this label.
+
+A controller is a control loop that tracks one or more Kubernetes resource
+types. The controller from option n°2 above only needs to track pods, which
+makes it simpler to implement. This is the option we are going to walk through
+by writing a Kubernetes controller that adds a `pod-name` label to our pods.
+
+StatefulSets [do this natively][statefulset-pod-name-label] by adding a
+`pod-name` label to each Pod in the set. But what if we don't want to or can't
+use StatefulSets?
+
+We rarely create pods directly; most often, we use a Deployment, ReplicaSet, or
+another high-level resource. We can specify labels to add to each Pod in the
+PodSpec, but not with dynamic values, so no way to replicate a StatefulSet's
+`pod-name` label.
+
+We tried using a [mutating admission webhook][mutating-admission-webhook]. When
+anyone creates a Pod, the webhook patches the Pod with a label containing the
+Pod's name. Disappointingly, this does not work: not all pods have a name before
+being created. For instance, when the ReplicaSet controller creates a Pod, it
+sends a `namePrefix` to the Kubernetes API server and not a `name`. The API
+server generates a unique name before persisting the new Pod to etcd, but only
+after calling our admission webhook. So in most cases, we can't know a Pod's
+name with a mutating webhook.
+
+Once a Pod exists in the Kubernetes API, it is mostly immutable, but we can
+still add a label. We can even do so from the command line:
+
+```bash
+kubectl label my-pod my-label-key=my-label-value
+```
+
+We need to watch for changes to any pods in the Kubernetes API and add the label
+we want. Rather than do this manually, we are going to write a controller that
+does it for us.
+
+## Bootstrapping a controller with the Operator SDK
+
+A controller is a reconciliation loop that reads the desired state of a resource
+from the Kubernetes API and takes action to bring the cluster's actual state
+closer to the desired state.
+
+In order to write this controller as quickly as possible, we are going to use
+the Operator SDK. If you don't have it installed, follow the
+[official documentation][operator-sdk-installation].
+
+```terminal
+$ operator-sdk version
+operator-sdk version: "v1.4.2", commit: "4b083393be65589358b3e0416573df04f4ae8d9b", kubernetes version: "v1.19.4", go version: "go1.15.8", GOOS: "darwin", GOARCH: "amd64"
+```
+
+Let's create a new directory to write our controller in:
+
+```bash
+mkdir label-operator && cd label-operator
+```
+
+Next, let's initialize a new operator, to which we will add a single controller.
+To do this, you will need to specify a domain and a repository. The domain
+serves as a prefix for the group your custom Kubernetes resources will belong
+to. Because we are not going to be defining custom resources, the domain does
+not matter. The repository is going to be the name of the Go module we are going
+to write. By convention, this is the repository where you will be storing your
+code.
+
+As an example, here is the command I ran:
+
+```bash
+# Feel free to change the domain and repo values.
+operator-sdk init --domain=padok.fr --repo=github.com/busser/label-operator
+```
+
+Next, we need a create a new controller. This controller will handle pods and
+not a custom resource, so no need to generate the resource code. Let's run this
+command to scaffold the code we need:
+
+```bash
+operator-sdk create api --group=core --version=v1 --kind=Pod --controller=true --resource=false
+```
+
+We now have a new file: `controllers/pod_controller.go`. This file contains a
+`PodReconciler` type with two methods that we need to implement. The first is
+`Reconcile`, and it looks like this for now:
+
+```go
+func (r *PodReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+ _ = r.Log.WithValues("pod", req.NamespacedName)
+
+ // your logic here
+
+ return ctrl.Result{}, nil
+}
+```
+
+The `Reconcile` method is called whenever a Pod is created, updated, or deleted.
+The name and namespace of the Pod are in the `ctrl.Request` the method receives
+as a parameter.
+
+The second method is `SetupWithManager` and for now it looks like this:
+
+```go
+func (r *PodReconciler) SetupWithManager(mgr ctrl.Manager) error {
+ return ctrl.NewControllerManagedBy(mgr).
+ // Uncomment the following line adding a pointer to an instance of the controlled resource as an argument
+ // For().
+ Complete(r)
+}
+```
+
+The `SetupWithManager` method is called when the operator starts. It serves to
+tell the operator framework what types our `PodReconciler` needs to watch. To
+use the same `Pod` type used by Kubernetes internally, we need to import some of
+its code. All of the Kubernetes source code is open source, so you can import
+any part you like in your own Go code. You can find a complete list of available
+packages in the Kubernetes source code or [here on pkg.go.dev][pkg-go-dev]. To
+use pods, we need the `k8s.io/api/core/v1` package.
+
+```go
+package controllers
+
+import (
+ // other imports...
+ corev1 "k8s.io/api/core/v1"
+ // other imports...
+)
+```
+
+Lets use the `Pod` type in `SetupWithManager` to tell the operator framework we
+want to watch pods:
+
+```go
+func (r *PodReconciler) SetupWithManager(mgr ctrl.Manager) error {
+ return ctrl.NewControllerManagedBy(mgr).
+ For(&corev1.Pod{}).
+ Complete(r)
+}
+```
+
+Before moving on, we should set the RBAC permissions our controller needs. Above
+the `Reconcile` method, we have some default permissions:
+
+```go
+// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=core,resources=pods/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=core,resources=pods/finalizers,verbs=update
+```
+
+We don't need all of those. Our controller will never interact with a Pod's
+status or its finalizers. It only needs to read and update pods. Lets remove the
+unnecessary permissions and keep only what we need:
+
+```go
+// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch;update;patch
+```
+
+We are now ready to write our controller's reconciliation logic.
+
+## Implementing reconciliation
+
+Here is what we want our `Reconcile` method to do:
+
+1. Use the Pod's name and namespace from the `ctrl.Request` to fetch the Pod
+ from the Kubernetes API.
+2. If the Pod has an `add-pod-name-label` annotation, add a `pod-name` label to
+ the Pod; if the annotation is missing, don't add the label.
+3. Update the Pod in the Kubernetes API to persist the changes made.
+
+Lets define some constants for the annotation and label:
+
+```go
+const (
+ addPodNameLabelAnnotation = "padok.fr/add-pod-name-label"
+ podNameLabel = "padok.fr/pod-name"
+)
+```
+
+The first step in our reconciliation function is to fetch the Pod we are working
+on from the Kubernetes API:
+
+```go
+// Reconcile handles a reconciliation request for a Pod.
+// If the Pod has the addPodNameLabelAnnotation annotation, then Reconcile
+// will make sure the podNameLabel label is present with the correct value.
+// If the annotation is absent, then Reconcile will make sure the label is too.
+func (r *PodReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+ log := r.Log.WithValues("pod", req.NamespacedName)
+
+ /*
+ Step 0: Fetch the Pod from the Kubernetes API.
+ */
+
+ var pod corev1.Pod
+ if err := r.Get(ctx, req.NamespacedName, &pod); err != nil {
+ log.Error(err, "unable to fetch Pod")
+ return ctrl.Result{}, err
+ }
+
+ return ctrl.Result{}, nil
+}
+```
+
+Our `Reconcile` method will be called when a Pod is created, updated, or
+deleted. In the deletion case, our call to `r.Get` will return a specific error.
+Let's import the package that defines this error:
+
+```go
+package controllers
+
+import (
+ // other imports...
+ apierrors "k8s.io/apimachinery/pkg/api/errors"
+ // other imports...
+)
+```
+
+We can now handle this specific error and — since our controller does not care
+about deleted pods — explicitly ignore it:
+
+```go
+ /*
+ Step 0: Fetch the Pod from the Kubernetes API.
+ */
+
+ var pod corev1.Pod
+ if err := r.Get(ctx, req.NamespacedName, &pod); err != nil {
+ if apierrors.IsNotFound(err) {
+ // we'll ignore not-found errors, since we can get them on deleted requests.
+ return ctrl.Result{}, nil
+ }
+ log.Error(err, "unable to fetch Pod")
+ return ctrl.Result{}, err
+ }
+```
+
+Next, lets edit our Pod so that our dynamic label is present if and only if our
+annotation is present:
+
+```go
+ /*
+ Step 1: Add or remove the label.
+ */
+
+ labelShouldBePresent := pod.Annotations[addPodNameLabelAnnotation] == "true"
+ labelIsPresent := pod.Labels[podNameLabel] == pod.Name
+
+ if labelShouldBePresent == labelIsPresent {
+ // The desired state and actual state of the Pod are the same.
+ // No further action is required by the operator at this moment.
+ log.Info("no update required")
+ return ctrl.Result{}, nil
+ }
+
+ if labelShouldBePresent {
+ // If the label should be set but is not, set it.
+ if pod.Labels == nil {
+ pod.Labels = make(map[string]string)
+ }
+ pod.Labels[podNameLabel] = pod.Name
+ log.Info("adding label")
+ } else {
+ // If the label should not be set but is, remove it.
+ delete(pod.Labels, podNameLabel)
+ log.Info("removing label")
+ }
+```
+
+Finally, let's push our updated Pod to the Kubernetes API:
+
+```go
+ /*
+ Step 2: Update the Pod in the Kubernetes API.
+ */
+
+ if err := r.Update(ctx, &pod); err != nil {
+ log.Error(err, "unable to update Pod")
+ return ctrl.Result{}, err
+ }
+```
+
+When writing our updated Pod to the Kubernetes API, there is a risk that the Pod
+has been updated or deleted since we first read it. When writing a Kubernetes
+controller, we should keep in mind that we are not the only actors in the
+cluster. When this happens, the best thing to do is start the reconciliation
+from scratch, by requeuing the event. Lets do exactly that:
+
+```go
+ /*
+ Step 2: Update the Pod in the Kubernetes API.
+ */
+
+ if err := r.Update(ctx, &pod); err != nil {
+ if apierrors.IsConflict(err) {
+ // The Pod has been updated since we read it.
+ // Requeue the Pod to try to reconciliate again.
+ return ctrl.Result{Requeue: true}, nil
+ }
+ if apierrors.IsNotFound(err) {
+ // The Pod has been deleted since we read it.
+ // Requeue the Pod to try to reconciliate again.
+ return ctrl.Result{Requeue: true}, nil
+ }
+ log.Error(err, "unable to update Pod")
+ return ctrl.Result{}, err
+ }
+```
+
+Let's remember to return successfully at the end of the method:
+
+```go
+ return ctrl.Result{}, nil
+}
+```
+
+And that's it! We are now ready to run the controller on our cluster.
+
+## Run the controller on your cluster
+
+To run our controller on your cluster, we need to run the operator. For that,
+all you will need is `kubectl`. If you don't have a Kubernetes cluster at hand,
+I recommend you start one locally with [KinD (Kubernetes in Docker)][kind].
+
+All it takes to run the operator from your machine is this command:
+
+```bash
+make run
+```
+
+After a few seconds, you should see the operator's logs. Notice that our
+controller's `Reconcile` method was called for all pods already running in the
+cluster.
+
+Let's keep the operator running and, in another terminal, create a new Pod:
+
+```bash
+kubectl run --image=nginx my-nginx
+```
+
+The operator should quickly print some logs, indicating that it reacted to the
+Pod's creation and subsequent changes in status:
+
+```text
+INFO controllers.Pod no update required {"pod": "default/my-nginx"}
+INFO controllers.Pod no update required {"pod": "default/my-nginx"}
+INFO controllers.Pod no update required {"pod": "default/my-nginx"}
+INFO controllers.Pod no update required {"pod": "default/my-nginx"}
+```
+
+Lets check the Pod's labels:
+
+```terminal
+$ kubectl get pod my-nginx --show-labels
+NAME READY STATUS RESTARTS AGE LABELS
+my-nginx 1/1 Running 0 11m run=my-nginx
+```
+
+Let's add an annotation to the Pod so that our controller knows to add our
+dynamic label to it:
+
+```bash
+kubectl annotate pod my-nginx padok.fr/add-pod-name-label=true
+```
+
+Notice that the controller immediately reacted and produced a new line in its
+logs:
+
+```text
+INFO controllers.Pod adding label {"pod": "default/my-nginx"}
+```
+
+```terminal
+$ kubectl get pod my-nginx --show-labels
+NAME READY STATUS RESTARTS AGE LABELS
+my-nginx 1/1 Running 0 13m padok.fr/pod-name=my-nginx,run=my-nginx
+```
+
+Bravo! You just successfully wrote a Kubernetes controller capable of adding
+labels with dynamic values to resources in your cluster.
+
+Controllers and operators, both big and small, can be an important part of your
+Kubernetes journey. Writing operators is easier now than it has ever been. The
+possibilities are endless.
+
+## What next?
+
+If you want to go further, I recommend starting by deploying your controller or
+operator inside a cluster. The `Makefile` generated by the Operator SDK will do
+most of the work.
+
+When deploying an operator to production, it is always a good idea to implement
+robust testing. The first step in that direction is to write unit tests.
+[This documentation][operator-sdk-testing] will guide you in writing tests for
+your operator. I wrote tests for the operator we just wrote; you can find all of
+my code in [this GitHub repository][github-repo].
+
+## How to learn more?
+
+The [Operator SDK documentation][operator-sdk-docs] goes into detail on how you
+can go further and implement more complex operators.
+
+When modeling a more complex use-case, a single controller acting on built-in
+Kubernetes types may not be enough. You may need to build a more complex
+operator with [Custom Resource Definitions (CRDs)][custom-resource-definitions]
+and multiple controllers. The Operator SDK is a great tool to help you do this.
+
+If you want to discuss building an operator, join the [#kubernetes-operator][slack-channel]
+channel in the [Kubernetes Slack workspace][slack-workspace]!
+
+
+
+[controllers]: https://kubernetes.io/docs/concepts/architecture/controller/
+[custom-resource-definitions]: https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/
+[kind]: https://kind.sigs.k8s.io/docs/user/quick-start/#installation
+[github-repo]: https://github.com/busser/label-operator
+[mutating-admission-webhook]: https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook
+[operator-sdk]: https://sdk.operatorframework.io/
+[operator-sdk-docs]: https://sdk.operatorframework.io/docs/
+[operator-sdk-installation]: https://sdk.operatorframework.io/docs/installation/
+[operator-sdk-testing]: https://sdk.operatorframework.io/docs/building-operators/golang/testing/
+[operatorhub]: https://operatorhub.io/
+[pkg-go-dev]: https://pkg.go.dev/k8s.io/api
+[slack-channel]: https://kubernetes.slack.com/messages/kubernetes-operators
+[slack-workspace]: https://slack.k8s.io/
+[statefulset-pod-name-label]: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-name-label
+[what-is-an-operator]: https://kubernetes.io/docs/concepts/extend-kubernetes/operator/
diff --git a/content/en/blog/_posts/2021-06-28-announcing-kubernetes-community-group-annual-reports/index.md b/content/en/blog/_posts/2021-06-28-announcing-kubernetes-community-group-annual-reports/index.md
new file mode 100644
index 0000000000..e31484abdf
--- /dev/null
+++ b/content/en/blog/_posts/2021-06-28-announcing-kubernetes-community-group-annual-reports/index.md
@@ -0,0 +1,49 @@
+---
+layout: blog
+title: "Announcing Kubernetes Community Group Annual Reports"
+description: >
+ Introducing brand new Kubernetes Community Group Annual Reports for
+ Special Interest Groups and Working Groups.
+date: 2021-06-28T10:00:00-08:00
+slug: Announcing-Kubernetes-Community-Group-Annual-Reports
+---
+
+**Authors:** Divya Mohan
+
+{{< figure src="k8s_annual_report_2020.svg" alt="Community annual report 2020" link="https://www.cncf.io/reports/kubernetes-community-annual-report-2020/" >}}
+
+Given the growth and scale of the Kubernetes project, the existing reporting mechanisms were proving to be inadequate and challenging.
+Kubernetes is a large open source project. With over 100000 commits just to the main k/kubernetes repository, hundreds of other code
+repositories in the project, and thousands of contributors, there's a lot going on. In fact, there are 37 contributor groups at the time of
+writing. We also value all forms of contribution and not just code changes.
+
+With that context in mind, the challenge of reporting on all this activity was a call to action for exploring better options. Therefore
+inspired by the Apache Software Foundation’s [open guide to PMC Reporting](https://www.apache.org/foundation/board/reporting) and the
+[CNCF project Annual Reporting](https://www.cncf.io/cncf-annual-report-2020/), the Kubernetes project is proud to announce the
+**Kubernetes Community Group Annual Reports for Special Interest Groups (SIGs) and Working Groups (WGs)**. In its flagship edition,
+the [2020 Summary report](https://www.cncf.io/reports/kubernetes-community-annual-report-2020/) focuses on bettering the
+Kubernetes ecosystem by assessing and promoting the healthiness of the groups within the upstream community.
+
+Previously, the mechanisms for the Kubernetes project overall to report on groups and their activities were
+[devstats](https://k8s.devstats.cncf.io/), GitHub data, issues, to measure the healthiness of a given UG/WG/SIG/Committee. As a
+project spanning several diverse communities, it was essential to have something that captured the human side of things. With 50,000+
+contributors, it’s easy to assume that the project has enough help and this report surfaces more information than /help-wanted and
+/good-first-issue for end users. This is how we sustain the project. Paraphrasing one of the Steering Committee members,
+[Paris Pittman](https://github.com/parispittman), “There was a requirement for tighter feedback loops - ones that involved more than just
+GitHub data and issues. Given that Kubernetes, as a project, has grown in scale and number of contributors over the years, we have
+outgrown the existing reporting mechanisms."
+
+The existing communication channels between the Steering committee members and the folks leading the groups and committees were also required
+to be made as open and as bi-directional as possible. Towards achieving this very purpose, every group and committee has been assigned a
+liaison from among the steering committee members for kick off, help, or guidance needed throughout the process. According to
+[Davanum Srinivas a.k.a. dims](https://github.com/dims), “... That was one of the main motivations behind this report. People (leading the
+groups/committees) know that they can reach out to us and there’s a vehicle for them to reach out to us… This is our way of setting up a
+two-way feedback for them." The progress on these action items would be updated and tracked on the monthly Steering Committee meetings
+ensuring that this is not a one-off activity. Quoting [Nikhita Raghunath](https://github.com/nikhita), one of the Steering Committee members,
+“... Once we have a base, the liaisons will work with these groups to ensure that the problems are resolved. When we have a report next year,
+we’ll have a look at the progress made and how we could still do better. But the idea is definitely to not stop at the report.”
+
+With this report, we hope to empower our end user communities with information that they can use to identify ways in which they can support
+the project as well as a sneak peek into the roadmap for upcoming features. As a community, we thrive on feedback and would love to hear your
+views about the report. You can get in touch with the [Steering Committee](https://github.com/kubernetes/steering#contact) via
+[Slack](https://kubernetes.slack.com/messages/steering-committee) or via the [mailing list](steering@kubernetes.io).
diff --git a/content/en/blog/_posts/2021-06-28-announcing-kubernetes-community-group-annual-reports/k8s_annual_report_2020.svg b/content/en/blog/_posts/2021-06-28-announcing-kubernetes-community-group-annual-reports/k8s_annual_report_2020.svg
new file mode 100644
index 0000000000..179201d13b
--- /dev/null
+++ b/content/en/blog/_posts/2021-06-28-announcing-kubernetes-community-group-annual-reports/k8s_annual_report_2020.svg
@@ -0,0 +1,16130 @@
+
+
+
+
diff --git a/content/en/blog/_posts/2021-07-14-upcoming-changes-in-kubernetes-1-22/index.md b/content/en/blog/_posts/2021-07-14-upcoming-changes-in-kubernetes-1-22/index.md
new file mode 100644
index 0000000000..6759bf4975
--- /dev/null
+++ b/content/en/blog/_posts/2021-07-14-upcoming-changes-in-kubernetes-1-22/index.md
@@ -0,0 +1,276 @@
+---
+layout: blog
+title: "Kubernetes API and Feature Removals In 1.22: Here’s What You Need To Know"
+date: 2021-07-14
+slug: upcoming-changes-in-kubernetes-1-22
+---
+
+**Authors**: Krishna Kilari (Amazon Web Services), Tim Bannister (The Scale Factory)
+
+As the Kubernetes API evolves, APIs are periodically reorganized or upgraded.
+When APIs evolve, the old APIs they replace are deprecated, and eventually removed.
+See [Kubernetes API removals](#kubernetes-api-removals) to read more about Kubernetes'
+policy on removing APIs.
+
+We want to make sure you're aware of some upcoming removals. These are
+beta APIs that you can use in current, supported Kubernetes versions,
+and they are already deprecated. The reason for all of these removals
+is that they have been superseded by a newer, stable (“GA”) API.
+
+Kubernetes 1.22, due for release in August 2021, will remove a number of deprecated
+APIs.
+_Update_:
+[Kubernetes 1.22: Reaching New Peaks](/blog/2021/08/04/kubernetes-1-22-release-announcement/)
+has details on the v1.22 release.
+
+## API removals for Kubernetes v1.22 {#api-changes}
+
+The **v1.22** release will stop serving the API versions we've listed immediately below.
+These are all beta APIs that were previously deprecated in favor of newer and more stable
+API versions.
+
+
+* Beta versions of the `ValidatingWebhookConfiguration` and `MutatingWebhookConfiguration` API (the **admissionregistration.k8s.io/v1beta1** API versions)
+* The beta `CustomResourceDefinition` API (**apiextensions.k8s.io/v1beta1**)
+* The beta `APIService` API (**apiregistration.k8s.io/v1beta1**)
+* The beta `TokenReview` API (**authentication.k8s.io/v1beta1**)
+* Beta API versions of `SubjectAccessReview`, `LocalSubjectAccessReview`, `SelfSubjectAccessReview` (API versions from **authorization.k8s.io/v1beta1**)
+* The beta `CertificateSigningRequest` API (**certificates.k8s.io/v1beta1**)
+* The beta `Lease` API (**coordination.k8s.io/v1beta1**)
+* All beta `Ingress` APIs (the **extensions/v1beta1** and **networking.k8s.io/v1beta1** API versions)
+
+The Kubernetes documentation covers these
+[API removals for v1.22](/docs/reference/using-api/deprecation-guide/#v1-22) and explains
+how each of those APIs change between beta and stable.
+
+## What to do
+
+We're going to run through each of the resources that are affected by these removals
+and explain the steps you'll need to take.
+
+`Ingress`
+: Migrate to use the **networking.k8s.io/v1**
+ [Ingress](/docs/reference/kubernetes-api/service-resources/ingress-v1/) API,
+ [available since v1.19](/blog/2020/08/26/kubernetes-release-1.19-accentuate-the-paw-sitive/#ingress-graduates-to-general-availability).
+ The related API [IngressClass](/docs/reference/kubernetes-api/service-resources/ingress-class-v1/)
+ is designed to complement the [Ingress](/docs/concepts/services-networking/ingress/)
+ concept, allowing you to configure multiple kinds of Ingress within one cluster.
+ If you're currently using the deprecated
+ [`kubernetes.io/ingress.class`](https://kubernetes.io/docs/reference/labels-annotations-taints/#kubernetes-io-ingress-class-deprecated)
+ annotation, plan to switch to using the `.spec.ingressClassName` field instead.
+ On any cluster running Kubernetes v1.19 or later, you can use the v1 API to
+ retrieve or update existing Ingress objects, even if they were created using an
+ older API version.
+
+ When you convert an Ingress to the v1 API, you should review each rule in that Ingress.
+ Older Ingresses use the legacy `ImplementationSpecific` path type. Instead of `ImplementationSpecific`, switch [path matching](/docs/concepts/services-networking/ingress/#path-types) to either `Prefix` or `Exact`. One of the benefits of moving to these alternative path types is that it becomes easier to migrate between different Ingress classes.
+
+ **ⓘ** As well as upgrading _your_ own use of the Ingress API as a client, make sure that
+ every ingress controller that you use is compatible with the v1 Ingress API.
+ Read [Ingress Prerequisites](/docs/concepts/services-networking/ingress/#prerequisites)
+ for more context about Ingress and ingress controllers.
+
+`ValidatingWebhookConfiguration` and `MutatingWebhookConfiguration`
+: Migrate to use the **admissionregistration.k8s.io/v1** API versions of
+ [ValidatingWebhookConfiguration](/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1/)
+ and [MutatingWebhookConfiguration](/docs/reference/kubernetes-api/extend-resources/mutating-webhook-configuration-v1/),
+ available since v1.16.
+ You can use the v1 API to retrieve or update existing objects, even if they were created using an older API version.
+
+`CustomResourceDefinition`
+: Migrate to use the [CustomResourceDefinition](/docs/reference/kubernetes-api/extend-resources/custom-resource-definition-v1/)
+ **apiextensions.k8s.io/v1** API, available since v1.16.
+ You can use the v1 API to retrieve or update existing objects, even if they were created
+ using an older API version. If you defined any custom resources in your cluster, those
+ are still served after you upgrade.
+
+ If you're using external CustomResourceDefinitions, you can use
+ [`kubectl convert`](#kubectl-convert) to translate existing manifests to use the newer API.
+ Because there are some functional differences between beta and stable CustomResourceDefinitions,
+ our advice is to test out each one to make sure it works how you expect after the upgrade.
+
+`APIService`
+: Migrate to use the **apiregistration.k8s.io/v1** [APIService](/docs/reference/kubernetes-api/cluster-resources/api-service-v1/)
+ API, available since v1.10.
+ You can use the v1 API to retrieve or update existing objects, even if they were created using an older API version.
+ If you already have API aggregation using an APIService object, this aggregation continues
+ to work after you upgrade.
+
+`TokenReview`
+: Migrate to use the **authentication.k8s.io/v1** [TokenReview](/docs/reference/kubernetes-api/authentication-resources/token-review-v1/)
+ API, available since v1.10.
+
+ As well as serving this API via HTTP, the Kubernetes API server uses the same format to
+ [send](/docs/reference/access-authn-authz/authentication/#webhook-token-authentication)
+ TokenReviews to webhooks. The v1.22 release continues to use the v1beta1 API for TokenReviews
+ sent to webhooks by default. See [Looking ahead](#looking-ahead) for some specific tips about
+ switching to the stable API.
+
+`SubjectAccessReview`, `SelfSubjectAccessReview` and `LocalSubjectAccessReview`
+: Migrate to use the **authorization.k8s.io/v1** versions of those
+ [authorization APIs](/docs/reference/kubernetes-api/authorization-resources/), available since v1.6.
+
+`CertificateSigningRequest`
+: Migrate to use the **certificates.k8s.io/v1**
+ [CertificateSigningRequest](/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1/)
+ API, available since v1.19.
+ You can use the v1 API to retrieve or update existing objects, even if they were created
+ using an older API version. Existing issued certificates retain their validity when you upgrade.
+
+`Lease`
+: Migrate to use the **coordination.k8s.io/v1** [Lease](/docs/reference/kubernetes-api/cluster-resources/lease-v1/)
+ API, available since v1.14.
+ You can use the v1 API to retrieve or update existing objects, even if they were created
+ using an older API version.
+
+### `kubectl convert`
+
+There is a plugin to `kubectl` that provides the `kubectl convert` subcommand.
+It's an official plugin that you can download as part of Kubernetes.
+See [Download Kubernetes](/releases/download/) for more details.
+
+You can use `kubectl convert` to update manifest files to use a different API
+version. For example, if you have a manifest in source control that uses the beta
+Ingress API, you can check that definition out,
+and run
+`kubectl convert -f --output-version /`.
+You can use the `kubectl convert` command to automatically convert an
+existing manifest.
+
+For example, to convert an older Ingress definition to
+`networking.k8s.io/v1`, you can run:
+```bash
+kubectl convert -f ./legacy-ingress.yaml --output-version networking.k8s.io/v1
+```
+
+The automatic conversion uses a similar technique to how the Kubernetes control plane
+updates objects that were originally created using an older API version. Because it's
+a mechanical conversion, you might need to go in and change the manifest to adjust
+defaults etc.
+
+### Rehearse for the upgrade
+
+If you manage your cluster's API server component, you can try out these API
+removals before you upgrade to Kubernetes v1.22.
+
+To do that, add the following to the kube-apiserver command line arguments:
+
+`--runtime-config=admissionregistration.k8s.io/v1beta1=false,apiextensions.k8s.io/v1beta1=false,apiregistration.k8s.io/v1beta1=false,authentication.k8s.io/v1beta1=false,authorization.k8s.io/v1beta1=false,certificates.k8s.io/v1beta1=false,coordination.k8s.io/v1beta1=false,extensions/v1beta1/ingresses=false,networking.k8s.io/v1beta1=false`
+
+(as a side effect, this also turns off v1beta1 of EndpointSlice - watch out for
+that when you're testing).
+
+Once you've switched all the kube-apiservers in your cluster to use that setting,
+those beta APIs are removed. You can test that API clients (`kubectl`, deployment
+tools, custom controllers etc) still work how you expect, and you can revert if
+you need to without having to plan a more disruptive downgrade.
+
+
+
+### Advice for software authors
+
+Maybe you're reading this because you're a developer of an addon or other
+component that integrates with Kubernetes?
+
+If you develop an Ingress controller, webhook authenticator, an API aggregation, or
+any other tool that relies on these deprecated APIs, you should already have started
+to switch your software over.
+
+You can use the tips in
+[Rehearse for the upgrade](#rehearse-for-the-upgrade) to run your own Kubernetes
+cluster that only uses the new APIs, and make sure that your code works OK.
+For your documentation, make sure readers are aware of any steps they should take
+for the Kubernetes v1.22 upgrade.
+
+Where possible, give your users a hand to adopt the new APIs early - perhaps in a
+test environment - so they can give you feedback about any problems.
+
+There are some [more deprecations](#looking-ahead) coming in Kubernetes v1.25,
+so plan to have those covered too.
+
+## Kubernetes API removals
+
+Here's some background about why Kubernetes removes some APIs, and also a promise
+about _stable_ APIs in Kubernetes.
+
+Kubernetes follows a defined
+[deprecation policy](/docs/reference/using-api/deprecation-policy/) for its
+features, including the Kubernetes API. That policy allows for replacing stable
+(“GA”) APIs from Kubernetes. Importantly, this policy means that a stable API only
+be deprecated when a newer stable version of that same API is available.
+
+That stability guarantee matters: if you're using a stable Kubernetes API, there
+won't ever be a new version released that forces you to switch to an alpha or beta
+feature.
+
+Earlier stages are different. Alpha features are under test and potentially
+incomplete. Almost always, alpha features are disabled by default.
+Kubernetes releases can and do remove alpha features that haven't worked out.
+
+After alpha, comes beta. These features are typically enabled by default; if the
+testing works out, the feature can graduate to stable. If not, it might need
+a redesign.
+
+Last year, Kubernetes officially
+[adopted](/blog/2020/08/21/moving-forward-from-beta/#avoiding-permanent-beta)
+a policy for APIs that have reached their beta phase:
+
+> For Kubernetes REST APIs, when a new feature's API reaches beta, that starts
+> a countdown. The beta-quality API now has three releases …
+> to either:
+>
+> * reach GA, and deprecate the beta, or
+> * have a new beta version (and deprecate the previous beta).
+
+_At the time of that article, three Kubernetes releases equated to roughly nine
+calendar months. Later that same month, Kubernetes
+adopted a new
+release cadence of three releases per calendar year, so the countdown period is
+now roughly twelve calendar months._
+
+Whether an API removal is because of a beta feature graduating to stable, or
+because that API hasn't proved successful, Kubernetes will continue to remove
+APIs by following its deprecation policy and making sure that migration options
+are documented.
+
+### Looking ahead
+
+There's a setting that's relevant if you use webhook authentication checks.
+A future Kubernetes release will switch to sending TokenReview objects
+to webhooks using the `authentication.k8s.io/v1` API by default. At the moment,
+the default is to send `authentication.k8s.io/v1beta1` TokenReviews to webhooks,
+and that's still the default for Kubernetes v1.22.
+However, you can switch over to the stable API right now if you want:
+add `--authentication-token-webhook-version=v1` to the command line options for
+the kube-apiserver, and check that webhooks for authentication still work how you
+expected.
+
+Once you're happy it works OK, you can leave the `--authentication-token-webhook-version=v1`
+option set across your control plane.
+
+The **v1.25** release that's planned for next year will stop serving beta versions of
+several Kubernetes APIs that are stable right now and have been for some time.
+The same v1.25 release will **remove** PodSecurityPolicy, which is deprecated and won't
+graduate to stable. See
+[PodSecurityPolicy Deprecation: Past, Present, and Future](/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/)
+for more information.
+
+The official [list of API removals](/docs/reference/using-api/deprecation-guide/#v1-25)
+planned for Kubernetes 1.25 is:
+
+* The beta `CronJob` API (**batch/v1beta1**)
+* The beta `EndpointSlice` API (**networking.k8s.io/v1beta1**)
+* The beta `PodDisruptionBudget` API (**policy/v1beta1**)
+* The beta `PodSecurityPolicy` API (**policy/v1beta1**)
+
+## Want to know more?
+
+Deprecations are announced in the Kubernetes release notes. You can see the announcements
+of pending deprecations in the release notes for
+[1.19](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.19.md#deprecations),
+[1.20](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#deprecation),
+and [1.21](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.21.md#deprecation).
+
+For information on the process of deprecation and removal, check out the official Kubernetes
+[deprecation policy](/docs/reference/using-api/deprecation-policy/#deprecating-parts-of-the-api)
+document.
diff --git a/content/en/blog/_posts/2021-07-15-SIG-Usability-Spotlight.md b/content/en/blog/_posts/2021-07-15-SIG-Usability-Spotlight.md
new file mode 100644
index 0000000000..43488fc11f
--- /dev/null
+++ b/content/en/blog/_posts/2021-07-15-SIG-Usability-Spotlight.md
@@ -0,0 +1,65 @@
+---
+layout: blog
+title: "Spotlight on SIG Usability"
+date: 2021-07-15
+slug: sig-usability-spotlight-2021
+---
+
+**Author:** Kunal Kushwaha, Civo
+
+## Introduction
+
+Are you interested in learning about what [SIG Usability](https://github.com/kubernetes/community/tree/master/sig-usability) does and how you can get involved? Well, you're at the right place. SIG Usability is all about making Kubernetes more accessible to new folks, and its main activity is conducting user research for the community. In this blog, we have summarized our conversation with [Gaby Moreno](https://twitter.com/morengab), who walks us through the various aspects of being a part of the SIG and shares some insights about how others can get involved.
+
+Gaby is a co-lead for SIG Usability. She works as a Product Designer at IBM and enjoys working on the user experience of open, hybrid cloud technologies like Kubernetes, OpenShift, Terraform, and Cloud Foundry.
+
+## A summary of our conversation
+
+### Q. Could you tell us a little about what SIG Usability does?
+
+A. SIG Usability at a high level started because there was no dedicated user experience team for Kubernetes. The extent of SIG Usability is focussed on the end-client ease of use of the Kubernetes project. The main activity is user research for the community, which includes speaking to Kubernetes users.
+
+This covers points like user experience and accessibility. The objectives of the SIG are to guarantee that the Kubernetes project is maximally usable by people of a wide range of foundations and capacities, such as incorporating internationalization and ensuring the openness of documentation.
+
+### Q. Why should new and existing contributors consider joining SIG Usability?
+
+A. There are plenty of territories where new contributors can begin. For example:
+- User research projects, where people can help understand the usability of the end-user experiences, including error messages, end-to-end tasks, etc.
+- Accessibility guidelines for Kubernetes community artifacts, examples include: internationalization of documentation, color choices for people with color blindness, ensuring compatibility with screen reader technology, user interface design for core components with user interfaces, and more.
+
+### Q. What do you do to help new contributors get started?
+
+A. New contributors can get started by shadowing one of the user interviews, going through user interview transcripts, analyzing them, and designing surveys.
+
+SIG Usability is also open to new project ideas. If you have an idea, we’ll do what we can to support it. There are regular SIG Meetings where people can ask their questions live. These meetings are also recorded for those who may not be able to attend. As always, you can reach out to us on Slack as well.
+
+### Q. What does the survey include?
+
+A. In simple terms, the survey gathers information about how people use Kubernetes, such as trends in learning to deploy a new system, error messages they receive, and workflows.
+
+One of our goals is to standardize the responses accordingly. The ultimate goal is to analyze survey responses for important user stories whose needs aren't being met.
+
+### Q. Are there any particular skills you’d like to recruit for? What skills are contributors to SIG Usability likely to learn?
+
+A. Although contributing to SIG Usability does not have any pre-requisites as such, experience with user research, qualitative research, or prior experience with how to conduct an interview would be great plus points. Quantitative research, like survey design and screening, is also helpful and something that we expect contributors to learn.
+
+### Q. What are you getting positive feedback on, and what’s coming up next for SIG Usability?
+
+A. We have had new members joining and coming to monthly meetings regularly and showing interests in becoming a contributor and helping the community. We have also had a lot of people reach out to us via Slack showcasing their interest in the SIG.
+
+Currently, we are focused on finishing the study mentioned in our [talk](https://www.youtube.com/watch?v=Byn0N_ZstE0), also our project for this year. We are always happy to have new contributors join us.
+
+### Q: Any closing thoughts/resources you’d like to share?
+
+A. We love meeting new contributors and assisting them in investigating different Kubernetes project spaces. We will work with and team up with other SIGs to facilitate engaging with end-users, running studies, and help them integrate accessible design practices into their development practices.
+
+Here are some resources for you to get started:
+- [GitHub](https://github.com/kubernetes/community/tree/master/sig-usability)
+- [Mailing list](https://groups.google.com/g/kubernetes-sig-usability)
+- [Open Community Issues/PRs](https://github.com/kubernetes/community/labels/sig%2Fusability)
+- [Slack](https://slack.k8s.io/)
+- [Slack channel #sig-usability](https://kubernetes.slack.com/archives/CLC5EF63T)
+
+## Wrap Up
+
+SIG Usability hosted a [KubeCon talk](https://www.youtube.com/watch?v=Byn0N_ZstE0) about studying Kubernetes users' experiences. The talk focuses on updates to the user study projects, understanding who is using Kubernetes, what they are trying to achieve, how the project is addressing their needs, and where we need to improve the project and the client experience. Join the SIG's update to find out about the most recent research results, what the plans are for the forthcoming year, and how to get involved in the upstream usability team as a contributor!
diff --git a/content/en/blog/_posts/2021-07-20-Kubernetes-Release-Cadence/index.md b/content/en/blog/_posts/2021-07-20-Kubernetes-Release-Cadence/index.md
new file mode 100644
index 0000000000..444b99a934
--- /dev/null
+++ b/content/en/blog/_posts/2021-07-20-Kubernetes-Release-Cadence/index.md
@@ -0,0 +1,83 @@
+---
+layout: blog
+title: "Kubernetes Release Cadence Change: Here’s What You Need To Know"
+date: 2021-07-20
+slug: new-kubernetes-release-cadence
+---
+
+**Authors**: Celeste Horgan, Adolfo García Veytia, James Laverack, Jeremy Rickard
+
+On April 23, 2021, the Release Team merged a Kubernetes Enhancement Proposal (KEP) changing the Kubernetes release cycle from four releases a year (once a quarter) to three releases a year.
+
+This blog post provides a high level overview about what this means for the Kubernetes community's contributors and maintainers.
+
+## What's changing and when
+
+Starting with the [Kubernetes 1.22 release](https://github.com/kubernetes/sig-release/tree/master/releases/release-1.22), a lightweight policy will drive the creation of each release schedule. This policy states:
+
+* The first Kubernetes release of a calendar year should start at the second or third
+ week of January to provide people more time for contributors coming back from the
+ end of year holidays.
+* The last Kubernetes release of a calendar year should be finished by the middle of
+ December.
+* A Kubernetes release cycle has a length of approximately 15 weeks.
+* The week of KubeCon + CloudNativeCon is not considered a 'working week' for SIG Release. The Release Team will not hold meetings or make decisions in this period.
+* An explicit SIG Release break of at least two weeks between each cycle will
+ be enforced.
+
+As a result, Kubernetes will follow a three releases per year cadence. Kubernetes 1.23 will be the final release of the 2021 calendar year. This new policy results in a very predictable release schedule, allowing us to forecast upcoming release dates:
+
+
+*Proposed Kubernetes Release Schedule for the remainder of 2021*
+
+| Week Number in Year | Release Number | Release Week | Note |
+| -------- | -------- | -------- | -------- |
+| 35 | 1.23 | 1 (August 23) | |
+| 50 | 1.23 | 16 (December 07) | KubeCon + CloudNativeCon NA Break (Oct 11-15) |
+
+*Proposed Kubernetes Release Schedule for 2022*
+
+| Week Number in Year | Release Number | Release Week | Note |
+| -------- | -------- | -------- | -------- |
+| 1 | 1.24 | 1 (January 03) | |
+| 15 | 1.24 | 15 (April 12) | |
+| 17 | 1.25 | 1 (April 26) | KubeCon + CloudNativeCon EU likely to occur |
+| 32 | 1.25 | 15 (August 09) | |
+| 34 | 1.26 | 1 (August 22 | KubeCon + CloudNativeCon NA likely to occur |
+| 49 | 1.26 | 14 (December 06) |
+
+These proposed dates reflect only the start and end dates, and they are subject to change. The Release Team will select dates for enhancement freeze, code freeze, and other milestones at the start of each release. For more information on these milestones, please refer to the [release phases](https://www.k8s.dev/resources/release/#phases) documentation. Feedback from prior releases will feed into this process.
+
+## What this means for end users
+
+The major change end users will experience is a slower release cadence and a slower rate of enhancement graduation. Kubernetes release artifacts, release notes, and all other aspects of any given release will stay the same.
+
+Prior to this change an enhancement could graduate from alpha to stable in 9 months. With the change in cadence, this will stretch to 12 months. Additionally, graduation of features over the last few releases has in some part been driven by release team activities.
+
+With fewer releases, users can expect to see the rate of feature graduation slow. Users can also expect releases to contain a larger number of enhancements that they need to be aware of during upgrades. However, with fewer releases to consume per year, it's intended that end user organizations will spend less time on upgrades and gain more time on supporting their Kubernetes clusters. It also means that Kubernetes releases are in support for a slightly longer period of time, so bug fixes and security patches will be available for releases for a longer period of time.
+
+
+## What this means for Kubernetes contributors
+
+With a lower release cadence, contributors have more time for project enhancements, feature development, planning, and testing. A slower release cadence also provides more room for maintaining their mental health, preparing for events like KubeCon + CloudNativeCon or work on downstream integrations.
+
+
+## Why we decided to change the release cadence
+
+The Kubernetes 1.19 cycle was far longer than usual. SIG Release extended it to lessen the burden on both Kubernetes contributors and end users due the COVID-19 pandemic. Following this extended release, the Kubernetes 1.20 release became the third, and final, release for 2020.
+
+As the Kubernetes project matures, the number of enhancements per cycle grows, along with the burden on contributors, the Release Engineering team. Downstream consumers and integrators also face increased challenges keeping up with [ever more feature-packed releases](https://kubernetes.io/blog/2021/04/08/kubernetes-1-21-release-announcement/). A wider project adoption means the complexity of supporting a rapidly evolving platform affects a bigger downstream chain of consumers.
+
+Changing the release cadence from four to three releases per year balances a variety of factors for stakeholders: while it's not strictly an LTS policy, consumers and integrators will get longer support terms for each minor version as the extended release cycles lead to the [previous three releases being supported](https://kubernetes.io/blog/2020/08/31/kubernetes-1-19-feature-one-year-support/) for a longer period. Contributors get more time to [mature enhancements](https://www.cncf.io/blog/2021/04/12/enhancing-the-kubernetes-enhancements-process/) and [get them ready for production](https://github.com/kubernetes/community/blob/master/sig-architecture/production-readiness.md).
+
+Finally, the management overhead for SIG Release and the Release Engineering team diminishes allowing the team to spend more time on improving the quality of the software releases and the tooling that drives them.
+
+## How you can help
+
+Join the [discussion](https://github.com/kubernetes/sig-release/discussions/1566) about communicating future release dates and be sure to be on the lookout for post release surveys.
+
+## Where you can find out more
+
+- Read the KEP [here](https://github.com/kubernetes/enhancements/tree/master/keps/sig-release/2572-release-cadence)
+- Join the [kubernetes-dev](https://groups.google.com/g/kubernetes-dev) mailing list
+- Join [Kubernetes Slack](https://slack.k8s.io) and follow the #announcements channel
diff --git a/content/en/blog/_posts/2021-07-26-update-with-ingress-nginx.md b/content/en/blog/_posts/2021-07-26-update-with-ingress-nginx.md
new file mode 100644
index 0000000000..761b0b0575
--- /dev/null
+++ b/content/en/blog/_posts/2021-07-26-update-with-ingress-nginx.md
@@ -0,0 +1,71 @@
+---
+layout: blog
+title: 'Updating NGINX-Ingress to use the stable Ingress API'
+date: 2021-07-26
+slug: update-with-ingress-nginx
+---
+
+**Authors:** James Strong, Ricardo Katz
+
+With all Kubernetes APIs, there is a process to creating, maintaining, and
+ultimately deprecating them once they become GA. The networking.k8s.io API group is no
+different. The upcoming Kubernetes 1.22 release will remove several deprecated APIs
+that are relevant to networking:
+
+- the `networking.k8s.io/v1beta1` API version of [IngressClass](/docs/concepts/services-networking/ingress/#ingress-class)
+- all beta versions of [Ingress](/docs/concepts/services-networking/ingress/): `extensions/v1beta1` and `networking.k8s.io/v1beta1`
+
+On a v1.22 Kubernetes cluster, you'll be able to access Ingress and IngressClass
+objects through the stable (v1) APIs, but access via their beta APIs won't be possible.
+This change has been in
+in discussion since
+[2017](https://github.com/kubernetes/kubernetes/issues/43214),
+[2019](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) with
+1.16 Kubernetes API deprecations, and most recently in
+KEP-1453:
+[Graduate Ingress API to GA](https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/1453-ingress-api#122).
+
+During community meetings, the networking Special Interest Group has decided to continue
+supporting Kubernetes versions older than 1.22 with Ingress-NGINX version 0.47.0.
+Support for Ingress-NGINX will continue for six months after Kubernetes 1.22
+is released. Any additional bug fixes and CVEs for Ingress-NGINX will be
+addressed on a need-by-need basis.
+
+Ingress-NGINX will have separate branches and releases of Ingress-NGINX to
+support this model, mirroring the Kubernetes project process. Future
+releases of the Ingress-NGINX project will track and support the latest
+versions of Kubernetes.
+
+{{< table caption="Ingress NGINX supported version with Kubernetes Versions" >}}
+Kubernetes version | Ingress-NGINX version | Notes
+:-------------------|:----------------------|:------------
+v1.22 | v1.0.0-alpha.2 | New features, plus bug fixes.
+v1.21 | v0.47.x | Bugfixes only, and just for security issues or crashes. No end-of-support date announced.
+v1.20 | v0.47.x | Bugfixes only, and just for security issues or crashes. No end-of-support date announced.
+v1.19 | v0.47.x | Bugfixes only, and just for security issues or crashes. Fixes only provided until 6 months after Kubernetes v1.22.0 is released.
+{{< /table >}}
+
+Because of the updates in Kubernetes 1.22, **v0.47.0** will not work with
+Kubernetes 1.22.
+
+# What you need to do
+
+The team is currently in the process of upgrading ingress-nginx to support
+the v1 migration, you can track the progress
+[here](https://github.com/kubernetes/ingress-nginx/pull/7156).
+We're not making feature improvements to `ingress-nginx` until after the support for
+Ingress v1 is complete.
+
+In the meantime to ensure no compatibility issues:
+
+* Update to the latest version of Ingress-NGINX; currently
+ [v0.47.0](https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v0.47.0)
+* After Kubernetes 1.22 is released, ensure you are using the latest version of
+ Ingress-NGINX that supports the stable APIs for Ingress and IngressClass.
+* Test Ingress-NGINX version v1.0.0-alpha.2 with Cluster versions >= 1.19
+ and report any issues to the projects Github page.
+
+The community’s feedback and support in this effort is welcome. The
+Ingress-NGINX Sub-project regularly holds community meetings where we discuss
+this and other issues facing the project. For more information on the sub-project,
+please see [SIG Network](https://github.com/kubernetes/community/tree/master/sig-network).
diff --git a/content/en/blog/_posts/2021-07-29-kubernetes-1-21-release-interview.md b/content/en/blog/_posts/2021-07-29-kubernetes-1-21-release-interview.md
new file mode 100644
index 0000000000..25de412b81
--- /dev/null
+++ b/content/en/blog/_posts/2021-07-29-kubernetes-1-21-release-interview.md
@@ -0,0 +1,231 @@
+---
+layout: blog
+title: "Roorkee robots, releases and racing: the Kubernetes 1.21 release interview"
+date: 2021-07-29
+---
+
+**Author**: Craig Box (Google)
+
+With Kubernetes 1.22 due out next week, now is a great time to look back on 1.21. The release team for that version was led by [Nabarun Pal](https://twitter.com/theonlynabarun) from VMware.
+
+Back in April I [interviewed Nabarun](https://kubernetespodcast.com/episode/146-kubernetes-1.21/) on the weekly [Kubernetes Podcast from Google](https://kubernetespodcast.com/); the latest in a series of release lead conversations that started back with 1.11, not long after the show started back in 2018.
+
+In these interviews we learn a little about the release, but also about the process behind it, and the story behind the person chosen to lead it. Getting to know a community member is my favourite part of the show each week, and so I encourage you to [subscribe wherever you get your podcasts](https://kubernetespodcast.com/subscribe/). With a release coming next week, you can probably guess what our next topic will be!
+
+*This transcript has been edited and condensed for clarity.*
+
+---
+
+**CRAIG BOX: You have a Bachelor of Technology in Metallurgical and Materials Engineering. How are we doing at turning lead into gold?**
+
+NABARUN PAL: Well, last I checked, we have yet to find the philosopher's stone!
+
+**CRAIG BOX: One of the more important parts of the process?**
+
+NABARUN PAL: We're not doing that well in terms of getting alchemists up and running. There is some improvement in nuclear technology, where you can turn lead into gold, but I would guess buying gold would be much more efficient.
+
+**CRAIG BOX: Or Bitcoin? It depends what you want to do with the gold.**
+
+NABARUN PAL: Yeah, seeing the increasing prices of Bitcoin, you'd probably prefer to bet on that. But, don't take this as a suggestion. I'm not a registered investment advisor, and I don't give investment advice!
+
+**CRAIG BOX: But you are, of course, a trained materials engineer. How did you get into that line of education?**
+
+NABARUN PAL: We had a graded and equated exam structure, where you sit a single exam, and then based on your performance in that exam, you can try any of the universities which take those scores into account. I went to the Indian Institute of Technology, Roorkee.
+
+Materials engineering interested me a lot. I had a passion for computer science since childhood, but I also liked material science, so I wanted to explore that field. I did a lot of exploration around material science and metallurgy in my freshman and sophomore years, but then computing, since it was a passion, crept into the picture.
+
+**CRAIG BOX: Let's dig in there a little bit. What did computing look like during your childhood?**
+
+NABARUN PAL: It was a very interesting journey. I started exploring computers back when I was seven or eight. For my first programming language, if you call it a programming language, I explored LOGO.
+
+You have a turtle on the screen, and you issue commands to it, like move forward or rotate or pen up or pen down. You basically draw geometric figures. I could visually see how I could draw a square and how I could draw a triangle. It was an interesting journey after that. I learned BASIC, then went to some amount of HTML, JavaScript.
+
+**CRAIG BOX: It's interesting to me because Logo and BASIC were probably my first two programming languages, but I think there was probably quite a gap in terms of when HTML became a thing after those two! Did your love of computing always lead you down the path towards programming, or were you interested as a child in using computers for games or application software? What led you specifically into programming?**
+
+NABARUN PAL: Programming came in late. Not just in computing, but in life, I'm curious with things. When my parents got me my first computer, I was curious. I was like, "how does this operating system work?" What even is running it? Using a television and using a computer is a different experience, but usability is kind of the same thing. The HCI device for a television is a remote, whereas with a computer, I had a keyboard and a mouse. I used to tinker with the box and reinstall operating systems.
+
+We used to get magazines back then. They used to bundle OpenSuse or Debian, and I used to install them. It was an interesting experience, 15 years back, how Linux used to be. I have been a tinkerer all around, and that's what eventually led me to programming.
+
+**CRAIG BOX: With an interest in both the physical and ethereal aspects of technology, you did a lot of robotics challenges during university. That's something that I am not surprised to hear from someone who has a background in Logo, to be honest. There's Mindstorms, and a lot of other technology that is based around robotics that a lot of LOGO people got into. How was that something that came about for you?**
+
+NABARUN PAL: When I joined my university, apart from studying materials, one of the things they used to really encourage was to get involved in a lot of extracurricular activities. One which interested me was robotics. I joined [my college robotics team](https://github.com/marsiitr) and participated in a lot of challenges.
+
+Predominantly, we used to participate in this competition called [ABU Robocon](https://en.wikipedia.org/wiki/ABU_Robocon), which is an event conducted by the Asia-Pacific Broadcasting Union. What they used to do was, every year, one of the participating countries in the contest would provide a problem statement. For example, one year, they asked us to build a badminton-playing robot. They asked us to build a rugby playing robot or a Frisbee thrower, and there are some interesting problem statements around the challenge: you can't do this. You can't do that. Weight has to be like this. Dimensions have to be like that.
+
+I got involved in that, and most of my time at university, I used to spend there. Material science became kind of a backburner for me, and my hobby became my full time thing.
+
+**CRAIG BOX: And you were not only involved there in terms of the project and contributions to it, but you got involved as a secretary of the team, effectively, doing a lot of the organization, which is a thread that will come up as we speak about Kubernetes.**
+
+NABARUN PAL: Over the course of time, when I gained more knowledge into how the team works, it became very natural that I graduated up the ladder and then managed juniors. I became the joint secretary of the robotics club in our college. This was more of a broad, engaging role in evangelizing robotics at the university, to promote events, to help students to see the value in learning robotics - what you gain out of that mechanically or electronically, or how do you develop your logic by programming robots.
+
+**CRAIG BOX: Your first job after graduation was working at a company called Algoshelf, but you were also an intern there while you were at school?**
+
+NABARUN PAL: Algoshelf was known as Rorodata when I joined them as an intern. This was also an interesting opportunity for me in the sense that I was always interested in writing programs which people would use. One of the things that I did there was build an open source Function as a Service framework, if I may call it that - it was mostly turning Python functions into web servers without even writing any code. The interesting bit there was that it was targeted toward data scientists, and not towards programmers. We had to understand the pain of data scientists, that they had to learn a lot of programming in order to even deploy their machine learning models, and we wanted to solve that problem.
+
+They offered me a job after my internship, and I kept on working for them after I graduated from university. There, I got introduced to Kubernetes, so we pivoted into a product structure where the very same thing I told you, the Functions as a Service thing, could be deployed in Kubernetes. I was exploring Kubernetes to use it as a scalable platform. Instead of managing pets, we wanted to manage cattle, as in, we wanted to have a very highly distributed architecture.
+
+**CRAIG BOX: Not actual cattle. I've been to India. There are a lot of cows around.**
+
+NABARUN PAL: Yeah, not actual cattle. That is a bit tough.
+
+**CRAIG BOX: When Algoshelf we're looking at picking up Kubernetes, what was the evaluation process like? Were you looking at other tools at the time? Or had enough time passed that Kubernetes was clearly the platform that everyone was going to use?**
+
+NABARUN PAL: Algoshelf was a natural evolution. Before Kubernetes, we used to deploy everything on a single big AWS server, using systemd. Everything was a systemd service, and everything was deployed using Fabric. Fabric is a Python package which essentially is like Ansible, but much leaner, as it does not have all the shims and things that Ansible has.
+
+Then we asked "what if we need to scale out to different machines?" Kubernetes was in the hype. We hopped onto the hype train to see whether Kubernetes was worth it for us. And that's where my journey started, exploring the ecosystem, exploring the community. How can we improve the community in essence?
+
+**CRAIG BOX: A couple of times now you've mentioned as you've grown in a role, becoming part of the organization and the arranging of the group. You've talked about working in Python. You had submitted some talks to Pycon India. And I understand you're now a tech lead for that conference. What does the tech community look like in India and how do you describe your involvement in it?**
+
+NABARUN PAL: My involvement with the community began when I was at university. When I was working as an intern at Algoshelf, I was introduced to this-- I never knew about PyCon India, or tech conferences in general.
+
+The person that I was working with just asked me, like hey, did you submit a talk to PyCon India? It's very useful, the library that we were making. So I [submitted a talk](https://www.nabarun.in/talk/2017/pyconindia/#1) to PyCon India in 2017. Eventually the talk got selected. That was not my first speaking opportunity, it was my second. I also spoke at PyData Delhi on a similar thing that I worked on in my internship.
+
+It has been a journey since then. I talked about the same thing at FOSSASIA Summit in Singapore, and got really involved with the Python community because it was what I used to work on back then.
+
+After giving all those talks at conferences, I got also introduced to this amazing group called [dgplug](https://dgplug.org/), which is an acronym for the Durgapur Linux Users Group. It is a group started in-- I don't remember the exact year, but it was around 12 to 13 years back, by someone called Kushal Das, with the ideology of [training students into being better open source contributors](https://foss.training/).
+
+I liked the idea and got involved with in teaching last year. It is not limited to students. Professionals can also join in. It's about making anyone better at upstream contributions, making things sustainable. I started training people on Vim, on how to use text editors. so they are more efficient and productive. In general life, text editors are a really good tool.
+
+The other thing was the shell. How do you navigate around the Linux shell and command line? That has been a fun experience.
+
+**CRAIG BOX: It's very interesting to think about that, because my own involvement with a Linux User Group was probably around the year 2000. And back then we were teaching people how to install things-- Linux on CD was kinda new at that point in time. There was a lot more of, what is this new thing and how do we get involved? When the internet took off around that time, all of that stuff moved online - you no longer needed to go meet a group of people in a room to talk about Linux. And I haven't really given much thought to the concept of a LUG since then, but it's great to see it having turned into something that's now about contributing, rather than just about how you get things going for yourself.**
+
+NABARUN PAL: Exactly. So as I mentioned earlier, my journey into Linux was installing SUSE from DVDs that came bundled with magazines. Back then it was a pain installing things because you did not get any instructions. There has certainly been a paradigm shift now. People are more open to reading instructions online, downloading ISOs, and then just installing them. So we really don't need to do that as part of LUGs.
+
+We have shifted more towards enabling people to contribute to whichever project that they use. For example, if you're using Fedora, contribute to Fedora; make things better. It's just about giving back to the community in any way possible.
+
+**CRAIG BOX: You're also involved in the [Kubernetes Bangalore meetup group](https://www.meetup.com/Bangalore-Kubernetes-Meetup/). Does that group have a similar mentality?**
+
+NABARUN PAL: The Kubernetes Bangalore meetup group is essentially focused towards spreading the knowledge of Kubernetes and the aligned products in the ecosystem, whatever there is in the Cloud Native Landscape, in various ways. For example, to evangelize about using them in your company or how people use them in existing ways.
+
+So a few months back in February, we did something like a [Kubernetes contributor workshop](https://www.youtube.com/watch?v=FgsXbHBRYIc). It was one of its kind in India. It was the first one if I recall correctly. We got a lot of traction and community members interested in contributing to Kubernetes and a lot of other projects. And this is becoming a really valuable thing.
+
+I'm not much involved in the organization of the group. There are really great people already organizing it. I keep on being around and attending the meetups and trying to answer any questions if people have any.
+
+**CRAIG BOX: One way that it is possible to contribute to the Kubernetes ecosystem is through the release process. You've [written a blog](https://blog.naba.run/posts/release-enhancements-journey/) which talks about your journey through that. It started in Kubernetes 1.17, where you took a shadow role for that release. Tell me about what it was like to first take that plunge.**
+
+NABARUN PAL: Taking the plunge was a big step, I would say. It should not have been that way. After getting into the team, I saw that it is really encouraged that you should just apply to the team - but then write truthfully about yourself. What do you want? Write your passionate goal, why you want to be in the team.
+
+So even right now the shadow applications are open for the next release. I wanted to give that a small shoutout. If you want to contribute to the Kubernetes release team, please do apply. The form is pretty simple. You just need to say why do you want to contribute to the release team.
+
+**CRAIG BOX: What was your answer to that question?**
+
+NABARUN PAL: It was a bit tricky. I have this philosophy of contributing to projects that I use in my day-to-day life. I use a lot of open source projects daily, and I started contributing to Kubernetes primarily because I was using the Kubernetes Python client. That was one of my first contributions.
+
+When I was contributing to that, I explored the release team and it interested me a lot, particularly how interesting and varied the mechanics of releasing Kubernetes are. For most software projects, it's usually whenever you decide that you have made meaningful progress in terms of features, you release it. But Kubernetes is not like that. We follow a regular release cadence. And all those aspects really interested me. I actually applied for the first time in Kubernetes 1.16, but got rejected.
+
+But I still applied to Kubernetes 1.17, and I got into the enhancements team. That team was led by [MrBobbyTables, Bob Killen](https://kubernetespodcast.com/episode/126-research-steering-honking/), back then, and [Jeremy Rickard](https://kubernetespodcast.com/episode/131-kubernetes-1.20/) was one of my co-shadows in the team. I shadowed enhancements again. Then I lead enhancements in 1.19. I then shadowed the lead in 1.20 and eventually led the 1.21 team. That's what my journey has been.
+
+My suggestion to people is don't be afraid of failure. Even if you don't get selected, it's perfectly fine. You can still contribute to the release team. Just hop on the release calls, raise your hand, and introduce yourself.
+
+**CRAIG BOX: Between the 1.20 and 1.21 releases, you moved to work on the upstream contribution team at VMware. I've noticed that VMware is hiring a lot of great upstream contributors at the moment. Is this something that [Stephen Augustus](https://kubernetespodcast.com/episode/130-kubecon-na-2020/) had his fingerprints all over? Is there something in the water?**
+
+NABARUN PAL: A lot of people have fingerprints on this process. Stephen certainly had his fingerprints on it, I would say. We are expanding the team of upstream contributors primarily because the product that we are working for is based on Kubernetes. It helps us a lot in driving processes upstream and helping out the community as a whole, because everyone then gets enabled and benefits from what we contribute to the community.
+
+**CRAIG BOX: I understand that the Tanzu team is being built out in India at the moment, but I guess you probably haven't been able to meet them in person yet?**
+
+NABARUN PAL: Yes and no. I did not meet any of them after joining VMware, but I met a lot of my teammates, before I joined VMware, at KubeCons. For example, I met Nikhita, I met Dims, I met Stephen at KubeCon. I am yet to meet other members of the team and I'm really excited to catch up with them once everything comes out of lockdown and we go back to our normal lives.
+
+**CRAIG BOX: Yes, everyone that I speak to who has changed jobs in the pandemic says it's a very odd experience, just nothing really being different. And the same perhaps for people who are working on open source moving companies as well. They're doing the same thing, perhaps just for a different employer.**
+
+NABARUN PAL: As we say in the community, see you in another Slack in some time.
+
+**CRAIG BOX: We now turn to the recent release of Kubernetes 1.21. First of all, congratulations on that.**
+
+NABARUN PAL: Thank you.
+
+**CRAIG BOX: [The announcement](https://kubernetes.io/blog/2021/04/08/kubernetes-1-21-release-announcement/) says the release consists of 51 enhancements, 13 graduating to stable, 16 moving to beta, 20 entering alpha, and then two features that have been deprecated. How would you summarize this release?**
+
+NABARUN PAL: One of the big points for this release is that it is the largest release of all time.
+
+**CRAIG BOX: Really?**
+
+NABARUN PAL: Yep. 1.20 was the largest release back then, but 1.21 got more enhancements, primarily due to a lot of changes that we did to the process.
+
+In the 1.21 release cycle, we did a few things differently compared to other release cycles-- for example, in the enhancement process. An enhancement, in the Kubernetes context, is basically a feature proposal. You will hear the terminology [Kubernetes Enhancement Proposals](https://github.com/kubernetes/enhancements/blob/master/keps/README.md), or KEP, a lot in the community. An enhancement is a broad thing encapsulated in a specific document.
+
+**CRAIG BOX: I like to think of it as a thing that's worth having a heading in the release notes.**
+
+NABARUN PAL: Indeed. Until the 1.20 release cycle, what we used to do was-- the release team has a vertical called enhancements. The enhancements team members used to ping each of the enhancement issues and ask whether they want to be part of the release cycle or not. The authors would decide, or talk to their SIG, and then come back with the answer, as to whether they wanted to be part of the cycle.
+
+In this release, what we did was we eliminated that process and asked the SIGs proactively to discuss amongst themselves, what they wanted to pitch in for this release cycle. What set of features did they want to graduate this release? They may introduce things in alpha, graduate things to beta or stable, or they may also deprecate features.
+
+What this did was promote a lot of async processes, and at the same time, give power back to the community. The community decides what they want in the release and then comes back collectively. It also reduces a lot of stress on the release team who previously had to ask people consistently what they wanted to pitch in for the release. You now have a deadline. You discuss amongst your SIG what your roadmap is and what it looks like for the near future. Maybe this release, and the next two. And you put all of those answers into a Google spreadsheet. Spreadsheets are still a thing.
+
+**CRAIG BOX: The Kubernetes ecosystem runs entirely on Google Spreadsheets.**
+
+NABARUN PAL: It does, and a lot of Google Docs for meeting notes! We did a lot of process improvements, which essentially led to a better release. This release cycle we had 13 enhancements graduating to stable, 16 which moved to beta, and 20 enhancements which were net new features into the ecosystem, and came in as alpha.
+
+Along with that are features set for deprecation. One of them was PodSecurityPolicy. That has been a point of discussion in the Kubernetes user base and we also published [a blog post about it](https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/). All credit to SIG Security who have been on top of things as to find a replacement for PodSecurityPolicy even before this release cycle ended, so that they could at least have a proposal of what will happen next.
+
+**CRAIG BOX: Let's talk about some old things and some new things. You mentioned PodSecurityPolicy there. That's a thing that's been around a long time and is being deprecated. Two things that have been around a long time and that are now being promoted to stable are CronJobs and PodDisruptionBudgets, both of which were introduced in Kubernetes 1.4, which came out in 2016. Why do you think it took so long for them both to go stable?**
+
+NABARUN PAL: I might not have a definitive answer to your question. One of the things that I feel is they might be already so good that nobody saw that they were beta features, and just kept on using them.
+
+One of the things that I noticed when reading for the CronJobs graduation from beta to stable was the new controller. Users might not see this, but there has been a drastic change in the CronJob controller v2. What it essentially does is goes from a poll-based method of checking what users have defined as CronJobs to a queue architecture, which is the modern method of defining controllers. That has been one of the really good improvements in the case of CronJobs. Instead of the controller working in O(N) time, you now have constant time complexity.
+
+**CRAIG BOX: A lot of these features that have been in beta for a long time, like you say, people have an expectation that they are complete. With PodSecurityPolicy, it's being deprecated, which is allowed because it's a feature that never made it out of beta. But how do you think people will react to it going away? And does that say something about the need for the process to make sure that features don't just languish in beta forever, which has been introduced recently?**
+
+NABARUN PAL: That's true. One of the driving factors, when contributors are thinking of graduating beta features has been the ["prevention of perma-beta" KEP](https://github.com/kubernetes/enhancements/blob/master/keps/sig-architecture/1635-prevent-permabeta/README.md). Back in 1.19 we [introduced this process](https://kubernetes.io/blog/2020/08/21/moving-forward-from-beta/) where each of the beta resources were marked for deprecation and removal in a certain time frame-- three releases for deprecation and another release for removal. That's also a motivating factor for eventually rethinking as to how beta resources work for us in the community. That is also very effective, I would say.
+
+**CRAIG BOX: Do remember that Gmail was in beta for eight years.**
+
+NABARUN PAL: I did not know that!
+
+**CRAIG BOX: Nothing in Kubernetes is quite that old yet, but we'll get there. Of the 20 new enhancements, do you have a favorite or any that you'd like to call out?**
+
+NABARUN PAL: There are two specific features in 1.21 that I'm really interested in, and are coming as net new features. One of them is the [persistent volume health monitor](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1432-volume-health-monitor), which gives the users the capability to actually see whether the backing volumes, which power persistent volumes in Kubernetes, are deleted or not. For example, the volumes may get deleted due to an inadvertent event, or they may get corrupted. That information is basically surfaced out as a field so that the user can leverage it in any way.
+
+The other feature is the proposal for [adding headers with the command name to kubectl requests](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/859-kubectl-headers). We have always set the user-agent information when doing those kind of requests, but the proposal is to add what command the user put in so that we can enable more telemetry, and cluster administrators can determine the usage patterns of how people are using the cluster. I'm really excited about these kind of features coming into play.
+
+**CRAIG BOX: You're the first release lead from the Asia-Pacific region, or more accurately, outside of the US and Europe. Most meetings in the Kubernetes ecosystem are traditionally in the window of overlap between the US and Europe, in the morning in California and the evening here in the UK. What's it been like to work outside of the time zones that the community had previously been operating in?**
+
+NABARUN PAL: It has been a fun and a challenging proposition, I would say. In the last two-ish years that I have been contributing to Kubernetes, the community has also transformed from a lot of early morning Pacific calls to more towards async processes. For example, we in the release team have transformed our processes so we don't do updates in the calls anymore. What we do is ask for updates ahead of time, and then in the call, we just discuss things which need to be discussed synchronously in the team.
+
+We leverage the meetings right now more for discussions. But we also don't come to decisions in those discussions, because if any stakeholder is not present on the call, it puts them at a disadvantage. We are trying to talk more on Slack, publicly, or talk on mailing lists. That's where most of the discussion should happen, and also to gain lazy consensus. What I mean by lazy consensus is come up with a pre-decision kind of thing, but then also invite feedback from the broader community about what people would like them to see about that specific thing being discussed. This is where we as a community are also transforming a lot, but there is a lot more headroom to grow.
+
+The release team also started to have EU/APAC burndown meetings. In addition to having one meeting focused towards the US and European time zones, we also do a meeting which is more suited towards European and Asia-Pacific time zones. One of the driving factors for those decisions was that the release team is seeing a lot of participation from a variety of time zones. To give you one metric, we had release team members this cycle from UTC+8 all through UTC-8 - 16 hours of span. It's really difficult to accommodate all of those zones in a single meeting. And it's not just those 16 hours of span - what about the other eight hours?
+
+**CRAIG BOX: Yeah, you're missing New Zealand. You could add another 5 hours of span right there.**
+
+NABARUN PAL: Exactly. So we will always miss people in meetings, and that's why we should also innovate more, have different kinds of meetings. But that also may not be very sustainable in the future. Will people attend duplicate meetings? Will people follow both of the meetings? More meetings is one of the solutions.
+
+The other solution is you have threaded discussions on some medium, be it Slack or be it a mailing list. Then, people can just pitch in whenever it is work time for them. Then, at the end of the day, a 24-hour rolling period, you digest it, and then push it out as meeting notes. That's what the Contributor Experience Special Interest Group is doing - shout-out to them for moving to that process. I may be wrong here, but I think once every two weeks, they do async updates on Slack. And that is a really nice thing to have, improving variety of geographies that people can contribute from.
+
+**CRAIG BOX: Once you've put everything together that you hope to be in your release, you create a release candidate build. How do you motivate people to test those?**
+
+NABARUN PAL: That's a very interesting question. It is difficult for us to motivate people into trying out these candidates. It's mostly people who are passionate about Kubernetes who try out the release candidates and see for themselves what the bugs are. I remember [Dims tweeting out a call](https://twitter.com/dims/status/1377272238420934656) that if somebody tries out the release candidate and finds a good bug or caveat, they could get a callout in the KubeCon keynote. That's one of the incentives - if you want to be called out in a KubeCon keynote, please try our release candidates.
+
+**CRAIG BOX: Or get a new pair of Kubernetes socks?**
+
+NABARUN PAL: We would love to give out goodies to people who try out our release candidates and find bugs. For example, if you want the brand new release team logo as a sticker, just hit me up. If you find a bug in a 1.22 release candidate, I would love to be able to send you some coupon codes for the store. Don't quote me on this, but do reach out.
+
+**CRAIG BOX: Now the release is out, is it time for you to put your feet up? What more things do you have to do, and how do you feel about the path ahead for yourself?**
+
+NABARUN PAL: I was discussing this with the team yesterday. Even after the release, we had kind of a water-cooler conversation. I just pasted in a Zoom link to all the release team members and said, hey, do you want to chat? One of the things that I realized that I'm really missing is the daily burndowns right now. I will be around in the release team and the SIG Release meetings, helping out the new lead in transitioning. And even my job, right now, is not over. I'm working with Taylor, who is the emeritus advisor for 1.21, on figuring out some of the mechanics for the next release cycle. I'm also documenting what all we did as part of the process and as part of the process changes, and making sure the next release cycle is up and running.
+
+**CRAIG BOX: We've done a lot of these release lead interviews now, and there's a question which we always like to ask, which is, what will you write down in the transition envelope? Savitha Raghunathan is the release lead for 1.22. What is the advice that you will pass on to her?**
+
+NABARUN PAL: Three words-- **Do, Delegate, and Defer**. Categorize things into those three buckets as to what you should do right away, what you need to defer, and things that you can delegate to your shadows or other release team members. That's one of the mantras that works really well when leading a team. It is not just in the context of the release team, but it's in the context of managing any team.
+
+The other bit is **over-communicate**. No amount of communication is enough. What I've realized is the community is always willing to help you. One of the big examples that I can give is the day before release was supposed to happen, we were seeing a lot of test failures, and then one of the community members had an idea-- why don't you just send an email? I was like, "that sounds good. We can send an email mentioning all the flakes and call out for help to the broader Kubernetes developer community." And eventually, once we sent out the email, lots of people came in to help us in de-flaking the tests and trying to find out the root cause as to why those tests were failing so often. Big shout out to Antonio and all the SIG Network folks who came to pitch in.
+
+No matter how many names I mention, it will never be enough. A lot of people, even outside the release team, have helped us a lot with this release. And that's where the release theme comes in - **Power to the Community**. I'm really stoked by how this community behaves and how people are willing to help you all the time. It's not about what they're telling you to do, but it's what they're also interested in, they're passionate about.
+
+**CRAIG BOX: One of the things you're passionate about is Formula One. Do you think Lewis Hamilton is going to take it away this year?**
+
+NABARUN PAL: It's a fair probability that Lewis will win the title this year as well.
+
+**CRAIG BOX: Which would take him to eight all time career wins. And thus-- [he's currently tied with Michael Schumacher](https://www.nytimes.com/2020/11/15/sports/autoracing/lewis-hamilton-schumacher-formula-one-record.html)-- would pull him ahead.**
+
+NABARUN PAL: Yes. Michael Schumacher was my first favorite F1 driver, I would say. It feels a bit heartbreaking to see someone break Michael's record.
+
+**CRAIG BOX: How do you feel about [Michael Schumacher's son joining the contest?](https://www.formula1.com/en/latest/article.breaking-mick-schumacher-to-race-for-haas-in-2021-as-famous-surname-returns.66XTVfSt80GrZe91lvWVwJ.html)**
+
+NABARUN PAL: I feel good. Mick Schumacher is in the fray right now. And I wish we could see him, in a few years, in a Ferrari. The Schumacher family back to Ferrari would be really great to see. But then, my fan favorite has always been McLaren, partly because I like the chemistry of Lando and Carlos over the last two years. It was heartbreaking to see Carlos go to Ferrari. But then we have Lando and Daniel Ricciardo in the team. They're also fun people.
+
+---
+
+_[Nabarun Pal](https://twitter.com/theonlynabarun) is on the Tanzu team at VMware and served as the Kubernetes 1.21 release team lead._
+
+_You can find the [Kubernetes Podcast from Google](http://www.kubernetespodcast.com/) at [@KubernetesPod](https://twitter.com/KubernetesPod) on Twitter, and you can [subscribe](https://kubernetespodcast.com/subscribe/) so you never miss an episode._
diff --git a/content/en/blog/_posts/2021-08-04-kubernetes-release-1.22.md b/content/en/blog/_posts/2021-08-04-kubernetes-release-1.22.md
new file mode 100644
index 0000000000..9a196f7fba
--- /dev/null
+++ b/content/en/blog/_posts/2021-08-04-kubernetes-release-1.22.md
@@ -0,0 +1,157 @@
+---
+layout: blog
+title: 'Kubernetes 1.22: Reaching New Peaks'
+date: 2021-08-04
+slug: kubernetes-1-22-release-announcement
+---
+
+**Authors:** [Kubernetes 1.22 Release Team](https://github.com/kubernetes/sig-release/blob/master/releases/release-1.22/release-team.md)
+
+We’re pleased to announce the release of Kubernetes 1.22, the second release of 2021!
+
+This release consists of 53 enhancements: 13 enhancements have graduated to stable, 24 enhancements are moving to beta, and 16 enhancements are entering alpha. Also, three features have been deprecated.
+
+In April of this year, the Kubernetes release cadence was officially changed from four to three releases yearly. This is the first longer-cycle release related to that change. As the Kubernetes project matures, the number of enhancements per cycle grows. This means more work, from version to version, for the contributor community and Release Engineering team, and it can put pressure on the end-user community to stay up-to-date with releases containing increasingly more features.
+
+Changing the release cadence from four to three releases yearly balances many aspects of the project, both in how contributions and releases are managed, and also in the community's ability to plan for upgrades and stay up to date.
+
+You can read more in the official blog post [Kubernetes Release Cadence Change: Here’s What You Need To Know](https://kubernetes.io/blog/2021/07/20/new-kubernetes-release-cadence/).
+
+
+## Major Themes
+
+### Server-side Apply graduates to GA
+
+[Server-side Apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/) is a new field ownership and object merge algorithm running on the Kubernetes API server. Server-side Apply helps users and controllers manage their resources via declarative configurations. It allows them to create and/or modify their objects declaratively, simply by sending their fully specified intent. After being in beta for a couple releases, Server-side Apply is now generally available.
+
+### External credential providers now stable
+
+Support for Kubernetes client [credential plugins](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins) has been in beta since 1.11, and with the release of Kubernetes 1.22 now graduates to stable. The GA feature set includes improved support for plugins that provide interactive login flows, as well as a number of bug fixes. Aspiring plugin authors can look at [sample-exec-plugin](https://github.com/ankeesler/sample-exec-plugin) to get started.
+
+### etcd moves to 3.5.0
+
+Kubernetes' default backend storage, etcd, has a new release: 3.5.0. The new release comes with improvements to the security, performance, monitoring, and developer experience. There are numerous bug fixes and some critical new features like the migration to structured logging and built-in log rotation. The release comes with a detailed future roadmap to implement a solution to traffic overload. You can read a full and detailed list of changes in the [3.5.0 release announcement](https://etcd.io/blog/2021/announcing-etcd-3.5/).
+
+### Quality of Service for memory resources
+
+Originally, Kubernetes used the v1 cgroups API. With that design, the QoS class for a `Pod` only applied to CPU resources (such as `cpu_shares`). As an alpha feature, Kubernetes v1.22 can now use the cgroups v2 API to control memory allocation and isolation. This feature is designed to improve workload and node availability when there is contention for memory resources, and to improve the predictability of container lifecycle.
+
+### Node system swap support
+
+Every system administrator or Kubernetes user has been in the same boat regarding setting up and using Kubernetes: disable swap space. With the release of Kubernetes 1.22, alpha support is available to run nodes with swap memory. This change lets administrators opt in to configuring swap on Linux nodes, treating a portion of block storage as additional virtual memory.
+
+### Windows enhancements and capabilities
+
+Continuing to support the growing developer community, SIG Windows has released their [Development Environment](https://github.com/kubernetes-sigs/sig-windows-dev-tools/). These new tools support multiple CNI providers and can run on multiple platforms. There is also a new way to run bleeding-edge Windows features from scratch by compiling the Windows kubelet and kube-proxy, then using them along with daily builds of other Kubernetes components.
+
+CSI support for Windows nodes moves to GA in the 1.22 release. In Kubernetes v1.22, Windows privileged containers are an alpha feature. To allow using CSI storage on Windows nodes, [CSIProxy](https://github.com/kubernetes-csi/csi-proxy) enables CSI node plugins to be deployed as unprivileged pods, using the proxy to perform privileged storage operations on the node.
+
+### Default profiles for seccomp
+
+An alpha feature for default seccomp profiles has been added to the kubelet, along with a new command line flag and configuration. When in use, this new feature provides cluster-wide seccomp defaults, using the `RuntimeDefault` seccomp profile rather than `Unconfined` by default. This enhances the default security of the Kubernetes Deployment. Security administrators will now sleep better knowing that workloads are more secure by default. To learn more about the feature, please refer to the official [seccomp tutorial](https://kubernetes.io/docs/tutorials/clusters/seccomp/#enable-the-use-of-runtimedefault-as-the-default-seccomp-profile-for-all-workloads).
+
+### More secure control plane with kubeadm
+
+A new alpha feature allows running the `kubeadm` control plane components as non-root users. This is a long requested security measure in `kubeadm`. To try it you must enable the `kubeadm` specific RootlessControlPlane feature gate. When you deploy a cluster using this alpha feature, your control plane runs with lower privileges.
+
+For `kubeadm`, Kubernetes 1.22 also brings a new [v1beta3 configuration API](/docs/reference/config-api/kubeadm-config.v1beta3/). This iteration adds some long requested features and deprecates some existing ones. The v1beta3 version is now the preferred API version; the v1beta2 API also remains available and is not yet deprecated.
+
+## Major Changes
+
+### Removal of several deprecated beta APIs
+
+A number of deprecated beta APIs have been removed in 1.22 in favor of the GA version of those same APIs. All existing objects can be interacted with via stable APIs. This removal includes beta versions of the `Ingress`, `IngressClass`, `Lease`, `APIService`, `ValidatingWebhookConfiguration`, `MutatingWebhookConfiguration`, `CustomResourceDefinition`, `TokenReview`, `SubjectAccessReview`, and `CertificateSigningRequest` APIs.
+
+For the full list, check out the [Deprecated API Migration Guide](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22) as well as the blog post [Kubernetes API and Feature Removals In 1.22: Here’s What You Need To Know](https://blog.k8s.io/2021/07/14/upcoming-changes-in-kubernetes-1-22/).
+
+### API changes and improvements for ephemeral containers
+
+The API used to create [Ephemeral Containers](https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/) changes in 1.22. The Ephemeral Containers feature is alpha and disabled by default, and the new API does not work with clients that attempt to use the old API.
+
+For stable features, the kubectl tool follows the Kubernetes [version skew policy](https://kubernetes.io/releases/version-skew-policy/); however, kubectl v1.21 and older do not support the new API for ephemeral containers. If you plan to use `kubectl debug` to create ephemeral containers, and your cluster is running Kubernetes v1.22, you cannot do so with kubectl v1.21 or earlier. Please update kubectl to 1.22 if you wish to use `kubectl debug` with a mix of cluster versions.
+
+## Other Updates
+
+### Graduated to Stable
+
+* [Bound Service Account Token Volumes](https://github.com/kubernetes/enhancements/issues/542)
+* [CSI Service Account Token](https://github.com/kubernetes/enhancements/issues/2047)
+* [Windows Support for CSI Plugins](https://github.com/kubernetes/enhancements/issues/1122)
+* [Warning mechanism for deprecated API use](https://github.com/kubernetes/enhancements/issues/1693)
+* [PodDisruptionBudget Eviction](https://github.com/kubernetes/enhancements/issues/85)
+
+### Notable Feature Updates
+
+* A new [PodSecurity admission](https://github.com/kubernetes/enhancements/issues/2579) alpha feature is introduced, intended as a replacement for PodSecurityPolicy
+* [The Memory Manager](https://github.com/kubernetes/enhancements/issues/1769) moves to beta
+* A new alpha feature to enable [API Server Tracing](https://github.com/kubernetes/enhancements/issues/647)
+* A new v1beta3 version of the [kubeadm configuration](https://github.com/kubernetes/enhancements/issues/970) format
+* [Generic data populators](https://github.com/kubernetes/enhancements/issues/1495) for PersistentVolumes are now available in alpha
+* The Kubernetes control plane will now always use the [CronJobs v2 controller](https://github.com/kubernetes/enhancements/issues/19)
+* As an alpha feature, all Kubernetes node components (including the kubelet, kube-proxy, and container runtime) can be [run as a non-root user](https://github.com/kubernetes/enhancements/issues/2033)
+
+# Release notes
+
+You can check out the full details of the 1.22 release in the [release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.22.md).
+
+# Availability of release
+
+Kubernetes 1.22 is [available for download](https://kubernetes.io/releases/download/) and also [on the GitHub project](https://github.com/kubernetes/kubernetes/releases/tag/v1.22.0).
+
+There are some great resources out there for getting started with Kubernetes. You can check out some [interactive tutorials](https://kubernetes.io/docs/tutorials/) on the main Kubernetes site, or run a local cluster on your machine using Docker containers with [kind](https://kind.sigs.k8s.io). If you’d like to try building a cluster from scratch, check out the [Kubernetes the Hard Way](https://github.com/kelseyhightower/kubernetes-the-hard-way) tutorial by Kelsey Hightower.
+
+# Release Team
+
+This release was made possible by a very dedicated group of individuals, who came together as a team to deliver technical content, documentation, code, and a host of other components that go into every Kubernetes release.
+
+A huge thank you to the release lead Savitha Raghunathan for leading us through a successful release cycle, and to everyone else on the release team for supporting each other, and working so hard to deliver the 1.22 release for the community.
+
+We would also like to take this opportunity to remember Peeyush Gupta, a member of our team that we lost earlier this year. Peeyush was actively involved in SIG ContribEx and the Kubernetes Release Team, most recently serving as the 1.22 Communications lead. His contributions and efforts will continue to reflect in the community he helped build. A [CNCF memorial](https://github.com/cncf/memorials/blob/main/peeyush-gupta.md) page has been created where thoughts and memories can be shared by the community.
+
+# Release Logo
+
+
+
+Amidst the ongoing pandemic, natural disasters, and ever-present shadow of burnout, the 1.22 release of Kubernetes includes 53 enhancements. This makes it the largest release to date. This accomplishment was only made possible due to the hard-working and passionate Release Team members and the amazing contributors of the Kubernetes ecosystem. The release logo is our reminder to keep reaching for new milestones and setting new records. And it is dedicated to all the Release Team members, hikers, and stargazers!
+
+The logo is designed by [Boris Zotkin](https://www.instagram.com/boris.z.man/). Boris is a Mac/Linux Administrator at the MathWorks. He enjoys simple things in life and loves spending time with his family. This tech-savvy individual is always up for a challenge and happy to help a friend!
+
+# User Highlights
+
+- In May, the CNCF welcomed 27 new organizations across the globe as members of the diverse cloud native ecosystem. These new [members](https://www.cncf.io/announcements/2021/05/05/27-new-members-join-the-cloud-native-computing-foundation/) will participate in CNCF events, including the upcoming [KubeCon + CloudNativeCon NA in Los Angeles](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/) from October 12 – 15, 2021.
+- The CNCF granted Spotify the [Top End User Award](https://www.cncf.io/announcements/2021/05/05/cloud-native-computing-foundation-grants-spotify-the-top-end-user-award/) during [KubeCon + CloudNativeCon EU – Virtual 2021](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/).
+
+# Project Velocity
+
+The [CNCF K8s DevStats project](https://k8s.devstats.cncf.io/) aggregates a number of interesting data points related to the velocity of Kubernetes and various sub-projects. This includes everything from individual contributions to the number of companies that are contributing, and is an illustration of the depth and breadth of effort that goes into evolving this ecosystem.
+
+In the v1.22 release cycle, which ran for 15 weeks (April 26 to August 4), we saw contributions from [1063 companies](https://k8s.devstats.cncf.io/d/9/companies-table?orgId=1&var-period_name=v1.21.0%20-%20now&var-metric=contributions) and [2054 individuals](https://k8s.devstats.cncf.io/d/66/developer-activity-counts-by-companies?orgId=1&var-period_name=v1.21.0%20-%20now&var-metric=contributions&var-repogroup_name=Kubernetes&var-country_name=All&var-companies=All).
+
+# Ecosystem Updates
+
+- [KubeCon + CloudNativeCon Europe 2021](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/) was held in May, the third such event to be virtual. All talks are [now available on-demand](https://www.youtube.com/playlist?list=PLj6h78yzYM2MqBm19mRz9SYLsw4kfQBrC) for anyone that would like to catch up!
+- [Spring Term LFX Program](https://www.cncf.io/blog/2021/07/13/spring-term-lfx-program-largest-graduating-class-with-28-successful-cncf-interns) had the largest graduating class with 28 successful CNCF interns!
+- CNCF launched [livestreaming on Twitch](https://www.cncf.io/blog/2021/06/03/cloud-native-community-goes-live-with-10-shows-on-twitch/) at the beginning of the year targeting definitive interactive media experience for anyone wanting to learn, grow, and collaborate with others in the Cloud Native community from anywhere in the world.
+
+# Event Updates
+
+- [KubeCon + CloudNativeCon North America 2021](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/) will take place in Los Angeles, October 12 – 15, 2021! You can find more information about the conference and registration on the event site.
+- [Kubernetes Community Days](https://community.cncf.io/kubernetes-community-days/about-kcd/) has upcoming events scheduled in Italy, the UK, and in Washington DC.
+
+# Upcoming release webinar
+
+Join members of the Kubernetes 1.22 release team on October 5, 2021 to learn about the major features of this release, as well as deprecations and removals to help plan for upgrades. For more information and registration, visit the [event page](https://community.cncf.io/events/details/cncf-cncf-online-programs-presents-cncf-live-webinar-kubernetes-122-release/) on the CNCF Online Programs site.
+
+# Get Involved
+
+If you’re interested in contributing to the Kubernetes community, Special Interest Groups (SIGs) are a great starting point. Many of them may align with your interests! If there are things you’d like to share with the community, you can join the weekly community meeting, or use any of the following channels:
+
+* Find out more about contributing to Kubernetes at the [Kubernetes Contributors](https://www.kubernetes.dev/) website.
+* Follow us on Twitter [@Kubernetesio](https://twitter.com/kubernetesio) for latest updates
+* Join the community discussion on [Discuss](https://discuss.kubernetes.io/)
+* Join the community on [Slack](http://slack.k8s.io/)
+* Share your Kubernetes [story](https://docs.google.com/a/linuxfoundation.org/forms/d/e/1FAIpQLScuI7Ye3VQHQTwBASrgkjQDSS5TP0g3AXfFhwSM9YpHgxRKFA/viewform)
+* Read more about what’s happening with Kubernetes on the [blog](https://kubernetes.io/blog/)
+* Learn more about the [Kubernetes Release Team](https://github.com/kubernetes/sig-release/tree/master/release-team)
+
+
diff --git a/content/en/blog/_posts/2021-08-06-server-side-apply-ga.md b/content/en/blog/_posts/2021-08-06-server-side-apply-ga.md
new file mode 100644
index 0000000000..eca57a561e
--- /dev/null
+++ b/content/en/blog/_posts/2021-08-06-server-side-apply-ga.md
@@ -0,0 +1,177 @@
+---
+layout: blog
+title: "Kubernetes 1.22: Server Side Apply moves to GA"
+date: 2021-08-06
+slug: server-side-apply-ga
+---
+
+**Authors:** Jeffrey Ying, Google & Joe Betz, Google
+
+Server-side Apply (SSA) has been promoted to GA in the Kubernetes v1.22 release. The GA milestone means you can depend on the feature and its API, without fear of future backwards-incompatible changes. GA features are protected by the Kubernetes [deprecation policy](/docs/reference/using-api/deprecation-policy/).
+
+## What is Server-side Apply?
+
+Server-side Apply helps users and controllers manage their resources through declarative configurations. Server-side Apply replaces the client side apply feature implemented by “kubectl apply” with a server-side implementation, permitting use by tools/clients other than kubectl. Server-side Apply is a new merging algorithm, as well as tracking of field ownership, running on the Kubernetes api-server. Server-side Apply enables new features like conflict detection, so the system knows when two actors are trying to edit the same field. Refer to the [Server-side Apply Documentation](/docs/reference/using-api/server-side-apply/) and [Beta 2 release announcement](https://kubernetes.io/blog/2020/04/01/kubernetes-1.18-feature-server-side-apply-beta-2/) for more information.
+
+## What’s new since Beta?
+
+Since the [Beta 2 release](https://kubernetes.io/blog/2020/04/01/kubernetes-1.18-feature-server-side-apply-beta-2/) subresources support has been added, and both client-go and Kubebuilder have added comprehensive support for Server-side Apply. This completes the Server-side Apply functionality required to make controller development practical.
+
+### Support for subresources
+
+Server-side Apply now fully supports subresources like `status` and `scale`. This is particularly important for [controllers](/docs/concepts/architecture/controller/), which are often responsible for writing to subresources.
+
+## Server-side Apply support in client-go
+
+Previously, Server-side Apply could only be called from the client-go typed client using the `Patch` function, with `PatchType` set to `ApplyPatchType`. Now, `Apply` functions are included in the client to allow for a more direct and typesafe way of calling Server-side Apply. Each `Apply` function takes an "apply configuration" type as an argument, which is a structured representation of an Apply request. For example:
+
+```go
+import (
+ ...
+ v1ac "k8s.io/client-go/applyconfigurations/autoscaling/v1"
+)
+
+hpaApplyConfig := v1ac.HorizontalPodAutoscaler(autoscalerName, ns).
+ WithSpec(v1ac.HorizontalPodAutoscalerSpec().
+ WithMinReplicas(0)
+ )
+
+return hpav1client.Apply(ctx, hpaApplyConfig, metav1.ApplyOptions{FieldManager: "mycontroller", Force: true})
+```
+
+Note in this example that `HorizontalPodAutoscaler` is imported from an "applyconfigurations" package. Each "apply configuration" type represents the same Kubernetes object kind as the corresponding go struct, but where all fields are pointers to make them optional, allowing apply requests to be accurately represented. For example, when the apply configuration in the above example is marshalled to YAML, it produces:
+
+```yaml
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+ name: myHPA
+ namespace: myNamespace
+spec:
+ minReplicas: 0
+```
+
+To understand why this is needed, the above YAML cannot be produced by the v1.HorizontalPodAutoscaler go struct. Take for example:
+
+```go
+hpa := v1.HorizontalPodAutoscaler{
+ TypeMeta: metav1.TypeMeta{
+ APIVersion: "autoscaling/v1",
+ Kind: "HorizontalPodAutoscaler",
+ },
+ ObjectMeta: ObjectMeta{
+ Namespace: ns,
+ Name: autoscalerName,
+ },
+ Spec: v1.HorizontalPodAutoscalerSpec{
+ MinReplicas: pointer.Int32Ptr(0),
+ },
+}
+```
+
+The above code attempts to declare the same apply configuration as shown in the previous examples, but when marshalled to YAML, produces:
+
+```yaml
+kind: HorizontalPodAutoscaler
+apiVersion: autoscaling/v1
+metadata
+ name: myHPA
+ namespace: myNamespace
+ creationTimestamp: null
+spec:
+ scaleTargetRef:
+ kind: ""
+ name: ""
+ minReplicas: 0
+ maxReplicas: 0
+```
+
+Which, among other things, contains `spec.maxReplicas` set to `0`. This is almost certainly not what the caller intended (the intended apply configuration says nothing about the `maxReplicas` field), and could have serious consequences on a production system: it directs the autoscaler to downscale to zero pods. The problem here originates from the fact that the go structs contain required fields that are zero valued if not set explicitly. The go structs work as intended for create and update operations, but are fundamentally incompatible with apply, which is why we have introduced the generated "apply configuration" types.
+
+The "apply configurations" also have convenience `With` functions that make it easier to build apply requests. This allows developers to set fields without having to deal with the fact that all the fields in the "apply configuration" types are pointers, and are inconvenient to set using go. For example `MinReplicas: &0` is not legal go code, so without the `With` functions, developers would work around this problem by using a library, e.g. `MinReplicas: pointer.Int32Ptr(0)`, but string enumerations like `corev1.Protocol` are still a problem since they cannot be supported by a general purpose library. In addition to the convenience, the `With` functions also isolate developers from the underlying representation, which makes it safer for the underlying representation to be changed to support additional features in the future.
+
+## Using Server-side Apply in a controller
+
+You can use the new support for Server-side Apply no matter how you implemented your controller. However, the new client-go support makes it easier to use Server-side Apply in controllers.
+
+When authoring new controllers to use Server-side Apply, a good approach is to have the controller recreate the apply configuration for an object each time it reconciles that object. This ensures that the controller fully reconciles all the fields that it is responsible for. Controllers typically should unconditionally set all the fields they own by setting `Force: true` in the `ApplyOptions`. Controllers must also provide a `FieldManager` name that is unique to the reconciliation loop that apply is called from.
+
+When upgrading existing controllers to use Server-side Apply the same approach often works well--migrate the controllers to recreate the apply configuration each time it reconciles any object. Unfortunately, the controller might have multiple code paths that update different parts of an object depending on various conditions. Migrating a controller like this to Server-side Apply can be risky because if the controller forgets to include any fields in an apply configuration that is included in a previous apply request, a field can be accidently deleted. To ease this type of migration, client-go apply support provides a way to replace any controller reconciliation code that performs a "read/modify-in-place/update" (or patch) workflow with a "extract/modify-in-place/apply" workflow. Here's an example of the new workflow:
+
+```go
+fieldMgr := "my-field-manager"
+deploymentClient := clientset.AppsV1().Deployments("default")
+
+// read, could also be read from a shared informer
+deployment, err := deploymentClient.Get(ctx, "example-deployment", metav1.GetOptions{})
+if err != nil {
+ // handle error
+}
+
+// extract
+deploymentApplyConfig, err := appsv1ac.ExtractDeployment(deployment, fieldMgr)
+if err != nil {
+ // handle error
+}
+
+// modify-in-place
+deploymentApplyConfig.Spec.Template.Spec.WithContainers(corev1ac.Container().
+ WithName("modify-slice").
+ WithImage("nginx:1.14.2"),
+)
+
+// apply
+applied, err := deploymentClient.Apply(ctx, extractedDeployment, metav1.ApplyOptions{FieldManager: fieldMgr})
+```
+
+For developers using Custom Resource Definitions (CRDs), the Kubebuilder apply support will provide the same capabilities. Documentation will be included in the Kubebuilder book when available.
+
+## Server-side Apply and CustomResourceDefinitions
+
+It is strongly recommended that all [Custom Resource Definitions](/docs/concepts/extend-kubernetes/api-extension/custom-resources/) (CRDs) have a schema. CRDs without a schema are treated as unstructured data by Server-side Apply. Keys are treated as fields in a struct and lists are assumed to be atomic.
+
+CRDs that specify a schema are able to specify additional annotations in the schema. Please refer to the documentation on the full list of available annotations.
+
+New annotations since beta:
+
+**Defaulting:** Values for fields that appliers do not express explicit interest in should be defaulted. This prevents an applier from unintentionally owning a defaulted field that might cause conflicts with other appliers. If unspecified, the default value is nil or the nil equivalent for the corresponding type.
+
+- Usage: see the [CRD Defaulting](/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#defaulting) documentation for more details.
+- Golang: `+default=`
+- OpenAPI extension: `default: `
+
+
+Atomic for maps and structs:
+
+**Maps:** By default maps are granular. A different manager is able to manage each map entry. They can also be configured to be atomic such that a single manager owns the entire map.
+
+- Usage: Refer to [Merge Strategy](/docs/reference/using-api/server-side-apply/#merge-strategy) for a more detailed overview
+- Golang: `+mapType=granular/atomic`
+- OpenAPI extension: `x-kubernetes-map-type: granular/atomic`
+
+**Structs:** By default structs are granular and a separate applier may own each field. For certain kinds of structs, atomicity may be desired. This is most commonly seen in small coordinate-like structs such as Field/Object/Namespace Selectors, Object References, RGB values, Endpoints (Protocol/Port pairs), etc.
+
+- Usage: Refer to [Merge Strategy](/docs/reference/using-api/server-side-apply/#merge-strategy) for a more detailed overview
+- Golang: `+structType=granular/atomic`
+- OpenAPI extension: `x-kubernetes-map-type:atomic/granular`
+
+## What's Next?
+
+After Server Side Apply, the next focus for the API Expression working-group is around improving the expressiveness and size of the published Kubernetes API schema. To see the full list of items we are working on, please join our working group and refer to the work items document.
+
+## How to get involved?
+
+The working-group for apply is [wg-api-expression](https://github.com/kubernetes/community/tree/master/wg-api-expression). It is available on slack [#wg-api-expression](https://kubernetes.slack.com/archives/C0123CNN8F3), through the [mailing list](https://groups.google.com/g/kubernetes-wg-api-expression) and we also meet every other Tuesday at 9.30 PT on Zoom.
+
+We would also like to use the opportunity to thank the hard work of all the contributors involved in making this promotion to GA possible:
+
+- Andrea Nodari
+- Antoine Pelisse
+- Daniel Smith
+- Jeffrey Ying
+- Jenny Buckley
+- Joe Betz
+- Julian Modesto
+- Kevin Delgado
+- Kevin Wiesmüller
+- Maria Ntalla
diff --git a/content/en/blog/_posts/2021-08-09-alpha-swap-support.md b/content/en/blog/_posts/2021-08-09-alpha-swap-support.md
new file mode 100644
index 0000000000..2d7f562c27
--- /dev/null
+++ b/content/en/blog/_posts/2021-08-09-alpha-swap-support.md
@@ -0,0 +1,142 @@
+---
+layout: blog
+title: 'New in Kubernetes v1.22: alpha support for using swap memory'
+date: 2021-08-09
+slug: run-nodes-with-swap-alpha
+---
+
+**Author:** Elana Hashman (Red Hat)
+
+The 1.22 release introduced alpha support for configuring swap memory usage for
+Kubernetes workloads on a per-node basis.
+
+In prior releases, Kubernetes did not support the use of swap memory on Linux,
+as it is difficult to provide guarantees and account for pod memory utilization
+when swap is involved. As part of Kubernetes' earlier design, swap support was
+considered out of scope, and a kubelet would by default fail to start if swap
+was detected on a node.
+
+However, there are a number of [use cases](https://github.com/kubernetes/enhancements/blob/9d127347773ad19894ca488ee04f1cd3af5774fc/keps/sig-node/2400-node-swap/README.md#user-stories)
+that would benefit from Kubernetes nodes supporting swap, including improved
+node stability, better support for applications with high memory overhead but
+smaller working sets, the use of memory-constrained devices, and memory
+flexibility.
+
+Hence, over the past two releases, [SIG Node](https://github.com/kubernetes/community/tree/master/sig-node#readme) has
+been working to gather appropriate use cases and feedback, and propose a design
+for adding swap support to nodes in a controlled, predictable manner so that
+Kubernetes users can perform testing and provide data to continue building
+cluster capabilities on top of swap. The alpha graduation of swap memory
+support for nodes is our first milestone towards this goal!
+
+## How does it work?
+
+There are a number of possible ways that one could envision swap use on a node.
+To keep the scope manageable for this initial implementation, when swap is
+already provisioned and available on a node, [we have proposed](https://github.com/kubernetes/enhancements/blob/9d127347773ad19894ca488ee04f1cd3af5774fc/keps/sig-node/2400-node-swap/README.md#proposal)
+the kubelet should be able to be configured such that:
+
+- It can start with swap on.
+- It will direct the Container Runtime Interface to allocate zero swap memory
+ to Kubernetes workloads by default.
+- You can configure the kubelet to specify swap utilization for the entire
+ node.
+
+Swap configuration on a node is exposed to a cluster admin via the
+[`memorySwap` in the KubeletConfiguration](/docs/reference/config-api/kubelet-config.v1beta1/).
+As a cluster administrator, you can specify the node's behaviour in the
+presence of swap memory by setting `memorySwap.swapBehavior`.
+
+This is possible through the addition of a `memory_swap_limit_in_bytes` field
+to the container runtime interface (CRI). The kubelet's config will control how
+much swap memory the kubelet instructs the container runtime to allocate to
+each container via the CRI. The container runtime will then write the swap
+settings to the container level cgroup.
+
+## How do I use it?
+
+On a node where swap memory is already provisioned, Kubernetes use of swap on a
+node can be enabled by enabling the `NodeSwap` feature gate on the kubelet, and
+disabling the `failSwapOn` [configuration setting](/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration)
+or the `--fail-swap-on` command line flag.
+
+You can also optionally configure `memorySwap.swapBehavior` in order to
+specify how a node will use swap memory. For example,
+
+```yaml
+memorySwap:
+ swapBehavior: LimitedSwap
+```
+
+The available configuration options for `swapBehavior` are:
+
+- `LimitedSwap` (default): Kubernetes workloads are limited in how much swap
+ they can use. Workloads on the node not managed by Kubernetes can still swap.
+- `UnlimitedSwap`: Kubernetes workloads can use as much swap memory as they
+ request, up to the system limit.
+
+If configuration for `memorySwap` is not specified and the feature gate is
+enabled, by default the kubelet will apply the same behaviour as the
+`LimitedSwap` setting.
+
+The behaviour of the `LimitedSwap` setting depends if the node is running with
+v1 or v2 of control groups (also known as "cgroups"):
+
+- **cgroups v1:** Kubernetes workloads can use any combination of memory and
+ swap, up to the pod's memory limit, if set.
+- **cgroups v2:** Kubernetes workloads cannot use swap memory.
+
+### Caveats
+
+Having swap available on a system reduces predictability. Swap's performance is
+worse than regular memory, sometimes by many orders of magnitude, which can
+cause unexpected performance regressions. Furthermore, swap changes a system's
+behaviour under memory pressure, and applications cannot directly control what
+portions of their memory usage are swapped out. Since enabling swap permits
+greater memory usage for workloads in Kubernetes that cannot be predictably
+accounted for, it also increases the risk of noisy neighbours and unexpected
+packing configurations, as the scheduler cannot account for swap memory usage.
+
+The performance of a node with swap memory enabled depends on the underlying
+physical storage. When swap memory is in use, performance will be significantly
+worse in an I/O operations per second (IOPS) constrained environment, such as a
+cloud VM with I/O throttling, when compared to faster storage mediums like
+solid-state drives or NVMe.
+
+Hence, we do not recommend the use of swap for certain performance-constrained
+workloads or environments. Cluster administrators and developers should
+benchmark their nodes and applications before using swap in production
+scenarios, and [we need your help](#how-do-i-get-involved) with that!
+
+## Looking ahead
+
+The Kubernetes 1.22 release introduces alpha support for swap memory on nodes,
+and we will continue to work towards beta graduation in the 1.23 release. This
+will include:
+
+* Adding support for controlling swap consumption at the Pod level via cgroups.
+ * This will include the ability to set a system-reserved quantity of swap
+ from what kubelet detects on the host.
+* Determining a set of metrics for node QoS in order to evaluate the
+ performance and stability of nodes with and without swap enabled.
+* Collecting feedback from test user cases.
+ * We will consider introducing new configuration modes for swap, such as a
+ node-wide swap limit for workloads.
+
+## How can I learn more?
+
+You can review the current [documentation](https://kubernetes.io/docs/concepts/architecture/nodes/#swap-memory)
+on the Kubernetes website.
+
+For more information, and to assist with testing and provide feedback, please
+see [KEP-2400](https://github.com/kubernetes/enhancements/issues/2400) and its
+[design proposal](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/2400-node-swap/README.md).
+
+## How do I get involved?
+
+Your feedback is always welcome! SIG Node [meets regularly](https://github.com/kubernetes/community/tree/master/sig-node#meetings)
+and [can be reached](https://github.com/kubernetes/community/tree/master/sig-node#contact)
+via [Slack](https://slack.k8s.io/) (channel **#sig-node**), or the SIG's
+[mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-node).
+Feel free to reach out to me, Elana Hashman (**@ehashman** on Slack and GitHub)
+if you'd like to help.
diff --git a/content/en/blog/_posts/2021-08-09-csi-windows-support-with-csi-proxy-reaches-ga.md b/content/en/blog/_posts/2021-08-09-csi-windows-support-with-csi-proxy-reaches-ga.md
new file mode 100644
index 0000000000..23d1c983ff
--- /dev/null
+++ b/content/en/blog/_posts/2021-08-09-csi-windows-support-with-csi-proxy-reaches-ga.md
@@ -0,0 +1,76 @@
+---
+layout: blog
+title: 'Kubernetes 1.22: CSI Windows Support (with CSI Proxy) reaches GA'
+date: 2021-08-09
+slug: csi-windows-support-with-csi-proxy-reaches-ga
+---
+
+**Authors:** Mauricio Poppe (Google), Jing Xu (Google), and Deep Debroy (Apple)
+
+*The stable version of CSI Proxy for Windows has been released alongside Kubernetes 1.22. CSI Proxy enables CSI Drivers running on Windows nodes to perform privileged storage operations.*
+
+## Background
+
+Container Storage Interface (CSI) for Kubernetes went GA in the Kubernetes 1.13 release. CSI has become the standard for exposing block and file storage to containerized workloads on Container Orchestration systems (COs) like Kubernetes. It enables third-party storage providers to write and deploy plugins without the need to alter the core Kubernetes codebase. Legacy in-tree drivers are deprecated and new storage features are introduced in CSI, therefore it is important to get CSI Drivers to work on Windows.
+
+A CSI Driver in Kubernetes has two main components: a controller plugin which runs in the control plane and a node plugin which runs on every node.
+
+- The controller plugin generally does not need direct access to the host and can perform all its operations through the Kubernetes API and external control plane services.
+
+- The node plugin, however, requires direct access to the host for making block devices and/or file systems available to the Kubernetes kubelet. Due to the missing capability of running privileged operations from containers on Windows nodes [CSI Proxy was introduced as alpha in Kubernetes 1.18](https://kubernetes.io/blog/2020/04/03/kubernetes-1-18-feature-windows-csi-support-alpha/) as a way to enable containers to perform privileged storage operations. This enables containerized CSI Drivers to run on Windows nodes.
+
+## What's CSI Proxy and how do CSI drivers interact with it?
+
+When a workload that uses persistent volumes is scheduled, it'll go through a sequence of steps defined in the [CSI Spec](https://github.com/container-storage-interface/spec/blob/master/spec.md). First, the workload will be scheduled to run on a node. Then the controller component of a CSI Driver will attach the persistent volume to the node. Finally the node component of a CSI Driver will mount the persistent volume on the node.
+
+The node component of a CSI Driver needs to run on Windows nodes to support Windows workloads. Various privileged operations like scanning of disk devices, mounting of file systems, etc. cannot be done from a containerized application running on Windows nodes yet ([Windows HostProcess containers](https://github.com/kubernetes/enhancements/issues/1981) introduced in Kubernetes 1.22 as alpha enable functionalities that require host access like the operations mentioned before). However, we can perform these operations through a binary (CSI Proxy) that's pre-installed on the Window nodes. CSI Proxy has a client-server architecture and allows CSI drivers to issue privileged storage operations through a gRPC interface exposed over named pipes created during the startup of CSI Proxy.
+
+
+
+## CSI Proxy reaches GA
+
+The CSI Proxy development team has worked closely with storage vendors, many of whom started integrating CSI Proxy into their CSI Drivers and provided feedback as early as CSI Proxy design proposal. This cooperation uncovered use cases where additional APIs were needed, found bugs, and identified areas for documentation improvement.
+
+The CSI Proxy design [KEP](https://github.com/kubernetes/enhancements/pull/2737) has been updated to reflect the current CSI Proxy architecture. Additional [development documentation](https://github.com/kubernetes-csi/csi-proxy/blob/master/docs/DEVELOPMENT.md) is included for contributors interested in helping with new features or bug fixes.
+
+Before we reached GA we wanted to make sure that our API is simple and consistent. We went through an extensive API review of the v1beta API groups where we made sure that the CSI Proxy API methods and messages are consistent with the naming conventions defined in the [CSI Spec](https://github.com/container-storage-interface/spec/blob/master/spec.md). As part of this effort we're graduating the [Disk](https://github.com/kubernetes-csi/csi-proxy/blob/master/docs/apis/disk_v1.md), [Filesystem](https://github.com/kubernetes-csi/csi-proxy/blob/master/docs/apis/filesystem_v1.md), [SMB](https://github.com/kubernetes-csi/csi-proxy/blob/master/docs/apis/smb_v1.md) and [Volume](https://github.com/kubernetes-csi/csi-proxy/blob/master/docs/apis/volume_v1.md) API groups to v1.
+
+Additional Windows system APIs to get information from the Windows nodes and support to mount iSCSI targets in Windows nodes, are available as alpha APIs in the [System API](https://github.com/kubernetes-csi/csi-proxy/tree/v1.0.0/client/api/system/v1alpha1) and the [iSCSI API](https://github.com/kubernetes-csi/csi-proxy/tree/v1.0.0/client/api/iscsi/v1alpha2). These APIs will continue to be improved before we graduate them to v1.
+
+CSI Proxy v1 is compatible with all the previous v1betaX releases. The GA `csi-proxy.exe` binary can handle requests from v1betaX clients thanks to the autogenerated conversion layer that transforms any versioned client request to a version-agnostic request that the server can process. Several [integration tests](https://github.com/kubernetes-csi/csi-proxy/tree/v1.0.0/integrationtests) were added for all the API versions of the API groups that are graduating to v1 to ensure that CSI Proxy is backwards compatible.
+
+Version drift between CSI Proxy and the CSI Drivers that interact with it was also carefully considered. A [connection fallback mechanism](https://github.com/kubernetes-csi/csi-proxy/pull/124) has been provided for CSI Drivers to handle multiple versions of CSI Proxy for a smooth upgrade to v1. This allows CSI Drivers, like the GCE PD CSI Driver, [to recognize which version of the CSI Proxy binary is running](https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver/pull/738) and handle multiple versions of the CSI Proxy binary deployed on the node.
+
+CSI Proxy v1 is already being used by many CSI Drivers, including the [AWS EBS CSI Driver](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/966), [Azure Disk CSI Driver](https://github.com/kubernetes-sigs/azuredisk-csi-driver/pull/919), [GCE PD CSI Driver](https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver/pull/738), and [SMB CSI Driver](https://github.com/kubernetes-csi/csi-driver-smb/pull/319).
+
+## Future plans
+
+We're very excited for the future of CSI Proxy. With the upcoming [Windows HostProcess containers](https://github.com/kubernetes/enhancements/issues/1981), we are considering converting the CSI Proxy in to a library consumed by CSI Drivers in addition to the current client/server design. This will allow us to iterate faster on new features because the `csi-proxy.exe` binary will no longer be needed.
+
+## How to get involved?
+
+This project, like all of Kubernetes, is the result of hard work by many contributors from diverse backgrounds working together. Those interested in getting involved with the design and development of CSI Proxy, or any part of the Kubernetes Storage system, may join the Kubernetes Storage Special Interest Group (SIG). We’re rapidly growing and always welcome new contributors.
+
+For those interested in more details about CSI support in Windows please reach out in the [#csi-windows](https://kubernetes.slack.com/messages/csi-windows) Kubernetes slack channel.
+
+## Acknowledgments
+
+CSI-Proxy received many contributions from members of the Kubernetes community. We thank all of the people that contributed to CSI Proxy with design reviews, bug reports, bug fixes, and for their continuous support in reaching this milestone:
+
+- [Andy Zhang](https://github.com/andyzhangx)
+- [Dan Ilan](https://github.com/jmpfar)
+- [Deep Debroy](https://github.com/ddebroy)
+- [Humble Devassy Chirammal](https://github.com/humblec)
+- [Jing Xu](https://github.com/jingxu97)
+- [Jean Rougé](https://github.com/wk8)
+- [Jordan Liggitt](https://github.com/liggitt)
+- [Kalya Subramanian](https://github.com/ksubrmnn)
+- [Krishnakumar R](https://github.com/kkmsft)
+- [Manuel Tellez](https://github.com/manueltellez)
+- [Mark Rossetti](https://github.com/marosset)
+- [Mauricio Poppe](https://github.com/mauriciopoppe)
+- [Matthew Wong](https://github.com/wongma7)
+- [Michelle Au](https://github.com/msau42)
+- [Patrick Lang](https://github.com/PatrickLang)
+- [Saad Ali](https://github.com/saad-ali)
+- [Yuju Hong](https://github.com/yujuhong)
\ No newline at end of file
diff --git a/content/en/blog/_posts/2021-08-11-memory-manager-moves-to-beta.md b/content/en/blog/_posts/2021-08-11-memory-manager-moves-to-beta.md
new file mode 100644
index 0000000000..0eeb8bde83
--- /dev/null
+++ b/content/en/blog/_posts/2021-08-11-memory-manager-moves-to-beta.md
@@ -0,0 +1,144 @@
+---
+layout: blog
+title: "Kubernetes Memory Manager moves to beta"
+date: 2021-08-11
+slug: kubernetes-1-22-feature-memory-manager-moves-to-beta
+---
+
+**Authors:** Artyom Lukianov (Red Hat), Cezary Zukowski (Samsung)
+
+The blog post explains some of the internals of the _Memory manager_, a beta feature
+of Kubernetes 1.22. In Kubernetes, the Memory Manager is a
+[kubelet](https://kubernetes.io/docs/concepts/overview/components/#kubelet) subcomponent.
+The memory manage provides guaranteed memory (and hugepages)
+allocation for pods in the `Guaranteed` [QoS class](https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#qos-classes).
+
+This blog post covers:
+
+1. [Why do you need it?](#Why-do-you-need-it?)
+2. [The internal details of how the **MemoryManager** works](#How-does-it-work?)
+3. [Current limitations of the **MemoryManager**](#Current-limitations)
+4. [Future work for the **MemoryManager**](#Future-work-for-the-Memory-Manager)
+
+## Why do you need it?
+
+Some Kubernetes workloads run on nodes with
+[non-uniform memory access](https://en.wikipedia.org/wiki/Non-uniform_memory_access) (NUMA).
+Suppose you have NUMA nodes in your cluster. In that case, you'll know about the potential for extra latency when
+compute resources need to access memory on the different NUMA locality.
+
+To get the best performance and latency for your workload, container CPUs,
+peripheral devices, and memory should all be aligned to the same NUMA
+locality.
+Before Kubernetes v1.22, the kubelet already provided a set of managers to
+align CPUs and PCI devices, but you did not have a way to align memory.
+The Linux kernel was able to make best-effort attempts to allocate
+memory for tasks from the same NUMA node where the container is
+executing are placed, but without any guarantee about that placement.
+
+## How does it work?
+
+The memory manager is doing two main things:
+- provides the topology hint to the Topology Manager
+- allocates the memory for containers and updates the state
+
+The overall sequence of the Memory Manager under the Kubelet
+
+
+
+During the Admission phase:
+
+1. When first handling a new pod, the kubelet calls the TopologyManager's `Admit()` method.
+2. The Topology Manager is calling `GetTopologyHints()` for every hint provider including the Memory Manager.
+3. The Memory Manager calculates all possible NUMA nodes combinations for every container inside the pod and returns hints to the Topology Manager.
+4. The Topology Manager calls to `Allocate()` for every hint provider including the Memory Manager.
+5. The Memory Manager allocates the memory under the state according to the hint that the Topology Manager chose.
+
+During Pod creation:
+
+1. The kubelet calls `PreCreateContainer()`.
+2. For each container, the Memory Manager looks the NUMA nodes where it allocated the
+ memory for the container and then returns that information to the kubelet.
+3. The kubelet creates the container, via CRI, using a container specification
+ that incorporates information from the Memory Manager information.
+
+### Let's talk about the configuration
+
+By default, the Memory Manager runs with the `None` policy, meaning it will just
+relax and not do anything. To make use of the Memory Manager, you should set
+two command line options for the kubelet:
+
+- `--memory-manager-policy=Static`
+- `--reserved-memory=":="`
+
+The value for `--memory-manager-policy` is straightforward: `Static`. Deciding what to specify for `--reserved-memory` takes more thought. To configure it correctly, you should follow two main rules:
+
+- The amount of reserved memory for the `memory` resource must be greater than zero.
+- The amount of reserved memory for the resource type must be equal
+ to [NodeAllocatable](/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable)
+ (`kube-reserved + system-reserved + eviction-hard`) for the resource.
+ You can read more about memory reservations in [Reserve Compute Resources for System Daemons](/docs/tasks/administer-cluster/reserve-compute-resources/).
+
+
+
+## Current limitations
+
+The 1.22 release and promotion to beta brings along enhancements and fixes, but the Memory Manager still has several limitations.
+
+### Single vs Cross NUMA node allocation
+
+The NUMA node can not have both single and cross NUMA node allocations. When the container memory is pinned to two or more NUMA nodes, we can not know from which NUMA node the container will consume the memory.
+
+
+
+1. The `container1` started on the NUMA node 0 and requests *5Gi* of the memory but currently is consuming only *3Gi* of the memory.
+2. For container2 the memory request is 10Gi, and no single NUMA node can satisfy it.
+3. The `container2` consumes *3.5Gi* of the memory from the NUMA node 0, but once the `container1` will require more memory, it will not have it, and the kernel will kill one of the containers with the *OOM* error.
+
+To prevent such issues, the Memory Manager will fail the admission of the `container2` until the machine has two NUMA nodes without a single NUMA node allocation.
+
+### Works only for Guaranteed pods
+
+The Memory Manager can not guarantee memory allocation for Burstable pods,
+also when the Burstable pod has specified equal memory limit and request.
+
+Let's assume you have two Burstable pods: `pod1` has containers with
+equal memory request and limits, and `pod2` has containers only with a
+memory request set. You want to guarantee memory allocation for the `pod1`.
+To the Linux kernel, processes in either pod have the same *OOM score*,
+once the kernel finds that it does not have enough memory, it can kill
+processes that belong to pod `pod1`.
+
+### Memory fragmentation
+
+The sequence of Pods and containers that start and stop can fragment the memory on NUMA nodes.
+The alpha implementation of the Memory Manager does not have any mechanism to balance pods and defragment memory back.
+
+## Future work for the Memory Manager
+
+We do not want to stop with the current state of the Memory Manager and are looking to
+make improvements, including in the following areas.
+
+### Make the Memory Manager allocation algorithm smarter
+
+The current algorithm ignores distances between NUMA nodes during the
+calculation of the allocation. If same-node placement isn't available, we can still
+provide better performance compared to the current implementation, by changing the
+Memory Manager to prefer the closest NUMA nodes for cross-node allocation.
+
+### Reduce the number of admission errors
+
+The default Kubernetes scheduler is not aware of the node's NUMA topology, and it can be a reason for many admission errors during the pod start.
+We're hoping to add a KEP (Kubernetes Enhancement Proposal) to cover improvements in this area.
+Follow [Topology aware scheduler plugin in kube-scheduler](https://github.com/kubernetes/enhancements/issues/2044) to see how this idea progresses.
+
+
+## Conclusion
+With the promotion of the Memory Manager to beta in 1.22, we encourage everyone to give it a try and look forward to any feedback you may have. While there are still several limitations, we have a set of enhancements planned to address them and look forward to providing you with many new features in upcoming releases.
+If you have ideas for additional enhancements or a desire for certain features, please let us know. The team is always open to suggestions to enhance and improve the Memory Manager.
+We hope you have found this blog informative and helpful! Let us know if you have any questions or comments.
+
+You can contact us via:
+- The Kubernetes [#sig-node ](https://kubernetes.slack.com/messages/sig-node)
+ channel in Slack (visit https://slack.k8s.io/ for an invitation if you need one)
+- The SIG Node mailing list, [kubernetes-sig-node@googlegroups.com](https://groups.google.com/g/kubernetes-sig-node)
diff --git a/content/en/blog/_posts/2021-08-16-support-for-hostprocess-containers/hostprocess-architecture.png b/content/en/blog/_posts/2021-08-16-support-for-hostprocess-containers/hostprocess-architecture.png
new file mode 100755
index 0000000000..b28bfcf808
Binary files /dev/null and b/content/en/blog/_posts/2021-08-16-support-for-hostprocess-containers/hostprocess-architecture.png differ
diff --git a/content/en/blog/_posts/2021-08-16-support-for-hostprocess-containers/index.md b/content/en/blog/_posts/2021-08-16-support-for-hostprocess-containers/index.md
new file mode 100644
index 0000000000..5475640e3b
--- /dev/null
+++ b/content/en/blog/_posts/2021-08-16-support-for-hostprocess-containers/index.md
@@ -0,0 +1,79 @@
+---
+layout: blog
+title: 'Alpha in v1.22: Windows HostProcess Containers'
+date: 2021-08-16
+slug: windows-hostprocess-containers
+---
+
+**Authors:** Brandon Smith (Microsoft)
+
+Kubernetes v1.22 introduced a new alpha feature for clusters that
+include Windows nodes: HostProcess containers.
+
+HostProcess containers aim to extend the Windows container model to enable a wider
+range of Kubernetes cluster management scenarios. HostProcess containers run
+directly on the host and maintain behavior and access similar to that of a regular
+process. With HostProcess containers, users can package and distribute management
+operations and functionalities that require host access while retaining versioning
+and deployment methods provided by containers. This allows Windows containers to
+be used for a variety of device plugin, storage, and networking management scenarios
+in Kubernetes. With this comes the enablement of host network mode—allowing
+HostProcess containers to be created within the host's network namespace instead of
+their own. HostProcess containers can also be built on top of existing Windows server
+2019 (or later) base images, managed through the Windows container runtime, and run
+as any user that is available on or in the domain of the host machine.
+
+Linux privileged containers are currently used for a variety of key scenarios in
+Kubernetes, including kube-proxy (via kubeadm), storage, and networking scenarios.
+Support for these scenarios in Windows previously required workarounds via proxies
+or other implementations. Using HostProcess containers, cluster operators no longer
+need to log onto and individually configure each Windows node for administrative
+tasks and management of Windows services. Operators can now utilize the container
+model to deploy management logic to as many clusters as needed with ease.
+
+## How does it work?
+
+Windows HostProcess containers are implemented with Windows _Job Objects_, a break from the
+previous container model using server silos. Job objects are components of the Windows OS which offer the ability to
+manage a group of processes as a group (a.k.a. _jobs_) and assign resource constraints to the
+group as a whole. Job objects are specific to the Windows OS and are not associated with the Kubernetes [Job API](https://kubernetes.io/docs/concepts/workloads/controllers/job/). They have no process or file system isolation,
+enabling the privileged payload to view and edit the host file system with the
+correct permissions, among other host resources. The init process, and any processes
+it launches or that are explicitly launched by the user, are all assigned to the
+job object of that container. When the init process exits or is signaled to exit,
+all the processes in the job will be signaled to exit, the job handle will be
+closed and the storage will be unmounted.
+
+HostProcess and Linux privileged containers enable similar scenarios but differ
+greatly in their implementation (hence the naming difference). HostProcess containers
+have their own pod security policies. Those used to configure Linux privileged
+containers **do not** apply. Enabling privileged access to a Windows host is a
+fundamentally different process than with Linux so the configuration and
+capabilities of each differ significantly. Below is a diagram detailing the
+overall architecture of Windows HostProcess containers:
+
+{{< figure src="hostprocess-architecture.png" alt="HostProcess Architecture" >}}
+
+## How do I use it?
+
+HostProcess containers can be run from within a
+[HostProcess Pod](/docs/tasks/configure-pod-container/create-hostprocess-pod).
+With the feature enabled on Kubernetes version 1.22, a containerd container runtime of
+1.5.4 or higher, and the latest version of hcsshim, deploying a pod spec with the
+[correct HostProcess configuration](/docs/tasks/configure-pod-container/create-hostprocess-pod/#before-you-begin)
+will enable you to run HostProcess containers. To get started with running
+Windows containers see the general guidance for [Windows in Kubernetes](/docs/setup/production-environment/windows/)
+
+## How can I learn more?
+
+- Work through [Create a Windows HostProcess Pod](/docs/tasks/configure-pod-container/create-hostprocess-pod/)
+
+- Read about Kubernetes [Pod Security Standards](/docs/concepts/security/pod-security-standards/)
+
+- Read the enhancement proposal [Windows Privileged Containers and Host Networking Mode](https://github.com/kubernetes/enhancements/tree/master/keps/sig-windows/1981-windows-privileged-container-support) (KEP-1981)
+
+## How do I get involved?
+
+HostProcess containers are in active development. SIG Windows welcomes suggestions from the community.
+Get involved with [SIG Windows](https://github.com/kubernetes/community/tree/master/sig-windows)
+to contribute!
diff --git a/content/en/blog/_posts/2021-08-25-seccomp-default.md b/content/en/blog/_posts/2021-08-25-seccomp-default.md
new file mode 100644
index 0000000000..c38b7fdee1
--- /dev/null
+++ b/content/en/blog/_posts/2021-08-25-seccomp-default.md
@@ -0,0 +1,267 @@
+---
+layout: blog
+title: "Enable seccomp for all workloads with a new v1.22 alpha feature"
+date: 2021-08-25
+slug: seccomp-default
+---
+
+**Author:** Sascha Grunert, Red Hat
+
+This blog post is about a new Kubernetes feature introduced in v1.22, which adds
+an additional security layer on top of the existing seccomp support. Seccomp is
+a security mechanism for Linux processes to filter system calls (syscalls) based
+on a set of defined rules. Applying seccomp profiles to containerized workloads
+is one of the key tasks when it comes to enhancing the security of the
+application deployment. Developers, site reliability engineers and
+infrastructure administrators have to work hand in hand to create, distribute
+and maintain the profiles over the applications life-cycle.
+
+You can use the [`securityContext`][seccontext] field of Pods and their
+containers can be used to adjust security related configurations of the
+workload. Kubernetes introduced dedicated [seccomp related API
+fields][seccontext] in this `SecurityContext` with the [graduation of seccomp to
+General Availability (GA)][ga] in v1.19.0. This enhancement allowed an easier
+way to specify if the whole pod or a specific container should run as:
+
+[seccontext]: /docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
+[ga]: https://kubernetes.io/blog/2020/08/26/kubernetes-release-1.19-accentuate-the-paw-sitive/#graduated-to-stable
+
+- `Unconfined`: seccomp will not be enabled
+- `RuntimeDefault`: the container runtimes default profile will be used
+- `Localhost`: a node local profile will be applied, which is being referenced
+ by a relative path to the seccomp profile root (`/seccomp`)
+ of the kubelet
+
+With the graduation of seccomp, nothing has changed from an overall security
+perspective, because `Unconfined` is still the default. This is totally fine if
+you consider this from the upgrade path and backwards compatibility perspective of
+Kubernetes releases. But it also means that it is more likely that a workload
+runs without seccomp at all, which should be fixed in the long term.
+
+## `SeccompDefault` to the rescue
+
+Kubernetes v1.22.0 introduces a new kubelet [feature gate][gate]
+`SeccompDefault`, which has been added in `alpha` state as every other new
+feature. This means that it is disabled by default and can be enabled manually
+for every single Kubernetes node.
+
+[gate]: /docs/reference/command-line-tools-reference/feature-gates
+
+What does the feature do? Well, it just changes the default seccomp profile from
+`Unconfined` to `RuntimeDefault`. If not specified differently in the pod
+manifest, then the feature will add a higher set of security constraints by
+using the default profile of the container runtime. These profiles may differ
+between runtimes like [CRI-O][crio] or [containerd][ctrd]. They also differ for
+its used hardware architectures. But generally speaking, those default profiles
+allow a common amount of syscalls while blocking the more dangerous ones, which
+are unlikely or unsafe to be used in a containerized application.
+
+[crio]: https://github.com/cri-o/cri-o/blob/fe30d62/vendor/github.com/containers/common/pkg/seccomp/default_linux.go#L45
+[ctrd]: https://github.com/containerd/containerd/blob/e1445df/contrib/seccomp/seccomp_default.go#L51
+
+### Enabling the feature
+
+Two kubelet configuration changes have to be made to enable the feature:
+
+1. **Enable the feature** gate by setting the `SeccompDefault=true` via the command
+ line (`--feature-gates`) or the [kubelet configuration][kubelet] file.
+2. **Turn on the feature** by enabling the feature by adding the
+ `--seccomp-default` command line flag or via the [kubelet
+ configuration][kubelet] file (`seccompDefault: true`).
+
+[kubelet]: /docs/tasks/administer-cluster/kubelet-config-file
+
+The kubelet will error on startup if only one of the above steps have been done.
+
+### Trying it out
+
+If the feature is enabled on a node, then you can create a new workload like
+this:
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+ name: test-pod
+spec:
+ containers:
+ - name: test-container
+ image: nginx:1.21
+```
+
+Now it is possible to inspect the used seccomp profile by using
+[`crictl`][crictl] while investigating the containers [runtime
+specification][rspec]:
+
+[crictl]: https://github.com/kubernetes-sigs/cri-tools
+[rspec]: https://github.com/opencontainers/runtime-spec/blob/0c021c1/config-linux.md#seccomp
+
+```bash
+CONTAINER_ID=$(sudo crictl ps -q --name=test-container)
+sudo crictl inspect $CONTAINER_ID | jq .info.runtimeSpec.linux.seccomp
+```
+
+```yaml
+{
+ "defaultAction": "SCMP_ACT_ERRNO",
+ "architectures": ["SCMP_ARCH_X86_64", "SCMP_ARCH_X86", "SCMP_ARCH_X32"],
+ "syscalls": [
+ {
+ "names": ["_llseek", "_newselect", "accept", …, "write", "writev"],
+ "action": "SCMP_ACT_ALLOW"
+ },
+ …
+ ]
+}
+```
+
+You can see that the lower level container runtime ([CRI-O][crio-home] and
+[runc][runc] in our case), successfully applied the default seccomp profile.
+This profile denies all syscalls per default, while allowing commonly used ones
+like [`accept`][accept] or [`write`][write].
+
+[crio-home]: https://github.com/cri-o/cri-o
+[runc]: https://github.com/opencontainers/runc
+[accept]: https://man7.org/linux/man-pages/man2/accept.2.html
+[write]: https://man7.org/linux/man-pages/man2/write.2.html
+
+Please note that the feature will not influence any Kubernetes API for now.
+Therefore, it is not possible to retrieve the used seccomp profile via `kubectl`
+`get` or `describe` if the [`SeccompProfile`][api] field is unset within the
+`SecurityContext`.
+
+[api]: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1
+
+The feature also works when using multiple containers within a pod, for example
+if you create a pod like this:
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+ name: test-pod
+spec:
+ containers:
+ - name: test-container-nginx
+ image: nginx:1.21
+ securityContext:
+ seccompProfile:
+ type: Unconfined
+ - name: test-container-redis
+ image: redis:6.2
+```
+
+then you should see that the `test-container-nginx` runs without a seccomp profile:
+
+```bash
+sudo crictl inspect $(sudo crictl ps -q --name=test-container-nginx) |
+ jq '.info.runtimeSpec.linux.seccomp == null'
+true
+```
+
+Whereas the container `test-container-redis` runs with `RuntimeDefault`:
+
+```bash
+sudo crictl inspect $(sudo crictl ps -q --name=test-container-redis) |
+ jq '.info.runtimeSpec.linux.seccomp != null'
+true
+```
+
+The same applies to the pod itself, which also runs with the default profile:
+
+```bash
+sudo crictl inspectp (sudo crictl pods -q --name test-pod) |
+ jq '.info.runtimeSpec.linux.seccomp != null'
+true
+```
+
+### Upgrade strategy
+
+It is recommended to enable the feature in multiple steps, whereas different
+risks and mitigations exist for each one.
+
+#### Feature gate enabling
+
+Enabling the feature gate at the kubelet level will not turn on the feature, but
+will make it possible by using the `SeccompDefault` kubelet configuration or the
+`--seccomp-default` CLI flag. This can be done by an administrator for the whole
+cluster or only a set of nodes.
+
+#### Testing the Application
+
+If you're trying this within a dedicated test environment, you have to ensure
+that the application code does not trigger syscalls blocked by the
+`RuntimeDefault` profile before enabling the feature on a node. This can be done
+by:
+
+- _Recommended_: Analyzing the code (manually or by running the application with
+ [strace][strace]) for any executed syscalls which may be blocked by the
+ default profiles. If that's the case, then you can override the default by
+ explicitly setting the pod or container to run as `Unconfined`. Alternatively,
+ you can create a custom seccomp profile (see optional step below).
+ profile based on the default by adding the additional syscalls to the
+ `"action": "SCMP_ACT_ALLOW"` section.
+
+- _Recommended_: Manually set the profile to the target workload and use a
+ rolling upgrade to deploy into production. Rollback the deployment if the
+ application does not work as intended.
+
+- _Optional_: Run the application against an end-to-end test suite to trigger
+ all relevant code paths with `RuntimeDefault` enabled. If a test fails, use
+ the same mitigation as mentioned above.
+
+- _Optional_: Create a custom seccomp profile based on the default and change
+ its default action from `SCMP_ACT_ERRNO` to `SCMP_ACT_LOG`. This means that
+ the seccomp filter for unknown syscalls will have no effect on the application
+ at all, but the system logs will now indicate which syscalls may be blocked.
+ This requires at least a Kernel version 4.14 as well as a recent [runc][runc]
+ release. Monitor the application hosts audit logs (defaults to
+ `/var/log/audit/audit.log`) or syslog entries (defaults to `/var/log/syslog`)
+ for syscalls via `type=SECCOMP` (for audit) or `type=1326` (for syslog).
+ Compare the syscall ID with those [listed in the Linux Kernel
+ sources][syscalls] and add them to the custom profile. Be aware that custom
+ audit policies may lead into missing syscalls, depending on the configuration
+ of auditd.
+
+- _Optional_: Use cluster additions like the [Security Profiles Operator][spo]
+ for profiling the application via its [log enrichment][logs] capabilities or
+ recording a profile by using its [recording feature][rec]. This makes the
+ above mentioned manual log investigation obsolete.
+
+[syscalls]: https://github.com/torvalds/linux/blob/7bb7f2a/arch/x86/entry/syscalls/syscall_64.tbl
+[spo]: https://github.com/kubernetes-sigs/security-profiles-operator
+[logs]: https://github.com/kubernetes-sigs/security-profiles-operator/blob/c90ef3a/installation-usage.md#record-profiles-from-workloads-with-profilerecordings
+[rec]: https://github.com/kubernetes-sigs/security-profiles-operator/blob/c90ef3a/installation-usage.md#using-the-log-enricher
+[strace]: https://man7.org/linux/man-pages/man1/strace.1.html
+
+#### Deploying the modified application
+
+Based on the outcome of the application tests, it may be required to change the
+application deployment by either specifying `Unconfined` or a custom seccomp
+profile. This is not the case if the application works as intended with
+`RuntimeDefault`.
+
+#### Enable the kubelet configuration
+
+If everything went well, then the feature is ready to be enabled by the kubelet
+configuration or its corresponding CLI flag. This should be done on a per-node
+basis to reduce the overall risk of missing a syscall during the investigations
+when running the application tests. If it's possible to monitor audit logs
+within the cluster, then it's recommended to do this for eventually missed
+seccomp events. If the application works as intended then the feature can be
+enabled for further nodes within the cluster.
+
+## Conclusion
+
+Thank you for reading this blog post! I hope you enjoyed to see how the usage of
+seccomp profiles has been evolved in Kubernetes over the past releases as much
+as I do. On your own cluster, change the default seccomp profile to
+`RuntimeDefault` (using this new feature) and see the security benefits, and, of
+course, feel free to reach out any time for feedback or questions.
+
+---
+
+_Editor's note: If you have any questions or feedback about this blog post, feel
+free to reach out via the [Kubernetes slack in #sig-node][slack]._
+
+[slack]: https://kubernetes.slack.com/messages/sig-node
diff --git a/content/en/blog/_posts/2021-08-27-minreadysecond-statefulsets.md b/content/en/blog/_posts/2021-08-27-minreadysecond-statefulsets.md
new file mode 100644
index 0000000000..390665950e
--- /dev/null
+++ b/content/en/blog/_posts/2021-08-27-minreadysecond-statefulsets.md
@@ -0,0 +1,48 @@
+---
+layout: blog
+title: 'Minimum Ready Seconds for StatefulSets'
+date: 2021-08-27
+slug: minreadyseconds-statefulsets
+---
+
+**Authors:** Ravi Gudimetla (Red Hat), Maciej Szulik (Red Hat)
+
+This blog describes the notion of Availability for `StatefulSet` workloads, and a new alpha feature in Kubernetes 1.22 which adds `minReadySeconds` configuration for `StatefulSets`.
+
+## What problems does this solve?
+
+Prior to Kubernetes 1.22 release, once a `StatefulSet` `Pod` is in the `Ready` state it is considered `Available` to receive traffic. For some of the `StatefulSet` workloads, it may not be the case. For example, a workload like Prometheus with multiple instances of Alertmanager, it should be considered `Available` only when Alertmanager's state transfer is complete, not when the `Pod` is in `Ready` state. Since `minReadySeconds` adds buffer, the state transfer may be complete before the `Pod` becomes `Available`. While this is not a fool proof way of identifying if the state transfer is complete or not, it gives a way to the end user to express their intention of waiting for sometime before the `Pod` is considered `Available` and it is ready to serve requests.
+
+Another case, where `minReadySeconds` helps is when using `LoadBalancer` `Services` with cloud providers. Since `minReadySeconds` adds latency after a `Pod` is `Ready`, it provides buffer time to prevent killing pods in rotation before new pods show up. Imagine a load balancer in unhappy path taking 10-15s to propagate. If you have 2 replicas then, you'd kill the second replica only after the first one is up but in reality, first replica cannot be seen because it is not yet ready to serve requests.
+
+So, in general, the notion of `Availability` in `StatefulSets` is pretty useful and this feature helps in solving the above problems. This is a feature that already exists for `Deployments` and `DaemonSets` and we now have them for `StatefulSets` too to give users consistent workload experience.
+
+
+## How does it work?
+
+The statefulSet controller watches for both `StatefulSets` and the `Pods` associated with them. When the feature gate associated with this feature is enabled, the statefulSet controller identifies how long a particular `Pod` associated with a `StatefulSet` has been in the `Running` state.
+
+If this value is greater than or equal to the time specified by the end user in `.spec.minReadySeconds` field, the statefulSet controller updates a field called `availableReplicas` in the `StatefulSet`'s status subresource to include this `Pod`. The `status.availableReplicas` in `StatefulSet`'s status is an integer field which tracks the number of pods that are `Available`.
+
+## How do I use it?
+
+You are required to prepare the following things in order to try out the feature:
+
+ - Download and install a kubectl greater than v1.22.0 version
+ - Switch on the feature gate with the command line flag `--feature-gates=StatefulSetMinReadySeconds=true` on `kube-apiserver` and `kube-controller-manager`
+
+After successfully starting `kube-apiserver` and `kube-controller-manager`, you will see `AvailableReplicas` in the status and `minReadySeconds` of spec (with a default value of 0).
+
+Specify a value for `minReadySeconds` for any StatefulSet and you can check if `Pods` are available or not by checking `AvailableReplicas` field using:
+`kubectl get statefulset/ -o yaml`
+
+## How can I learn more?
+
+- Read the KEP: [minReadySeconds for StatefulSets](https://github.com/kubernetes/enhancements/tree/master/keps/sig-apps/2599-minreadyseconds-for-statefulsets#readme)
+- Read the documentation: [Minimum ready seconds](/docs/concepts/workloads/controllers/statefulset/#minimum-ready-seconds) for StatefulSet
+- Review the [API definition](/docs/reference/kubernetes-api/workload-resources/stateful-set-v1/) for StatefulSet
+
+## How do I get involved?
+
+Please reach out to us in the [#sig-apps](https://kubernetes.slack.com/archives/C18NZM5K9) channel on Slack (visit https://slack.k8s.io/ for an invitation if you need one), or on the SIG Apps mailing list: kubernetes-sig-apps@googlegroups.com
+
diff --git a/content/en/blog/_posts/2021-08-30-volume-populators-alpha.md b/content/en/blog/_posts/2021-08-30-volume-populators-alpha.md
new file mode 100644
index 0000000000..4f3a408584
--- /dev/null
+++ b/content/en/blog/_posts/2021-08-30-volume-populators-alpha.md
@@ -0,0 +1,219 @@
+---
+layout: blog
+title: "Kubernetes 1.22: A New Design for Volume Populators"
+date: 2021-08-30
+slug: volume-populators-redesigned
+---
+
+**Authors:**
+Ben Swartzlander (NetApp)
+
+Kubernetes v1.22, released earlier this month, introduced a redesigned approach for volume
+populators. Originally implemented
+in v1.18, the API suffered from backwards compatibility issues. Kubernetes v1.22 includes a new API
+field called `dataSourceRef` that fixes these problems.
+
+## Data sources
+
+Earlier Kubernetes releases already added a `dataSource` field into the
+[PersistentVolumeClaim](/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) API,
+used for cloning volumes and creating volumes from snapshots. You could use the `dataSource` field when
+creating a new PVC, referencing either an existing PVC or a VolumeSnapshot in the same namespace.
+That also modified the normal provisioning process so that instead of yielding an empty volume, the
+new PVC contained the same data as either the cloned PVC or the cloned VolumeSnapshot.
+
+Volume populators embrace the same design idea, but extend it to any type of object, as long
+as there exists a [custom resource](/docs/concepts/extend-kubernetes/api-extension/custom-resources/)
+to define the data source, and a populator controller to implement the logic. Initially,
+the `dataSource` field was directly extended to allow arbitrary objects, if the `AnyVolumeDataSource`
+feature gate was enabled on a cluster. That change unfortunately caused backwards compatibility
+problems, and so the new `dataSourceRef` field was born.
+
+In v1.22 if the `AnyVolumeDataSource` feature gate is enabled, the `dataSourceRef` field is
+added, which behaves similarly to the `dataSource` field except that it allows arbitrary
+objects to be specified. The API server ensures that the two fields always have the same
+contents, and neither of them are mutable. The differences is that at creation time
+`dataSource` allows only PVCs or VolumeSnapshots, and ignores all other values, while
+`dataSourceRef` allows most types of objects, and in the few cases it doesn't allow an
+object (core objects other than PVCs) a validation error occurs.
+
+When this API change graduates to stable, we would deprecate using `dataSource` and recommend
+using `dataSourceRef` field for all use cases.
+In the v1.22 release, `dataSourceRef` is available (as an alpha feature) specifically for cases
+where you want to use for custom volume populators.
+
+## Using populators
+
+Every volume populator must have one or more CRDs that it supports. Administrators may
+install the CRD and the populator controller and then PVCs with a `dataSourceRef` specifies
+a CR of the type that the populator supports will be handled by the populator controller
+instead of the CSI driver directly.
+
+Underneath the covers, the CSI driver is still invoked to create an empty volume, which
+the populator controller fills with the appropriate data. The PVC doesn't bind to the PV
+until it's fully populated, so it's safe to define a whole application manifest including
+pod and PVC specs and the pods won't begin running until everything is ready, just as if
+the PVC was a clone of another PVC or VolumeSnapshot.
+
+## How it works
+
+PVCs with data sources are still noticed by the external-provisioner sidecar for the
+related storage class (assuming a CSI provisioner is used), but because the sidecar
+doesn't understand the data source kind, it doesn't do anything. The populator controller
+is also watching for PVCs with data sources of a kind that it understands and when it
+sees one, it creates a temporary PVC of the same size, volume mode, storage class,
+and even on the same topology (if topology is used) as the original PVC. The populator
+controller creates a worker pod that attaches to the volume and writes the necessary
+data to it, then detaches from the volume and the populator controller rebinds the PV
+from the temporary PVC to the orignal PVC.
+
+## Trying it out
+
+The following things are required to use volume populators:
+* Enable the `AnyVolumeDataSource` feature gate
+* Install a CRD for the specific data source / populator
+* Install the populator controller itself
+
+Populator controllers may use the [lib-volume-populator](https://github.com/kubernetes-csi/lib-volume-populator)
+library to do most of the Kubernetes API level work. Individual populators only need to
+provide logic for actually writing data into the volume based on a particular CR
+instance. This library provides a sample populator implementation.
+
+These optional components improve user experience:
+* Install the VolumePopulator CRD
+* Create a VolumePopulator custom respource for each specific data source
+* Install the [volume data source validator](https://github.com/kubernetes-csi/volume-data-source-validator)
+ controller (alpha)
+
+The purpose of these components is to generate warning events on PVCs with data sources
+for which there is no populator.
+
+## Putting it all together
+
+To see how this works, you can install the sample "hello" populator and try it
+out.
+
+First install the volume-data-source-validator controller.
+
+```terminal
+kubectl apply -f https://github.com/kubernetes-csi/volume-data-source-validator/blob/master/deploy/kubernetes/rbac-data-source-validator.yaml
+kubectl apply -f https://github.com/kubernetes-csi/volume-data-source-validator/blob/master/deploy/kubernetes/setup-data-source-validator.yaml
+```
+
+Next install the example populator.
+
+```terminal
+kubectl apply -f https://github.com/kubernetes-csi/lib-volume-populator/blob/master/example/hello-populator/crd.yaml
+kubectl apply -f https://github.com/kubernetes-csi/lib-volume-populator/blob/master/example/hello-populator/deploy.yaml
+```
+
+Create an instance of the `Hello` CR, with some text.
+
+```yaml
+apiVersion: hello.k8s.io/v1alpha1
+kind: Hello
+metadata:
+ name: example-hello
+spec:
+ fileName: example.txt
+ fileContents: Hello, world!
+```
+
+Create a PVC that refers to that CR as its data source.
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: example-pvc
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Mi
+ dataSourceRef:
+ apiGroup: hello.k8s.io
+ kind: Hello
+ name: example-hello
+ volumeMode: Filesystem
+```
+
+Next, run a job that reads the file in the PVC.
+
+```yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: example-job
+spec:
+ template:
+ spec:
+ containers:
+ - name: example-container
+ image: busybox:latest
+ command:
+ - cat
+ - /mnt/example.txt
+ volumeMounts:
+ - name: vol
+ mountPath: /mnt
+ restartPolicy: Never
+ volumes:
+ - name: vol
+ persistentVolumeClaim:
+ claimName: example-pvc
+```
+
+Wait for the job to complete (including all of its dependencies).
+
+```terminal
+kubectl wait --for=condition=Complete job/example-job
+```
+
+And last examine the log from the job.
+
+```terminal
+kubectl logs job/example-job
+Hello, world!
+```
+
+Note that the volume already contained a text file with the string contents from
+the CR. This is only the simplest example. Actual populators can set up the volume
+to contain arbitrary contents.
+
+## How to write your own volume populator
+
+Developers interested in writing new poplators are encouraged to use the
+[lib-volume-populator](https://github.com/kubernetes-csi/lib-volume-populator) library
+and to only supply a small controller wrapper around the library, and a pod image
+capable of attaching to volumes and writing the appropriate data to the volume.
+
+Individual populators can be extremely generic such that they work with every type
+of PVC, or they can do vendor specific things to rapidly fill a volume with data
+if the volume was provisioned by a specific CSI driver from the same vendor, for
+example, by communicating directly with the storage for that volume.
+
+## The future
+
+As this feature is still in alpha, we expect to update the out of tree controllers
+with more tests and documentation. The community plans to eventually re-implement
+the populator library as a sidecar, for ease of operations.
+
+We hope to see some official community-supported populators for some widely-shared
+use cases. Also, we expect that volume populators will be used by backup vendors
+as a way to "restore" backups to volumes, and possibly a standardized API to do
+this will evolve.
+
+## How can I learn more?
+
+The enhancement proposal,
+[Volume Populators](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1495-volume-populators), includes lots of detail about the history and technical implementation
+of this feature.
+
+[Volume populators and data sources](/docs/concepts/storage/persistent-volumes/#volume-populators-and-data-sources), within the documentation topic about persistent volumes,
+explains how to use this feature in your cluster.
+
+Please get involved by joining the Kubernetes storage SIG to help us enhance this
+feature. There are a lot of good ideas already and we'd be thrilled to have more!
+
diff --git a/content/en/blog/_posts/2021-09-03-api-server-tracing.md b/content/en/blog/_posts/2021-09-03-api-server-tracing.md
new file mode 100644
index 0000000000..fc98a68d23
--- /dev/null
+++ b/content/en/blog/_posts/2021-09-03-api-server-tracing.md
@@ -0,0 +1,67 @@
+---
+layout: blog
+title: 'Alpha in Kubernetes v1.22: API Server Tracing'
+date: 2021-09-03
+slug: api-server-tracing
+---
+
+**Authors:** David Ashpole (Google)
+
+In distributed systems, it can be hard to figure out where problems are. You grep through one component's logs just to discover that the source of your problem is in another component. You search there only to discover that you need to enable debug logs to figure out what really went wrong... And it goes on. The more complex the path your request takes, the harder it is to answer questions about where it went. I've personally spent many hours doing this dance with a variety of Kubernetes components. Distributed tracing is a tool which is designed to help in these situations, and the Kubernetes API Server is, perhaps, the most important Kubernetes component to be able to debug. At Kubernetes' Sig Instrumentation, our mission is to make it easier to understand what's going on in your cluster, and we are happy to announce that distributed tracing in the Kubernetes API Server reached alpha in 1.22.
+
+## What is Tracing?
+
+Distributed tracing links together a bunch of super-detailed information from multiple different sources, and structures that telemetry into a single tree for that request. Unlike logging, which limits the quantity of data ingested by using log levels, tracing collects all of the details and uses sampling to collect only a small percentage of requests. This means that once you have a trace which demonstrates an issue, you should have all the information you need to root-cause the problem--no grepping for object UID required! My favorite aspect, though, is how useful the visualizations of traces are. Even if you don't understand the inner workings of the API Server, or don't have a clue what an etcd "Transaction" is, I'd wager you (yes, you!) could tell me roughly what the order of events was, and which components were involved in the request. If some step takes a long time, it is easy to tell where the problem is.
+
+## Why OpenTelemetry?
+
+It's important that Kubernetes works well for everyone, regardless of who manages your infrastructure, or which vendors you choose to integrate with. That is particularly true for Kubernetes' integrations with telemetry solutions. OpenTelemetry, being a CNCF project, shares these core values, and is creating exactly what we need in Kubernetes: A set of open standards for Tracing client library APIs and a standard trace format. By using OpenTelemetry, we can ensure users have the freedom to choose their backend, and ensure vendors have a level playing field. The timing couldn't be better: the OpenTelemetry golang API and SDK are very close to their 1.0 release, and will soon offer backwards-compatibility for these open standards.
+
+## Why instrument the API Server?
+
+The Kubernetes API Server is a great candidate for tracing for a few reasons:
+
+* It follows the standard "RPC" model (serve a request by making requests to downstream components), which makes it easy to instrument.
+* Users are latency-sensitive: If a request takes more than 10 seconds to complete, many clients will time-out.
+* It has a complex service topology: A single request could require consulting a dozen webhooks, or involve multiple requests to etcd.
+
+## Trying out APIServer Tracing with a webhook
+
+### Enabling API Server Tracing
+
+1. Enable the APIServerTracing [feature-gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/).
+
+2. Set our configuration for tracing by pointing the `--tracing-config-file` flag on the kube-apiserver at our config file, which contains:
+
+```yaml
+apiVersion: apiserver.config.k8s.io/v1alpha1
+kind: TracingConfiguration
+# 1% sampling rate
+samplingRatePerMillion: 10000
+```
+
+### Enabling Etcd Tracing
+
+Add `--experimental-enable-distributed-tracing`, `--experimental-distributed-tracing-address=0.0.0.0:4317`, `--experimental-distributed-tracing-service-name=etcd` flags to etcd to enable tracing. Note that this traces every request, so it will probably generate a lot of traces if you enable it.
+
+### Example Trace: List Nodes
+
+I could've used any trace backend, but decided to use Jaeger, since it is one of the most popular open-source tracing projects. I deployed [the Jaeger All-in-one container](https://hub.docker.com/r/jaegertracing/all-in-one) in my cluster, deployed [the OpenTelemetry collector](https://github.com/open-telemetry/opentelemetry-collector) on my control-plane node ([example](https://github.com/dashpole/dashpole_demos/tree/master/otel/controlplane)), and captured traces like this one:
+
+
+
+The teal lines are from the API Server, and includes it serving a request to `/api/v1/nodes`, and issuing a grpc `Range` RPC to ETCD. The yellow-ish line is from ETCD handling the `Range` RPC.
+
+### Example Trace: Create Pod with Mutating Webhook
+
+I instrumented the [example webhook](https://github.com/kubernetes-sigs/controller-runtime/tree/master/examples/builtins) with OpenTelemetry (I had to [patch](https://github.com/dashpole/controller-runtime/commit/85fdda7ba03dd2c22ef62c1a3dbdf5aa651f90da) controller-runtime, but it makes a neat demo), and routed traces to Jaeger as well. I collected traces like this one:
+
+
+
+Compared with the previous trace, there are two new spans: A teal span from the API Server making a request to the admission webhook, and a brown span from the admission webhook serving the request. Even if you didn't instrument your webhook, you would still get the span from the API Server making the request to the webhook.
+
+## Get involved!
+
+As this is our first attempt at adding distributed tracing to a Kubernetes component, there is probably a lot we can improve! If my struggles resonated with you, or if you just want to try out the latest Kubernetes has to offer, please give the feature a try and open issues with any problem you encountered and ways you think the feature could be improved.
+
+This is just the very beginning of what we can do with distributed tracing in Kubernetes. If there are other components you think would benefit from distributed tracing, or want to help bring API Server Tracing to GA, join sig-instrumentation at our [regular meetings](https://github.com/kubernetes/community/tree/master/sig-instrumentation#instrumentation-special-interest-group) and get involved!
diff --git a/content/en/blog/_posts/image01.png b/content/en/blog/_posts/image01.png
deleted file mode 100644
index 91e8856139..0000000000
Binary files a/content/en/blog/_posts/image01.png and /dev/null differ
diff --git a/content/en/blog/_posts/image02.png b/content/en/blog/_posts/image02.png
deleted file mode 100644
index dfd14d7cdc..0000000000
Binary files a/content/en/blog/_posts/image02.png and /dev/null differ
diff --git a/content/en/blog/_posts/image03.png b/content/en/blog/_posts/image03.png
deleted file mode 100644
index 443a6f2d67..0000000000
Binary files a/content/en/blog/_posts/image03.png and /dev/null differ
diff --git a/content/en/blog/_posts/image04.png b/content/en/blog/_posts/image04.png
deleted file mode 100644
index e107adc88b..0000000000
Binary files a/content/en/blog/_posts/image04.png and /dev/null differ
diff --git a/content/en/blog/_posts/image05.png b/content/en/blog/_posts/image05.png
deleted file mode 100644
index 6d80447d09..0000000000
Binary files a/content/en/blog/_posts/image05.png and /dev/null differ
diff --git a/content/en/blog/_posts/image06.png b/content/en/blog/_posts/image06.png
deleted file mode 100644
index d40b2eb0b6..0000000000
Binary files a/content/en/blog/_posts/image06.png and /dev/null differ
diff --git a/content/en/blog/_posts/image07.png b/content/en/blog/_posts/image07.png
deleted file mode 100644
index fc3976040f..0000000000
Binary files a/content/en/blog/_posts/image07.png and /dev/null differ
diff --git a/content/en/community/_index.html b/content/en/community/_index.html
index 5b65292ea7..b41323c69e 100644
--- a/content/en/community/_index.html
+++ b/content/en/community/_index.html
@@ -13,7 +13,7 @@ cid: community
The Kubernetes community -- users, contributors, and the culture we've built together -- is one of the biggest reasons for the meteoric rise of this open source project. Our culture and values continue to grow and change as the project itself grows and changes. We all work together toward constant improvement of the project and the ways we work on it.
-
We are the people who file issues and pull requests, attend SIG meetings, Kubernetes meetups, and KubeCon, advocate for it's adoption and innovation, run kubectl get pods, and contribute in a thousand other vital ways. Read on to learn how you can get involved and become part of this amazing community.
+
We are the people who file issues and pull requests, attend SIG meetings, Kubernetes meetups, and KubeCon, advocate for its adoption and innovation, run kubectl get pods, and contribute in a thousand other vital ways. Read on to learn how you can get involved and become part of this amazing community.
diff --git a/content/en/docs/concepts/architecture/_index.md b/content/en/docs/concepts/architecture/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/concepts/architecture/cloud-controller.md b/content/en/docs/concepts/architecture/cloud-controller.md
index 9b64289e82..229cc489f9 100644
--- a/content/en/docs/concepts/architecture/cloud-controller.md
+++ b/content/en/docs/concepts/architecture/cloud-controller.md
@@ -210,7 +210,7 @@ To upgrade a HA control plane to use the cloud controller manager, see [Migrate
Want to know how to implement your own cloud controller manager, or extend an existing project?
-The cloud controller manager uses Go interfaces to allow implementations from any cloud to be plugged in. Specifically, it uses the `CloudProvider` interface defined in [`cloud.go`](https://github.com/kubernetes/cloud-provider/blob/release-1.17/cloud.go#L42-L62) from [kubernetes/cloud-provider](https://github.com/kubernetes/cloud-provider).
+The cloud controller manager uses Go interfaces to allow implementations from any cloud to be plugged in. Specifically, it uses the `CloudProvider` interface defined in [`cloud.go`](https://github.com/kubernetes/cloud-provider/blob/release-1.21/cloud.go#L42-L69) from [kubernetes/cloud-provider](https://github.com/kubernetes/cloud-provider).
The implementation of the shared controllers highlighted in this document (Node, Route, and Service), and some scaffolding along with the shared cloudprovider interface, is part of the Kubernetes core. Implementations specific to cloud providers are outside the core of Kubernetes and implement the `CloudProvider` interface.
diff --git a/content/en/docs/concepts/architecture/controller.md b/content/en/docs/concepts/architecture/controller.md
index 711cf38363..9912c53bf8 100644
--- a/content/en/docs/concepts/architecture/controller.md
+++ b/content/en/docs/concepts/architecture/controller.md
@@ -159,11 +159,12 @@ You can run your own controller as a set of Pods,
or externally to Kubernetes. What fits best will depend on what that particular
controller does.
-
-
## {{% heading "whatsnext" %}}
* Read about the [Kubernetes control plane](/docs/concepts/overview/components/#control-plane-components)
* Discover some of the basic [Kubernetes objects](/docs/concepts/overview/working-with-objects/kubernetes-objects/)
* Learn more about the [Kubernetes API](/docs/concepts/overview/kubernetes-api/)
-* If you want to write your own controller, see [Extension Patterns](/docs/concepts/extend-kubernetes/extend-cluster/#extension-patterns) in Extending Kubernetes.
+* If you want to write your own controller, see
+ [Extension Patterns](/docs/concepts/extend-kubernetes/#extension-patterns)
+ in Extending Kubernetes.
+
diff --git a/content/en/docs/concepts/architecture/garbage-collection.md b/content/en/docs/concepts/architecture/garbage-collection.md
new file mode 100644
index 0000000000..7c70675fff
--- /dev/null
+++ b/content/en/docs/concepts/architecture/garbage-collection.md
@@ -0,0 +1,182 @@
+---
+title: Garbage Collection
+content_type: concept
+weight: 50
+---
+
+
+{{}} This
+allows the clean up of resources like the following:
+
+ * [Failed pods](/docs/concepts/workloads/pods/pod-lifecycle/#pod-garbage-collection)
+ * [Completed Jobs](/docs/concepts/workloads/controllers/ttlafterfinished/)
+ * [Objects without owner references](#owners-dependents)
+ * [Unused containers and container images](#containers-images)
+ * [Dynamically provisioned PersistentVolumes with a StorageClass reclaim policy of Delete](/docs/concepts/storage/persistent-volumes/#delete)
+ * [Stale or expired CertificateSigningRequests (CSRs)](/reference/access-authn-authz/certificate-signing-requests/#request-signing-process)
+ * {{}} deleted in the following scenarios:
+ * On a cloud when the cluster uses a [cloud controller manager](/docs/concepts/architecture/cloud-controller/)
+ * On-premises when the cluster uses an addon similar to a cloud controller
+ manager
+ * [Node Lease objects](/docs/concepts/architecture/nodes/#heartbeats)
+
+## Owners and dependents {#owners-dependents}
+
+Many objects in Kubernetes link to each other through [*owner references*](/docs/concepts/overview/working-with-objects/owners-dependents/).
+Owner references tell the control plane which objects are dependent on others.
+Kubernetes uses owner references to give the control plane, and other API
+clients, the opportunity to clean up related resources before deleting an
+object. In most cases, Kubernetes manages owner references automatically.
+
+Ownership is different from the [labels and selectors](/docs/concepts/overview/working-with-objects/labels/)
+mechanism that some resources also use. For example, consider a
+{{}} that creates
+`EndpointSlice` objects. The Service uses *labels* to allow the control plane to
+determine which `EndpointSlice` objects are used for that Service. In addition
+to the labels, each `EndpointSlice` that is managed on behalf of a Service has
+an owner reference. Owner references help different parts of Kubernetes avoid
+interfering with objects they don’t control.
+
+{{< note >}}
+Cross-namespace owner references are disallowed by design.
+Namespaced dependents can specify cluster-scoped or namespaced owners.
+A namespaced owner **must** exist in the same namespace as the dependent.
+If it does not, the owner reference is treated as absent, and the dependent
+is subject to deletion once all owners are verified absent.
+
+Cluster-scoped dependents can only specify cluster-scoped owners.
+In v1.20+, if a cluster-scoped dependent specifies a namespaced kind as an owner,
+it is treated as having an unresolvable owner reference, and is not able to be garbage collected.
+
+In v1.20+, if the garbage collector detects an invalid cross-namespace `ownerReference`,
+or a cluster-scoped dependent with an `ownerReference` referencing a namespaced kind, a warning Event
+with a reason of `OwnerRefInvalidNamespace` and an `involvedObject` of the invalid dependent is reported.
+You can check for that kind of Event by running
+`kubectl get events -A --field-selector=reason=OwnerRefInvalidNamespace`.
+{{< /note >}}
+
+## Cascading deletion {#cascading-deletion}
+
+Kubernetes checks for and deletes objects that no longer have owner
+references, like the pods left behind when you delete a ReplicaSet. When you
+delete an object, you can control whether Kubernetes deletes the object's
+dependents automatically, in a process called *cascading deletion*. There are
+two types of cascading deletion, as follows:
+
+ * Foreground cascading deletion
+ * Background cascading deletion
+
+You can also control how and when garbage collection deletes resources that have
+owner references using Kubernetes {{}}.
+
+### Foreground cascading deletion {#foreground-deletion}
+
+In foreground cascading deletion, the owner object you're deleting first enters
+a *deletion in progress* state. In this state, the following happens to the
+owner object:
+
+ * The Kubernetes API server sets the object's `metadata.deletionTimestamp`
+ field to the time the object was marked for deletion.
+ * The Kubernetes API server also sets the `metadata.finalizers` field to
+ `foregroundDeletion`.
+ * The object remains visible through the Kubernetes API until the deletion
+ process is complete.
+
+After the owner object enters the deletion in progress state, the controller
+deletes the dependents. After deleting all the dependent objects, the controller
+deletes the owner object. At this point, the object is no longer visible in the
+Kubernetes API.
+
+During foreground cascading deletion, the only dependents that block owner
+deletion are those that have the `ownerReference.blockOwnerDeletion=true` field.
+See [Use foreground cascading deletion](/docs/tasks/administer-cluster/use-cascading-deletion/#use-foreground-cascading-deletion)
+to learn more.
+
+### Background cascading deletion {#background-deletion}
+
+In background cascading deletion, the Kubernetes API server deletes the owner
+object immediately and the controller cleans up the dependent objects in
+the background. By default, Kubernetes uses background cascading deletion unless
+you manually use foreground deletion or choose to orphan the dependent objects.
+
+See [Use background cascading deletion](/docs/tasks/administer-cluster/use-cascading-deletion/#use-background-cascading-deletion)
+to learn more.
+
+### Orphaned dependents
+
+When Kubernetes deletes an owner object, the dependents left behind are called
+*orphan* objects. By default, Kubernetes deletes dependent objects. To learn how
+to override this behaviour, see [Delete owner objects and orphan dependents](/docs/tasks/administer-cluster/use-cascading-deletion/#set-orphan-deletion-policy).
+
+## Garbage collection of unused containers and images {#containers-images}
+
+The {{}} performs garbage
+collection on unused images every five minutes and on unused containers every
+minute. You should avoid using external garbage collection tools, as these can
+break the kubelet behavior and remove containers that should exist.
+
+To configure options for unused container and image garbage collection, tune the
+kubelet using a [configuration file](/docs/tasks/administer-cluster/kubelet-config-file/)
+and change the parameters related to garbage collection using the
+[`KubeletConfiguration`](/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration)
+resource type.
+
+### Container image lifecycle
+
+Kubernetes manages the lifecycle of all images through its *image manager*,
+which is part of the kubelet, with the cooperation of cadvisor. The kubelet
+considers the following disk usage limits when making garbage collection
+decisions:
+
+ * `HighThresholdPercent`
+ * `LowThresholdPercent`
+
+Disk usage above the configured `HighThresholdPercent` value triggers garbage
+collection, which deletes images in order based on the last time they were used,
+starting with the oldest first. The kubelet deletes images
+until disk usage reaches the `LowThresholdPercent` value.
+
+### Container image garbage collection {#container-image-garbage-collection}
+
+The kubelet garbage collects unused containers based on the following variables,
+which you can define:
+
+ * `MinAge`: the minimum age at which the kubelet can garbage collect a
+ container. Disable by setting to `0`.
+ * `MaxPerPodContainer`: the maximum number of dead containers each Pod pair
+ can have. Disable by setting to less than `0`.
+ * `MaxContainers`: the maximum number of dead containers the cluster can have.
+ Disable by setting to less than `0`.
+
+In addition to these variables, the kubelet garbage collects unidentified and
+deleted containers, typically starting with the oldest first.
+
+`MaxPerPodContainer` and `MaxContainer` may potentially conflict with each other
+in situations where retaining the maximum number of containers per Pod
+(`MaxPerPodContainer`) would go outside the allowable total of global dead
+containers (`MaxContainers`). In this situation, the kubelet adjusts
+`MaxPodPerContainer` to address the conflict. A worst-case scenario would be to
+downgrade `MaxPerPodContainer` to `1` and evict the oldest containers.
+Additionally, containers owned by pods that have been deleted are removed once
+they are older than `MinAge`.
+
+{{}}
+The kubelet only garbage collects the containers it manages.
+{{}}
+
+## Configuring garbage collection {#configuring-gc}
+
+You can tune garbage collection of resources by configuring options specific to
+the controllers managing those resources. The following pages show you how to
+configure garbage collection:
+
+ * [Configuring cascading deletion of Kubernetes objects](/docs/tasks/administer-cluster/use-cascading-deletion/)
+ * [Configuring cleanup of finished Jobs](/docs/concepts/workloads/controllers/ttlafterfinished/)
+
+
+
+## {{% heading "whatsnext" %}}
+
+* Learn more about [ownership of Kubernetes objects](/docs/concepts/overview/working-with-objects/owners-dependents/).
+* Learn more about Kubernetes [finalizers](/docs/concepts/overview/working-with-objects/finalizers/).
+* Learn about the [TTL controller](/docs/concepts/workloads/controllers/ttlafterfinished/) (beta) that cleans up finished Jobs.
\ No newline at end of file
diff --git a/content/en/docs/concepts/architecture/nodes.md b/content/en/docs/concepts/architecture/nodes.md
index c583098693..1d4f6455b7 100644
--- a/content/en/docs/concepts/architecture/nodes.md
+++ b/content/en/docs/concepts/architecture/nodes.md
@@ -14,7 +14,7 @@ A node may be a virtual or physical machine, depending on the cluster. Each node
is managed by the
{{< glossary_tooltip text="control plane" term_id="control-plane" >}}
and contains the services necessary to run
-{{< glossary_tooltip text="Pods" term_id="pod" >}}
+{{< glossary_tooltip text="Pods" term_id="pod" >}}.
Typically you have several nodes in a cluster; in a learning or resource-limited
environment, you might have only one node.
@@ -122,6 +122,9 @@ To mark a Node unschedulable, run:
kubectl cordon $NODENAME
```
+See [Safely Drain a Node](/docs/tasks/administer-cluster/safely-drain-node/)
+for more details.
+
{{< note >}}
Pods that are part of a {{< glossary_tooltip term_id="daemonset" >}} tolerate
being run on an unschedulable Node. DaemonSets typically provide node-local services
@@ -162,8 +165,8 @@ The `conditions` field describes the status of all `Running` nodes. Examples of
| Node Condition | Description |
|----------------------|-------------|
| `Ready` | `True` if the node is healthy and ready to accept pods, `False` if the node is not healthy and is not accepting pods, and `Unknown` if the node controller has not heard from the node in the last `node-monitor-grace-period` (default is 40 seconds) |
-| `DiskPressure` | `True` if pressure exists on the disk size--that is, if the disk capacity is low; otherwise `False` |
-| `MemoryPressure` | `True` if pressure exists on the node memory--that is, if the node memory is low; otherwise `False` |
+| `DiskPressure` | `True` if pressure exists on the disk size—that is, if the disk capacity is low; otherwise `False` |
+| `MemoryPressure` | `True` if pressure exists on the node memory—that is, if the node memory is low; otherwise `False` |
| `PIDPressure` | `True` if pressure exists on the processes—that is, if there are too many processes on the node; otherwise `False` |
| `NetworkUnavailable` | `True` if the network for the node is not correctly configured, otherwise `False` |
{{< /table >}}
@@ -174,7 +177,8 @@ If you use command-line tools to print details of a cordoned Node, the Condition
cordoned nodes are marked Unschedulable in their spec.
{{< /note >}}
-The node condition is represented as a JSON object. For example, the following structure describes a healthy node:
+In the Kubernetes API, a node's condition is represented as part of the `.status`
+of the Node resource. For example, the following JSON structure describes a healthy node:
```json
"conditions": [
@@ -189,7 +193,17 @@ The node condition is represented as a JSON object. For example, the following s
]
```
-If the Status of the Ready condition remains `Unknown` or `False` for longer than the `pod-eviction-timeout` (an argument passed to the {{< glossary_tooltip text="kube-controller-manager" term_id="kube-controller-manager" >}}), then all the Pods on the node are scheduled for deletion by the node controller. The default eviction timeout duration is **five minutes**. In some cases when the node is unreachable, the API server is unable to communicate with the kubelet on the node. The decision to delete the pods cannot be communicated to the kubelet until communication with the API server is re-established. In the meantime, the pods that are scheduled for deletion may continue to run on the partitioned node.
+If the `status` of the Ready condition remains `Unknown` or `False` for longer
+than the `pod-eviction-timeout` (an argument passed to the
+{{< glossary_tooltip text="kube-controller-manager" term_id="kube-controller-manager"
+>}}), then the [node controller](#node-controller) triggers
+{{< glossary_tooltip text="API-initiated eviction" term_id="api-eviction" >}}
+for all Pods assigned to that node. The default eviction timeout duration is
+**five minutes**.
+In some cases when the node is unreachable, the API server is unable to communicate
+with the kubelet on the node. The decision to delete the pods cannot be communicated to
+the kubelet until communication with the API server is re-established. In the meantime,
+the pods that are scheduled for deletion may continue to run on the partitioned node.
The node controller does not force delete pods until it is confirmed that they have stopped
running in the cluster. You can see the pods that might be running on an unreachable node as
@@ -199,10 +213,12 @@ may need to delete the node object by hand. Deleting the node object from Kubern
all the Pod objects running on the node to be deleted from the API server and frees up their
names.
-The node lifecycle controller automatically creates
-[taints](/docs/concepts/scheduling-eviction/taint-and-toleration/) that represent conditions.
+When problems occur on nodes, the Kubernetes control plane automatically creates
+[taints](/docs/concepts/scheduling-eviction/taint-and-toleration/) that match the conditions
+affecting the node.
The scheduler takes the Node's taints into consideration when assigning a Pod to a Node.
-Pods can also have tolerations which let them tolerate a Node's taints.
+Pods can also have {{< glossary_tooltip text="tolerations" term_id="toleration" >}} that let
+them run on a Node even though it has a specific taint.
See [Taint Nodes by Condition](/docs/concepts/scheduling-eviction/taint-and-toleration/#taint-nodes-by-condition)
for more details.
@@ -222,10 +238,43 @@ on a Node.
### Info
-Describes general information about the node, such as kernel version, Kubernetes version (kubelet and kube-proxy version), Docker version (if used), and OS name.
-This information is gathered by Kubelet from the node.
+Describes general information about the node, such as kernel version, Kubernetes
+version (kubelet and kube-proxy version), container runtime details, and which
+operating system the node uses.
+The kubelet gathers this information from the node and publishes it into
+the Kubernetes API.
-### Node controller
+## Heartbeats
+
+Heartbeats, sent by Kubernetes nodes, help your cluster determine the
+availability of each node, and to take action when failures are detected.
+
+For nodes there are two forms of heartbeats:
+
+* updates to the `.status` of a Node
+* [Lease](/docs/reference/kubernetes-api/cluster-resources/lease-v1/) objects
+ within the `kube-node-lease`
+ {{< glossary_tooltip term_id="namespace" text="namespace">}}.
+ Each Node has an associated Lease object.
+
+Compared to updates to `.status` of a Node, a Lease is a lightweight resource.
+Using Leases for heartbeats reduces the performance impact of these updates
+for large clusters.
+
+The kubelet is responsible for creating and updating the `.status` of Nodes,
+and for updating their related Leases.
+
+- The kubelet updates the node's `.status` either when there is change in status
+ or if there has been no update for a configured interval. The default interval
+ for `.status` updates to Nodes is 5 minutes, which is much longer than the 40
+ second default timeout for unreachable nodes.
+- The kubelet creates and then updates its Lease object every 10 seconds
+ (the default update interval). Lease updates occur independently from
+ updates to the Node's `.status`. If the Lease update fails, the kubelet retries,
+ using exponential backoff that starts at 200 milliseconds and capped at 7 seconds.
+
+
+## Node controller
The node {{< glossary_tooltip text="controller" term_id="controller" >}} is a
Kubernetes control plane component that manages various aspects of nodes.
@@ -241,39 +290,18 @@ controller deletes the node from its list of nodes.
The third is monitoring the nodes' health. The node controller is
responsible for:
-- Updating the NodeReady condition of NodeStatus to ConditionUnknown when a node
- becomes unreachable, as the node controller stops receiving heartbeats for some
- reason such as the node being down.
-- Evicting all the pods from the node using graceful termination if
- the node continues to be unreachable. The default timeouts are 40s to start
- reporting ConditionUnknown and 5m after that to start evicting pods.
+- In the case that a node becomes unreachable, updating the NodeReady condition
+ of within the Node's `.status`. In this case the node controller sets the
+ NodeReady condition to `ConditionUnknown`.
+- If a node remains unreachable: triggering
+ [API-initiated eviction](/docs/concepts/scheduling-eviction/api-eviction/)
+ for all of the Pods on the unreachable node. By default, the node controller
+ waits 5 minutes between marking the node as `ConditionUnknown` and submitting
+ the first eviction request.
The node controller checks the state of each node every `--node-monitor-period` seconds.
-#### Heartbeats
-
-Heartbeats, sent by Kubernetes nodes, help determine the availability of a node.
-
-There are two forms of heartbeats: updates of `NodeStatus` and the
-[Lease object](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#lease-v1-coordination-k8s-io).
-Each Node has an associated Lease object in the `kube-node-lease`
-{{< glossary_tooltip term_id="namespace" text="namespace">}}.
-Lease is a lightweight resource, which improves the performance
-of the node heartbeats as the cluster scales.
-
-The kubelet is responsible for creating and updating the `NodeStatus` and
-a Lease object.
-
-- The kubelet updates the `NodeStatus` either when there is change in status
- or if there has been no update for a configured interval. The default interval
- for `NodeStatus` updates is 5 minutes, which is much longer than the 40 second default
- timeout for unreachable nodes.
-- The kubelet creates and then updates its Lease object every 10 seconds
- (the default update interval). Lease updates occur independently from the
- `NodeStatus` updates. If the Lease update fails, the kubelet retries with
- exponential backoff starting at 200 milliseconds and capped at 7 seconds.
-
-#### Reliability
+### Rate limits on eviction
In most cases, the node controller limits the eviction rate to
`--node-eviction-rate` (default 0.1) per second, meaning it won't evict pods
@@ -281,9 +309,9 @@ from more than 1 node per 10 seconds.
The node eviction behavior changes when a node in a given availability zone
becomes unhealthy. The node controller checks what percentage of nodes in the zone
-are unhealthy (NodeReady condition is ConditionUnknown or ConditionFalse) at
+are unhealthy (NodeReady condition is `ConditionUnknown` or `ConditionFalse`) at
the same time:
-- If the fraction of unhealthy nodes is at least `--unhealthy-zone-threshold`
+- If the fraction of unhealthy nodes is at least `--unhealthy-zone-threshold`
(default 0.55), then the eviction rate is reduced.
- If the cluster is small (i.e. has less than or equal to
`--large-cluster-size-threshold` nodes - default 50), then evictions are stopped.
@@ -293,15 +321,17 @@ the same time:
The reason these policies are implemented per availability zone is because one
availability zone might become partitioned from the master while the others remain
connected. If your cluster does not span multiple cloud provider availability zones,
-then there is only one availability zone (i.e. the whole cluster).
+then the eviction mechanism does not take per-zone unavailability into account.
A key reason for spreading your nodes across availability zones is so that the
workload can be shifted to healthy zones when one entire zone goes down.
Therefore, if all nodes in a zone are unhealthy, then the node controller evicts at
the normal rate of `--node-eviction-rate`. The corner case is when all zones are
-completely unhealthy (i.e. there are no healthy nodes in the cluster). In such a
-case, the node controller assumes that there is some problem with master
-connectivity and stops all evictions until some connectivity is restored.
+completely unhealthy (none of the nodes in the cluster are healthy). In such a
+case, the node controller assumes that there is some problem with connectivity
+between the control plane and the nodes, and doesn't perform any evictions.
+(If there has been an outage and some nodes reappear, the node controller does
+evict pods from the remaining nodes that are unhealthy or unreachable).
The node controller is also responsible for evicting pods running on nodes with
`NoExecute` taints, unless those pods tolerate that taint.
@@ -309,7 +339,7 @@ The node controller also adds {{< glossary_tooltip text="taints" term_id="taint"
corresponding to node problems like node unreachable or not ready. This means
that the scheduler won't place Pods onto unhealthy nodes.
-### Node capacity
+## Resource capacity tracking {#node-capacity}
Node objects track information about the Node's resource capacity: for example, the amount
of memory available and the number of CPUs.
@@ -377,6 +407,64 @@ For example, if `ShutdownGracePeriod=30s`, and
for gracefully terminating normal pods, and the last 10 seconds would be
reserved for terminating [critical pods](/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical).
+{{< note >}}
+When pods were evicted during the graceful node shutdown, they are marked as failed.
+Running `kubectl get pods` shows the status of the the evicted pods as `Shutdown`.
+And `kubectl describe pod` indicates that the pod was evicted because of node shutdown:
+
+```
+Status: Failed
+Reason: Shutdown
+Message: Node is shutting, evicting pods
+```
+
+Failed pod objects will be preserved until explicitly deleted or [cleaned up by the GC](/docs/concepts/workloads/pods/pod-lifecycle/#pod-garbage-collection).
+This is a change of behavior compared to abrupt node termination.
+{{< /note >}}
+
+## Swap memory management {#swap-memory}
+
+{{< feature-state state="alpha" for_k8s_version="v1.22" >}}
+
+Prior to Kubernetes 1.22, nodes did not support the use of swap memory, and a
+kubelet would by default fail to start if swap was detected on a node. In 1.22
+onwards, swap memory support can be enabled on a per-node basis.
+
+To enable swap on a node, the `NodeSwap` feature gate must be enabled on
+the kubelet, and the `--fail-swap-on` command line flag or `failSwapOn`
+[configuration setting](/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration)
+must be set to false.
+
+A user can also optionally configure `memorySwap.swapBehavior` in order to
+specify how a node will use swap memory. For example,
+
+```yaml
+memorySwap:
+ swapBehavior: LimitedSwap
+```
+
+The available configuration options for `swapBehavior` are:
+
+- `LimitedSwap`: Kubernetes workloads are limited in how much swap they can
+ use. Workloads on the node not managed by Kubernetes can still swap.
+- `UnlimitedSwap`: Kubernetes workloads can use as much swap memory as they
+ request, up to the system limit.
+
+If configuration for `memorySwap` is not specified and the feature gate is
+enabled, by default the kubelet will apply the same behaviour as the
+`LimitedSwap` setting.
+
+The behaviour of the `LimitedSwap` setting depends if the node is running with
+v1 or v2 of control groups (also known as "cgroups"):
+
+- **cgroupsv1:** Kubernetes workloads can use any combination of memory and
+ swap, up to the pod's memory limit, if set.
+- **cgroupsv2:** Kubernetes workloads cannot use swap memory.
+
+For more information, and to assist with testing and provide feedback, please
+see [KEP-2400](https://github.com/kubernetes/enhancements/issues/2400) and its
+[design proposal](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/2400-node-swap/README.md).
+
## {{% heading "whatsnext" %}}
* Learn about the [components](/docs/concepts/overview/components/#node-components) that make up a node.
diff --git a/content/en/docs/concepts/cluster-administration/flow-control.md b/content/en/docs/concepts/cluster-administration/flow-control.md
index 71eb8106e5..46f0a1eadc 100644
--- a/content/en/docs/concepts/cluster-administration/flow-control.md
+++ b/content/en/docs/concepts/cluster-administration/flow-control.md
@@ -33,8 +33,6 @@ the `--max-requests-inflight` flag without the API Priority and
Fairness feature enabled.
{{< /caution >}}
-
-
## Enabling/Disabling API Priority and Fairness
@@ -65,6 +63,7 @@ The command-line flag `--enable-priority-and-fairness=false` will disable the
API Priority and Fairness feature, even if other flags have enabled it.
## Concepts
+
There are several distinct features involved in the API Priority and Fairness
feature. Incoming requests are classified by attributes of the request using
_FlowSchemas_, and assigned to priority levels. Priority levels add a degree of
@@ -75,12 +74,13 @@ each other, and allows for requests to be queued to prevent bursty traffic from
causing failed requests when the average load is acceptably low.
### Priority Levels
-Without APF enabled, overall concurrency in
-the API server is limited by the `kube-apiserver` flags
-`--max-requests-inflight` and `--max-mutating-requests-inflight`. With APF
-enabled, the concurrency limits defined by these flags are summed and then the sum is divided up
-among a configurable set of _priority levels_. Each incoming request is assigned
-to a single priority level, and each priority level will only dispatch as many
+
+Without APF enabled, overall concurrency in the API server is limited by the
+`kube-apiserver` flags `--max-requests-inflight` and
+`--max-mutating-requests-inflight`. With APF enabled, the concurrency limits
+defined by these flags are summed and then the sum is divided up among a
+configurable set of _priority levels_. Each incoming request is assigned to a
+single priority level, and each priority level will only dispatch as many
concurrent requests as its configuration allows.
The default configuration, for example, includes separate priority levels for
@@ -90,6 +90,7 @@ requests cannot prevent leader election or actions by the built-in controllers
from succeeding.
### Queuing
+
Even within a priority level there may be a large number of distinct sources of
traffic. In an overload situation, it is valuable to prevent one stream of
requests from starving others (in particular, in the relatively common case of a
@@ -114,15 +115,18 @@ independent flows will all make progress when total traffic exceeds capacity),
tolerance for bursty traffic, and the added latency induced by queuing.
### Exempt requests
+
Some requests are considered sufficiently important that they are not subject to
any of the limitations imposed by this feature. These exemptions prevent an
improperly-configured flow control configuration from totally disabling an API
server.
## Defaults
+
The Priority and Fairness feature ships with a suggested configuration that
should suffice for experimentation; if your cluster is likely to
-experience heavy load then you should consider what configuration will work best. The suggested configuration groups requests into five priority
+experience heavy load then you should consider what configuration will work
+best. The suggested configuration groups requests into five priority
classes:
* The `system` priority level is for requests from the `system:nodes` group,
@@ -180,19 +184,18 @@ If you add the following additional FlowSchema, this exempts those
requests from rate limiting.
{{< caution >}}
-
Making this change also allows any hostile party to then send
health-check requests that match this FlowSchema, at any volume they
like. If you have a web traffic filter or similar external security
mechanism to protect your cluster's API server from general internet
traffic, you can configure rules to block any health check requests
that originate from outside your cluster.
-
{{< /caution >}}
{{< codenew file="priority-and-fairness/health-for-strangers.yaml" >}}
## Resources
+
The flow control API involves two kinds of resources.
[PriorityLevelConfigurations](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io)
define the available isolation classes, the share of the available concurrency
@@ -204,6 +207,7 @@ of the same API group, and it has the same Kinds with the same syntax and
semantics.
### PriorityLevelConfiguration
+
A PriorityLevelConfiguration represents a single isolation class. Each
PriorityLevelConfiguration has an independent limit on the number of outstanding
requests, and limitations on the number of queued requests.
@@ -217,6 +221,7 @@ server by restarting `kube-apiserver` with a different value for
`--max-requests-inflight` (or `--max-mutating-requests-inflight`), and all
PriorityLevelConfigurations will see their maximum allowed concurrency go up (or
down) by the same fraction.
+
{{< caution >}}
With the Priority and Fairness feature enabled, the total concurrency limit for
the server is set to the sum of `--max-requests-inflight` and
@@ -235,8 +240,8 @@ above the threshold will be queued, with the shuffle sharding and fair queuing t
to balance progress between request flows.
The queuing configuration allows tuning the fair queuing algorithm for a
-priority level. Details of the algorithm can be read in the [enhancement
-proposal](#whats-next), but in short:
+priority level. Details of the algorithm can be read in the
+[enhancement proposal](#whats-next), but in short:
* Increasing `queues` reduces the rate of collisions between different flows, at
the cost of increased memory usage. A value of 1 here effectively disables the
@@ -249,15 +254,15 @@ proposal](#whats-next), but in short:
* Changing `handSize` allows you to adjust the probability of collisions between
different flows and the overall concurrency available to a single flow in an
overload situation.
- {{< note >}}
- A larger `handSize` makes it less likely for two individual flows to collide
- (and therefore for one to be able to starve the other), but more likely that
- a small number of flows can dominate the apiserver. A larger `handSize` also
- potentially increases the amount of latency that a single high-traffic flow
- can cause. The maximum number of queued requests possible from a
- single flow is `handSize * queueLengthLimit`.
- {{< /note >}}
+ {{< note >}}
+ A larger `handSize` makes it less likely for two individual flows to collide
+ (and therefore for one to be able to starve the other), but more likely that
+ a small number of flows can dominate the apiserver. A larger `handSize` also
+ potentially increases the amount of latency that a single high-traffic flow
+ can cause. The maximum number of queued requests possible from a
+ single flow is `handSize * queueLengthLimit`.
+ {{< /note >}}
Following is a table showing an interesting collection of shuffle
sharding configurations, showing for each the probability that a
@@ -319,6 +324,7 @@ considered part of a single flow. The correct choice for a given FlowSchema
depends on the resource and your particular environment.
## Diagnostics
+
Every HTTP response from an API server with the priority and fairness feature
enabled has two extra headers: `X-Kubernetes-PF-FlowSchema-UID` and
`X-Kubernetes-PF-PriorityLevel-UID`, noting the flow schema that matched the request
@@ -356,13 +362,14 @@ poorly-behaved workloads that may be harming system health.
matched the request), `priority_level` (indicating the one to which
the request was assigned), and `reason`. The `reason` label will be
have one of the following values:
- * `queue-full`, indicating that too many requests were already
- queued,
- * `concurrency-limit`, indicating that the
- PriorityLevelConfiguration is configured to reject rather than
- queue excess requests, or
- * `time-out`, indicating that the request was still in the queue
- when its queuing time limit expired.
+
+ * `queue-full`, indicating that too many requests were already
+ queued,
+ * `concurrency-limit`, indicating that the
+ PriorityLevelConfiguration is configured to reject rather than
+ queue excess requests, or
+ * `time-out`, indicating that the request was still in the queue
+ when its queuing time limit expired.
* `apiserver_flowcontrol_dispatched_requests_total` is a counter
vector (cumulative since server start) of requests that began
@@ -405,6 +412,10 @@ poorly-behaved workloads that may be harming system health.
queue) requests, broken down by the labels `priority_level` and
`flow_schema`.
+* `apiserver_flowcontrol_request_concurrency_in_use` is a gauge vector
+ holding the instantaneous number of occupied seats, broken down by
+ the labels `priority_level` and `flow_schema`.
+
* `apiserver_flowcontrol_priority_level_request_count_samples` is a
histogram vector of observations of the then-current number of
requests broken down by the labels `phase` (which takes on the
@@ -430,14 +441,15 @@ poorly-behaved workloads that may be harming system health.
sample to its histogram, reporting the length of the queue immediately
after the request was added. Note that this produces different
statistics than an unbiased survey would.
- {{< note >}}
- An outlier value in a histogram here means it is likely that a single flow
- (i.e., requests by one user or for one namespace, depending on
- configuration) is flooding the API server, and being throttled. By contrast,
- if one priority level's histogram shows that all queues for that priority
- level are longer than those for other priority levels, it may be appropriate
- to increase that PriorityLevelConfiguration's concurrency shares.
- {{< /note >}}
+
+ {{< note >}}
+ An outlier value in a histogram here means it is likely that a single flow
+ (i.e., requests by one user or for one namespace, depending on
+ configuration) is flooding the API server, and being throttled. By contrast,
+ if one priority level's histogram shows that all queues for that priority
+ level are longer than those for other priority levels, it may be appropriate
+ to increase that PriorityLevelConfiguration's concurrency shares.
+ {{< /note >}}
* `apiserver_flowcontrol_request_concurrency_limit` is a gauge vector
holding the computed concurrency limit (based on the API server's
@@ -450,12 +462,13 @@ poorly-behaved workloads that may be harming system health.
`priority_level` (indicating the one to which the request was
assigned), and `execute` (indicating whether the request started
executing).
- {{< note >}}
- Since each FlowSchema always assigns requests to a single
- PriorityLevelConfiguration, you can add the histograms for all the
- FlowSchemas for one priority level to get the effective histogram for
- requests assigned to that priority level.
- {{< /note >}}
+
+ {{< note >}}
+ Since each FlowSchema always assigns requests to a single
+ PriorityLevelConfiguration, you can add the histograms for all the
+ FlowSchemas for one priority level to get the effective histogram for
+ requests assigned to that priority level.
+ {{< /note >}}
* `apiserver_flowcontrol_request_execution_seconds` is a histogram
vector of how long requests took to actually execute, broken down by
@@ -465,14 +478,19 @@ poorly-behaved workloads that may be harming system health.
### Debug endpoints
-When you enable the API Priority and Fairness feature, the kube-apiserver serves the following additional paths at its HTTP[S] ports.
+When you enable the API Priority and Fairness feature, the `kube-apiserver`
+serves the following additional paths at its HTTP[S] ports.
+
+- `/debug/api_priority_and_fairness/dump_priority_levels` - a listing of
+ all the priority levels and the current state of each. You can fetch like this:
-- `/debug/api_priority_and_fairness/dump_priority_levels` - a listing of all the priority levels and the current state of each. You can fetch like this:
```shell
kubectl get --raw /debug/api_priority_and_fairness/dump_priority_levels
```
+
The output is similar to this:
- ```
+
+ ```none
PriorityLevelName, ActiveQueues, IsIdle, IsQuiescing, WaitingRequests, ExecutingRequests,
workload-low, 0, true, false, 0, 0,
global-default, 0, true, false, 0, 0,
@@ -483,12 +501,16 @@ When you enable the API Priority and Fairness feature, the kube-apiserver serves
workload-high, 0, true, false, 0, 0,
```
-- `/debug/api_priority_and_fairness/dump_queues` - a listing of all the queues and their current state. You can fetch like this:
+- `/debug/api_priority_and_fairness/dump_queues` - a listing of all the
+ queues and their current state. You can fetch like this:
+
```shell
kubectl get --raw /debug/api_priority_and_fairness/dump_queues
```
+
The output is similar to this:
- ```
+
+ ```none
PriorityLevelName, Index, PendingRequests, ExecutingRequests, VirtualStart,
workload-high, 0, 0, 0, 0.0000,
workload-high, 1, 0, 0, 0.0000,
@@ -498,25 +520,33 @@ When you enable the API Priority and Fairness feature, the kube-apiserver serves
leader-election, 15, 0, 0, 0.0000,
```
-- `/debug/api_priority_and_fairness/dump_requests` - a listing of all the requests that are currently waiting in a queue. You can fetch like this:
+- `/debug/api_priority_and_fairness/dump_requests` - a listing of all the requests
+ that are currently waiting in a queue. You can fetch like this:
+
```shell
kubectl get --raw /debug/api_priority_and_fairness/dump_requests
```
+
The output is similar to this:
- ```
+
+ ```none
PriorityLevelName, FlowSchemaName, QueueIndex, RequestIndexInQueue, FlowDistingsher, ArriveTime,
exempt, , , , , ,
system, system-nodes, 12, 0, system:node:127.0.0.1, 2020-07-23T15:26:57.179170694Z,
```
- In addition to the queued requests, the output includes one phantom line for each priority level that is exempt from limitation.
+ In addition to the queued requests, the output includes one phantom line
+ for each priority level that is exempt from limitation.
You can get a more detailed listing with a command like this:
+
```shell
kubectl get --raw '/debug/api_priority_and_fairness/dump_requests?includeRequestDetails=1'
```
+
The output is similar to this:
- ```
+
+ ```none
PriorityLevelName, FlowSchemaName, QueueIndex, RequestIndexInQueue, FlowDistingsher, ArriveTime, UserName, Verb, APIPath, Namespace, Name, APIVersion, Resource, SubResource,
system, system-nodes, 12, 0, system:node:127.0.0.1, 2020-07-23T15:31:03.583823404Z, system:node:127.0.0.1, create, /api/v1/namespaces/scaletest/configmaps,
system, system-nodes, 12, 1, system:node:127.0.0.1, 2020-07-23T15:31:03.594555947Z, system:node:127.0.0.1, create, /api/v1/namespaces/scaletest/configmaps,
@@ -528,4 +558,4 @@ When you enable the API Priority and Fairness feature, the kube-apiserver serves
For background information on design details for API priority and fairness, see
the [enhancement proposal](https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/1040-priority-and-fairness).
You can make suggestions and feature requests via [SIG API Machinery](https://github.com/kubernetes/community/tree/master/sig-api-machinery)
-or the feature's [slack channel](http://kubernetes.slack.com/messages/api-priority-and-fairness).
+or the feature's [slack channel](https://kubernetes.slack.com/messages/api-priority-and-fairness).
diff --git a/content/en/docs/concepts/cluster-administration/kubelet-garbage-collection.md b/content/en/docs/concepts/cluster-administration/kubelet-garbage-collection.md
deleted file mode 100644
index ea51a566ac..0000000000
--- a/content/en/docs/concepts/cluster-administration/kubelet-garbage-collection.md
+++ /dev/null
@@ -1,86 +0,0 @@
----
-reviewers:
-title: Garbage collection for container images
-content_type: concept
-weight: 70
----
-
-
-
-Garbage collection is a helpful function of kubelet that will clean up unused [images](/docs/concepts/containers/#container-images) and unused [containers](/docs/concepts/containers/). Kubelet will perform garbage collection for containers every minute and garbage collection for images every five minutes.
-
-External garbage collection tools are not recommended as these tools can potentially break the behavior of kubelet by removing containers expected to exist.
-
-
-
-
-
-
-## Image Collection
-
-Kubernetes manages lifecycle of all images through imageManager, with the cooperation
-of cadvisor.
-
-The policy for garbage collecting images takes two factors into consideration:
-`HighThresholdPercent` and `LowThresholdPercent`. Disk usage above the high threshold
-will trigger garbage collection. The garbage collection will delete least recently used images until the low
-threshold has been met.
-
-## Container Collection
-
-The policy for garbage collecting containers considers three user-defined variables. `MinAge` is the minimum age at which a container can be garbage collected. `MaxPerPodContainer` is the maximum number of dead containers every single
-pod (UID, container name) pair is allowed to have. `MaxContainers` is the maximum number of total dead containers. These variables can be individually disabled by setting `MinAge` to zero and setting `MaxPerPodContainer` and `MaxContainers` respectively to less than zero.
-
-Kubelet will act on containers that are unidentified, deleted, or outside of the boundaries set by the previously mentioned flags. The oldest containers will generally be removed first. `MaxPerPodContainer` and `MaxContainer` may potentially conflict with each other in situations where retaining the maximum number of containers per pod (`MaxPerPodContainer`) would go outside the allowable range of global dead containers (`MaxContainers`). `MaxPerPodContainer` would be adjusted in this situation: A worst case scenario would be to downgrade `MaxPerPodContainer` to 1 and evict the oldest containers. Additionally, containers owned by pods that have been deleted are removed once they are older than `MinAge`.
-
-Containers that are not managed by kubelet are not subject to container garbage collection.
-
-## User Configuration
-
-You can adjust the following thresholds to tune image garbage collection with the following kubelet flags :
-
-1. `image-gc-high-threshold`, the percent of disk usage which triggers image garbage collection.
-Default is 85%.
-2. `image-gc-low-threshold`, the percent of disk usage to which image garbage collection attempts
-to free. Default is 80%.
-
-You can customize the garbage collection policy through the following kubelet flags:
-
-1. `minimum-container-ttl-duration`, minimum age for a finished container before it is
-garbage collected. Default is 0 minute, which means every finished container will be garbage collected.
-2. `maximum-dead-containers-per-container`, maximum number of old instances to be retained
-per container. Default is 1.
-3. `maximum-dead-containers`, maximum number of old instances of containers to retain globally.
-Default is -1, which means there is no global limit.
-
-Containers can potentially be garbage collected before their usefulness has expired. These containers
-can contain logs and other data that can be useful for troubleshooting. A sufficiently large value for
-`maximum-dead-containers-per-container` is highly recommended to allow at least 1 dead container to be
-retained per expected container. A larger value for `maximum-dead-containers` is also recommended for a
-similar reason.
-See [this issue](https://github.com/kubernetes/kubernetes/issues/13287) for more details.
-
-
-## Deprecation
-
-Some kubelet Garbage Collection features in this doc will be replaced by kubelet eviction in the future.
-
-Including:
-
-| Existing Flag | New Flag | Rationale |
-| ------------- | -------- | --------- |
-| `--image-gc-high-threshold` | `--eviction-hard` or `--eviction-soft` | existing eviction signals can trigger image garbage collection |
-| `--image-gc-low-threshold` | `--eviction-minimum-reclaim` | eviction reclaims achieve the same behavior |
-| `--maximum-dead-containers` | | deprecated once old logs are stored outside of container's context |
-| `--maximum-dead-containers-per-container` | | deprecated once old logs are stored outside of container's context |
-| `--minimum-container-ttl-duration` | | deprecated once old logs are stored outside of container's context |
-| `--low-diskspace-threshold-mb` | `--eviction-hard` or `eviction-soft` | eviction generalizes disk thresholds to other resources |
-| `--outofdisk-transition-frequency` | `--eviction-pressure-transition-period` | eviction generalizes disk pressure transition to other resources |
-
-
-
-## {{% heading "whatsnext" %}}
-
-
-See [Configuring Out Of Resource Handling](/docs/tasks/administer-cluster/out-of-resource/) for more details.
-
diff --git a/content/en/docs/concepts/cluster-administration/logging.md b/content/en/docs/concepts/cluster-administration/logging.md
index e75fdea4a5..1bf057f23e 100644
--- a/content/en/docs/concepts/cluster-administration/logging.md
+++ b/content/en/docs/concepts/cluster-administration/logging.md
@@ -81,10 +81,13 @@ rotate an application's logs automatically.
As an example, you can find detailed information about how `kube-up.sh` sets
up logging for COS image on GCP in the corresponding
-[`configure-helper` script](https://github.com/kubernetes/kubernetes/blob/{{< param "githubbranch" >}}/cluster/gce/gci/configure-helper.sh).
+[`configure-helper` script](https://github.com/kubernetes/kubernetes/blob/master/cluster/gce/gci/configure-helper.sh).
-When using a **CRI container runtime**, the kubelet is responsible for rotating the logs and managing the logging directory structure. The kubelet
-sends this information to the CRI container runtime and the runtime writes the container logs to the given location. The two kubelet flags `container-log-max-size` and `container-log-max-files` can be used to configure the maximum size for each log file and the maximum number of files allowed for each container respectively.
+When using a **CRI container runtime**, the kubelet is responsible for rotating the logs and managing the logging directory structure.
+The kubelet sends this information to the CRI container runtime and the runtime writes the container logs to the given location.
+The two kubelet parameters [`containerLogMaxSize` and `containerLogMaxFiles`](/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration)
+in [kubelet config file](/docs/tasks/administer-cluster/kubelet-config-file/)
+can be used to configure the maximum size for each log file and the maximum number of files allowed for each container respectively.
When you run [`kubectl logs`](/docs/reference/generated/kubectl/kubectl-commands#logs) as in
the basic logging example, the kubelet on the node handles the request and
diff --git a/content/en/docs/concepts/cluster-administration/manage-deployment.md b/content/en/docs/concepts/cluster-administration/manage-deployment.md
index f51911116d..4d98cf820c 100644
--- a/content/en/docs/concepts/cluster-administration/manage-deployment.md
+++ b/content/en/docs/concepts/cluster-administration/manage-deployment.md
@@ -50,7 +50,7 @@ It is a recommended practice to put resources related to the same microservice o
A URL can also be specified as a configuration source, which is handy for deploying directly from configuration files checked into GitHub:
```shell
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/nginx/nginx-deployment.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/application/nginx/nginx-deployment.yaml
```
```shell
@@ -160,7 +160,7 @@ If you're interested in learning more about `kubectl`, go ahead and read [kubect
The examples we've used so far apply at most a single label to any resource. There are many scenarios where multiple labels should be used to distinguish sets from one another.
-For instance, different applications would use different values for the `app` label, but a multi-tier application, such as the [guestbook example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/), would additionally need to distinguish each tier. The frontend could carry the following labels:
+For instance, different applications would use different values for the `app` label, but a multi-tier application, such as the [guestbook example](https://github.com/kubernetes/examples/tree/master/guestbook/), would additionally need to distinguish each tier. The frontend could carry the following labels:
```yaml
labels:
diff --git a/content/en/docs/concepts/cluster-administration/system-traces.md b/content/en/docs/concepts/cluster-administration/system-traces.md
new file mode 100644
index 0000000000..f324604b16
--- /dev/null
+++ b/content/en/docs/concepts/cluster-administration/system-traces.md
@@ -0,0 +1,89 @@
+---
+title: Traces For Kubernetes System Components
+reviewers:
+- logicalhan
+- lilic
+content_type: concept
+weight: 60
+---
+
+
+
+{{< feature-state for_k8s_version="v1.22" state="alpha" >}}
+
+System component traces record the latency of and relationships between operations in the cluster.
+
+Kubernetes components emit traces using the
+[OpenTelemetry Protocol](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/otlp.md#opentelemetry-protocol-specification)
+with the gRPC exporter and can be collected and routed to tracing backends using an
+[OpenTelemetry Collector](https://github.com/open-telemetry/opentelemetry-collector#-opentelemetry-collector).
+
+
+
+## Trace Collection
+
+For a complete guide to collecting traces and using the collector, see
+[Getting Started with the OpenTelemetry Collector](https://opentelemetry.io/docs/collector/getting-started/).
+However, there are a few things to note that are specific to Kubernetes components.
+
+By default, Kubernetes components export traces using the grpc exporter for OTLP on the
+[IANA OpenTelemetry port](https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=opentelemetry), 4317.
+As an example, if the collector is running as a sidecar to a Kubernetes component,
+the following receiver configuration will collect spans and log them to standard output:
+
+```yaml
+receivers:
+ otlp:
+ protocols:
+ grpc:
+exporters:
+ # Replace this exporter with the exporter for your backend
+ logging:
+ logLevel: debug
+service:
+ pipelines:
+ traces:
+ receivers: [otlp]
+ exporters: [logging]
+```
+
+## Component traces
+
+### kube-apiserver traces
+
+The kube-apiserver generates spans for incoming HTTP requests, and for outgoing requests
+to webhooks, etcd, and re-entrant requests. It propagates the
+[W3C Trace Context](https://www.w3.org/TR/trace-context/) with outgoing requests
+but does not make use of the trace context attached to incoming requests,
+as the kube-apiserver is often a public endpoint.
+
+#### Enabling tracing in the kube-apiserver
+
+To enable tracing, enable the `APIServerTracing`
+[feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
+on the kube-apiserver. Also, provide the kube-apiserver with a tracing configration file
+with `--tracing-config-file=`. This is an example config that records
+spans for 1 in 10000 requests, and uses the default OpenTelemetry endpoint:
+
+```yaml
+apiVersion: apiserver.config.k8s.io/v1alpha1
+kind: TracingConfiguration
+# default value
+#endpoint: localhost:4317
+samplingRatePerMillion: 100
+```
+
+For more information about the `TracingConfiguration` struct, see
+[API server config API (v1alpha1)](/docs/reference/config-api/apiserver-config.v1alpha1/#apiserver-k8s-io-v1alpha1-TracingConfiguration).
+
+## Stability
+
+Tracing instrumentation is still under active development, and may change
+in a variety of ways. This includes span names, attached attributes,
+instrumented endpoints, etc. Until this feature graduates to stable,
+there are no guarantees of backwards compatibility for tracing instrumentation.
+
+## {{% heading "whatsnext" %}}
+
+* Read about [Getting Started with the OpenTelemetry Collector](https://opentelemetry.io/docs/collector/getting-started/)
+
diff --git a/content/en/docs/concepts/configuration/_index.md b/content/en/docs/concepts/configuration/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/concepts/configuration/configmap.md b/content/en/docs/concepts/configuration/configmap.md
index cb98bf7439..47ecaedba6 100644
--- a/content/en/docs/concepts/configuration/configmap.md
+++ b/content/en/docs/concepts/configuration/configmap.md
@@ -61,6 +61,11 @@ You can write a Pod `spec` that refers to a ConfigMap and configures the contain
in that Pod based on the data in the ConfigMap. The Pod and the ConfigMap must be in
the same {{< glossary_tooltip text="namespace" term_id="namespace" >}}.
+{{< note >}}
+The `spec` of a {{< glossary_tooltip text="static Pod" term_id="static-pod" >}} cannot refer to a ConfigMap
+or any other API objects.
+{{< /note >}}
+
Here's an example ConfigMap that has some keys with single values,
and other keys where the value looks like a fragment of a configuration
format.
diff --git a/content/en/docs/concepts/configuration/manage-resources-containers.md b/content/en/docs/concepts/configuration/manage-resources-containers.md
index ee4669641c..cbcfff67ef 100644
--- a/content/en/docs/concepts/configuration/manage-resources-containers.md
+++ b/content/en/docs/concepts/configuration/manage-resources-containers.md
@@ -115,7 +115,7 @@ CPU is always requested as an absolute quantity, never as a relative quantity;
Limits and requests for `memory` are measured in bytes. You can express memory as
a plain integer or as a fixed-point number using one of these suffixes:
-E, P, T, G, M, K. You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi,
+E, P, T, G, M, k. You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi,
Mi, Ki. For example, the following represent roughly the same value:
```shell
@@ -181,8 +181,9 @@ When using Docker:
flag in the `docker run` command.
- The `spec.containers[].resources.limits.cpu` is converted to its millicore value and
- multiplied by 100. The resulting value is the total amount of CPU time that a container can use
- every 100ms. A container cannot use more than its share of CPU time during this interval.
+ multiplied by 100. The resulting value is the total amount of CPU time in microseconds
+ that a container can use every 100ms. A container cannot use more than its share of
+ CPU time during this interval.
{{< note >}}
The default quota period is 100ms. The minimum resolution of CPU quota is 1ms.
@@ -337,6 +338,9 @@ spec:
ephemeral-storage: "2Gi"
limits:
ephemeral-storage: "4Gi"
+ volumeMounts:
+ - name: ephemeral
+ mountPath: "/tmp"
- name: log-aggregator
image: images.my-company.example/log-aggregator:v6
resources:
@@ -344,6 +348,12 @@ spec:
ephemeral-storage: "2Gi"
limits:
ephemeral-storage: "4Gi"
+ volumeMounts:
+ - name: ephemeral
+ mountPath: "/tmp"
+ volumes:
+ - name: ephemeral
+ emptyDir: {}
```
### How Pods with ephemeral-storage requests are scheduled
diff --git a/content/en/docs/concepts/configuration/organize-cluster-access-kubeconfig.md b/content/en/docs/concepts/configuration/organize-cluster-access-kubeconfig.md
index df767bbc3e..b27fcdee61 100644
--- a/content/en/docs/concepts/configuration/organize-cluster-access-kubeconfig.md
+++ b/content/en/docs/concepts/configuration/organize-cluster-access-kubeconfig.md
@@ -17,6 +17,11 @@ a *kubeconfig file*. This is a generic way of referring to configuration files.
It does not mean that there is a file named `kubeconfig`.
{{< /note >}}
+{{< warning >}}
+Only use kubeconfig files from trusted sources. Using a specially-crafted kubeconfig file could result in malicious code execution or file exposure.
+If you must use an untrusted kubeconfig file, inspect it carefully first, much as you would a shell script.
+{{< /warning>}}
+
By default, `kubectl` looks for a file named `config` in the `$HOME/.kube` directory.
You can specify other kubeconfig files by setting the `KUBECONFIG` environment
variable or by setting the
@@ -154,4 +159,3 @@ are stored absolutely.
-
diff --git a/content/en/docs/concepts/configuration/overview.md b/content/en/docs/concepts/configuration/overview.md
index 25cfb2e7f1..36eebe3abc 100644
--- a/content/en/docs/concepts/configuration/overview.md
+++ b/content/en/docs/concepts/configuration/overview.md
@@ -21,7 +21,7 @@ This is a living document. If you think of something that is not on this list bu
- Write your configuration files using YAML rather than JSON. Though these formats can be used interchangeably in almost all scenarios, YAML tends to be more user-friendly.
-- Group related objects into a single file whenever it makes sense. One file is often easier to manage than several. See the [guestbook-all-in-one.yaml](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/all-in-one/guestbook-all-in-one.yaml) file as an example of this syntax.
+- Group related objects into a single file whenever it makes sense. One file is often easier to manage than several. See the [guestbook-all-in-one.yaml](https://github.com/kubernetes/examples/tree/master/guestbook/all-in-one/guestbook-all-in-one.yaml) file as an example of this syntax.
- Note also that many `kubectl` commands can be called on a directory. For example, you can call `kubectl apply` on a directory of config files.
@@ -63,7 +63,7 @@ DNS server watches the Kubernetes API for new `Services` and creates a set of DN
## Using Labels
-- Define and use [labels](/docs/concepts/overview/working-with-objects/labels/) that identify __semantic attributes__ of your application or Deployment, such as `{ app: myapp, tier: frontend, phase: test, deployment: v3 }`. You can use these labels to select the appropriate Pods for other resources; for example, a Service that selects all `tier: frontend` Pods, or all `phase: test` components of `app: myapp`. See the [guestbook](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/) app for examples of this approach.
+- Define and use [labels](/docs/concepts/overview/working-with-objects/labels/) that identify __semantic attributes__ of your application or Deployment, such as `{ app: myapp, tier: frontend, phase: test, deployment: v3 }`. You can use these labels to select the appropriate Pods for other resources; for example, a Service that selects all `tier: frontend` Pods, or all `phase: test` components of `app: myapp`. See the [guestbook](https://github.com/kubernetes/examples/tree/master/guestbook/) app for examples of this approach.
A Service can be made to span multiple Deployments by omitting release-specific labels from its selector. When you need to update a running service without downtime, use a [Deployment](/docs/concepts/workloads/controllers/deployment/).
@@ -73,32 +73,6 @@ A desired state of an object is described by a Deployment, and if changes to tha
- You can manipulate labels for debugging. Because Kubernetes controllers (such as ReplicaSet) and Services match to Pods using selector labels, removing the relevant labels from a Pod will stop it from being considered by a controller or from being served traffic by a Service. If you remove the labels of an existing Pod, its controller will create a new Pod to take its place. This is a useful way to debug a previously "live" Pod in a "quarantine" environment. To interactively remove or add labels, use [`kubectl label`](/docs/reference/generated/kubectl/kubectl-commands#label).
-## Container Images
-
-The [imagePullPolicy](/docs/concepts/containers/images/#updating-images) and the tag of the image affect when the [kubelet](/docs/reference/command-line-tools-reference/kubelet/) attempts to pull the specified image.
-
-- `imagePullPolicy: IfNotPresent`: the image is pulled only if it is not already present locally.
-
-- `imagePullPolicy: Always`: every time the kubelet launches a container, the kubelet queries the container image registry to resolve the name to an image digest. If the kubelet has a container image with that exact digest cached locally, the kubelet uses its cached image; otherwise, the kubelet downloads (pulls) the image with the resolved digest, and uses that image to launch the container.
-
-- `imagePullPolicy` is omitted and either the image tag is `:latest` or it is omitted: `imagePullPolicy` is automatically set to `Always`. Note that this will _not_ be updated to `IfNotPresent` if the tag changes value.
-
-- `imagePullPolicy` is omitted and the image tag is present but not `:latest`: `imagePullPolicy` is automatically set to `IfNotPresent`. Note that this will _not_ be updated to `Always` if the tag is later removed or changed to `:latest`.
-
-- `imagePullPolicy: Never`: the image is assumed to exist locally. No attempt is made to pull the image.
-
-{{< note >}}
-To make sure the container always uses the same version of the image, you can specify its [digest](https://docs.docker.com/engine/reference/commandline/pull/#pull-an-image-by-digest-immutable-identifier); replace `:` with `@` (for example, `image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2`). The digest uniquely identifies a specific version of the image, so it is never updated by Kubernetes unless you change the digest value.
-{{< /note >}}
-
-{{< note >}}
-You should avoid using the `:latest` tag when deploying containers in production as it is harder to track which version of the image is running and more difficult to roll back properly.
-{{< /note >}}
-
-{{< note >}}
-The caching semantics of the underlying image provider make even `imagePullPolicy: Always` efficient, as long as the registry is reliably accessible. With Docker, for example, if the image already exists, the pull attempt is fast because all image layers are cached and no image download is needed.
-{{< /note >}}
-
## Using kubectl
- Use `kubectl apply -f `. This looks for Kubernetes configuration in all `.yaml`, `.yml`, and `.json` files in `` and passes it to `apply`.
diff --git a/content/en/docs/concepts/configuration/secret.md b/content/en/docs/concepts/configuration/secret.md
index 48ac53ed47..e1c7dfb79b 100644
--- a/content/en/docs/concepts/configuration/secret.md
+++ b/content/en/docs/concepts/configuration/secret.md
@@ -12,26 +12,33 @@ weight: 30
-Kubernetes Secrets let you store and manage sensitive information, such
-as passwords, OAuth tokens, and ssh keys. Storing confidential information in a Secret
-is safer and more flexible than putting it verbatim in a
-{{< glossary_tooltip term_id="pod" >}} definition or in a
-{{< glossary_tooltip text="container image" term_id="image" >}}.
-See [Secrets design document](https://git.k8s.io/community/contributors/design-proposals/auth/secrets.md) for more information.
-
A Secret is an object that contains a small amount of sensitive data such as
a password, a token, or a key. Such information might otherwise be put in a
-Pod specification or in an image. Users can create Secrets and the system
-also creates some Secrets.
+{{< glossary_tooltip term_id="pod" >}} specification or in a
+{{< glossary_tooltip text="container image" term_id="image" >}}. Using a
+Secret means that you don't need to include confidential data in your
+application code.
+
+Because Secrets can be created independently of the Pods that use them, there
+is less risk of the Secret (and its data) being exposed during the workflow of
+creating, viewing, and editing Pods. Kubernetes, and applications that run in
+your cluster, can also take additional precautions with Secrets, such as
+avoiding writing confidential data to nonvolatile storage.
+
+Secrets are similar to {{< glossary_tooltip text="ConfigMaps" term_id="configmap" >}}
+but are specifically intended to hold confidential data.
{{< caution >}}
-Kubernetes Secrets are, by default, stored as unencrypted base64-encoded
-strings. By default they can be retrieved - as plain text - by anyone with API
-access, or anyone with access to Kubernetes' underlying data store, etcd. In
-order to safely use Secrets, it is recommended you (at a minimum):
+Kubernetes Secrets are, by default, stored unencrypted in the API server's underlying data store (etcd). Anyone with API access can retrieve or modify a Secret, and so can anyone with access to etcd.
+Additionally, anyone who is authorized to create a Pod in a namespace can use that access to read any Secret in that namespace; this includes indirect access such as the ability to create a Deployment.
+
+In order to safely use Secrets, take at least the following steps:
1. [Enable Encryption at Rest](/docs/tasks/administer-cluster/encrypt-data/) for Secrets.
-2. [Enable or configure RBAC rules](/docs/reference/access-authn-authz/authorization/) that restrict reading and writing the Secret. Be aware that secrets can be obtained implicitly by anyone with the permission to create a Pod.
+2. Enable or configure [RBAC rules](/docs/reference/access-authn-authz/authorization/) that
+ restrict reading data in Secrets (including via indirect means).
+3. Where appropriate, also use mechanisms such as RBAC to limit which principals are allowed to create new Secrets or replace existing ones.
+
{{< /caution >}}
@@ -47,6 +54,10 @@ A Secret can be used with a Pod in three ways:
- As [container environment variable](#using-secrets-as-environment-variables).
- By the [kubelet when pulling images](#using-imagepullsecrets) for the Pod.
+The Kubernetes control plane also uses Secrets; for example,
+[bootstrap token Secrets](#bootstrap-token-secrets) are a mechanism to
+help automate node registration.
+
The name of a Secret object must be a valid
[DNS subdomain name](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names).
You can specify the `data` and/or the `stringData` field when creating a
@@ -64,9 +75,9 @@ precedence.
## Types of Secret {#secret-types}
When creating a Secret, you can specify its type using the `type` field of
-the [`Secret`](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#secret-v1-core)
-resource, or certain equivalent `kubectl` command line flags (if available).
-The Secret type is used to facilitate programmatic handling of the Secret data.
+a Secret resource, or certain equivalent `kubectl` command line flags (if available).
+The `type` of a Secret is used to facilitate programmatic handling of different
+kinds of confidential data.
Kubernetes provides several builtin types for some common usage scenarios.
These types vary in terms of the validations performed and the constraints
@@ -822,7 +833,10 @@ are obtained from the API server.
This includes any Pods created using `kubectl`, or indirectly via a replication
controller. It does not include Pods created as a result of the kubelet
`--manifest-url` flag, its `--config` flag, or its REST API (these are
-not common ways to create Pods.)
+not common ways to create Pods).
+The `spec` of a {{< glossary_tooltip text="static Pod" term_id="static-pod" >}} cannot refer to a Secret
+or any other API objects.
+
Secrets must be created before they are consumed in Pods as environment
variables unless they are marked as optional. References to secrets that do
@@ -1164,7 +1178,7 @@ limit access using [authorization policies](
Secrets often hold values that span a spectrum of importance, many of which can
cause escalations within Kubernetes (e.g. service account tokens) and to
external systems. Even if an individual app can reason about the power of the
-secrets it expects to interact with, other apps within the same namespace can
+Secrets it expects to interact with, other apps within the same namespace can
render those assumptions invalid.
For these reasons `watch` and `list` requests for secrets within a namespace are
@@ -1235,15 +1249,10 @@ for secret data, so that the secrets are not stored in the clear into {{< glossa
- A user who can create a Pod that uses a secret can also see the value of that secret. Even
if the API server policy does not allow that user to read the Secret, the user could
run a Pod which exposes the secret.
- - Currently, anyone with root permission on any node can read _any_ secret from the API server,
- by impersonating the kubelet. It is a planned feature to only send secrets to
- nodes that actually require them, to restrict the impact of a root exploit on a
- single node.
-
## {{% heading "whatsnext" %}}
- Learn how to [manage Secret using `kubectl`](/docs/tasks/configmap-secret/managing-secret-using-kubectl/)
- Learn how to [manage Secret using config file](/docs/tasks/configmap-secret/managing-secret-using-config-file/)
- Learn how to [manage Secret using kustomize](/docs/tasks/configmap-secret/managing-secret-using-kustomize/)
-
+- Read the [API reference](/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/) for `Secret`
diff --git a/content/en/docs/concepts/containers/container-environment.md b/content/en/docs/concepts/containers/container-environment.md
index a1eba4d96d..3c4c153927 100644
--- a/content/en/docs/concepts/containers/container-environment.md
+++ b/content/en/docs/concepts/containers/container-environment.md
@@ -52,7 +52,7 @@ FOO_SERVICE_PORT=
```
Services have dedicated IP addresses and are available to the Container via DNS,
-if [DNS addon](https://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/dns/) is enabled.
+if [DNS addon](https://releases.k8s.io/{{< param "fullversion" >}}/cluster/addons/dns/) is enabled.
diff --git a/content/en/docs/concepts/containers/images.md b/content/en/docs/concepts/containers/images.md
index 1cd678e4a8..9300561e46 100644
--- a/content/en/docs/concepts/containers/images.md
+++ b/content/en/docs/concepts/containers/images.md
@@ -39,14 +39,6 @@ There are additional rules about where you can place the separator
characters (`_`, `-`, and `.`) inside an image tag.
If you don't specify a tag, Kubernetes assumes you mean the tag `latest`.
-{{< caution >}}
-You should avoid using the `latest` tag when deploying containers in production,
-as it is harder to track which version of the image is running and more difficult
-to roll back to a working version.
-
-Instead, specify a meaningful tag such as `v1.42.0`.
-{{< /caution >}}
-
## Updating images
When you first create a {{< glossary_tooltip text="Deployment" term_id="deployment" >}},
@@ -57,13 +49,68 @@ specified. This policy causes the
{{< glossary_tooltip text="kubelet" term_id="kubelet" >}} to skip pulling an
image if it already exists.
-If you would like to always force a pull, you can do one of the following:
+### Image pull policy
-- set the `imagePullPolicy` of the container to `Always`.
-- omit the `imagePullPolicy` and use `:latest` as the tag for the image to use;
- Kubernetes will set the policy to `Always`.
-- omit the `imagePullPolicy` and the tag for the image to use.
-- enable the [AlwaysPullImages](/docs/reference/access-authn-authz/admission-controllers/#alwayspullimages) admission controller.
+The `imagePullPolicy` for a container and the tag of the image affect when the
+[kubelet](/docs/reference/command-line-tools-reference/kubelet/) attempts to pull (download) the specified image.
+
+Here's a list of the values you can set for `imagePullPolicy` and the effects
+these values have:
+
+`IfNotPresent`
+: the image is pulled only if it is not already present locally.
+
+`Always`
+: every time the kubelet launches a container, the kubelet queries the container
+ image registry to resolve the name to an image
+ [digest](https://docs.docker.com/engine/reference/commandline/pull/#pull-an-image-by-digest-immutable-identifier). If the kubelet has a
+ container image with that exact digest cached locally, the kubelet uses its cached
+ image; otherwise, the kubelet pulls the image with the resolved digest,
+ and uses that image to launch the container.
+
+`Never`
+: the kubelet does not try fetching the image. If the image is somehow already present
+ locally, the kubelet attempts to start the container; otherwise, startup fails.
+ See [pre-pulled images](#pre-pulled-images) for more details.
+
+The caching semantics of the underlying image provider make even
+`imagePullPolicy: Always` efficient, as long as the registry is reliably accessible.
+Your container runtime can notice that the image layers already exist on the node
+so that they don't need to be downloaded again.
+
+{{< note >}}
+You should avoid using the `:latest` tag when deploying containers in production as
+it is harder to track which version of the image is running and more difficult to
+roll back properly.
+
+Instead, specify a meaningful tag such as `v1.42.0`.
+{{< /note >}}
+
+To make sure the Pod always uses the same version of a container image, you can specify
+the image's digest;
+replace `:` with `@`
+(for example, `image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2`).
+
+When using image tags, if the image registry were to change the code that the tag on that image represents, you might end up with a mix of Pods running the old and new code. An image digest uniquely identifies a specific version of the image, so Kubernetes runs the same code every time it starts a container with that image name and digest specified. Specifying an image fixes the code that you run so that a change at the registry cannot lead to that mix of versions.
+
+There are third-party [admission controllers](/docs/reference/access-authn-authz/admission-controllers/)
+that mutate Pods (and pod templates) when they are created, so that the
+running workload is defined based on an image digest rather than a tag.
+That might be useful if you want to make sure that all your workload is
+running the same code no matter what tag changes happen at the registry.
+
+#### Default image pull policy {#imagepullpolicy-defaulting}
+
+When you (or a controller) submit a new Pod to the API server, your cluster sets the
+`imagePullPolicy` field when specific conditions are met:
+
+- if you omit the `imagePullPolicy` field, and the tag for the container image is
+ `:latest`, `imagePullPolicy` is automatically set to `Always`;
+- if you omit the `imagePullPolicy` field, and you don't specify the tag for the
+ container image, `imagePullPolicy` is automatically set to `Always`;
+- if you omit the `imagePullPolicy` field, and you don't specify the tag for the
+ container image that isn't `:latest`, the `imagePullPolicy` is automatically set to
+ `IfNotPresent`.
{{< note >}}
The value of `imagePullPolicy` of the container is always set when the object is
@@ -75,7 +122,31 @@ For example, if you create a Deployment with an image whose tag is _not_
the pull policy of any object after its initial creation.
{{< /note >}}
-When `imagePullPolicy` is defined without a specific value, it is also set to `Always`.
+#### Required image pull
+
+If you would like to always force a pull, you can do one of the following:
+
+- Set the `imagePullPolicy` of the container to `Always`.
+- Omit the `imagePullPolicy` and use `:latest` as the tag for the image to use;
+ Kubernetes will set the policy to `Always` when you submit the Pod.
+- Omit the `imagePullPolicy` and the tag for the image to use;
+ Kubernetes will set the policy to `Always` when you submit the Pod.
+- Enable the [AlwaysPullImages](/docs/reference/access-authn-authz/admission-controllers/#alwayspullimages) admission controller.
+
+
+### ImagePullBackOff
+
+When a kubelet starts creating containers for a Pod using a container runtime,
+it might be possible the container is in [Waiting](/docs/concepts/workloads/pods/pod-lifecycle/#container-state-waiting)
+state because of `ImagePullBackOff`.
+
+The status `ImagePullBackOff` means that a container could not start because Kubernetes
+could not pull a container image (for reasons such as invalid image name, or pulling
+from a private registry without `imagePullSecret`). The `BackOff` part indicates
+that Kubernetes will keep trying to pull the image, with an increasing back-off delay.
+
+Kubernetes raises the delay between each attempt until it reaches a compiled-in limit,
+which is 300 seconds (5 minutes).
## Multi-architecture images with image indexes
@@ -314,6 +385,8 @@ common use cases and suggested solutions.
If you need access to multiple registries, you can create one secret for each registry.
Kubelet will merge any `imagePullSecrets` into a single virtual `.docker/config.json`
+
## {{% heading "whatsnext" %}}
-* Read the [OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/master/manifest.md)
+* Read the [OCI Image Manifest Specification](https://github.com/opencontainers/image-spec/blob/master/manifest.md).
+* Learn about [container image garbage collection](/docs/concepts/architecture/garbage-collection/#container-image-garbage-collection).
diff --git a/content/en/docs/concepts/containers/runtime-class.md b/content/en/docs/concepts/containers/runtime-class.md
index 6af609636e..96858d32af 100644
--- a/content/en/docs/concepts/containers/runtime-class.md
+++ b/content/en/docs/concepts/containers/runtime-class.md
@@ -51,7 +51,7 @@ heterogeneous node configurations, see [Scheduling](#scheduling) below.
{{< /note >}}
The configurations have a corresponding `handler` name, referenced by the RuntimeClass. The
-handler must be a valid DNS 1123 label (alpha-numeric + `-` characters).
+handler must be a valid [DNS label name](/docs/concepts/overview/working-with-objects/names/#dns-label-names).
### 2. Create the corresponding RuntimeClass resources
@@ -118,7 +118,7 @@ Runtime handlers are configured through containerd's configuration at
`/etc/containerd/config.toml`. Valid handlers are configured under the runtimes section:
```
-[plugins.cri.containerd.runtimes.${HANDLER_NAME}]
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.${HANDLER_NAME}]
```
See containerd's config documentation for more details:
@@ -135,7 +135,7 @@ table](https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md#crioruntim
runtime_path = "${PATH_TO_BINARY}"
```
-See CRI-O's [config documentation](https://raw.githubusercontent.com/cri-o/cri-o/9f11d1d/docs/crio.conf.5.md) for more details.
+See CRI-O's [config documentation](https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md) for more details.
## Scheduling
@@ -179,4 +179,4 @@ are accounted for in Kubernetes.
- [RuntimeClass Design](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/585-runtime-class/README.md)
- [RuntimeClass Scheduling Design](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/585-runtime-class/README.md#runtimeclass-scheduling)
- Read about the [Pod Overhead](/docs/concepts/scheduling-eviction/pod-overhead/) concept
-- [PodOverhead Feature Design](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/20190226-pod-overhead.md)
+- [PodOverhead Feature Design](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/688-pod-overhead)
diff --git a/content/en/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation.md b/content/en/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation.md
index d9fe184f85..f9ab8647e3 100644
--- a/content/en/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation.md
+++ b/content/en/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation.md
@@ -1,5 +1,5 @@
---
-title: Extending the Kubernetes API with the aggregation layer
+title: Kubernetes API Aggregation Layer
reviewers:
- lavalamp
- cheftako
@@ -34,7 +34,7 @@ If your extension API server cannot achieve that latency requirement, consider m
* To get the aggregator working in your environment, [configure the aggregation layer](/docs/tasks/extend-kubernetes/configure-aggregation-layer/).
* Then, [setup an extension api-server](/docs/tasks/extend-kubernetes/setup-extension-api-server/) to work with the aggregation layer.
-* Also, learn how to [extend the Kubernetes API using Custom Resource Definitions](/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/).
-* Read the specification for [APIService](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#apiservice-v1-apiregistration-k8s-io)
+* Read about [APIService](/docs/reference/kubernetes-api/cluster-resources/api-service-v1/) in the API reference
+Alternatively: learn how to [extend the Kubernetes API using Custom Resource Definitions](/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/).
diff --git a/content/en/docs/concepts/extend-kubernetes/api-extension/custom-resources.md b/content/en/docs/concepts/extend-kubernetes/api-extension/custom-resources.md
index f37a71f278..3d72f279b6 100644
--- a/content/en/docs/concepts/extend-kubernetes/api-extension/custom-resources.md
+++ b/content/en/docs/concepts/extend-kubernetes/api-extension/custom-resources.md
@@ -167,7 +167,7 @@ CRDs are easier to create than Aggregated APIs.
| CRDs | Aggregated API |
| --------------------------- | -------------- |
-| Do not require programming. Users can choose any language for a CRD controller. | Requires programming in Go and building binary and image. |
+| Do not require programming. Users can choose any language for a CRD controller. | Requires programming and building binary and image. |
| No additional service to run; CRDs are handled by API server. | An additional service to create and that could fail. |
| No ongoing support once the CRD is created. Any bug fixes are picked up as part of normal Kubernetes Master upgrades. | May need to periodically pickup bug fixes from upstream and rebuild and update the Aggregated API server. |
| No need to handle multiple versions of your API; for example, when you control the client for this resource, you can upgrade it in sync with the API. | You need to handle multiple versions of your API; for example, when developing an extension to share with the world. |
diff --git a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md
index ae96bb7551..868d8d56e8 100644
--- a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md
+++ b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md
@@ -199,7 +199,7 @@ service PodResourcesLister {
The `List` endpoint provides information on resources of running pods, with details such as the
id of exclusively allocated CPUs, device id as it was reported by device plugins and id of
-the NUMA node where these devices are allocated.
+the NUMA node where these devices are allocated. Also, for NUMA-based machines, it contains the information about memory and hugepages reserved for a container.
```gRPC
// ListPodResourcesResponse is the response returned by List function
@@ -219,6 +219,14 @@ message ContainerResources {
string name = 1;
repeated ContainerDevices devices = 2;
repeated int64 cpu_ids = 3;
+ repeated ContainerMemory memory = 4;
+}
+
+// ContainerMemory contains information about memory and hugepages assigned to a container
+message ContainerMemory {
+ string memory_type = 1;
+ uint64 size = 2;
+ TopologyInfo topology = 3;
}
// Topology describes hardware topology of the resource
@@ -247,6 +255,7 @@ It provides more information than kubelet exports to APIServer.
message AllocatableResourcesResponse {
repeated ContainerDevices devices = 1;
repeated int64 cpu_ids = 2;
+ repeated ContainerMemory memory = 3;
}
```
diff --git a/content/en/docs/concepts/extend-kubernetes/operator.md b/content/en/docs/concepts/extend-kubernetes/operator.md
index feb40163fc..72fe12f1e7 100644
--- a/content/en/docs/concepts/extend-kubernetes/operator.md
+++ b/content/en/docs/concepts/extend-kubernetes/operator.md
@@ -51,8 +51,7 @@ Some of the things that you can use an operator to automate include:
* choosing a leader for a distributed application without an internal
member election process
-What might an Operator look like in more detail? Here's an example in more
-detail:
+What might an Operator look like in more detail? Here's an example:
1. A custom resource named SampleDB, that you can configure into the cluster.
2. A Deployment that makes sure a Pod is running that contains the
@@ -115,8 +114,9 @@ Operator.
* [Charmed Operator Framework](https://juju.is/)
* [kubebuilder](https://book.kubebuilder.io/)
+* [KubeOps](https://buehler.github.io/dotnet-operator-sdk/) (.NET operator SDK)
* [KUDO](https://kudo.dev/) (Kubernetes Universal Declarative Operator)
-* [Metacontroller](https://metacontroller.app/) along with WebHooks that
+* [Metacontroller](https://metacontroller.github.io/metacontroller/intro.html) along with WebHooks that
you implement yourself
* [Operator Framework](https://operatorframework.io)
* [shell-operator](https://github.com/flant/shell-operator)
@@ -124,6 +124,7 @@ Operator.
## {{% heading "whatsnext" %}}
+* Read the {{< glossary_tooltip text="CNCF" term_id="cncf" >}} [Operator White Paper](https://github.com/cncf/tag-app-delivery/blob/eece8f7307f2970f46f100f51932db106db46968/operator-wg/whitepaper/Operator-WhitePaper_v1-0.md).
* Learn more about [Custom Resources](/docs/concepts/extend-kubernetes/api-extension/custom-resources/)
* Find ready-made operators on [OperatorHub.io](https://operatorhub.io/) to suit your use case
* [Publish](https://operatorhub.io/) your operator for other people to use
diff --git a/content/en/docs/concepts/overview/_index.md b/content/en/docs/concepts/overview/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/concepts/overview/components.md b/content/en/docs/concepts/overview/components.md
index 61cd2b0d30..6c5c0eefa1 100644
--- a/content/en/docs/concepts/overview/components.md
+++ b/content/en/docs/concepts/overview/components.md
@@ -16,7 +16,7 @@ card:
When you deploy Kubernetes, you get a cluster.
{{< glossary_definition term_id="cluster" length="all" prepend="A Kubernetes cluster consists of">}}
-This document outlines the various components you need to have
+This document outlines the various components you need to have for
a complete and working Kubernetes cluster.
Here's the diagram of a Kubernetes cluster with all the components tied together.
diff --git a/content/en/docs/concepts/overview/what-is-kubernetes.md b/content/en/docs/concepts/overview/what-is-kubernetes.md
index 1ace280139..d72f1beb48 100644
--- a/content/en/docs/concepts/overview/what-is-kubernetes.md
+++ b/content/en/docs/concepts/overview/what-is-kubernetes.md
@@ -45,7 +45,7 @@ Containers have become popular because they provide extra benefits, such as:
* Agile application creation and deployment: increased ease and efficiency of container image creation compared to VM image use.
* Continuous development, integration, and deployment: provides for reliable and frequent container image build and deployment with quick and efficient rollbacks (due to image immutability).
* Dev and Ops separation of concerns: create application container images at build/release time rather than deployment time, thereby decoupling applications from infrastructure.
-* Observability not only surfaces OS-level information and metrics, but also application health and other signals.
+* Observability: not only surfaces OS-level information and metrics, but also application health and other signals.
* Environmental consistency across development, testing, and production: Runs the same on a laptop as it does in the cloud.
* Cloud and OS distribution portability: Runs on Ubuntu, RHEL, CoreOS, on-premises, on major public clouds, and anywhere else.
* Application-centric management: Raises the level of abstraction from running an OS on virtual hardware to running an application on an OS using logical resources.
diff --git a/content/en/docs/concepts/overview/working-with-objects/_index.md b/content/en/docs/concepts/overview/working-with-objects/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/concepts/overview/working-with-objects/annotations.md b/content/en/docs/concepts/overview/working-with-objects/annotations.md
index fe31841612..f09820bc32 100644
--- a/content/en/docs/concepts/overview/working-with-objects/annotations.md
+++ b/content/en/docs/concepts/overview/working-with-objects/annotations.md
@@ -30,6 +30,11 @@ Annotations, like labels, are key/value maps:
}
```
+{{}}
+The keys and the values in the map must be strings. In other words, you cannot use
+numeric, boolean, list or other types for either the keys or the values.
+{{}}
+
Here are some examples of information that could be recorded in annotations:
* Fields managed by a declarative configuration layer. Attaching these fields
diff --git a/content/en/docs/concepts/overview/working-with-objects/field-selectors.md b/content/en/docs/concepts/overview/working-with-objects/field-selectors.md
index 45a81e9035..a65cb54798 100644
--- a/content/en/docs/concepts/overview/working-with-objects/field-selectors.md
+++ b/content/en/docs/concepts/overview/working-with-objects/field-selectors.md
@@ -48,7 +48,7 @@ kubectl get pods --field-selector=status.phase!=Running,spec.restartPolicy=Alway
## Multiple resource types
-You use field selectors across multiple resource types. This `kubectl` command selects all Statefulsets and Services that are not in the `default` namespace:
+You can use field selectors across multiple resource types. This `kubectl` command selects all Statefulsets and Services that are not in the `default` namespace:
```shell
kubectl get statefulsets,services --all-namespaces --field-selector metadata.namespace!=default
diff --git a/content/en/docs/concepts/overview/working-with-objects/finalizers.md b/content/en/docs/concepts/overview/working-with-objects/finalizers.md
new file mode 100644
index 0000000000..9516b935c9
--- /dev/null
+++ b/content/en/docs/concepts/overview/working-with-objects/finalizers.md
@@ -0,0 +1,80 @@
+---
+title: Finalizers
+content_type: concept
+weight: 60
+---
+
+
+
+{{}}
+
+You can use finalizers to control {{}}
+of resources by alerting {{}} to perform specific cleanup tasks before
+deleting the target resource.
+
+Finalizers don't usually specify the code to execute. Instead, they are
+typically lists of keys on a specific resource similar to annotations.
+Kubernetes specifies some finalizers automatically, but you can also specify
+your own.
+
+## How finalizers work
+
+When you create a resource using a manifest file, you can specify finalizers in
+the `metadata.finalizers` field. When you attempt to delete the resource, the
+controller that manages it notices the values in the `finalizers` field and does
+the following:
+
+ * Modifies the object to add a `metadata.deletionTimestamp` field with the
+ time you started the deletion.
+ * Marks the object as read-only until its `metadata.finalizers` field is empty.
+
+The controller then attempts to satisfy the requirements of the finalizers
+specified for that resource. Each time a finalizer condition is satisfied, the
+controller removes that key from the resource's `finalizers` field. When the
+field is empty, garbage collection continues. You can also use finalizers to
+prevent deletion of unmanaged resources.
+
+A common example of a finalizer is `kubernetes.io/pv-protection`, which prevents
+accidental deletion of `PersistentVolume` objects. When a `PersistentVolume`
+object is in use by a Pod, Kubernetes adds the `pv-protection` finalizer. If you
+try to delete the `PersistentVolume`, it enters a `Terminating` status, but the
+controller can't delete it because the finalizer exists. When the Pod stops
+using the `PersistentVolume`, Kubernetes clears the `pv-protection` finalizer,
+and the controller deletes the volume.
+
+## Owner references, labels, and finalizers {#owners-labels-finalizers}
+
+Like {{}}, [owner references](/concepts/overview/working-with-objects/owners-dependents/)
+describe the relationships between objects in Kubernetes, but are used for a
+different purpose. When a
+{{}} manages objects
+like Pods, it uses labels to track changes to groups of related objects. For
+example, when a {{}} creates one or
+more Pods, the Job controller applies labels to those pods and tracks changes to
+any Pods in the cluster with the same label.
+
+The Job controller also adds *owner references* to those Pods, pointing at the
+Job that created the Pods. If you delete the Job while these Pods are running,
+Kubernetes uses the owner references (not labels) to determine which Pods in the
+cluster need cleanup.
+
+Kubernetes also processes finalizers when it identifies owner references on a
+resource targeted for deletion.
+
+In some situations, finalizers can block the deletion of dependent objects,
+which can cause the targeted owner object to remain in a read-only state for
+longer than expected without being fully deleted. In these situations, you
+should check finalizers and owner references on the target owner and dependent
+objects to troubleshoot the cause.
+
+{{}}
+In cases where objects are stuck in a deleting state, try to avoid manually
+removing finalizers to allow deletion to continue. Finalizers are usually added
+to resources for a reason, so forcefully removing them can lead to issues in
+your cluster.
+{{}}
+
+## {{% heading "whatsnext" %}}
+
+* Read [Using Finalizers to Control Deletion](/blog/2021/05/14/using-finalizers-to-control-deletion/)
+ on the Kubernetes blog.
diff --git a/content/en/docs/concepts/overview/working-with-objects/kubernetes-objects.md b/content/en/docs/concepts/overview/working-with-objects/kubernetes-objects.md
index 716955ca06..c763b40e05 100644
--- a/content/en/docs/concepts/overview/working-with-objects/kubernetes-objects.md
+++ b/content/en/docs/concepts/overview/working-with-objects/kubernetes-objects.md
@@ -81,12 +81,11 @@ In the `.yaml` file for the Kubernetes object you want to create, you'll need to
* `metadata` - Data that helps uniquely identify the object, including a `name` string, `UID`, and optional `namespace`
* `spec` - What state you desire for the object
-The precise format of the object `spec` is different for every Kubernetes object, and contains nested fields specific to that object. The [Kubernetes API Reference](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/) can help you find the spec format for all of the objects you can create using Kubernetes.
-For example, the `spec` format for a Pod can be found in
-[PodSpec v1 core](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podspec-v1-core),
-and the `spec` format for a Deployment can be found in
-[DeploymentSpec v1 apps](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#deploymentspec-v1-apps).
+The precise format of the object `spec` is different for every Kubernetes object, and contains nested fields specific to that object. The [Kubernetes API Reference](https://kubernetes.io/docs/reference/kubernetes-api/) can help you find the spec format for all of the objects you can create using Kubernetes.
+For example, the reference for Pod details the [`spec` field](/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec)
+for a Pod in the API, and the reference for Deployment details the [`spec` field](/docs/reference/kubernetes-api/workload-resources/deployment-v1/#DeploymentSpec) for Deployments.
+In those API reference pages you'll see mention of PodSpec and DeploymentSpec. These names are implementation details of the Golang code that Kubernetes uses to implement its API.
## {{% heading "whatsnext" %}}
diff --git a/content/en/docs/concepts/overview/working-with-objects/labels.md b/content/en/docs/concepts/overview/working-with-objects/labels.md
index 25eb5da66e..fe590402ae 100644
--- a/content/en/docs/concepts/overview/working-with-objects/labels.md
+++ b/content/en/docs/concepts/overview/working-with-objects/labels.md
@@ -42,7 +42,7 @@ Example labels:
* `"partition" : "customerA"`, `"partition" : "customerB"`
* `"track" : "daily"`, `"track" : "weekly"`
-These are examples of commonly used labels; you are free to develop your own conventions. Keep in mind that label Key must be unique for a given object.
+These are examples of [commonly used labels](/docs/concepts/overview/working-with-objects/common-labels/); you are free to develop your own conventions. Keep in mind that label Key must be unique for a given object.
## Syntax and character set
@@ -50,7 +50,7 @@ _Labels_ are key/value pairs. Valid label keys have two segments: an optional pr
If the prefix is omitted, the label Key is presumed to be private to the user. Automated system components (e.g. `kube-scheduler`, `kube-controller-manager`, `kube-apiserver`, `kubectl`, or other third-party automation) which add labels to end-user objects must specify a prefix.
-The `kubernetes.io/` and `k8s.io/` prefixes are reserved for Kubernetes core components.
+The `kubernetes.io/` and `k8s.io/` prefixes are [reserved](/docs/reference/labels-annotations-taints/) for Kubernetes core components.
Valid label value:
* must be 63 characters or less (can be empty),
diff --git a/content/en/docs/concepts/overview/working-with-objects/names.md b/content/en/docs/concepts/overview/working-with-objects/names.md
index 8e74eb5c0b..9bafb1584c 100644
--- a/content/en/docs/concepts/overview/working-with-objects/names.md
+++ b/content/en/docs/concepts/overview/working-with-objects/names.md
@@ -28,7 +28,7 @@ For non-unique user-provided attributes, Kubernetes provides [labels](/docs/conc
In cases when objects represent a physical entity, like a Node representing a physical host, when the host is re-created under the same name without deleting and re-creating the Node, Kubernetes treats the new host as the old one, which may lead to inconsistencies.
{{< /note >}}
-Below are three types of commonly used name constraints for resources.
+Below are four types of commonly used name constraints for resources.
### DNS Subdomain Names
@@ -41,7 +41,7 @@ This means the name must:
- start with an alphanumeric character
- end with an alphanumeric character
-### DNS Label Names
+### RFC 1123 Label Names {#dns-label-names}
Some resource types require their names to follow the DNS
label standard as defined in [RFC 1123](https://tools.ietf.org/html/rfc1123).
@@ -52,6 +52,17 @@ This means the name must:
- start with an alphanumeric character
- end with an alphanumeric character
+### RFC 1035 Label Names
+
+Some resource types require their names to follow the DNS
+label standard as defined in [RFC 1035](https://tools.ietf.org/html/rfc1035).
+This means the name must:
+
+- contain at most 63 characters
+- contain only lowercase alphanumeric characters or '-'
+- start with an alphabetic character
+- end with an alphanumeric character
+
### Path Segment Names
Some resource types require their names to be able to be safely encoded as a
diff --git a/content/en/docs/concepts/overview/working-with-objects/namespaces.md b/content/en/docs/concepts/overview/working-with-objects/namespaces.md
index 45f454516c..6664a2ad4c 100644
--- a/content/en/docs/concepts/overview/working-with-objects/namespaces.md
+++ b/content/en/docs/concepts/overview/working-with-objects/namespaces.md
@@ -62,7 +62,10 @@ Kubernetes starts with four initial namespaces:
* `default` The default namespace for objects with no other namespace
* `kube-system` The namespace for objects created by the Kubernetes system
* `kube-public` This namespace is created automatically and is readable by all users (including those not authenticated). This namespace is mostly reserved for cluster usage, in case that some resources should be visible and readable publicly throughout the whole cluster. The public aspect of this namespace is only a convention, not a requirement.
- * `kube-node-lease` This namespace for the lease objects associated with each node which improves the performance of the node heartbeats as the cluster scales.
+ * `kube-node-lease` This namespace holds [Lease](/docs/reference/kubernetes-api/cluster-resources/lease-v1/)
+ objects associated with each node. Node leases allow the kubelet to send
+ [heartbeats](/docs/concepts/architecture/nodes/#heartbeats) so that the control plane
+ can detect node failure.
### Setting the namespace for a request
diff --git a/content/en/docs/concepts/overview/working-with-objects/owners-dependents.md b/content/en/docs/concepts/overview/working-with-objects/owners-dependents.md
new file mode 100644
index 0000000000..ea40c3b3a3
--- /dev/null
+++ b/content/en/docs/concepts/overview/working-with-objects/owners-dependents.md
@@ -0,0 +1,89 @@
+---
+title: Owners and Dependents
+content_type: concept
+weight: 60
+---
+
+
+
+In Kubernetes, some objects are *owners* of other objects. For example, a
+{{}} is the owner of a set of Pods. These owned objects are *dependents*
+of their owner.
+
+Ownership is different from the [labels and selectors](/docs/concepts/overview/working-with-objects/labels/)
+mechanism that some resources also use. For example, consider a Service that
+creates `EndpointSlice` objects. The Service uses labels to allow the control plane to
+determine which `EndpointSlice` objects are used for that Service. In addition
+to the labels, each `EndpointSlice` that is managed on behalf of a Service has
+an owner reference. Owner references help different parts of Kubernetes avoid
+interfering with objects they don’t control.
+
+## Owner references in object specifications
+
+Dependent objects have a `metadata.ownerReferences` field that references their
+owner object. A valid owner reference consists of the object name and a UID
+within the same namespace as the dependent object. Kubernetes sets the value of
+this field automatically for objects that are dependents of other objects like
+ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers.
+You can also configure these relationships manually by changing the value of
+this field. However, you usually don't need to and can allow Kubernetes to
+automatically manage the relationships.
+
+Dependent objects also have an `ownerReferences.blockOwnerDeletion` field that
+takes a boolean value and controls whether specific dependents can block garbage
+collection from deleting their owner object. Kubernetes automatically sets this
+field to `true` if a {{}}
+(for example, the Deployment controller) sets the value of the
+`metadata.ownerReferences` field. You can also set the value of the
+`blockOwnerDeletion` field manually to control which dependents block garbage
+collection.
+
+A Kubernetes admission controller controls user access to change this field for
+dependent resources, based on the delete permissions of the owner. This control
+prevents unauthorized users from delaying owner object deletion.
+
+{{< note >}}
+Cross-namespace owner references are disallowed by design.
+Namespaced dependents can specify cluster-scoped or namespaced owners.
+A namespaced owner **must** exist in the same namespace as the dependent.
+If it does not, the owner reference is treated as absent, and the dependent
+is subject to deletion once all owners are verified absent.
+
+Cluster-scoped dependents can only specify cluster-scoped owners.
+In v1.20+, if a cluster-scoped dependent specifies a namespaced kind as an owner,
+it is treated as having an unresolvable owner reference, and is not able to be garbage collected.
+
+In v1.20+, if the garbage collector detects an invalid cross-namespace `ownerReference`,
+or a cluster-scoped dependent with an `ownerReference` referencing a namespaced kind, a warning Event
+with a reason of `OwnerRefInvalidNamespace` and an `involvedObject` of the invalid dependent is reported.
+You can check for that kind of Event by running
+`kubectl get events -A --field-selector=reason=OwnerRefInvalidNamespace`.
+{{< /note >}}
+
+## Ownership and finalizers
+
+When you tell Kubernetes to delete a resource, the API server allows the
+managing controller to process any [finalizer rules](/docs/concepts/overview/working-with-objects/finalizers/)
+for the resource. {{}}
+prevent accidental deletion of resources your cluster may still need to function
+correctly. For example, if you try to delete a `PersistentVolume` that is still
+in use by a Pod, the deletion does not happen immediately because the
+`PersistentVolume` has the `kubernetes.io/pv-protection` finalizer on it.
+Instead, the volume remains in the `Terminating` status until Kubernetes clears
+the finalizer, which only happens after the `PersistentVolume` is no longer
+bound to a Pod.
+
+Kubernetes also adds finalizers to an owner resource when you use either
+[foreground or orphan cascading deletion](/docs/concepts/architecture/garbage-collection/#cascading-deletion).
+In foreground deletion, it adds the `foreground` finalizer so that the
+controller must delete dependent resources that also have
+`ownerReferences.blockOwnerDeletion=true` before it deletes the owner. If you
+specify an orphan deletion policy, Kubernetes adds the `orphan` finalizer so
+that the controller ignores dependent resources after it deletes the owner
+object.
+
+## {{% heading "whatsnext" %}}
+
+* Learn more about [Kubernetes finalizers](/docs/concepts/overview/working-with-objects/finalizers/).
+* Learn about [garbage collection](/docs/concepts/architecture/garbage-collection).
+* Read the API reference for [object metadata](/docs/reference/kubernetes-api/common-definitions/object-meta/#System).
\ No newline at end of file
diff --git a/content/en/docs/concepts/policy/_index.md b/content/en/docs/concepts/policy/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/concepts/policy/pid-limiting.md b/content/en/docs/concepts/policy/pid-limiting.md
index 6d173bc845..1e03ccf375 100644
--- a/content/en/docs/concepts/policy/pid-limiting.md
+++ b/content/en/docs/concepts/policy/pid-limiting.md
@@ -10,7 +10,8 @@ weight: 40
{{< feature-state for_k8s_version="v1.20" state="stable" >}}
-Kubernetes allow you to limit the number of process IDs (PIDs) that a {{< glossary_tooltip term_id="Pod" text="Pod" >}} can use.
+Kubernetes allow you to limit the number of process IDs (PIDs) that a
+{{< glossary_tooltip term_id="Pod" text="Pod" >}} can use.
You can also reserve a number of allocatable PIDs for each {{< glossary_tooltip term_id="node" text="node" >}}
for use by the operating system and daemons (rather than by Pods).
@@ -84,7 +85,9 @@ gate](/docs/reference/command-line-tools-reference/feature-gates/)
Kubernetes allows you to limit the number of processes running in a Pod. You
specify this limit at the node level, rather than configuring it as a resource
limit for a particular Pod. Each Node can have a different PID limit.
-To configure the limit, you can specify the command line parameter `--pod-max-pids` to the kubelet, or set `PodPidsLimit` in the kubelet [configuration file](/docs/tasks/administer-cluster/kubelet-config-file/).
+To configure the limit, you can specify the command line parameter `--pod-max-pids`
+to the kubelet, or set `PodPidsLimit` in the kubelet
+[configuration file](/docs/tasks/administer-cluster/kubelet-config-file/).
{{< note >}}
Before Kubernetes version 1.20, PID resource limiting for Pods required enabling
@@ -95,9 +98,12 @@ the [feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
## PID based eviction
You can configure kubelet to start terminating a Pod when it is misbehaving and consuming abnormal amount of resources.
-This feature is called eviction. You can [Configure Out of Resource Handling](/docs/tasks/administer-cluster/out-of-resource) for various eviction signals.
+This feature is called eviction. You can
+[Configure Out of Resource Handling](/docs/concepts/scheduling-eviction/node-pressure-eviction/)
+for various eviction signals.
Use `pid.available` eviction signal to configure the threshold for number of PIDs used by Pod.
-You can set soft and hard eviction policies. However, even with the hard eviction policy, if the number of PIDs growing very fast,
+You can set soft and hard eviction policies.
+However, even with the hard eviction policy, if the number of PIDs growing very fast,
node can still get into unstable state by hitting the node PIDs limit.
Eviction signal value is calculated periodically and does NOT enforce the limit.
@@ -112,6 +118,7 @@ when one Pod is misbehaving.
## {{% heading "whatsnext" %}}
- Refer to the [PID Limiting enhancement document](https://github.com/kubernetes/enhancements/blob/097b4d8276bc9564e56adf72505d43ce9bc5e9e8/keps/sig-node/20190129-pid-limiting.md) for more information.
-- For historical context, read [Process ID Limiting for Stability Improvements in Kubernetes 1.14](/blog/2019/04/15/process-id-limiting-for-stability-improvements-in-kubernetes-1.14/).
+- For historical context, read
+ [Process ID Limiting for Stability Improvements in Kubernetes 1.14](/blog/2019/04/15/process-id-limiting-for-stability-improvements-in-kubernetes-1.14/).
- Read [Managing Resources for Containers](/docs/concepts/configuration/manage-resources-containers/).
-- Learn how to [Configure Out of Resource Handling](/docs/tasks/administer-cluster/out-of-resource).
+- Learn how to [Configure Out of Resource Handling](/docs/concepts/scheduling-eviction/node-pressure-eviction/).
diff --git a/content/en/docs/concepts/policy/pod-security-policy.md b/content/en/docs/concepts/policy/pod-security-policy.md
index f0884c3dea..36172faba5 100644
--- a/content/en/docs/concepts/policy/pod-security-policy.md
+++ b/content/en/docs/concepts/policy/pod-security-policy.md
@@ -11,7 +11,8 @@ weight: 30
{{< feature-state for_k8s_version="v1.21" state="deprecated" >}}
-PodSecurityPolicy is deprecated as of Kubernetes v1.21, and will be removed in v1.25.
+PodSecurityPolicy is deprecated as of Kubernetes v1.21, and will be removed in v1.25. For more information on the deprecation,
+see [PodSecurityPolicy Deprecation: Past, Present, and Future](/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/).
Pod Security Policies enable fine-grained authorization of pod creation and
updates.
@@ -48,13 +49,12 @@ administrator to control the following:
## Enabling Pod Security Policies
-Pod security policy control is implemented as an optional (but recommended)
-[admission
-controller](/docs/reference/access-authn-authz/admission-controllers/#podsecuritypolicy). PodSecurityPolicies
-are enforced by [enabling the admission
+Pod security policy control is implemented as an optional [admission
+controller](/docs/reference/access-authn-authz/admission-controllers/#podsecuritypolicy).
+PodSecurityPolicies are enforced by [enabling the admission
controller](/docs/reference/access-authn-authz/admission-controllers/#how-do-i-turn-on-an-admission-control-plug-in),
-but doing so without authorizing any policies **will prevent any pods from being
-created** in the cluster.
+but doing so without authorizing any policies **will prevent any pods from being created** in the
+cluster.
Since the pod security policy API (`policy/v1beta1/podsecuritypolicy`) is
enabled independently of the admission controller, for existing clusters it is
@@ -110,7 +110,11 @@ roleRef:
name:
apiGroup: rbac.authorization.k8s.io
subjects:
-# Authorize specific service accounts:
+# Authorize all service accounts in a namespace (recommended):
+- kind: Group
+ apiGroup: rbac.authorization.k8s.io
+ name: system:serviceaccounts:
+# Authorize specific service accounts (not recommended):
- kind: ServiceAccount
name:
namespace:
@@ -139,6 +143,40 @@ Examples](/docs/reference/access-authn-authz/rbac#role-binding-examples).
For a complete example of authorizing a PodSecurityPolicy, see
[below](#example).
+### Recommended Practice
+
+PodSecurityPolicy is being replaced by a new, simplified `PodSecurity` {{< glossary_tooltip
+text="admission controller" term_id="admission-controller" >}}. For more details on this change, see
+[PodSecurityPolicy Deprecation: Past, Present, and
+Future](/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/). Follow these
+guidelines to simplify migration from PodSecurityPolicy to the new admission controller:
+
+1. Limit your PodSecurityPolicies to the policies defined by the [Pod Security Standards](/docs/concepts/security/pod-security-standards):
+ - {{< example file="policy/privileged-psp.yaml" >}}Privileged{{< /example >}}
+ - {{< example file="policy/baseline-psp.yaml" >}}Baseline{{< /example >}}
+ - {{< example file="policy/restricted-psp.yaml" >}}Restricted{{< /example >}}
+
+2. Only bind PSPs to entire namespaces, by using the `system:serviceaccounts:` group
+ (where `` is the target namespace). For example:
+
+ ```yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ # This cluster role binding allows all pods in the "development" namespace to use the baseline PSP.
+ kind: ClusterRoleBinding
+ metadata:
+ name: psp-baseline-namespaces
+ roleRef:
+ kind: ClusterRole
+ name: psp-baseline
+ apiGroup: rbac.authorization.k8s.io
+ subjects:
+ - kind: Group
+ name: system:serviceaccounts:development
+ apiGroup: rbac.authorization.k8s.io
+ - kind: Group
+ name: system:serviceaccounts:canary
+ apiGroup: rbac.authorization.k8s.io
+ ```
### Troubleshooting
@@ -464,12 +502,12 @@ allowed prefix, and a `readOnly` field indicating it must be mounted read-only.
For example:
```yaml
-allowedHostPaths:
- # This allows "/foo", "/foo/", "/foo/bar" etc., but
- # disallows "/fool", "/etc/foo" etc.
- # "/foo/../" is never valid.
- - pathPrefix: "/foo"
- readOnly: true # only allow read-only mounts
+ allowedHostPaths:
+ # This allows "/foo", "/foo/", "/foo/bar" etc., but
+ # disallows "/fool", "/etc/foo" etc.
+ # "/foo/../" is never valid.
+ - pathPrefix: "/foo"
+ readOnly: true # only allow read-only mounts
```
{{< warning >}}There are many ways a container with unrestricted access to the host
@@ -661,8 +699,10 @@ Refer to the [Sysctl documentation](
## {{% heading "whatsnext" %}}
+- See [PodSecurityPolicy Deprecation: Past, Present, and
+ Future](/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/) to learn about
+ the future of pod security policy.
+
- See [Pod Security Standards](/docs/concepts/security/pod-security-standards/) for policy recommendations.
- Refer to [Pod Security Policy Reference](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritypolicy-v1beta1-policy) for the api details.
-
-
diff --git a/content/en/docs/concepts/policy/resource-quotas.md b/content/en/docs/concepts/policy/resource-quotas.md
index 1d0e9d4ecd..d31efd09bc 100644
--- a/content/en/docs/concepts/policy/resource-quotas.md
+++ b/content/en/docs/concepts/policy/resource-quotas.md
@@ -57,8 +57,9 @@ Neither contention nor changes to quota will affect already created resources.
## Enabling Resource Quota
-Resource Quota support is enabled by default for many Kubernetes distributions. It is
-enabled when the {{< glossary_tooltip text="API server" term_id="kube-apiserver" >}} `--enable-admission-plugins=` flag has `ResourceQuota` as
+Resource Quota support is enabled by default for many Kubernetes distributions. It is
+enabled when the {{< glossary_tooltip text="API server" term_id="kube-apiserver" >}}
+`--enable-admission-plugins=` flag has `ResourceQuota` as
one of its arguments.
A resource quota is enforced in a particular namespace when there is a
@@ -66,7 +67,9 @@ ResourceQuota in that namespace.
## Compute Resource Quota
-You can limit the total sum of [compute resources](/docs/concepts/configuration/manage-resources-containers/) that can be requested in a given namespace.
+You can limit the total sum of
+[compute resources](/docs/concepts/configuration/manage-resources-containers/)
+that can be requested in a given namespace.
The following resource types are supported:
@@ -125,7 +128,9 @@ In release 1.8, quota support for local ephemeral storage is added as an alpha f
| `ephemeral-storage` | Same as `requests.ephemeral-storage`. |
{{< note >}}
-When using a CRI container runtime, container logs will count against the ephemeral storage quota. This can result in the unexpected eviction of pods that have exhausted their storage quotas. Refer to [Logging Architecture](/docs/concepts/cluster-administration/logging/) for details.
+When using a CRI container runtime, container logs will count against the ephemeral storage quota.
+This can result in the unexpected eviction of pods that have exhausted their storage quotas.
+Refer to [Logging Architecture](/docs/concepts/cluster-administration/logging/) for details.
{{< /note >}}
## Object Count Quota
@@ -192,7 +197,7 @@ Resources specified on the quota outside of the allowed set results in a validat
| `NotTerminating` | Match pods where `.spec.activeDeadlineSeconds is nil` |
| `BestEffort` | Match pods that have best effort quality of service. |
| `NotBestEffort` | Match pods that do not have best effort quality of service. |
-| `PriorityClass` | Match pods that references the specified [priority class](/docs/concepts/configuration/pod-priority-preemption). |
+| `PriorityClass` | Match pods that references the specified [priority class](/docs/concepts/scheduling-eviction/pod-priority-preemption). |
| `CrossNamespacePodAffinity` | Match pods that have cross-namespace pod [(anti)affinity terms](/docs/concepts/scheduling-eviction/assign-pod-node). |
The `BestEffort` scope restricts a quota to tracking the following resource:
@@ -248,13 +253,14 @@ specified.
{{< feature-state for_k8s_version="v1.17" state="stable" >}}
-Pods can be created at a specific [priority](/docs/concepts/configuration/pod-priority-preemption/#pod-priority).
+Pods can be created at a specific [priority](/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority).
You can control a pod's consumption of system resources based on a pod's priority, by using the `scopeSelector`
field in the quota spec.
A quota is matched and consumed only if `scopeSelector` in the quota spec selects the pod.
-When quota is scoped for priority class using `scopeSelector` field, quota object is restricted to track only following resources:
+When quota is scoped for priority class using `scopeSelector` field, quota object
+is restricted to track only following resources:
* `pods`
* `cpu`
@@ -436,7 +442,7 @@ pods 0 10
### Cross-namespace Pod Affinity Quota
-{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+{{< feature-state for_k8s_version="v1.22" state="beta" >}}
Operators can use `CrossNamespacePodAffinity` quota scope to limit which namespaces are allowed to
have pods with affinity terms that cross namespaces. Specifically, it controls which pods are allowed
@@ -487,7 +493,7 @@ With the above configuration, pods can use `namespaces` and `namespaceSelector`
if the namespace where they are created have a resource quota object with
`CrossNamespaceAffinity` scope and a hard limit greater than or equal to the number of pods using those fields.
-This feature is alpha and disabled by default. You can enable it by setting the
+This feature is beta and enabled by default. You can disable it using the
[feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
`PodAffinityNamespaceSelector` in both kube-apiserver and kube-scheduler.
@@ -554,7 +560,7 @@ kubectl create -f ./object-counts.yaml --namespace=myspace
kubectl get quota --namespace=myspace
```
-```
+```none
NAME AGE
compute-resources 30s
object-counts 32s
@@ -564,7 +570,7 @@ object-counts 32s
kubectl describe quota compute-resources --namespace=myspace
```
-```
+```none
Name: compute-resources
Namespace: myspace
Resource Used Hard
@@ -580,7 +586,7 @@ requests.nvidia.com/gpu 0 4
kubectl describe quota object-counts --namespace=myspace
```
-```
+```none
Name: object-counts
Namespace: myspace
Resource Used Hard
@@ -677,10 +683,10 @@ Then, create a resource quota object in the `kube-system` namespace:
{{< codenew file="policy/priority-class-resourcequota.yaml" >}}
```shell
-$ kubectl apply -f https://k8s.io/examples/policy/priority-class-resourcequota.yaml -n kube-system
+kubectl apply -f https://k8s.io/examples/policy/priority-class-resourcequota.yaml -n kube-system
```
-```
+```none
resourcequota/pods-cluster-services created
```
diff --git a/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md
index 3c779dda79..9216ec2ff9 100644
--- a/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md
+++ b/content/en/docs/concepts/scheduling-eviction/assign-pod-node.md
@@ -271,14 +271,14 @@ All `matchExpressions` associated with `requiredDuringSchedulingIgnoredDuringExe
must be satisfied for the pod to be scheduled onto a node.
#### Namespace selector
-{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+{{< feature-state for_k8s_version="v1.22" state="beta" >}}
Users can also select matching namespaces using `namespaceSelector`, which is a label query over the set of namespaces.
The affinity term is applied to the union of the namespaces selected by `namespaceSelector` and the ones listed in the `namespaces` field.
Note that an empty `namespaceSelector` ({}) matches all namespaces, while a null or empty `namespaces` list and
null `namespaceSelector` means "this pod's namespace".
-This feature is alpha and disabled by default. You can enable it by setting the
+This feature is beta and enabled by default. You can disable it via the
[feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
`PodAffinityNamespaceSelector` in both kube-apiserver and kube-scheduler.
diff --git a/content/en/docs/concepts/scheduling-eviction/kube-scheduler.md b/content/en/docs/concepts/scheduling-eviction/kube-scheduler.md
index 52c8fd417e..916f050513 100644
--- a/content/en/docs/concepts/scheduling-eviction/kube-scheduler.md
+++ b/content/en/docs/concepts/scheduling-eviction/kube-scheduler.md
@@ -47,7 +47,7 @@ functions to score the feasible Nodes and picks a Node with the highest
score among the feasible ones to run the Pod. The scheduler then notifies
the API server about this decision in a process called _binding_.
-Factors that need taken into account for scheduling decisions include
+Factors that need to be taken into account for scheduling decisions include
individual and collective resource requirements, hardware / software /
policy constraints, affinity and anti-affinity specifications, data
locality, inter-workload interference, and so on.
@@ -85,7 +85,7 @@ of the scheduler:
* Read about [scheduler performance tuning](/docs/concepts/scheduling-eviction/scheduler-perf-tuning/)
* Read about [Pod topology spread constraints](/docs/concepts/workloads/pods/pod-topology-spread-constraints/)
* Read the [reference documentation](/docs/reference/command-line-tools-reference/kube-scheduler/) for kube-scheduler
-* Read the [kube-scheduler config (v1beta1)](/docs/reference/config-api/kube-scheduler-config.v1beta1/) reference
+* Read the [kube-scheduler config (v1beta2)](/docs/reference/config-api/kube-scheduler-config.v1beta2/) reference
* Learn about [configuring multiple schedulers](/docs/tasks/extend-kubernetes/configure-multiple-schedulers/)
* Learn about [topology management policies](/docs/tasks/administer-cluster/topology-manager/)
* Learn about [Pod Overhead](/docs/concepts/scheduling-eviction/pod-overhead/)
diff --git a/content/en/docs/concepts/scheduling-eviction/node-pressure-eviction.md b/content/en/docs/concepts/scheduling-eviction/node-pressure-eviction.md
index f2ae086783..e832d1d48c 100644
--- a/content/en/docs/concepts/scheduling-eviction/node-pressure-eviction.md
+++ b/content/en/docs/concepts/scheduling-eviction/node-pressure-eviction.md
@@ -193,7 +193,7 @@ resources based on the filesystems on the node.
If the node has a dedicated `imagefs` filesystem for container runtimes to use,
the kubelet does the following:
- * If the `nodefs` filesystem meets the eviction threshlds, the kubelet garbage collects
+ * If the `nodefs` filesystem meets the eviction thresholds, the kubelet garbage collects
dead pods and containers.
* If the `imagefs` filesystem meets the eviction thresholds, the kubelet
deletes all unused images.
@@ -214,7 +214,7 @@ signal below the threshold, the kubelet begins to evict end-user pods.
The kubelet uses the following parameters to determine pod eviction order:
1. Whether the pod's resource usage exceeds requests
-1. [Pod Priority](/docs/concepts/configuration/pod-priority-preemption/)
+1. [Pod Priority](/docs/concepts/scheduling-eviction/pod-priority-preemption/)
1. The pod's resource usage relative to requests
As a result, kubelet ranks and evicts pods in the following order:
diff --git a/content/en/docs/concepts/scheduling-eviction/pod-priority-preemption.md b/content/en/docs/concepts/scheduling-eviction/pod-priority-preemption.md
index 112e244f46..fff925b6c5 100644
--- a/content/en/docs/concepts/scheduling-eviction/pod-priority-preemption.md
+++ b/content/en/docs/concepts/scheduling-eviction/pod-priority-preemption.md
@@ -252,12 +252,12 @@ Even so, the answer to the preceding question must be yes. If the answer is no,
the Node is not considered for preemption.
{{< /note >}}
-If a pending Pod has inter-pod affinity to one or more of the lower-priority
-Pods on the Node, the inter-Pod affinity rule cannot be satisfied in the absence
-of those lower-priority Pods. In this case, the scheduler does not preempt any
-Pods on the Node. Instead, it looks for another Node. The scheduler might find a
-suitable Node or it might not. There is no guarantee that the pending Pod can be
-scheduled.
+If a pending Pod has inter-pod {{< glossary_tooltip text="affinity" term_id="affinity" >}}
+to one or more of the lower-priority Pods on the Node, the inter-Pod affinity
+rule cannot be satisfied in the absence of those lower-priority Pods. In this case,
+the scheduler does not preempt any Pods on the Node. Instead, it looks for another
+Node. The scheduler might find a suitable Node or it might not. There is no
+guarantee that the pending Pod can be scheduled.
Our recommended solution for this problem is to create inter-Pod affinity only
towards equal or higher priority Pods.
@@ -353,7 +353,7 @@ the removal of the lowest priority Pods is not sufficient to allow the scheduler
to schedule the preemptor Pod, or if the lowest priority Pods are protected by
`PodDisruptionBudget`.
-The kubelet uses Priority to determine pod order for [out-of-resource eviction](/docs/tasks/administer-cluster/out-of-resource/).
+The kubelet uses Priority to determine pod order for [node-pressure eviction](/docs/concepts/scheduling-eviction/node-pressure-eviction/).
You can use the QoS class to estimate the order in which pods are most likely
to get evicted. The kubelet ranks pods for eviction based on the following factors:
@@ -361,10 +361,10 @@ to get evicted. The kubelet ranks pods for eviction based on the following facto
1. Pod Priority
1. Amount of resource usage relative to requests
-See [evicting end-user pods](/docs/tasks/administer-cluster/out-of-resource/#evicting-end-user-pods)
+See [Pod selection for kubelet eviction](/docs/concepts/scheduling-eviction/node-pressure-eviction/#pod-selection-for-kubelet-eviction)
for more details.
-kubelet out-of-resource eviction does not evict Pods when their
+kubelet node-pressure eviction does not evict Pods when their
usage does not exceed their requests. If a Pod with lower priority is not
exceeding its requests, it won't be evicted. Another Pod with higher priority
that exceeds its requests may be evicted.
diff --git a/content/en/docs/concepts/scheduling-eviction/resource-bin-packing.md b/content/en/docs/concepts/scheduling-eviction/resource-bin-packing.md
index e294537c4b..17a426e35b 100644
--- a/content/en/docs/concepts/scheduling-eviction/resource-bin-packing.md
+++ b/content/en/docs/concepts/scheduling-eviction/resource-bin-packing.md
@@ -92,9 +92,9 @@ shape:
``` yaml
resources:
- - name: CPU
+ - name: cpu
weight: 1
- - name: Memory
+ - name: memory
weight: 1
```
@@ -104,9 +104,9 @@ It can be used to add extended resources as follows:
resources:
- name: intel.com/foo
weight: 5
- - name: CPU
+ - name: cpu
weight: 3
- - name: Memory
+ - name: memory
weight: 1
```
@@ -123,16 +123,16 @@ Requested resources:
```
intel.com/foo : 2
-Memory: 256MB
-CPU: 2
+memory: 256MB
+cpu: 2
```
Resource weights:
```
intel.com/foo : 5
-Memory: 1
-CPU: 3
+memory: 1
+cpu: 3
```
FunctionShapePoint {{0, 0}, {100, 10}}
@@ -142,13 +142,13 @@ Node 1 spec:
```
Available:
intel.com/foo: 4
- Memory: 1 GB
- CPU: 8
+ memory: 1 GB
+ cpu: 8
Used:
intel.com/foo: 1
- Memory: 256MB
- CPU: 1
+ memory: 256MB
+ cpu: 1
```
Node score:
@@ -161,13 +161,13 @@ intel.com/foo = resourceScoringFunction((2+1),4)
= rawScoringFunction(75)
= 7 # floor(75/10)
-Memory = resourceScoringFunction((256+256),1024)
+memory = resourceScoringFunction((256+256),1024)
= (100 -((1024-512)*100/1024))
= 50 # requested + used = 50% * available
= rawScoringFunction(50)
= 5 # floor(50/10)
-CPU = resourceScoringFunction((2+1),8)
+cpu = resourceScoringFunction((2+1),8)
= (100 -((8-3)*100/8))
= 37.5 # requested + used = 37.5% * available
= rawScoringFunction(37.5)
@@ -182,12 +182,12 @@ Node 2 spec:
```
Available:
intel.com/foo: 8
- Memory: 1GB
- CPU: 8
+ memory: 1GB
+ cpu: 8
Used:
intel.com/foo: 2
- Memory: 512MB
- CPU: 6
+ memory: 512MB
+ cpu: 6
```
Node score:
@@ -200,13 +200,13 @@ intel.com/foo = resourceScoringFunction((2+2),8)
= rawScoringFunction(50)
= 5
-Memory = resourceScoringFunction((256+512),1024)
+memory = resourceScoringFunction((256+512),1024)
= (100 -((1024-768)*100/1024))
= 75
= rawScoringFunction(75)
= 7
-CPU = resourceScoringFunction((2+6),8)
+cpu = resourceScoringFunction((2+6),8)
= (100 -((8-8)*100/8))
= 100
= rawScoringFunction(100)
diff --git a/content/en/docs/concepts/scheduling-eviction/scheduler-perf-tuning.md b/content/en/docs/concepts/scheduling-eviction/scheduler-perf-tuning.md
index b110dc63e5..5894398c9b 100644
--- a/content/en/docs/concepts/scheduling-eviction/scheduler-perf-tuning.md
+++ b/content/en/docs/concepts/scheduling-eviction/scheduler-perf-tuning.md
@@ -43,7 +43,7 @@ If you set `percentageOfNodesToScore` above 100, kube-scheduler acts as if you
had set a value of 100.
To change the value, edit the
-[kube-scheduler configuration file](/docs/reference/config-api/kube-scheduler-config.v1beta1/)
+[kube-scheduler configuration file](/docs/reference/config-api/kube-scheduler-config.v1beta2/)
and then restart the scheduler.
In many cases, the configuration file can be found at `/etc/kubernetes/config/kube-scheduler.yaml`.
@@ -161,5 +161,5 @@ After going over all the Nodes, it goes back to Node 1.
## {{% heading "whatsnext" %}}
-* Check the [kube-scheduler configuration reference (v1beta1)](/docs/reference/config-api/kube-scheduler-config.v1beta1/)
+* Check the [kube-scheduler configuration reference (v1beta2)](/docs/reference/config-api/kube-scheduler-config.v1beta2/)
diff --git a/content/en/docs/concepts/scheduling-eviction/scheduling-framework.md b/content/en/docs/concepts/scheduling-eviction/scheduling-framework.md
index 3be7adf430..e08052c017 100644
--- a/content/en/docs/concepts/scheduling-eviction/scheduling-framework.md
+++ b/content/en/docs/concepts/scheduling-eviction/scheduling-framework.md
@@ -8,7 +8,7 @@ weight: 90
-{{< feature-state for_k8s_version="v1.15" state="alpha" >}}
+{{< feature-state for_k8s_version="v1.19" state="stable" >}}
The scheduling framework is a pluggable architecture for the Kubernetes scheduler.
It adds a new set of "plugin" APIs to the existing scheduler. Plugins are compiled into the scheduler. The APIs allow most scheduling features to be implemented as plugins, while keeping the
diff --git a/content/en/docs/concepts/scheduling-eviction/taint-and-toleration.md b/content/en/docs/concepts/scheduling-eviction/taint-and-toleration.md
index 946e858a02..030f28e7d1 100644
--- a/content/en/docs/concepts/scheduling-eviction/taint-and-toleration.md
+++ b/content/en/docs/concepts/scheduling-eviction/taint-and-toleration.md
@@ -10,7 +10,7 @@ weight: 40
-[_Node affinity_](/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity),
+[_Node affinity_](/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
is a property of {{< glossary_tooltip text="Pods" term_id="pod" >}} that *attracts* them to
a set of {{< glossary_tooltip text="nodes" term_id="node" >}} (either as a preference or a
hard requirement). _Taints_ are the opposite -- they allow a node to repel a set of pods.
@@ -266,9 +266,23 @@ This ensures that DaemonSet pods are never evicted due to these problems.
## Taint Nodes by Condition
-The node lifecycle controller automatically creates taints corresponding to
-Node conditions with `NoSchedule` effect.
-Similarly the scheduler does not check Node conditions; instead the scheduler checks taints. This assures that Node conditions don't affect what's scheduled onto the Node. The user can choose to ignore some of the Node's problems (represented as Node conditions) by adding appropriate Pod tolerations.
+The control plane, using the node {{}},
+automatically creates taints with a `NoSchedule` effect for [node conditions](/docs/concepts/scheduling-eviction/node-pressure-eviction/#node-conditions).
+
+The scheduler checks taints, not node conditions, when it makes scheduling
+decisions. This ensures that node conditions don't directly affect scheduling.
+For example, if the `DiskPressure` node condition is active, the control plane
+adds the `node.kubernetes.io/disk-pressure` taint and does not schedule new pods
+onto the affected node. If the `MemoryPressure` node condition is active, the
+control plane adds the `node.kubernetes.io/memory-pressure` taint.
+
+You can ignore node conditions for newly created pods by adding the corresponding
+Pod tolerations. The control plane also adds the `node.kubernetes.io/memory-pressure`
+toleration on pods that have a {{< glossary_tooltip text="QoS class" term_id="qos-class" >}}
+other than `BestEffort`. This is because Kubernetes treats pods in the `Guaranteed`
+or `Burstable` QoS classes (even pods with no memory request set) as if they are
+able to cope with memory pressure, while new `BestEffort` pods are not scheduled
+onto the affected node.
The DaemonSet controller automatically adds the following `NoSchedule`
tolerations to all daemons, to prevent DaemonSets from breaking.
@@ -282,10 +296,9 @@ tolerations to all daemons, to prevent DaemonSets from breaking.
Adding these tolerations ensures backward compatibility. You can also add
arbitrary tolerations to DaemonSets.
-
## {{% heading "whatsnext" %}}
-* Read about [out of resource handling](/docs/tasks/administer-cluster/out-of-resource/) and how you can configure it
-* Read about [pod priority](/docs/concepts/configuration/pod-priority-preemption/)
+* Read about [Node-pressure Eviction](/docs/concepts/scheduling-eviction/node-pressure-eviction/) and how you can configure it
+* Read about [Pod Priority](/docs/concepts/scheduling-eviction/pod-priority-preemption/)
diff --git a/content/en/docs/concepts/security/controlling-access.md b/content/en/docs/concepts/security/controlling-access.md
index 9d6c2b9617..1a0c93d8cf 100644
--- a/content/en/docs/concepts/security/controlling-access.md
+++ b/content/en/docs/concepts/security/controlling-access.md
@@ -142,7 +142,7 @@ By default, the Kubernetes API server serves HTTP on 2 ports:
- is intended for testing and bootstrap, and for other components of the master node
(scheduler, controller-manager) to talk to the API
- no TLS
- - default is port 8080, change with `--insecure-port` flag.
+ - default is port 8080
- default IP is localhost, change with `--insecure-bind-address` flag.
- request **bypasses** authentication and authorization modules.
- request handled by admission control module(s).
diff --git a/content/en/docs/concepts/security/overview.md b/content/en/docs/concepts/security/overview.md
index b23a07c79a..ce75653dfd 100644
--- a/content/en/docs/concepts/security/overview.md
+++ b/content/en/docs/concepts/security/overview.md
@@ -2,8 +2,10 @@
reviewers:
- zparnold
title: Overview of Cloud Native Security
+description: >
+ A model for thinking about Kubernetes security in the context of Cloud Native security.
content_type: concept
-weight: 10
+weight: 1
---
diff --git a/content/en/docs/concepts/security/pod-security-admission.md b/content/en/docs/concepts/security/pod-security-admission.md
new file mode 100644
index 0000000000..a1c87767c9
--- /dev/null
+++ b/content/en/docs/concepts/security/pod-security-admission.md
@@ -0,0 +1,145 @@
+---
+reviewers:
+- tallclair
+- liggitt
+title: Pod Security Admission
+description: >
+ An overview of the Pod Security Admission Controller, which can enforce the Pod Security
+ Standards.
+content_type: concept
+weight: 20
+min-kubernetes-server-version: v1.22
+---
+
+
+
+{{< feature-state for_k8s_version="v1.22" state="alpha" >}}
+
+The Kubernetes [Pod Security Standards](/docs/concepts/security/pod-security-standards/) define
+different isolation levels for Pods. These standards let you define how you want to restrict the
+behavior of pods in a clear, consistent fashion.
+
+As an Alpha feature, Kubernetes offers a built-in _Pod Security_ {{< glossary_tooltip
+text="admission controller" term_id="admission-controller" >}}, the successor
+to [PodSecurityPolicies](/docs/concepts/policy/pod-security-policy/). Pod security restrictions
+are applied at the {{< glossary_tooltip text="namespace" term_id="namespace" >}} level when pods
+are created.
+
+{{< note >}}
+The PodSecurityPolicy API is deprecated and will be
+[removed](/docs/reference/using-api/deprecation-guide/#v1-25) from Kubernetes in v1.25.
+{{< /note >}}
+
+
+
+## Enabling the Alpha feature
+
+Setting pod security controls by namespace is an alpha feature. You must enable the `PodSecurity`
+[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) in order to use it.
+
+```shell
+--feature-gates="...,PodSecurity=true"
+```
+
+## Pod Security levels
+
+Pod Security admission places requirements on a Pod's [Security
+Context](/docs/tasks/configure-pod-container/security-context/) and other related fields according
+to the three levels defined by the [Pod Security
+Standards](/docs/concepts/security/pod-security-standards): `privileged`, `baseline`, and
+`restricted`. Refer to the [Pod Security Standards](/docs/concepts/security/pod-security-standards)
+page for an in-depth look at those requirements.
+
+## Pod Security Admission labels for namespaces
+
+Provided that you have enabled this feature, you can configure namespaces to define the admission
+control mode you want to use for pod security in each namespace. Kubernetes defines a set of
+{{< glossary_tooltip term_id="label" text="labels" >}} that you can set to define which of the
+predefined Pod Security Standard levels you want to use for a namespace. The label you select
+defines what action the {{< glossary_tooltip text="control plane" term_id="control-plane" >}}
+takes if a potential violation is detected:
+
+{{< table caption="Pod Security Admission modes" >}}
+Mode | Description
+:---------|:------------
+**enforce** | Policy violations will cause the pod to be rejected.
+**audit** | Policy violations will trigger the addition of an audit annotation to the event recorded in the [audit log](/docs/tasks/debug-application-cluster/audit/), but are otherwise allowed.
+**warn** | Policy violations will trigger a user-facing warning, but are otherwise allowed.
+{{< /table >}}
+
+A namespace can configure any or all modes, or even set a different level for different modes.
+
+For each mode, there are two labels that determine the policy used:
+
+```yaml
+# The per-mode level label indicates which policy level to apply for the mode.
+#
+# MODE must be one of `enforce`, `audit`, or `warn`.
+# LEVEL must be one of `privileged`, `baseline`, or `restricted`.
+pod-security.kubernetes.io/:
+
+# Optional: per-mode version label that can be used to pin the policy to the
+# version that shipped with a given Kubernetes minor version (for example v{{< skew latestVersion >}}).
+#
+# MODE must be one of `enforce`, `audit`, or `warn`.
+# VERSION must be a valid Kubernetes minor version, or `latest`.
+pod-security.kubernetes.io/-version:
+```
+
+Check out [Enforce Pod Security Standards with Namespace Labels](/docs/tasks/configure-pod-container/enforce-standards-namespace-labels) to see example usage.
+
+## Workload resources and Pod templates
+
+Pods are often created indirectly, by creating a [workload
+object](/docs/concepts/workloads/controllers/) such as a {{< glossary_tooltip
+term_id="deployment" >}} or {{< glossary_tooltip term_id="job">}}. The workload object defines a
+_Pod template_ and a {{< glossary_tooltip term_id="controller" text="controller" >}} for the
+workload resource creates Pods based on that template. To help catch violations early, both the
+audit and warning modes are applied to the workload resources. However, enforce mode is **not**
+applied to workload resources, only to the resulting pod objects.
+
+## Exemptions
+
+You can define _exemptions_ from pod security enforcement in order allow the creation of pods that
+would have otherwise been prohibited due to the policy associated with a given namespace.
+Exemptions can be statically configured in the
+[Admission Controller configuration](/docs/tasks/configure-pod-container/enforce-standards-admission-controller/#configure-the-admission-controller).
+
+Exemptions must be explicitly enumerated. Requests meeting exemption criteria are _ignored_ by the
+Admission Controller (all `enforce`, `audit` and `warn` behaviors are skipped). Exemption dimensions include:
+
+- **Usernames:** requests from users with an exempt authenticated (or impersonated) username are
+ ignored.
+- **RuntimeClassNames:** pods and [workload resources](#workload-resources-and-pod-templates) specifying an exempt runtime class name are
+ ignored.
+- **Namespaces:** pods and [workload resources](#workload-resources-and-pod-templates) in an exempt namespace are ignored.
+
+{{< caution >}}
+
+Most pods are created by a controller in response to a [workload
+resource](#workload-resources-and-pod-templates), meaning that exempting an end user will only
+exempt them from enforcement when creating pods directly, but not when creating a workload resource.
+Controller service accounts (such as `system:serviceaccount:kube-system:replicaset-controller`)
+should generally not be exempted, as doing so would implicitly exempt any user that can create the
+corresponding workload resource.
+
+{{< /caution >}}
+
+Updates to the following pod fields are exempt from policy checks, meaning that if a pod update
+request only changes these fields, it will not be denied even if the pod is in violation of the
+current policy level:
+
+- Any metadata updates **except** changes to the seccomp or AppArmor annotations:
+ - `seccomp.security.alpha.kubernetes.io/pod` (deprecated)
+ - `container.seccomp.security.alpha.kubernetes.io/*` (deprecated)
+ - `container.apparmor.security.beta.kubernetes.io/*`
+- Valid updates to `.spec.activeDeadlineSeconds`
+- Valid updates to `.spec.tolerations`
+
+## {{% heading "whatsnext" %}}
+
+- [Pod Security Standards](/docs/concepts/security/pod-security-standards)
+- [Enforcing Pod Security Standards](/docs/setup/best-practices/enforcing-pod-security-standards)
+- [Enforce Pod Security Standards by Configuring the Built-in Admission Controller](/docs/tasks/configure-pod-container/enforce-standards-admission-controller)
+- [Enforce Pod Security Standards with Namespace Labels](/docs/tasks/configure-pod-container/enforce-standards-namespace-labels)
+- [Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller](/docs/tasks/configure-pod-container/migrate-from-psp)
diff --git a/content/en/docs/concepts/security/pod-security-standards.md b/content/en/docs/concepts/security/pod-security-standards.md
index 32635d6747..f3b43344bf 100644
--- a/content/en/docs/concepts/security/pod-security-standards.md
+++ b/content/en/docs/concepts/security/pod-security-standards.md
@@ -2,59 +2,52 @@
reviewers:
- tallclair
title: Pod Security Standards
+description: >
+ A detailed look at the different policy levels defined in the Pod Security Standards.
content_type: concept
weight: 10
---
-Security settings for Pods are typically applied by using [security
-contexts](/docs/tasks/configure-pod-container/security-context/). Security Contexts allow for the
-definition of privilege and access controls on a per-Pod basis.
-
-The enforcement and policy-based definition of cluster requirements of security contexts has
-previously been achieved using [Pod Security Policy](/docs/concepts/policy/pod-security-policy/). A
-_Pod Security Policy_ is a cluster-level resource that controls security sensitive aspects of the
-Pod specification.
-
-However, numerous means of policy enforcement have arisen that augment or replace the use of
-PodSecurityPolicy. The intent of this page is to detail recommended Pod security profiles, decoupled
-from any specific instantiation.
-
+The Pod Security Standards define three different _policies_ to broadly cover the security
+spectrum. These policies are _cumulative_ and range from highly-permissive to highly-restrictive.
+This guide outlines the requirements of each policy.
+| Profile | Description |
+| ------ | ----------- |
+| Privileged | Unrestricted policy, providing the widest possible level of permissions. This policy allows for known privilege escalations. |
+| Baseline | Minimally restrictive policy which prevents known privilege escalations. Allows the default (minimally specified) Pod configuration. |
+| Restricted | Heavily restricted policy, following current Pod hardening best practices. |
-## Policy Types
-
-There is an immediate need for base policy definitions to broadly cover the security spectrum. These
-should range from highly restricted to highly flexible:
-
-- **_Privileged_** - Unrestricted policy, providing the widest possible level of permissions. This
- policy allows for known privilege escalations.
-- **_Baseline_** - Minimally restrictive policy while preventing known privilege
- escalations. Allows the default (minimally specified) Pod configuration.
-- **_Restricted_** - Heavily restricted policy, following current Pod hardening best practices.
-
-## Policies
+## Profile Details
### Privileged
-The Privileged policy is purposely-open, and entirely unrestricted. This type of policy is typically
-aimed at system- and infrastructure-level workloads managed by privileged, trusted users.
+**The _Privileged_ policy is purposely-open, and entirely unrestricted.** This type of policy is
+typically aimed at system- and infrastructure-level workloads managed by privileged, trusted users.
-The privileged policy is defined by an absence of restrictions. For allow-by-default enforcement
-mechanisms (such as gatekeeper), the privileged profile may be an absence of applied constraints
-rather than an instantiated policy. In contrast, for a deny-by-default mechanism (such as Pod
-Security Policy) the privileged policy should enable all controls (disable all restrictions).
+The Privileged policy is defined by an absence of restrictions. For allow-by-default enforcement
+mechanisms (such as gatekeeper), the Privileged policy may be an absence of applied constraints
+rather than an instantiated profile. In contrast, for a deny-by-default mechanism (such as Pod
+Security Policy) the Privileged policy should enable all controls (disable all restrictions).
### Baseline
-The Baseline policy is aimed at ease of adoption for common containerized workloads while
-preventing known privilege escalations. This policy is targeted at application operators and
+**The _Baseline_ policy is aimed at ease of adoption for common containerized workloads while
+preventing known privilege escalations.** This policy is targeted at application operators and
developers of non-critical applications. The following listed controls should be
enforced/disallowed:
+{{< note >}}
+In this table, wildcards (`*`) indicate all elements in a list. For example,
+`spec.containers[*].securityContext` refers to the Security Context object for _all defined
+containers_. If any of the listed containers fails to meet the requirements, the entire pod will
+fail validation.
+{{< /note >}}
+
Baseline policy specification
@@ -63,112 +56,223 @@ enforced/disallowed:
Policy
-
Host Namespaces
+
HostProcess
- Sharing the host namespaces must be disallowed.
- Restricted Fields:
- spec.hostNetwork
- spec.hostPID
- spec.hostIPC
- Allowed Values: false
+
Windows pods offer the ability to run HostProcess containers which enables privileged access to the Windows node. Privileged access to the host is disallowed in the baseline policy. HostProcess pods are an alpha feature as of Kubernetes v1.22.
- Privileged Pods disable most security mechanisms and must be disallowed.
- Restricted Fields:
- spec.containers[*].securityContext.privileged
- spec.initContainers[*].securityContext.privileged
- Allowed Values: false, undefined/nil
+
Sharing the host namespaces must be disallowed.
+
Restricted Fields
+
+
spec.hostNetwork
+
spec.hostPID
+
spec.hostIPC
+
+
Allowed Values
+
+
Undefined/nil
+
false
+
-
Capabilities
+
Privileged Containers
- Adding additional capabilities beyond the default set must be disallowed.
- Restricted Fields:
- spec.containers[*].securityContext.capabilities.add
- spec.initContainers[*].securityContext.capabilities.add
- Allowed Values: empty (or restricted to a known list)
+
Privileged Pods disable most security mechanisms and must be disallowed.
- HostPorts should be disallowed, or at minimum restricted to a known list.
- Restricted Fields:
- spec.containers[*].ports[*].hostPort
- spec.initContainers[*].ports[*].hostPort
- Allowed Values: 0, undefined (or restricted to a known list)
+
HostPath volumes must be forbidden.
+
Restricted Fields
+
+
spec.volumes[*].hostPath
+
+
Allowed Values
+
+
Undefined/nil
+
-
AppArmor
+
Host Ports
- On supported hosts, the 'runtime/default' AppArmor profile is applied by default.
- The baseline policy should prevent overriding or disabling the default AppArmor
- profile, or restrict overrides to an allowed set of profiles.
- Restricted Fields:
- metadata.annotations['container.apparmor.security.beta.kubernetes.io/*']
- Allowed Values: 'runtime/default', undefined
+
HostPorts should be disallowed, or at minimum restricted to a known list.
+
Restricted Fields
+
+
spec.containers[*].ports[*].hostPort
+
spec.initContainers[*].ports[*].hostPort
+
spec.ephemeralContainers[*].ports[*].hostPort
+
+
Allowed Values
+
+
Undefined/nil
+
Known list
+
0
+
-
SELinux
+
AppArmor
- Setting the SELinux type is restricted, and setting a custom SELinux user or role option is forbidden.
- Restricted Fields:
- spec.securityContext.seLinuxOptions.type
- spec.containers[*].securityContext.seLinuxOptions.type
- spec.initContainers[*].securityContext.seLinuxOptions.type
- Allowed Values:
- undefined/empty
- container_t
- container_init_t
- container_kvm_t
- Restricted Fields:
- spec.securityContext.seLinuxOptions.user
- spec.containers[*].securityContext.seLinuxOptions.user
- spec.initContainers[*].securityContext.seLinuxOptions.user
- spec.securityContext.seLinuxOptions.role
- spec.containers[*].securityContext.seLinuxOptions.role
- spec.initContainers[*].securityContext.seLinuxOptions.role
- Allowed Values: undefined/empty
+
On supported hosts, the runtime/default AppArmor profile is applied by default. The baseline policy should prevent overriding or disabling the default AppArmor profile, or restrict overrides to an allowed set of profiles.
- The default /proc masks are set up to reduce attack surface, and should be required.
- Restricted Fields:
- spec.containers[*].securityContext.procMount
- spec.initContainers[*].securityContext.procMount
- Allowed Values: undefined/nil, 'Default'
+
Setting the SELinux type is restricted, and setting a custom SELinux user or role option is forbidden.
- Sysctls can disable security mechanisms or affect all containers on a host, and should be disallowed except for an allowed "safe" subset.
- A sysctl is considered safe if it is namespaced in the container or the Pod, and it is isolated from other Pods or processes on the same Node.
- Restricted Fields:
- spec.securityContext.sysctls
- Allowed Values:
- kernel.shm_rmid_forced
- net.ipv4.ip_local_port_range
- net.ipv4.tcp_syncookies
- net.ipv4.ping_group_range
- undefined/empty
+
The default /proc masks are set up to reduce attack surface, and should be required.
Sysctls can disable security mechanisms or affect all containers on a host, and should be disallowed except for an allowed "safe" subset. A sysctl is considered safe if it is namespaced in the container or the Pod, and it is isolated from other Pods or processes on the same Node.
+
Restricted Fields
+
+
spec.securityContext.sysctls[*].name
+
+
Allowed Values
+
+
Undefined/nil
+
kernel.shm_rmid_forced
+
net.ipv4.ip_local_port_range
+
net.ipv4.ip_unprivileged_port_start
+
net.ipv4.tcp_syncookies
+
net.ipv4.ping_group_range
+
@@ -176,10 +280,17 @@ enforced/disallowed:
### Restricted
-The Restricted policy is aimed at enforcing current Pod hardening best practices, at the expense of
-some compatibility. It is targeted at operators and developers of security-critical applications, as
-well as lower-trust users.The following listed controls should be enforced/disallowed:
+**The _Restricted_ policy is aimed at enforcing current Pod hardening best practices, at the
+expense of some compatibility.** It is targeted at operators and developers of security-critical
+applications, as well as lower-trust users. The following listed controls should be
+enforced/disallowed:
+{{< note >}}
+In this table, wildcards (`*`) indicate all elements in a list. For example,
+`spec.containers[*].securityContext` refers to the Security Context object for _all defined
+containers_. If any of the listed containers fails to meet the requirements, the entire pod will
+fail validation.
+{{< /note >}}
Restricted policy specification
@@ -192,81 +303,149 @@ well as lower-trust users.The following listed controls should be enforced/disal
Everything from the baseline profile.
-
Volume Types
+
Volume Types
- In addition to restricting HostPath volumes, the restricted profile limits usage of non-core volume types to those defined through PersistentVolumes.
- Restricted Fields:
- spec.volumes[*].hostPath
- spec.volumes[*].gcePersistentDisk
- spec.volumes[*].awsElasticBlockStore
- spec.volumes[*].gitRepo
- spec.volumes[*].nfs
- spec.volumes[*].iscsi
- spec.volumes[*].glusterfs
- spec.volumes[*].rbd
- spec.volumes[*].flexVolume
- spec.volumes[*].cinder
- spec.volumes[*].cephFS
- spec.volumes[*].flocker
- spec.volumes[*].fc
- spec.volumes[*].azureFile
- spec.volumes[*].vsphereVolume
- spec.volumes[*].quobyte
- spec.volumes[*].azureDisk
- spec.volumes[*].portworxVolume
- spec.volumes[*].scaleIO
- spec.volumes[*].storageos
- spec.volumes[*].csi
- Allowed Values: undefined/nil
+
In addition to restricting HostPath volumes, the restricted policy limits usage of non-core volume types to those defined through PersistentVolumes.
+
Restricted Fields
+
+
spec.volumes[*].hostPath
+
spec.volumes[*].gcePersistentDisk
+
spec.volumes[*].awsElasticBlockStore
+
spec.volumes[*].gitRepo
+
spec.volumes[*].nfs
+
spec.volumes[*].iscsi
+
spec.volumes[*].glusterfs
+
spec.volumes[*].rbd
+
spec.volumes[*].flexVolume
+
spec.volumes[*].cinder
+
spec.volumes[*].cephfs
+
spec.volumes[*].flocker
+
spec.volumes[*].fc
+
spec.volumes[*].azureFile
+
spec.volumes[*].vsphereVolume
+
spec.volumes[*].quobyte
+
spec.volumes[*].azureDisk
+
spec.volumes[*].portworxVolume
+
spec.volumes[*].scaleIO
+
spec.volumes[*].storageos
+
spec.volumes[*].photonPersistentDisk
+
+
Allowed Values
+
+
Undefined/nil
+
-
Privilege Escalation
+
Privilege Escalation (v1.8+)
- Privilege escalation (such as via set-user-ID or set-group-ID file mode) should not be allowed.
- Restricted Fields:
- spec.containers[*].securityContext.allowPrivilegeEscalation
- spec.initContainers[*].securityContext.allowPrivilegeEscalation
- Allowed Values: false
+
Privilege escalation (such as via set-user-ID or set-group-ID file mode) should not be allowed.
- Containers must be required to run as non-root users.
- Restricted Fields:
- spec.securityContext.runAsNonRoot
- spec.containers[*].securityContext.runAsNonRoot
- spec.initContainers[*].securityContext.runAsNonRoot
- Allowed Values: true
+
Containers must be required to run as non-root users.
+
+ The container fields may be undefined/nil if the pod-level
+ spec.securityContext.seccompProfile.type field is set appropriately.
+ Conversely, the pod-level field may be undefined/nil if _all_ container-
+ level fields are set.
+
+
+
+
+
Capabilities (v1.22+)
- The RuntimeDefault seccomp profile must be required, or allow specific additional profiles.
- Restricted Fields:
- spec.securityContext.seccompProfile.type
- spec.containers[*].securityContext.seccompProfile
- spec.initContainers[*].securityContext.seccompProfile
- Allowed Values:
- 'runtime/default'
- undefined / nil
+
+ Containers must drop ALL capabilities, and are only permitted to add back
+ the NET_BIND_SERVICE capability.
+
@@ -281,11 +460,17 @@ mechanism.
As mechanisms mature, they will be defined below on a per-policy basis. The methods of enforcement
of individual policies are not defined here.
-[**PodSecurityPolicy**](/docs/concepts/policy/pod-security-policy/)
+[**Pod Security Admission Controller**](/docs/concepts/security/pod-security-admission/)
-- [Privileged](https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/policy/privileged-psp.yaml)
-- [Baseline](https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/policy/baseline-psp.yaml)
-- [Restricted](https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/policy/restricted-psp.yaml)
+- {{< example file="security/podsecurity-privileged.yaml" >}}Privileged namespace{{< /example >}}
+- {{< example file="security/podsecurity-baseline.yaml" >}}Baseline namespace{{< /example >}}
+- {{< example file="security/podsecurity-restricted.yaml" >}}Restricted namespace{{< /example >}}
+
+[**PodSecurityPolicy**](/docs/concepts/profile/pod-security-profile/) (Deprecated)
+
+- {{< example file="policy/privileged-psp.yaml" >}}Privileged{{< /example >}}
+- {{< example file="policy/baseline-psp.yaml" >}}Baseline{{< /example >}}
+- {{< example file="policy/restricted-psp.yaml" >}}Restricted{{< /example >}}
## FAQ
@@ -299,26 +484,40 @@ policies in this space need to be defined on a case-by-case basis.
SIG Auth may reconsider this position in the future, should a clear need for other profiles arise.
-### What's the difference between a security policy and a security context?
+### What's the difference between a security profile and a security context?
[Security Contexts](/docs/tasks/configure-pod-container/security-context/) configure Pods and
Containers at runtime. Security contexts are defined as part of the Pod and container specifications
in the Pod manifest, and represent parameters to the container runtime.
-Security policies are control plane mechanisms to enforce specific settings in the Security Context,
-as well as other parameters outside the Security Context. As of February 2020, the current native
-solution for enforcing these security policies is [Pod Security
-Policy](/docs/concepts/policy/pod-security-policy/) - a mechanism for centrally enforcing security
-policy on Pods across a cluster. Other alternatives for enforcing security policy are being
-developed in the Kubernetes ecosystem, such as [OPA
-Gatekeeper](https://github.com/open-policy-agent/gatekeeper).
+Security profiles are control plane mechanisms to enforce specific settings in the Security Context,
+as well as other related parameters outside the Security Context. As of July 2021,
+[Pod Security Policies](/docs/concepts/profile/pod-security-profile/) are deprecated in favor of the
+built-in [Pod Security Admission Controller](/docs/concepts/security/pod-security-admission/).
+
+{{% thirdparty-content %}}
+
+Other alternatives for enforcing security profiles are being developed in the Kubernetes
+ecosystem, such as:
+- [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper).
+- [Kubewarden](https://github.com/kubewarden).
+- [Kyverno](https://kyverno.io/policies/pod-security/).
### What profiles should I apply to my Windows Pods?
Windows in Kubernetes has some limitations and differentiators from standard Linux-based
-workloads. Specifically, the Pod SecurityContext fields [have no effect on
+workloads. Specifically, many of the Pod SecurityContext fields [have no effect on
Windows](/docs/setup/production-environment/windows/intro-windows-in-kubernetes/#v1-podsecuritycontext). As
-such, no standardized Pod Security profiles currently exists.
+such, no standardized Pod Security profiles currently exist.
+
+If you apply the restricted profile for a Windows pod, this **may** have an impact on the pod
+at runtime. The restricted profile requires enforcing Linux-specific restrictions (such as seccomp
+profile, and disallowing privilege escalation). If the kubelet and / or its container runtime ignore
+these Linux-specific values, then the Windows pod should still work normally within the restricted
+profile. However, the lack of enforcement means that there is no additional restriction, for Pods
+that use Windows containers, compared to the baseline profile.
+
+The use of the HostProcess flag to create a HostProcess pod should only be done in alignment with the privileged policy. Creation of a Windows HostProcess pod is blocked under the baseline and restricted policies, so any HostProcess pod should be considered privileged.
### What about sandboxed Pods?
@@ -331,6 +530,4 @@ restrict privileged permissions is lessened when the workload is isolated from t
kernel. This allows for workloads requiring heightened permissions to still be isolated.
Additionally, the protection of sandboxed workloads is highly dependent on the method of
-sandboxing. As such, no single recommended policy is recommended for all sandboxed workloads.
-
-
+sandboxing. As such, no single recommended profile is recommended for all sandboxed workloads.
diff --git a/content/en/docs/concepts/services-networking/_index.md b/content/en/docs/concepts/services-networking/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/concepts/services-networking/connect-applications-service.md b/content/en/docs/concepts/services-networking/connect-applications-service.md
index 14bc98101f..89d2daddb2 100644
--- a/content/en/docs/concepts/services-networking/connect-applications-service.md
+++ b/content/en/docs/concepts/services-networking/connect-applications-service.md
@@ -133,7 +133,7 @@ about the [service proxy](/docs/concepts/services-networking/service/#virtual-ip
Kubernetes supports 2 primary modes of finding a Service - environment variables
and DNS. The former works out of the box while the latter requires the
-[CoreDNS cluster addon](https://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/dns/coredns).
+[CoreDNS cluster addon](https://releases.k8s.io/{{< param "fullversion" >}}/cluster/addons/dns/coredns).
{{< note >}}
If the service environment variables are not desired (because possible clashing with expected program ones,
too many variables to process, only using DNS, etc) you can disable this mode by setting the `enableServiceLinks`
@@ -231,7 +231,7 @@ Till now we have only accessed the nginx server from within the cluster. Before
* An nginx server configured to use the certificates
* A [secret](/docs/concepts/configuration/secret/) that makes the certificates accessible to pods
-You can acquire all these from the [nginx https example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/https-nginx/). This requires having go and make tools installed. If you don't want to install those, then follow the manual steps later. In short:
+You can acquire all these from the [nginx https example](https://github.com/kubernetes/examples/tree/master/staging/https-nginx/). This requires having go and make tools installed. If you don't want to install those, then follow the manual steps later. In short:
```shell
make keys KEY=/tmp/nginx.key CERT=/tmp/nginx.crt
@@ -303,7 +303,7 @@ Now modify your nginx replicas to start an https server using the certificate in
Noteworthy points about the nginx-secure-app manifest:
- It contains both Deployment and Service specification in the same file.
-- The [nginx server](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/https-nginx/default.conf)
+- The [nginx server](https://github.com/kubernetes/examples/tree/master/staging/https-nginx/default.conf)
serves HTTP traffic on port 80 and HTTPS traffic on 443, and nginx Service
exposes both ports.
- Each container has access to the keys through a volume mounted at `/etc/nginx/ssl`.
diff --git a/content/en/docs/concepts/services-networking/dns-pod-service.md b/content/en/docs/concepts/services-networking/dns-pod-service.md
index 2888064c2e..f43eeff22b 100644
--- a/content/en/docs/concepts/services-networking/dns-pod-service.md
+++ b/content/en/docs/concepts/services-networking/dns-pod-service.md
@@ -7,6 +7,7 @@ content_type: concept
weight: 20
---
+
Kubernetes creates DNS records for services and pods. You can contact
services with consistent DNS names instead of IP addresses.
@@ -49,7 +50,7 @@ options ndots:5
```
In summary, a pod in the _test_ namespace can successfully resolve either
-`data.prod` or `data.prod.cluster.local`.
+`data.prod` or `data.prod.svc.cluster.local`.
### DNS Records
@@ -196,7 +197,7 @@ record unless `publishNotReadyAddresses=True` is set on the Service.
### Pod's setHostnameAsFQDN field {#pod-sethostnameasfqdn-field}
-{{< feature-state for_k8s_version="v1.20" state="beta" >}}
+{{< feature-state for_k8s_version="v1.22" state="stable" >}}
When a Pod is configured to have fully qualified domain name (FQDN), its hostname is the short hostname. For example, if you have a Pod with the fully qualified domain name `busybox-1.default-subdomain.my-namespace.svc.cluster-domain.example`, then by default the `hostname` command inside that Pod returns `busybox-1` and the `hostname --fqdn` command returns the FQDN.
@@ -261,6 +262,8 @@ spec:
### Pod's DNS Config {#pod-dns-config}
+{{< feature-state for_k8s_version="v1.14" state="stable" >}}
+
Pod's DNS Config allows users more control on the DNS settings for a Pod.
The `dnsConfig` field is optional and it can work with any `dnsPolicy` settings.
@@ -310,6 +313,17 @@ search default.svc.cluster-domain.example svc.cluster-domain.example cluster-dom
options ndots:5
```
+#### Expanded DNS Configuration
+
+{{< feature-state for_k8s_version="1.22" state="alpha" >}}
+
+By default, for Pod's DNS Config, Kubernetes allows at most 6 search domains and
+a list of search domains of up to 256 characters.
+
+If the feature gate `ExpandedDNSConfig` is enabled for the kube-apiserver and
+the kubelet, it is allowed for Kubernetes to have at most 32 search domains and
+a list of search domains of up to 2048 characters.
+
### Feature availability
The availability of Pod DNS Config and DNS Policy "`None`" is shown as below.
@@ -321,7 +335,6 @@ The availability of Pod DNS Config and DNS Policy "`None`" is shown as below.
| 1.9 | Alpha |
-
## {{% heading "whatsnext" %}}
diff --git a/content/en/docs/concepts/services-networking/endpoint-slices.md b/content/en/docs/concepts/services-networking/endpoint-slices.md
index fdcbd0ed50..da8d09d9d5 100644
--- a/content/en/docs/concepts/services-networking/endpoint-slices.md
+++ b/content/en/docs/concepts/services-networking/endpoint-slices.md
@@ -249,5 +249,4 @@ implementation in `kube-proxy`.
## {{% heading "whatsnext" %}}
-* Learn about [Enabling EndpointSlices](/docs/tasks/administer-cluster/enabling-endpointslices)
* Read [Connecting Applications with Services](/docs/concepts/services-networking/connect-applications-service/)
diff --git a/content/en/docs/concepts/services-networking/ingress-controllers.md b/content/en/docs/concepts/services-networking/ingress-controllers.md
index d0405a060d..0ee1d53ef9 100644
--- a/content/en/docs/concepts/services-networking/ingress-controllers.md
+++ b/content/en/docs/concepts/services-networking/ingress-controllers.md
@@ -32,6 +32,7 @@ Kubernetes as a project supports and maintains [AWS](https://github.com/kubernet
Citrix Application Delivery Controller.
* [Contour](https://projectcontour.io/) is an [Envoy](https://www.envoyproxy.io/) based ingress controller.
* [EnRoute](https://getenroute.io/) is an [Envoy](https://www.envoyproxy.io) based API gateway that can run as an ingress controller.
+* [Easegress IngressController](https://github.com/megaease/easegress/blob/main/doc/ingresscontroller.md) is an [Easegress](https://megaease.com/easegress/) based API gateway that can run as an ingress controller.
* F5 BIG-IP [Container Ingress Services for Kubernetes](https://clouddocs.f5.com/containers/latest/userguide/kubernetes/)
lets you use an Ingress to configure F5 BIG-IP virtual servers.
* [Gloo](https://gloo.solo.io) is an open-source ingress controller based on [Envoy](https://www.envoyproxy.io),
diff --git a/content/en/docs/concepts/services-networking/ingress.md b/content/en/docs/concepts/services-networking/ingress.md
index de4e665af1..6879b998db 100644
--- a/content/en/docs/concepts/services-networking/ingress.md
+++ b/content/en/docs/concepts/services-networking/ingress.md
@@ -224,7 +224,7 @@ reference additional implementation-specific configuration for this class.
#### Namespace-scoped parameters
-{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+{{< feature-state for_k8s_version="v1.22" state="beta" >}}
`Parameters` field has a `scope` and `namespace` field that can be used to
reference a namespace-specific resource for configuration of an Ingress class.
@@ -232,6 +232,11 @@ reference a namespace-specific resource for configuration of an Ingress class.
resource. Setting `Scope` to `Namespace` and setting the `Namespace` field
will reference a parameters resource in a specific namespace:
+Namespace-scoped parameters avoid the need for a cluster-scoped CustomResourceDefinition
+for a parameters resource. This further avoids RBAC-related resources
+that would otherwise be required to grant permissions to cluster-scoped
+resources.
+
{{< codenew file="service/networking/namespaced-params.yaml" >}}
### Deprecated annotation
diff --git a/content/en/docs/concepts/services-networking/network-policies.md b/content/en/docs/concepts/services-networking/network-policies.md
index 2c9ed4a90e..e3f3a203b7 100644
--- a/content/en/docs/concepts/services-networking/network-policies.md
+++ b/content/en/docs/concepts/services-networking/network-policies.md
@@ -154,6 +154,7 @@ contains two elements in the `from` array, and allows connections from Pods in t
When in doubt, use `kubectl describe` to see how Kubernetes has interpreted the policy.
+
__ipBlock__: This selects particular IP CIDR ranges to allow as ingress sources or egress destinations. These should be cluster-external IPs, since Pod IPs are ephemeral and unpredictable.
Cluster ingress and egress mechanisms often require rewriting the source or destination IP
@@ -223,7 +224,7 @@ You must be using a {{< glossary_tooltip text="CNI" term_id="cni" >}} plugin tha
## Targeting a range of Ports
-{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+{{< feature-state for_k8s_version="v1.22" state="beta" >}}
When writing a NetworkPolicy, you can target a range of ports instead of a single port.
@@ -251,10 +252,15 @@ spec:
endPort: 32768
```
-The above rule allows any Pod with label `db` on the namespace `default` to communicate with any IP within the range `10.0.0.0/24` over TCP, provided that the target port is between the range 32000 and 32768.
+The above rule allows any Pod with label `role=db` on the namespace `default` to communicate
+with any IP within the range `10.0.0.0/24` over TCP, provided that the target
+port is between the range 32000 and 32768.
The following restrictions apply when using this field:
-* As an alpha feature, this is disabled by default. To enable the `endPort` field at a cluster level, you (or your cluster administrator) need to enable the `NetworkPolicyEndPort` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) for the API server with `--feature-gates=NetworkPolicyEndPort=true,…`.
+* As a beta feature, this is enabled by default. To disable the `endPort` field
+at a cluster level, you (or your cluster administrator) need to disable the
+`NetworkPolicyEndPort` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
+for the API server with `--feature-gates=NetworkPolicyEndPort=false,…`.
* The `endPort` field must be equal than or greater to the `port` field.
* `endPort` can only be defined if `port` is also defined.
* Both ports must be numeric.
@@ -262,6 +268,9 @@ The following restrictions apply when using this field:
{{< note >}}
Your cluster must be using a {{< glossary_tooltip text="CNI" term_id="cni" >}} plugin that
supports the `endPort` field in NetworkPolicy specifications.
+If your [network plugin](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/)
+does not support the `endPort` field and you specify a NetworkPolicy with that,
+the policy will be applied only for the single `port` field.
{{< /note >}}
## Targeting a Namespace by its name
diff --git a/content/en/docs/concepts/services-networking/service.md b/content/en/docs/concepts/services-networking/service.md
index 2c9e6e8996..ee1c7514da 100644
--- a/content/en/docs/concepts/services-networking/service.md
+++ b/content/en/docs/concepts/services-networking/service.md
@@ -72,7 +72,7 @@ A Service in Kubernetes is a REST object, similar to a Pod. Like all of the
REST objects, you can `POST` a Service definition to the API server to create
a new instance.
The name of a Service object must be a valid
-[DNS label name](/docs/concepts/overview/working-with-objects/names#dns-label-names).
+[RFC 1035 label name](/docs/concepts/overview/working-with-objects/names#rfc-1035-label-names).
For example, suppose you have a set of Pods where each listens on TCP port 9376
and contains a label `app=MyApp`:
@@ -188,9 +188,10 @@ selectors and uses DNS names instead. For more information, see the
[ExternalName](#externalname) section later in this document.
### Over Capacity Endpoints
-If an Endpoints resource has more than 1000 endpoints then a Kubernetes v1.21 (or later)
-cluster annotates that Endpoints with `endpoints.kubernetes.io/over-capacity: warning`.
-This annotation indicates that the affected Endpoints object is over capacity.
+If an Endpoints resource has more than 1000 endpoints then a Kubernetes v1.22 (or later)
+cluster annotates that Endpoints with `endpoints.kubernetes.io/over-capacity: truncated`.
+This annotation indicates that the affected Endpoints object is over capacity and that
+the endpoints controller has truncated the number of endpoints to 1000.
### EndpointSlices
@@ -215,7 +216,7 @@ each Service port. The value of this field is mirrored by the corresponding
Endpoints and EndpointSlice objects.
This field follows standard Kubernetes label syntax. Values should either be
-[IANA standard service names](http://www.iana.org/assignments/service-names) or
+[IANA standard service names](https://www.iana.org/assignments/service-names) or
domain prefixed names such as `mycompany.com/my-custom-protocol`.
## Virtual IPs and service proxies
@@ -241,9 +242,25 @@ There are a few reasons for using proxying for Services:
on the DNS records could impose a high load on DNS that then becomes
difficult to manage.
+Later in this page you can read about various kube-proxy implementations work. Overall,
+you should note that, when running `kube-proxy`, kernel level rules may be
+modified (for example, iptables rules might get created), which won't get cleaned up,
+in some cases until you reboot. Thus, running kube-proxy is something that should
+only be done by an administrator which understands the consequences of having a
+low level, privileged network proxying service on a computer. Although the `kube-proxy`
+executable supports a `cleanup` function, this function is not an official feature and
+thus is only available to use as-is.
+
+### Configuration
+
+Note that the kube-proxy starts up in different modes, which are determined by its configuration.
+- The kube-proxy's configuration is done via a ConfigMap, and the ConfigMap for kube-proxy effectively deprecates the behaviour for almost all of the flags for the kube-proxy.
+- The ConfigMap for the kube-proxy does not support live reloading of configuration.
+- The ConfigMap parameters for the kube-proxy cannot all be validated and verified on startup. For example, if your operating system doesn't allow you to run iptables commands, the standard kernel kube-proxy implementation will not work. Likewise, if you have an operating system which doesn't support `netsh`, it will not run in Windows userspace mode.
+
### User space proxy mode {#proxy-mode-userspace}
-In this mode, kube-proxy watches the Kubernetes control plane for the addition and
+In this (legacy) mode, kube-proxy watches the Kubernetes control plane for the addition and
removal of Service and Endpoint objects. For each Service it opens a
port (randomly chosen) on the local node. Any connections to this "proxy port"
are proxied to one of the Service's backend Pods (as reported via
@@ -384,6 +401,40 @@ The IP address that you choose must be a valid IPv4 or IPv6 address from within
If you try to create a Service with an invalid clusterIP address value, the API
server will return a 422 HTTP status code to indicate that there's a problem.
+## Traffic policies
+
+### External traffic policy
+
+You can set the `spec.externalTrafficPolicy` field to control how traffic from external sources is routed.
+Valid values are `Cluster` and `Local`. Set the field to `Cluster` to route external traffic to all ready endpoints
+and `Local` to only route to ready node-local endpoints. If the traffic policy is `Local` and there are are no node-local
+endpoints, the kube-proxy does not forward any traffic for the relevant Service.
+
+{{< note >}}
+{{< feature-state for_k8s_version="v1.22" state="alpha" >}}
+If you enable the `ProxyTerminatingEndpoints`
+[feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
+`ProxyTerminatingEndpoints` for the kube-proxy, the kube-proxy checks if the node
+has local endpoints and whether or not all the local endpoints are marked as terminating.
+If there are local endpoints and **all** of those are terminating, then the kube-proxy ignores
+any external traffic policy of `Local`. Instead, whilst the node-local endpoints remain as all
+terminating, the kube-proxy forwards traffic for that Service to healthy endpoints elsewhere,
+as if the external traffic policy were set to `Cluster`.
+This forwarding behavior for terminating endpoints exists to allow external load balancers to
+gracefully drain connections that are backed by `NodePort` Services, even when the health check
+node port starts to fail. Otherwise, traffic can be lost between the time a node is still in the node pool of a load
+balancer and traffic is being dropped during the termination period of a pod.
+{{< /note >}}
+
+### Internal traffic policy
+
+{{< feature-state for_k8s_version="v1.22" state="beta" >}}
+
+You can set the `spec.internalTrafficPolicy` field to control how traffic from internal sources is routed.
+Valid values are `Cluster` and `Local`. Set the field to `Cluster` to route internal traffic to all ready endpoints
+and `Local` to only route to ready node-local endpoints. If the traffic policy is `Local` and there are no node-local
+endpoints, traffic is dropped by kube-proxy.
+
## Discovering services
Kubernetes supports 2 primary modes of finding a Service - environment
@@ -394,7 +445,7 @@ variables and DNS.
When a Pod is run on a Node, the kubelet adds a set of environment variables
for each active Service. It supports both [Docker links
compatible](https://docs.docker.com/userguide/dockerlinks/) variables (see
-[makeLinkVariables](https://releases.k8s.io/{{< param "githubbranch" >}}/pkg/kubelet/envvars/envvars.go#L49))
+[makeLinkVariables](https://releases.k8s.io/{{< param "fullversion" >}}/pkg/kubelet/envvars/envvars.go#L49))
and simpler `{SVCNAME}_SERVICE_HOST` and `{SVCNAME}_SERVICE_PORT` variables,
where the Service name is upper-cased and dashes are converted to underscores.
@@ -642,12 +693,12 @@ You must enable the `ServiceLBNodePortControl` feature gate to use this field.
#### Specifying class of load balancer implementation {#load-balancer-class}
-{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+{{< feature-state for_k8s_version="v1.22" state="beta" >}}
-Starting in v1.21, you can optionally specify the class of a load balancer implementation for
-`LoadBalancer` type of Service by setting the field `spec.loadBalancerClass`.
+`spec.loadBalancerClass` enables you to use a load balancer implementation other than the cloud provider default. This feature is available from v1.21, you must enable the `ServiceLoadBalancerClass` feature gate to use this field in v1.21, and the feature gate is enabled by default from v1.22 onwards.
By default, `spec.loadBalancerClass` is `nil` and a `LoadBalancer` type of Service uses
-the cloud provider's default load balancer implementation.
+the cloud provider's default load balancer implementation if the cluster is configured with
+a cloud provider using the `--cloud-provider` component flag.
If `spec.loadBalancerClass` is specified, it is assumed that a load balancer
implementation that matches the specified class is watching for Services.
Any default load balancer implementation (for example, the one provided by
@@ -657,7 +708,6 @@ Once set, it cannot be changed.
The value of `spec.loadBalancerClass` must be a label-style identifier,
with an optional prefix such as "`internal-vip`" or "`example.com/internal-vip`".
Unprefixed names are reserved for end-users.
-You must enable the `ServiceLoadBalancerClass` feature gate to use this field.
#### Internal load balancer
diff --git a/content/en/docs/concepts/storage/_index.md b/content/en/docs/concepts/storage/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/concepts/storage/persistent-volumes.md b/content/en/docs/concepts/storage/persistent-volumes.md
index f45d17ff54..a029ceaeda 100644
--- a/content/en/docs/concepts/storage/persistent-volumes.md
+++ b/content/en/docs/concepts/storage/persistent-volumes.md
@@ -314,12 +314,9 @@ PersistentVolume types are implemented as plugins. Kubernetes currently supports
* [`azureDisk`](/docs/concepts/storage/volumes/#azuredisk) - Azure Disk
* [`azureFile`](/docs/concepts/storage/volumes/#azurefile) - Azure File
* [`cephfs`](/docs/concepts/storage/volumes/#cephfs) - CephFS volume
-* [`cinder`](/docs/concepts/storage/volumes/#cinder) - Cinder (OpenStack block storage)
- (**deprecated**)
* [`csi`](/docs/concepts/storage/volumes/#csi) - Container Storage Interface (CSI)
* [`fc`](/docs/concepts/storage/volumes/#fc) - Fibre Channel (FC) storage
* [`flexVolume`](/docs/concepts/storage/volumes/#flexVolume) - FlexVolume
-* [`flocker`](/docs/concepts/storage/volumes/#flocker) - Flocker storage
* [`gcePersistentDisk`](/docs/concepts/storage/volumes/#gcepersistentdisk) - GCE Persistent Disk
* [`glusterfs`](/docs/concepts/storage/volumes/#glusterfs) - Glusterfs volume
* [`hostPath`](/docs/concepts/storage/volumes/#hostpath) - HostPath volume
@@ -329,17 +326,28 @@ PersistentVolume types are implemented as plugins. Kubernetes currently supports
* [`local`](/docs/concepts/storage/volumes/#local) - local storage devices
mounted on nodes.
* [`nfs`](/docs/concepts/storage/volumes/#nfs) - Network File System (NFS) storage
-* `photonPersistentDisk` - Photon controller persistent disk.
- (This volume type no longer works since the removal of the corresponding
- cloud provider.)
* [`portworxVolume`](/docs/concepts/storage/volumes/#portworxvolume) - Portworx volume
-* [`quobyte`](/docs/concepts/storage/volumes/#quobyte) - Quobyte volume
* [`rbd`](/docs/concepts/storage/volumes/#rbd) - Rados Block Device (RBD) volume
-* [`scaleIO`](/docs/concepts/storage/volumes/#scaleio) - ScaleIO volume
- (**deprecated**)
-* [`storageos`](/docs/concepts/storage/volumes/#storageos) - StorageOS volume
* [`vsphereVolume`](/docs/concepts/storage/volumes/#vspherevolume) - vSphere VMDK volume
+The following types of PersistentVolume are deprecated. This means that support is still available but will be removed in a future Kubernetes release.
+
+* [`cinder`](/docs/concepts/storage/volumes/#cinder) - Cinder (OpenStack block storage)
+ (**deprecated** in v1.18)
+* [`flocker`](/docs/concepts/storage/volumes/#flocker) - Flocker storage
+ (**deprecated** in v1.22)
+* [`quobyte`](/docs/concepts/storage/volumes/#quobyte) - Quobyte volume
+ (**deprecated** in v1.22)
+* [`storageos`](/docs/concepts/storage/volumes/#storageos) - StorageOS volume
+ (**deprecated** in v1.22)
+
+Older versions of Kubernetes also supported the following in-tree PersistentVolume types:
+
+* `photonPersistentDisk` - Photon controller persistent disk.
+ (**not available** after v1.15)
+* [`scaleIO`](/docs/concepts/storage/volumes/#scaleio) - ScaleIO volume
+ (**not available** after v1.21)
+
## Persistent Volumes
Each PV contains a spec and status, which is the specification and status of the volume.
@@ -407,38 +415,40 @@ The access modes are:
* ReadWriteOnce -- the volume can be mounted as read-write by a single node
* ReadOnlyMany -- the volume can be mounted read-only by many nodes
* ReadWriteMany -- the volume can be mounted as read-write by many nodes
+* ReadWriteOncePod -- the volume can be mounted as read-write by a single Pod.
+ This is only supported for CSI volumes and Kubernetes version 1.22+.
In the CLI, the access modes are abbreviated to:
* RWO - ReadWriteOnce
* ROX - ReadOnlyMany
* RWX - ReadWriteMany
+* RWOP - ReadWriteOncePod
> __Important!__ A volume can only be mounted using one access mode at a time, even if it supports many. For example, a GCEPersistentDisk can be mounted as ReadWriteOnce by a single node or ReadOnlyMany by many nodes, but not at the same time.
-| Volume Plugin | ReadWriteOnce | ReadOnlyMany | ReadWriteMany|
-| :--- | :---: | :---: | :---: |
-| AWSElasticBlockStore | ✓ | - | - |
-| AzureFile | ✓ | ✓ | ✓ |
-| AzureDisk | ✓ | - | - |
-| CephFS | ✓ | ✓ | ✓ |
-| Cinder | ✓ | - | - |
-| CSI | depends on the driver | depends on the driver | depends on the driver |
-| FC | ✓ | ✓ | - |
-| FlexVolume | ✓ | ✓ | depends on the driver |
-| Flocker | ✓ | - | - |
-| GCEPersistentDisk | ✓ | ✓ | - |
-| Glusterfs | ✓ | ✓ | ✓ |
-| HostPath | ✓ | - | - |
-| iSCSI | ✓ | ✓ | - |
-| Quobyte | ✓ | ✓ | ✓ |
-| NFS | ✓ | ✓ | ✓ |
-| RBD | ✓ | ✓ | - |
-| VsphereVolume | ✓ | - | - (works when Pods are collocated) |
-| PortworxVolume | ✓ | - | ✓ |
-| ScaleIO | ✓ | ✓ | - |
-| StorageOS | ✓ | - | - |
+| Volume Plugin | ReadWriteOnce | ReadOnlyMany | ReadWriteMany | ReadWriteOncePod |
+| :--- | :---: | :---: | :---: | - |
+| AWSElasticBlockStore | ✓ | - | - | - |
+| AzureFile | ✓ | ✓ | ✓ | - |
+| AzureDisk | ✓ | - | - | - |
+| CephFS | ✓ | ✓ | ✓ | - |
+| Cinder | ✓ | - | - | - |
+| CSI | depends on the driver | depends on the driver | depends on the driver | depends on the driver |
+| FC | ✓ | ✓ | - | - |
+| FlexVolume | ✓ | ✓ | depends on the driver | - |
+| Flocker | ✓ | - | - | - |
+| GCEPersistentDisk | ✓ | ✓ | - | - |
+| Glusterfs | ✓ | ✓ | ✓ | - |
+| HostPath | ✓ | - | - | - |
+| iSCSI | ✓ | ✓ | - | - |
+| Quobyte | ✓ | ✓ | ✓ | - |
+| NFS | ✓ | ✓ | ✓ | - |
+| RBD | ✓ | ✓ | - | - |
+| VsphereVolume | ✓ | - | - (works when Pods are collocated) | - |
+| PortworxVolume | ✓ | - | ✓ | - | - |
+| StorageOS | ✓ | - | - | - |
### Class
@@ -499,7 +509,7 @@ it will become fully deprecated in a future Kubernetes release.
For most volume types, you do not need to set this field. It is automatically populated for [AWS EBS](/docs/concepts/storage/volumes/#awselasticblockstore), [GCE PD](/docs/concepts/storage/volumes/#gcepersistentdisk) and [Azure Disk](/docs/concepts/storage/volumes/#azuredisk) volume block types. You need to explicitly set this for [local](/docs/concepts/storage/volumes/#local) volumes.
{{< /note >}}
-A PV can specify [node affinity](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#volumenodeaffinity-v1-core) to define constraints that limit what nodes this volume can be accessed from. Pods that use a PV will only be scheduled to nodes that are selected by the node affinity.
+A PV can specify node affinity to define constraints that limit what nodes this volume can be accessed from. Pods that use a PV will only be scheduled to nodes that are selected by the node affinity. To specify node affinity, set `nodeAffinity` in the `.spec` of a PV. The [PersistentVolume](/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1/#PersistentVolumeSpec) API reference has more details on this field.
### Phase
@@ -785,6 +795,82 @@ spec:
storage: 10Gi
```
+## Volume populators and data sources
+
+{{< feature-state for_k8s_version="v1.22" state="alpha" >}}
+
+{{< note >}}
+Kubernetes supports custom volume populators; this alpha feature was introduced
+in Kubernetes 1.18. Kubernetes 1.22 reimplemented the mechanism with a redesigned API.
+Check that you are reading the version of the Kubernetes documentation that matches your
+cluster. {{% version-check %}}
+To use custom volume populators, you must enable the `AnyVolumeDataSource`
+[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) for
+the kube-apiserver and kube-controller-manager.
+{{< /note >}}
+
+Volume populators take advantage of a PVC spec field called `dataSourceRef`. Unlike the
+`dataSource` field, which can only contain either a reference to another PersistentVolumeClaim
+or to a VolumeSnapshot, the `dataSourceRef` field can contain a reference to any object in the
+same namespace, except for core objects other than PVCs. For clusters that have the feature
+gate enabled, use of the `dataSourceRef` is preferred over `dataSource`.
+
+## Data source references
+
+The `dataSourceRef` field behaves almost the same as the `dataSource` field. If either one is
+specified while the other is not, the API server will give both fields the same value. Neither
+field can be changed after creation, and attempting to specify different values for the two
+fields will result in a validation error. Therefore the two fields will always have the same
+contents.
+
+There are two differences between the `dataSourceRef` field and the `dataSource` field that
+users should be aware of:
+* The `dataSource` field ignores invalid values (as if the field was blank) while the
+ `dataSourceRef` field never ignores values and will cause an error if an invalid value is
+ used. Invalid values are any core object (objects with no apiGroup) except for PVCs.
+* The `dataSourceRef` field may contain different types of objects, while the `dataSource` field
+ only allows PVCs and VolumeSnapshots.
+
+Users should always use `dataSourceRef` on clusters that have the feature gate enabled, and
+fall back to `dataSource` on clusters that do not. It is not necessary to look at both fields
+under any circumstance. The duplicated values with slightly different semantics exist only for
+backwards compatibility. In particular, a mixture of older and newer controllers are able to
+interoperate because the fields are the same.
+
+### Using volume populators
+
+Volume populators are {{< glossary_tooltip text="controllers" term_id="controller" >}} that can
+create non-empty volumes, where the contents of the volume are determined by a Custom Resource.
+Users create a populated volume by referring to a Custom Resource using the `dataSourceRef` field:
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: populated-pvc
+spec:
+ dataSourceRef:
+ name: example-name
+ kind: ExampleDataSource
+ apiGroup: example.storage.k8s.io
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Gi
+```
+
+Because volume populators are external components, attempts to create a PVC that uses one
+can fail if not all the correct components are installed. External controllers should generate
+events on the PVC to provide feedback on the status of the creation, including warnings if
+the PVC cannot be created due to some missing component.
+
+You can install the alpha [volume data source validator](https://github.com/kubernetes-csi/volume-data-source-validator)
+controller into your cluster. That controller generates warning Events on a PVC in the case that no populator
+is registered to handle that kind of data source. When a suitable populator is installed for a PVC, it's the
+responsibility of that populator controller to report Events that relate to volume creation and issues during
+the process.
+
## Writing Portable Configuration
If you're writing configuration templates or examples that run on a wide range of clusters
@@ -811,16 +897,15 @@ and need persistent storage, it is recommended that you use the following patter
or the cluster has no storage system (in which case the user cannot deploy
config requiring PVCs).
- ## {{% heading "whatsnext" %}}
-
+## {{% heading "whatsnext" %}}
* Learn more about [Creating a PersistentVolume](/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolume).
* Learn more about [Creating a PersistentVolumeClaim](/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolumeclaim).
* Read the [Persistent Storage design document](https://git.k8s.io/community/contributors/design-proposals/storage/persistent-storage.md).
-### Reference
+### API references {#reference}
-* [PersistentVolume](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolume-v1-core)
-* [PersistentVolumeSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolumespec-v1-core)
-* [PersistentVolumeClaim](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolumeclaim-v1-core)
-* [PersistentVolumeClaimSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolumeclaimspec-v1-core)
+Read about the APIs described in this page:
+
+* [`PersistentVolume`](/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1/)
+* [`PersistentVolumeClaim`](/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/)
diff --git a/content/en/docs/concepts/storage/storage-classes.md b/content/en/docs/concepts/storage/storage-classes.md
index 5e6851d94a..36615098c6 100644
--- a/content/en/docs/concepts/storage/storage-classes.md
+++ b/content/en/docs/concepts/storage/storage-classes.md
@@ -76,7 +76,7 @@ for provisioning PVs. This field must be specified.
| Glusterfs | ✓ | [Glusterfs](#glusterfs) |
| iSCSI | - | - |
| Quobyte | ✓ | [Quobyte](#quobyte) |
-| NFS | - | - |
+| NFS | - | [NFS](#nfs) |
| RBD | ✓ | [Ceph RBD](#ceph-rbd) |
| VsphereVolume | ✓ | [vSphere](#vsphere) |
| PortworxVolume | ✓ | [Portworx Volume](#portworx-volume) |
@@ -189,7 +189,7 @@ and pre-created PVs, but you'll need to look at the documentation for a specific
to see its supported topology keys and examples.
{{< note >}}
- If you choose to use `waitForFirstConsumer`, do not use `nodeName` in the Pod spec
+ If you choose to use `WaitForFirstConsumer`, do not use `nodeName` in the Pod spec
to specify node affinity. If `nodeName` is used in this case, the scheduler will be bypassed and PVC will remain in `pending` state.
Instead, you can use node selector for hostname in this case as shown below.
@@ -423,6 +423,29 @@ parameters:
`gluster-dynamic-`. The dynamic endpoint and service are automatically
deleted when the persistent volume claim is deleted.
+### NFS
+
+```yaml
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: example-nfs
+provisioner: example.com/external-nfs
+parameters:
+ server: nfs-server.example.com
+ path: /share
+ readOnly: false
+```
+
+* `server`: Server is the hostname or IP address of the NFS server.
+* `path`: Path that is exported by the NFS server.
+* `readOnly`: A flag indicating whether the storage will be mounted as read only (default false).
+
+Kubernetes doesn't include an internal NFS provisioner. You need to use an external provisioner to create a StorageClass for NFS.
+Here are some examples:
+* [NFS Ganesha server and external provisioner](https://github.com/kubernetes-sigs/nfs-ganesha-server-and-external-provisioner)
+* [NFS subdir external provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner)
+
### OpenStack Cinder
```yaml
@@ -578,6 +601,12 @@ parameters:
### Quobyte
+{{< feature-state for_k8s_version="v1.22" state="deprecated" >}}
+
+The Quobyte in-tree storage plugin is deprecated, an
+[example](https://github.com/quobyte/quobyte-csi/blob/master/example/StorageClass.yaml)
+`StorageClass` for the out-of-tree Quobyte plugin can be found at the Quobyte CSI repository.
+
```yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
@@ -658,11 +687,11 @@ metadata:
provisioner: kubernetes.io/azure-disk
parameters:
storageaccounttype: Standard_LRS
- kind: Shared
+ kind: managed
```
* `storageaccounttype`: Azure storage account Sku tier. Default is empty.
-* `kind`: Possible values are `shared` (default), `dedicated`, and `managed`.
+* `kind`: Possible values are `shared`, `dedicated`, and `managed` (default).
When `kind` is `shared`, all unmanaged disks are created in a few shared
storage accounts in the same resource group as the cluster. When `kind` is
`dedicated`, a new dedicated storage account will be created for the new
diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md
index d693e057ef..56694dee66 100644
--- a/content/en/docs/concepts/storage/volumes.md
+++ b/content/en/docs/concepts/storage/volumes.md
@@ -124,13 +124,13 @@ beta features must be enabled.
{{< feature-state for_k8s_version="v1.17" state="alpha" >}}
To disable the `awsElasticBlockStore` storage plugin from being loaded by the controller manager
-and the kubelet, set the `CSIMigrationAWSComplete` flag to `true`. This feature requires the `ebs.csi.aws.com` Container Storage Interface (CSI) driver installed on all worker nodes.
+and the kubelet, set the `InTreePluginAWSUnregister` flag to `true`.
### azureDisk {#azuredisk}
The `azureDisk` volume type mounts a Microsoft Azure [Data Disk](https://docs.microsoft.com/en-us/azure/aks/csi-storage-drivers) into a pod.
-For more details, see the [`azureDisk` volume plugin](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/azure_disk/README.md).
+For more details, see the [`azureDisk` volume plugin](https://github.com/kubernetes/examples/tree/master/staging/volumes/azure_disk/README.md).
#### azureDisk CSI migration
@@ -148,7 +148,7 @@ features must be enabled.
The `azureFile` volume type mounts a Microsoft Azure File volume (SMB 2.1 and 3.0)
into a pod.
-For more details, see the [`azureFile` volume plugin](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/azure_file/README.md).
+For more details, see the [`azureFile` volume plugin](https://github.com/kubernetes/examples/tree/master/staging/volumes/azure_file/README.md).
#### azureFile CSI migration
@@ -176,7 +176,7 @@ writers simultaneously.
You must have your own Ceph server running with the share exported before you can use it.
{{< /note >}}
-See the [CephFS example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/volumes/cephfs/) for more details.
+See the [CephFS example](https://github.com/kubernetes/examples/tree/master/volumes/cephfs/) for more details.
### cinder
@@ -347,7 +347,7 @@ You must configure FC SAN Zoning to allocate and mask those LUNs (volumes) to th
beforehand so that Kubernetes hosts can access them.
{{< /note >}}
-See the [fibre channel example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/fibre_channel) for more details.
+See the [fibre channel example](https://github.com/kubernetes/examples/tree/master/staging/volumes/fibre_channel) for more details.
### flocker (deprecated) {#flocker}
@@ -365,7 +365,7 @@ can be shared between pods as required.
You must have your own Flocker installation running before you can use it.
{{< /note >}}
-See the [Flocker example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/flocker) for more details.
+See the [Flocker example](https://github.com/kubernetes/examples/tree/master/staging/volumes/flocker) for more details.
### gcePersistentDisk
@@ -462,7 +462,8 @@ spec:
required:
nodeSelectorTerms:
- matchExpressions:
- - key: failure-domain.beta.kubernetes.io/zone
+ # failure-domain.beta.kubernetes.io/zone should be used prior to 1.21
+ - key: topology.kubernetes.io/zone
operator: In
values:
- us-central1-a
@@ -480,6 +481,13 @@ Driver](https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-drive
must be installed on the cluster and the `CSIMigration` and `CSIMigrationGCE`
beta features must be enabled.
+#### GCE CSI migration complete
+
+{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+
+To disable the `gcePersistentDisk` storage plugin from being loaded by the controller manager
+and the kubelet, set the `InTreePluginGCEUnregister` flag to `true`.
+
### gitRepo (deprecated) {#gitrepo}
{{< warning >}}
@@ -525,10 +533,19 @@ simultaneously.
You must have your own GlusterFS installation running before you can use it.
{{< /note >}}
-See the [GlusterFS example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/volumes/glusterfs) for more details.
+See the [GlusterFS example](https://github.com/kubernetes/examples/tree/master/volumes/glusterfs) for more details.
### hostPath {#hostpath}
+{{< warning >}}
+HostPath volumes present many security risks, and it is a best practice to avoid the use of
+HostPaths when possible. When a HostPath volume must be used, it should be scoped to only the
+required file or directory, and mounted as ReadOnly.
+
+If restricting HostPath access to specific directories through AdmissionPolicy, `volumeMounts` MUST
+be required to use `readOnly` mounts for the policy to be effective.
+{{< /warning >}}
+
A `hostPath` volume mounts a file or directory from the host node's filesystem
into your Pod. This is not something that most Pods will need, but it offers a
powerful escape hatch for some applications.
@@ -558,6 +575,9 @@ The supported values for field `type` are:
Watch out when using this type of volume, because:
+* HostPaths can expose privileged system credentials (such as for the Kubelet) or privileged APIs
+ (such as container runtime socket), which can be used for container escape or to attack other
+ parts of the cluster.
* Pods with identical configuration (such as created from a PodTemplate) may
behave differently on different nodes due to different files on the nodes
* The files or directories created on the underlying hosts are only writable by root. You
@@ -641,7 +661,7 @@ and then serve it in parallel from as many Pods as you need. Unfortunately,
iSCSI volumes can only be mounted by a single consumer in read-write mode.
Simultaneous writers are not allowed.
-See the [iSCSI example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/volumes/iscsi) for more details.
+See the [iSCSI example](https://github.com/kubernetes/examples/tree/master/volumes/iscsi) for more details.
### local
@@ -729,7 +749,7 @@ writers simultaneously.
You must have your own NFS server running with the share exported before you can use it.
{{< /note >}}
-See the [NFS example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/nfs) for more details.
+See the [NFS example](https://github.com/kubernetes/examples/tree/master/staging/volumes/nfs) for more details.
### persistentVolumeClaim {#persistentvolumeclaim}
@@ -777,7 +797,7 @@ Make sure you have an existing PortworxVolume with name `pxvol`
before using it in the Pod.
{{< /note >}}
-For more details, see the [Portworx volume](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/portworx/README.md) examples.
+For more details, see the [Portworx volume](https://github.com/kubernetes/examples/tree/master/staging/volumes/portworx/README.md) examples.
### projected
@@ -791,7 +811,7 @@ Currently, the following types of volume sources can be projected:
* `serviceAccountToken`
All sources are required to be in the same namespace as the Pod. For more details,
-see the [all-in-one volume design document](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/design-proposals/node/all-in-one-volume.md).
+see the [all-in-one volume design document](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/all-in-one-volume.md).
#### Example configuration with a secret, a downwardAPI, and a configMap {#example-configuration-secret-downwardapi-configmap}
@@ -919,7 +939,7 @@ A container using a projected volume source as a [`subPath`](#using-subpath) vol
receive updates for those volume sources.
{{< /note >}}
-### quobyte
+### quobyte (deprecated) {#quobyte}
A `quobyte` volume allows an existing [Quobyte](https://www.quobyte.com) volume to
be mounted into your Pod.
@@ -952,52 +972,9 @@ and then serve it in parallel from as many pods as you need. Unfortunately,
RBD volumes can only be mounted by a single consumer in read-write mode.
Simultaneous writers are not allowed.
-See the [RBD example](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/volumes/rbd)
+See the [RBD example](https://github.com/kubernetes/examples/tree/master/volumes/rbd)
for more details.
-### scaleIO (deprecated) {#scaleio}
-
-ScaleIO is a software-based storage platform that uses existing hardware to
-create clusters of scalable shared block networked storage. The `scaleIO` volume
-plugin allows deployed pods to access existing ScaleIO
-volumes. For information about dynamically provisioning new volumes for
-persistent volume claims, see
-[ScaleIO persistent volumes](/docs/concepts/storage/persistent-volumes/#scaleio).
-
-{{< note >}}
-You must have an existing ScaleIO cluster already setup and
-running with the volumes created before you can use them.
-{{< /note >}}
-
-The following example is a Pod configuration with ScaleIO:
-
-```yaml
-apiVersion: v1
-kind: Pod
-metadata:
- name: pod-0
-spec:
- containers:
- - image: k8s.gcr.io/test-webserver
- name: pod-0
- volumeMounts:
- - mountPath: /test-pd
- name: vol-0
- volumes:
- - name: vol-0
- scaleIO:
- gateway: https://localhost:443/api
- system: scaleio
- protectionDomain: sd0
- storagePool: sp1
- volumeName: vol-0
- secretRef:
- name: sio-secret
- fsType: xfs
-```
-
-For further details, see the [ScaleIO](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/volumes/scaleio) examples.
-
### secret
A `secret` volume is used to pass sensitive information, such as passwords, to
@@ -1017,7 +994,7 @@ receive Secret updates.
For more details, see [Configuring Secrets](/docs/concepts/configuration/secret/).
-### storageOS {#storageos}
+### storageOS (deprecated) {#storageos}
A `storageos` volume allows an existing [StorageOS](https://www.storageos.com)
volume to mount into your Pod.
@@ -1165,7 +1142,7 @@ but new volumes created by the vSphere CSI driver will not be honoring these par
{{< feature-state for_k8s_version="v1.19" state="beta" >}}
-To turn off the `vsphereVolume` plugin from being loaded by the controller manager and the kubelet, you need to set this feature flag to `true`. You must install a `csi.vsphere.vmware.com` {{< glossary_tooltip text="CSI" term_id="csi" >}} driver on all worker nodes.
+To turn off the `vsphereVolume` plugin from being loaded by the controller manager and the kubelet, you need to set `InTreePluginvSphereUnregister` feature flag to `true`. You must install a `csi.vsphere.vmware.com` {{< glossary_tooltip text="CSI" term_id="csi" >}} driver on all worker nodes.
## Using subPath {#using-subpath}
diff --git a/content/en/docs/concepts/workloads/controllers/_index.md b/content/en/docs/concepts/workloads/controllers/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/concepts/workloads/controllers/cron-jobs.md b/content/en/docs/concepts/workloads/controllers/cron-jobs.md
index 7127924411..c6cd4d1336 100644
--- a/content/en/docs/concepts/workloads/controllers/cron-jobs.md
+++ b/content/en/docs/concepts/workloads/controllers/cron-jobs.md
@@ -17,6 +17,8 @@ A _CronJob_ creates {{< glossary_tooltip term_id="job" text="Jobs" >}} on a repe
One CronJob object is like one line of a _crontab_ (cron table) file. It runs a job periodically
on a given schedule, written in [Cron](https://en.wikipedia.org/wiki/Cron) format.
+In addition, the CronJob schedule supports timezone handling, you can specify the timezone by adding "CRON_TZ=
@@ -215,7 +223,7 @@ itself should at least be protected via file permissions.
+ enableProfiling enables profiling via web interface host:port/debug/pprof/
+
+
+
+
enableContentionProfiling[Required]
+bool
+
+
+ enableContentionProfiling enables lock contention profiling, if
+enableProfiling is true.
+
+
+
+
+
+
+## `LeaderElectionConfiguration` {#LeaderElectionConfiguration}
+
+
+
+
+**Appears in:**
+
+- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
+
+- [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration)
+
+
+LeaderElectionConfiguration defines the configuration of leader election
+clients for components that can run with leader election enabled.
+
+
+
Field
Description
+
+
+
+
+
leaderElect[Required]
+bool
+
+
+ leaderElect enables a leader election client to gain leadership
+before executing the main loop. Enable this when running replicated
+components for high availability.
+ leaseDuration is the duration that non-leader candidates will wait
+after observing a leadership renewal until attempting to acquire
+leadership of a led but unrenewed leader slot. This is effectively the
+maximum duration that a leader can be stopped before it is replaced
+by another candidate. This is only applicable if leader election is
+enabled.
+ renewDeadline is the interval between attempts by the acting master to
+renew a leadership slot before it stops leading. This must be less
+than or equal to the lease duration. This is only applicable if leader
+election is enabled.
+ retryPeriod is the duration the clients should wait between attempting
+acquisition and renewal of a leadership. This is only applicable if
+leader election is enabled.
+
+
+
+
resourceLock[Required]
+string
+
+
+ resourceLock indicates the resource object type that will be used to lock
+during leader election cycles.
+
+
+
+
resourceName[Required]
+string
+
+
+ resourceName indicates the name of resource object that will be used to lock
+during leader election cycles.
+
+
+
+
resourceNamespace[Required]
+string
+
+
+ resourceName indicates the namespace of resource object that will be used to lock
+during leader election cycles.
+ Format Flag specifies the structure of log messages.
+default value of format is `text`
+
+
+
+
sanitization[Required]
+bool
+
+
+ [Experimental] When enabled prevents logging of fields tagged as sensitive (passwords, keys, tokens).
+Runtime log sanitization may introduce significant computation overhead and therefore should not be enabled in production.`)
+ acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the
+default value of 'application/json'. This field will control all connections to the server used by a particular
+client.
+
+
+
+
contentType[Required]
+string
+
+
+ contentType is the content type used when sending data to the server from this client.
+
+
+
+
qps[Required]
+float32
+
+
+ qps controls the number of queries per second allowed for this connection.
+
+
+
+
burst[Required]
+int32
+
+
+ burst allows extra queries to accumulate when a client is exceeding its rate.
+ enableProfiling enables profiling via web interface host:port/debug/pprof/
+
+
+
+
enableContentionProfiling[Required]
+bool
+
+
+ enableContentionProfiling enables lock contention profiling, if
+enableProfiling is true.
+
+
+
+
+
+
+## `LeaderElectionConfiguration` {#LeaderElectionConfiguration}
+
+
+
+
+**Appears in:**
+
+- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
+
+
+LeaderElectionConfiguration defines the configuration of leader election
+clients for components that can run with leader election enabled.
+
+
+
Field
Description
+
+
+
+
+
leaderElect[Required]
+bool
+
+
+ leaderElect enables a leader election client to gain leadership
+before executing the main loop. Enable this when running replicated
+components for high availability.
+ leaseDuration is the duration that non-leader candidates will wait
+after observing a leadership renewal until attempting to acquire
+leadership of a led but unrenewed leader slot. This is effectively the
+maximum duration that a leader can be stopped before it is replaced
+by another candidate. This is only applicable if leader election is
+enabled.
+ renewDeadline is the interval between attempts by the acting master to
+renew a leadership slot before it stops leading. This must be less
+than or equal to the lease duration. This is only applicable if leader
+election is enabled.
+ retryPeriod is the duration the clients should wait between attempting
+acquisition and renewal of a leadership. This is only applicable if
+leader election is enabled.
+
+
+
+
resourceLock[Required]
+string
+
+
+ resourceLock indicates the resource object type that will be used to lock
+during leader election cycles.
+
+
+
+
resourceName[Required]
+string
+
+
+ resourceName indicates the name of resource object that will be used to lock
+during leader election cycles.
+
+
+
+
resourceNamespace[Required]
+string
+
+
+ resourceName indicates the namespace of resource object that will be used to lock
+during leader election cycles.
+ Format Flag specifies the structure of log messages.
+default value of format is `text`
+
+
+
+
sanitization[Required]
+bool
+
+
+ [Experimental] When enabled prevents logging of fields tagged as sensitive (passwords, keys, tokens).
+Runtime log sanitization may introduce significant computation overhead and therefore should not be enabled in production.`)
+
+
+
+
+
+
+
+
+
+## `DefaultPreemptionArgs` {#kubescheduler-config-k8s-io-v1beta2-DefaultPreemptionArgs}
+
+
+
+
+
+DefaultPreemptionArgs holds arguments used to configure the
+DefaultPreemption plugin.
+
+
+
Field
Description
+
+
+
apiVersion string
kubescheduler.config.k8s.io/v1beta2
+
kind string
DefaultPreemptionArgs
+
+
+
+
+
minCandidateNodesPercentage[Required]
+int32
+
+
+ MinCandidateNodesPercentage is the minimum number of candidates to
+shortlist when dry running preemption as a percentage of number of nodes.
+Must be in the range [0, 100]. Defaults to 10% of the cluster size if
+unspecified.
+
+
+
+
minCandidateNodesAbsolute[Required]
+int32
+
+
+ MinCandidateNodesAbsolute is the absolute minimum number of candidates to
+shortlist. The likely number of candidates enumerated for dry running
+preemption is given by the formula:
+numCandidates = max(numNodes ∗ minCandidateNodesPercentage, minCandidateNodesAbsolute)
+We say "likely" because there are other factors such as PDB violations
+that play a role in the number of candidates shortlisted. Must be at least
+0 nodes. Defaults to 100 nodes if unspecified.
+
+
+
+
+
+
+
+
+## `InterPodAffinityArgs` {#kubescheduler-config-k8s-io-v1beta2-InterPodAffinityArgs}
+
+
+
+
+
+InterPodAffinityArgs holds arguments used to configure the InterPodAffinity plugin.
+
+
+
Field
Description
+
+
+
apiVersion string
kubescheduler.config.k8s.io/v1beta2
+
kind string
InterPodAffinityArgs
+
+
+
+
+
hardPodAffinityWeight[Required]
+int32
+
+
+ HardPodAffinityWeight is the scoring weight for existing pods with a
+matching hard affinity to the incoming pod.
(Members of DebuggingConfiguration are embedded into this type.)
+ DebuggingConfiguration holds configuration for Debugging related features
+TODO: We might wanna make this a substruct like Debugging componentbaseconfigv1alpha1.DebuggingConfiguration
+
+
+
+
percentageOfNodesToScore[Required]
+int32
+
+
+ PercentageOfNodesToScore is the percentage of all nodes that once found feasible
+for running a pod, the scheduler stops its search for more feasible nodes in
+the cluster. This helps improve scheduler's performance. Scheduler always tries to find
+at least "minFeasibleNodesToFind" feasible nodes no matter what the value of this flag is.
+Example: if the cluster size is 500 nodes and the value of this flag is 30,
+then scheduler stops finding further feasible nodes once it finds 150 feasible ones.
+When the value is 0, default percentage (5%--50% based on the size of the cluster) of the
+nodes will be scored.
+
+
+
+
podInitialBackoffSeconds[Required]
+int64
+
+
+ PodInitialBackoffSeconds is the initial backoff for unschedulable pods.
+If specified, it must be greater than 0. If this value is null, the default value (1s)
+will be used.
+
+
+
+
podMaxBackoffSeconds[Required]
+int64
+
+
+ PodMaxBackoffSeconds is the max backoff for unschedulable pods.
+If specified, it must be greater than podInitialBackoffSeconds. If this value is null,
+the default value (10s) will be used.
+ Profiles are scheduling profiles that kube-scheduler supports. Pods can
+choose to be scheduled under a particular profile by setting its associated
+scheduler name. Pods that don't specify any scheduler name are scheduled
+with the "default-scheduler" profile, if present here.
+ Extenders are the list of scheduler extenders, each holding the values of how to communicate
+with the extender. These extenders are shared by all scheduler profiles.
+ AddedAffinity is applied to all Pods additionally to the NodeAffinity
+specified in the PodSpec. That is, Nodes need to satisfy AddedAffinity
+AND .spec.NodeAffinity. AddedAffinity is empty by default (all Nodes
+match).
+When AddedAffinity is used, some Pods with affinity requirements that match
+a specific Node (such as Daemonset Pods) might remain unschedulable.
+ Resources to be managed, the default is "cpu" and "memory" if not specified.
+
+
+
+
+
+
+
+
+## `NodeResourcesFitArgs` {#kubescheduler-config-k8s-io-v1beta2-NodeResourcesFitArgs}
+
+
+
+
+
+NodeResourcesFitArgs holds arguments used to configure the NodeResourcesFit plugin.
+
+
+
Field
Description
+
+
+
apiVersion string
kubescheduler.config.k8s.io/v1beta2
+
kind string
NodeResourcesFitArgs
+
+
+
+
+
ignoredResources[Required]
+[]string
+
+
+ IgnoredResources is the list of resources that NodeResources fit filter
+should ignore. This doesn't apply to scoring.
+
+
+
+
ignoredResourceGroups[Required]
+[]string
+
+
+ IgnoredResourceGroups defines the list of resource groups that NodeResources fit filter should ignore.
+e.g. if group is ["example.com"], it will ignore all resource names that begin
+with "example.com", such as "example.com/aaa" and "example.com/bbb".
+A resource group name can't contain '/'. This doesn't apply to scoring.
+ DefaultConstraints defines topology spread constraints to be applied to
+Pods that don't define any in `pod.spec.topologySpreadConstraints`.
+`.defaultConstraints[∗].labelSelectors` must be empty, as they are
+deduced from the Pod's membership to Services, ReplicationControllers,
+ReplicaSets or StatefulSets.
+When not empty, .defaultingType must be "List".
+ DefaultingType determines how .defaultConstraints are deduced. Can be one
+of "System" or "List".
+
+- "System": Use kubernetes defined constraints that spread Pods among
+ Nodes and Zones.
+- "List": Use constraints defined in .defaultConstraints.
+
+Defaults to "List" if feature gate DefaultPodTopologySpread is disabled
+and to "System" if enabled.
+
+
+
+
+
+
+
+
+## `VolumeBindingArgs` {#kubescheduler-config-k8s-io-v1beta2-VolumeBindingArgs}
+
+
+
+
+
+VolumeBindingArgs holds arguments used to configure the VolumeBinding plugin.
+
+
+
Field
Description
+
+
+
apiVersion string
kubescheduler.config.k8s.io/v1beta2
+
kind string
VolumeBindingArgs
+
+
+
+
+
bindTimeoutSeconds[Required]
+int64
+
+
+ BindTimeoutSeconds is the timeout in seconds in volume binding operation.
+Value must be non-negative integer. The value zero indicates no waiting.
+If this value is nil, the default value (600) will be used.
+ Shape specifies the points defining the score function shape, which is
+used to score nodes based on the utilization of statically provisioned
+PVs. The utilization is calculated by dividing the total requested
+storage of the pod by the total capacity of feasible PVs on each node.
+Each point contains utilization (ranges from 0 to 100) and its
+associated score (ranges from 0 to 10). You can turn the priority by
+specifying different scores for different utilization numbers.
+The default shape points are:
+1) 0 for 0 utilization
+2) 10 for 100 utilization
+All points must be sorted in increasing order by utilization.
+
+
+
+
+
+
+
+
+## `Extender` {#kubescheduler-config-k8s-io-v1beta2-Extender}
+
+
+
+
+**Appears in:**
+
+- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
+
+
+Extender holds the parameters used to communicate with the extender. If a verb is unspecified/empty,
+it is assumed that the extender chose not to provide that extension.
+
+
+
Field
Description
+
+
+
+
+
urlPrefix[Required]
+string
+
+
+ URLPrefix at which the extender is available
+
+
+
+
filterVerb[Required]
+string
+
+
+ Verb for the filter call, empty if not supported. This verb is appended to the URLPrefix when issuing the filter call to extender.
+
+
+
+
preemptVerb[Required]
+string
+
+
+ Verb for the preempt call, empty if not supported. This verb is appended to the URLPrefix when issuing the preempt call to extender.
+
+
+
+
prioritizeVerb[Required]
+string
+
+
+ Verb for the prioritize call, empty if not supported. This verb is appended to the URLPrefix when issuing the prioritize call to extender.
+
+
+
+
weight[Required]
+int64
+
+
+ The numeric multiplier for the node scores that the prioritize call generates.
+The weight should be a positive integer
+
+
+
+
bindVerb[Required]
+string
+
+
+ Verb for the bind call, empty if not supported. This verb is appended to the URLPrefix when issuing the bind call to extender.
+If this method is implemented by the extender, it is the extender's responsibility to bind the pod to apiserver. Only one extender
+can implement this function.
+
+
+
+
enableHTTPS[Required]
+bool
+
+
+ EnableHTTPS specifies whether https should be used to communicate with the extender
+ HTTPTimeout specifies the timeout duration for a call to the extender. Filter timeout fails the scheduling of the pod. Prioritize
+timeout is ignored, k8s/other extenders priorities are used to select the node.
+
+
+
+
nodeCacheCapable[Required]
+bool
+
+
+ NodeCacheCapable specifies that the extender is capable of caching node information,
+so the scheduler should only send minimal information about the eligible nodes
+assuming that the extender already cached full details of all nodes in the cluster
+ ManagedResources is a list of extended resources that are managed by
+this extender.
+- A pod will be sent to the extender on the Filter, Prioritize and Bind
+ (if the extender is the binder) phases iff the pod requests at least
+ one of the extended resources in this list. If empty or unspecified,
+ all pods will be sent to this extender.
+- If IgnoredByScheduler is set to true for a resource, kube-scheduler
+ will skip checking the resource in predicates.
+
+
+
+
ignorable[Required]
+bool
+
+
+ Ignorable specifies if the extender is ignorable, i.e. scheduling should not
+fail when the extender returns an error or is not reachable.
+ SchedulerName is the name of the scheduler associated to this profile.
+If SchedulerName matches with the pod's "spec.schedulerName", then the pod
+is scheduled with this profile.
+ Plugins specify the set of plugins that should be enabled or disabled.
+Enabled plugins are the ones that should be enabled in addition to the
+default plugins. Disabled plugins are any of the default plugins that
+should be disabled.
+When no enabled or disabled plugin is specified for an extension point,
+default plugins for that extension point will be used if there is any.
+If a QueueSort plugin is specified, the same QueueSort Plugin and
+PluginConfig must be specified for all profiles.
+ PluginConfig is an optional set of custom plugin arguments for each plugin.
+Omitting config args for a plugin is equivalent to using the default config
+for that plugin.
+
+
+
+
+
+
+
+
+## `Plugin` {#kubescheduler-config-k8s-io-v1beta2-Plugin}
+
+
+
+
+**Appears in:**
+
+- [PluginSet](#kubescheduler-config-k8s-io-v1beta2-PluginSet)
+
+
+Plugin specifies a plugin name and its weight when applicable. Weight is used only for Score plugins.
+
+
+
Field
Description
+
+
+
+
+
name[Required]
+string
+
+
+ Name defines the name of plugin
+
+
+
+
weight[Required]
+int32
+
+
+ Weight defines the weight of plugin, only used for Score plugins.
+
+
+
+
+
+
+
+
+## `PluginConfig` {#kubescheduler-config-k8s-io-v1beta2-PluginConfig}
+
+
+
+
+**Appears in:**
+
+- [KubeSchedulerProfile](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerProfile)
+
+
+PluginConfig specifies arguments that should be passed to a plugin at the time of initialization.
+A plugin that is invoked at multiple extension points is initialized once. Args can have arbitrary structure.
+It is up to the plugin to process these Args.
+
+
+
Field
Description
+
+
+
+
+
name[Required]
+string
+
+
+ Name defines the name of plugin being configured
+ Args defines the arguments passed to the plugins at the time of initialization. Args can have arbitrary structure.
+
+
+
+
+
+
+
+
+## `PluginSet` {#kubescheduler-config-k8s-io-v1beta2-PluginSet}
+
+
+
+
+**Appears in:**
+
+- [Plugins](#kubescheduler-config-k8s-io-v1beta2-Plugins)
+
+
+PluginSet specifies enabled and disabled plugins for an extension point.
+If an array is empty, missing, or nil, default plugins at that extension point will be used.
+
+
+ Enabled specifies plugins that should be enabled in addition to default plugins.
+If the default plugin is also configured in the scheduler config file, the weight of plugin will
+be overridden accordingly.
+These are called after default plugins and in the same order specified here.
+ Disabled specifies default plugins that should be disabled.
+When all default plugins need to be disabled, an array containing only one "∗" should be provided.
+
+
+
+
+
+
+
+
+## `Plugins` {#kubescheduler-config-k8s-io-v1beta2-Plugins}
+
+
+
+
+**Appears in:**
+
+- [KubeSchedulerProfile](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerProfile)
+
+
+Plugins include multiple extension points. When specified, the list of plugins for
+a particular extension point are the only ones enabled. If an extension point is
+omitted from the config, then the default set of plugins is used for that extension point.
+Enabled plugins are called in the order specified here, after default plugins. If they need to
+be invoked before default plugins, default plugins must be disabled and re-enabled here in desired order.
+
+
+ Bind is a list of plugins that should be invoked at "Bind" extension point of the scheduling framework.
+The scheduler call these plugins in order. Scheduler skips the rest of these plugins as soon as one returns success.
+ Resources to consider when scoring.
+The default resource set includes "cpu" and "memory" with an equal weight.
+Allowed weights go from 1 to 100.
+Weight defaults to 1 if not specified or explicitly set to 0.
+ Holds the information to communicate with the extender(s)
+
+
+
+
hardPodAffinitySymmetricWeight[Required]
+int32
+
+
+ RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule
+corresponding to every RequiredDuringScheduling affinity rule.
+HardPodAffinitySymmetricWeight represents the weight of implicit PreferredDuringScheduling affinity rule, in the range 1-100.
+
+
+
+
alwaysCheckAllPredicates[Required]
+bool
+
+
+ When AlwaysCheckAllPredicates is set to true, scheduler checks all
+the configured predicates even after one or more of them fails.
+When the flag is set to false, scheduler skips checking the rest
+of the predicates after it finds one predicate that failed.
+
+
+
+
+
+
+
+
+## `ExtenderManagedResource` {#kubescheduler-config-k8s-io-v1-ExtenderManagedResource}
+
+
+
+
+**Appears in:**
+
+- [Extender](#kubescheduler-config-k8s-io-v1beta2-Extender)
+
+- [LegacyExtender](#kubescheduler-config-k8s-io-v1-LegacyExtender)
+
+
+ExtenderManagedResource describes the arguments of extended resources
+managed by an extender.
+
+
+
Field
Description
+
+
+
+
+
name[Required]
+string
+
+
+ Name is the extended resource name.
+
+
+
+
ignoredByScheduler[Required]
+bool
+
+
+ IgnoredByScheduler indicates whether kube-scheduler should ignore this
+resource when applying predicates.
+ Server should be accessed without verifying the TLS certificate. For testing only.
+
+
+
+
serverName[Required]
+string
+
+
+ ServerName is passed to the server for SNI and is used in the client to check server
+certificates against. If ServerName is empty, the hostname used to contact the
+server is used.
+
+
+
+
certFile[Required]
+string
+
+
+ Server requires TLS client certificate authentication
+
+
+
+
keyFile[Required]
+string
+
+
+ Server requires TLS client certificate authentication
+
+
+
+
caFile[Required]
+string
+
+
+ Trusted root certificates for server
+
+
+
+
certData[Required]
+[]byte
+
+
+ CertData holds PEM-encoded bytes (typically read from a client certificate file).
+CertData takes precedence over CertFile
+
+
+
+
keyData[Required]
+[]byte
+
+
+ KeyData holds PEM-encoded bytes (typically read from a client certificate key file).
+KeyData takes precedence over KeyFile
+
+
+
+
caData[Required]
+[]byte
+
+
+ CAData holds PEM-encoded bytes (typically read from a root certificates bundle).
+CAData takes precedence over CAFile
+
+
+
+
+
+
+
+
+## `LabelPreference` {#kubescheduler-config-k8s-io-v1-LabelPreference}
+
+
+
+
+**Appears in:**
+
+- [PriorityArgument](#kubescheduler-config-k8s-io-v1-PriorityArgument)
+
+
+LabelPreference holds the parameters that are used to configure the corresponding priority function
+
+
+
Field
Description
+
+
+
+
+
label[Required]
+string
+
+
+ Used to identify node "groups"
+
+
+
+
presence[Required]
+bool
+
+
+ This is a boolean flag
+If true, higher priority is given to nodes that have the label
+If false, higher priority is given to nodes that do not have the label
+
+
+
+
+
+
+
+
+## `LabelsPresence` {#kubescheduler-config-k8s-io-v1-LabelsPresence}
+
+
+
+
+**Appears in:**
+
+- [PredicateArgument](#kubescheduler-config-k8s-io-v1-PredicateArgument)
+
+
+LabelsPresence holds the parameters that are used to configure the corresponding predicate in scheduler policy configuration.
+
+
+
Field
Description
+
+
+
+
+
labels[Required]
+[]string
+
+
+ The list of labels that identify node "groups"
+All of the labels should be either present (or absent) for the node to be considered a fit for hosting the pod
+
+
+
+
presence[Required]
+bool
+
+
+ The boolean flag that indicates whether the labels should be present or absent from the node
+
+
+
+
+
+
+
+
+## `LegacyExtender` {#kubescheduler-config-k8s-io-v1-LegacyExtender}
+
+
+
+
+**Appears in:**
+
+- [Policy](#kubescheduler-config-k8s-io-v1-Policy)
+
+
+LegacyExtender holds the parameters used to communicate with the extender. If a verb is unspecified/empty,
+it is assumed that the extender chose not to provide that extension.
+
+
+
Field
Description
+
+
+
+
+
urlPrefix[Required]
+string
+
+
+ URLPrefix at which the extender is available
+
+
+
+
filterVerb[Required]
+string
+
+
+ Verb for the filter call, empty if not supported. This verb is appended to the URLPrefix when issuing the filter call to extender.
+
+
+
+
preemptVerb[Required]
+string
+
+
+ Verb for the preempt call, empty if not supported. This verb is appended to the URLPrefix when issuing the preempt call to extender.
+
+
+
+
prioritizeVerb[Required]
+string
+
+
+ Verb for the prioritize call, empty if not supported. This verb is appended to the URLPrefix when issuing the prioritize call to extender.
+
+
+
+
weight[Required]
+int64
+
+
+ The numeric multiplier for the node scores that the prioritize call generates.
+The weight should be a positive integer
+
+
+
+
bindVerb[Required]
+string
+
+
+ Verb for the bind call, empty if not supported. This verb is appended to the URLPrefix when issuing the bind call to extender.
+If this method is implemented by the extender, it is the extender's responsibility to bind the pod to apiserver. Only one extender
+can implement this function.
+
+
+
+
enableHttps[Required]
+bool
+
+
+ EnableHTTPS specifies whether https should be used to communicate with the extender
+ HTTPTimeout specifies the timeout duration for a call to the extender. Filter timeout fails the scheduling of the pod. Prioritize
+timeout is ignored, k8s/other extenders priorities are used to select the node.
+
+
+
+
nodeCacheCapable[Required]
+bool
+
+
+ NodeCacheCapable specifies that the extender is capable of caching node information,
+so the scheduler should only send minimal information about the eligible nodes
+assuming that the extender already cached full details of all nodes in the cluster
+ ManagedResources is a list of extended resources that are managed by
+this extender.
+- A pod will be sent to the extender on the Filter, Prioritize and Bind
+ (if the extender is the binder) phases iff the pod requests at least
+ one of the extended resources in this list. If empty or unspecified,
+ all pods will be sent to this extender.
+- If IgnoredByScheduler is set to true for a resource, kube-scheduler
+ will skip checking the resource in predicates.
+
+
+
+
ignorable[Required]
+bool
+
+
+ Ignorable specifies if the extender is ignorable, i.e. scheduling should not
+fail when the extender returns an error or is not reachable.
+
+
+
+
+
+
+
+
+## `PredicateArgument` {#kubescheduler-config-k8s-io-v1-PredicateArgument}
+
+
+
+
+**Appears in:**
+
+- [PredicatePolicy](#kubescheduler-config-k8s-io-v1-PredicatePolicy)
+
+
+PredicateArgument represents the arguments to configure predicate functions in scheduler policy configuration.
+Only one of its members may be specified
+
+
+ The predicate that checks whether a particular node has a certain label
+defined or not, regardless of value
+
+
+
+
+
+
+
+
+## `PredicatePolicy` {#kubescheduler-config-k8s-io-v1-PredicatePolicy}
+
+
+
+
+**Appears in:**
+
+- [Policy](#kubescheduler-config-k8s-io-v1-Policy)
+
+
+PredicatePolicy describes a struct of a predicate policy.
+
+
+
Field
Description
+
+
+
+
+
name[Required]
+string
+
+
+ Identifier of the predicate policy
+For a custom predicate, the name can be user-defined
+For the Kubernetes provided predicates, the name is the identifier of the pre-defined predicate
+ Holds the parameters to configure the given predicate
+
+
+
+
+
+
+
+
+## `PriorityArgument` {#kubescheduler-config-k8s-io-v1-PriorityArgument}
+
+
+
+
+**Appears in:**
+
+- [PriorityPolicy](#kubescheduler-config-k8s-io-v1-PriorityPolicy)
+
+
+PriorityArgument represents the arguments to configure priority functions in scheduler policy configuration.
+Only one of its members may be specified
+
+
+ The priority function that ensures a good spread (anti-affinity) for pods belonging to a service
+It uses a label to identify nodes that belong to the same "group"
+ The RequestedToCapacityRatio priority function is parametrized with function shape.
+
+
+
+
+
+
+
+
+## `PriorityPolicy` {#kubescheduler-config-k8s-io-v1-PriorityPolicy}
+
+
+
+
+**Appears in:**
+
+- [Policy](#kubescheduler-config-k8s-io-v1-Policy)
+
+
+PriorityPolicy describes a struct of a priority policy.
+
+
+
Field
Description
+
+
+
+
+
name[Required]
+string
+
+
+ Identifier of the priority policy
+For a custom priority, the name can be user-defined
+For the Kubernetes provided priority functions, the name is the identifier of the pre-defined priority function
+
+
+
+
weight[Required]
+int64
+
+
+ The numeric multiplier for the node scores that the priority function generates
+The weight should be non-zero and can be a positive or a negative integer
+
+
+
+## `ResourceSpec` {#kubescheduler-config-k8s-io-v1-ResourceSpec}
+
+
+
+
+**Appears in:**
+
+- [RequestedToCapacityRatioArguments](#kubescheduler-config-k8s-io-v1-RequestedToCapacityRatioArguments)
+
+
+ResourceSpec represents single resource and weight for bin packing of priority RequestedToCapacityRatioArguments.
+
+
+
Field
Description
+
+
+
+
+
name[Required]
+string
+
+
+ Name of the resource to be managed by RequestedToCapacityRatio function.
+
+
+
+
weight[Required]
+int64
+
+
+ Weight of the resource.
+
+
+
+
+
+
+
+
+## `ServiceAffinity` {#kubescheduler-config-k8s-io-v1-ServiceAffinity}
+
+
+
+
+**Appears in:**
+
+- [PredicateArgument](#kubescheduler-config-k8s-io-v1-PredicateArgument)
+
+
+ServiceAffinity holds the parameters that are used to configure the corresponding predicate in scheduler policy configuration.
+
+
+
Field
Description
+
+
+
+
+
labels[Required]
+[]string
+
+
+ The list of labels that identify node "groups"
+All of the labels should match for the node to be considered a fit for hosting the pod
+
+
+
+
+
+
+
+
+## `ServiceAntiAffinity` {#kubescheduler-config-k8s-io-v1-ServiceAntiAffinity}
+
+
+
+
+**Appears in:**
+
+- [PriorityArgument](#kubescheduler-config-k8s-io-v1-PriorityArgument)
+
+
+ServiceAntiAffinity holds the parameters that are used to configure the corresponding priority function
+
+
+
Field
Description
+
+
+
+
+
label[Required]
+string
+
+
+ Used to identify node "groups"
+
+
+
+
+
+
+
+
+## `UtilizationShapePoint` {#kubescheduler-config-k8s-io-v1-UtilizationShapePoint}
+
+
+
+
+**Appears in:**
+
+- [RequestedToCapacityRatioArguments](#kubescheduler-config-k8s-io-v1-RequestedToCapacityRatioArguments)
+
+
+UtilizationShapePoint represents single point of priority function shape.
+
+
+
Field
Description
+
+
+
+
+
utilization[Required]
+int32
+
+
+ Utilization (x axis). Valid values are 0 to 100. Fully utilized node maps to 100.
+
+
+
+
score[Required]
+int32
+
+
+ Score assigned to given utilization (y axis). Valid values are 0 to 10.
+
+
+
+
+
+
+
diff --git a/content/en/docs/reference/config-api/kube-scheduler-policy-config.v1.md b/content/en/docs/reference/config-api/kube-scheduler-policy-config.v1.md
index e694f7ecbc..8b6c0a9a24 100644
--- a/content/en/docs/reference/config-api/kube-scheduler-policy-config.v1.md
+++ b/content/en/docs/reference/config-api/kube-scheduler-policy-config.v1.md
@@ -89,7 +89,7 @@ of the predicates after it finds one predicate that failed.
**Appears in:**
-- [Extender](#kubescheduler-config-k8s-io-v1beta1-Extender)
+- [Extender](#kubescheduler-config-k8s-io-v1beta2-Extender)
- [LegacyExtender](#kubescheduler-config-k8s-io-v1-LegacyExtender)
@@ -132,7 +132,7 @@ resource when applying predicates.
**Appears in:**
-- [Extender](#kubescheduler-config-k8s-io-v1beta1-Extender)
+- [Extender](#kubescheduler-config-k8s-io-v1beta2-Extender)
- [LegacyExtender](#kubescheduler-config-k8s-io-v1-LegacyExtender)
diff --git a/content/en/docs/reference/config-api/kubeadm-config.v1beta2.md b/content/en/docs/reference/config-api/kubeadm-config.v1beta2.md
new file mode 100644
index 0000000000..77595b4599
--- /dev/null
+++ b/content/en/docs/reference/config-api/kubeadm-config.v1beta2.md
@@ -0,0 +1,1489 @@
+---
+title: kubeadm Configuration (v1beta2)
+content_type: tool-reference
+package: kubeadm.k8s.io/v1beta2
+auto_generated: true
+---
+Package v1beta2 defines the v1beta2 version of the kubeadm configuration file format.
+This version improves on the v1beta1 format by fixing some minor issues and adding a few new fields.
+
+A list of changes since v1beta1:
+
+- `certificateKey" field is added to InitConfiguration and JoinConfiguration.
+- "ignorePreflightErrors" field is added to the NodeRegistrationOptions.
+- The JSON "omitempty" tag is used in a more places where appropriate.
+- The JSON "omitempty" tag of the "taints" field (inside NodeRegistrationOptions) is removed.
+See the Kubernetes 1.15 changelog for further details.
+
+## Migration from old kubeadm config versions
+
+Please convert your v1beta1 configuration files to v1beta2 using the "kubeadm config migrate" command of kubeadm v1.15.x
+(conversion from older releases of kubeadm config files requires older release of kubeadm as well e.g.
+
+- kubeadm v1.11 should be used to migrate v1alpha1 to v1alpha2; kubeadm v1.12 should be used to translate v1alpha2 to v1alpha3;
+- kubeadm v1.13 or v1.14 should be used to translate v1alpha3 to v1beta1)
+
+Nevertheless, kubeadm v1.15.x will support reading from v1beta1 version of the kubeadm config file format.
+
+## Basics
+
+The preferred way to configure kubeadm is to pass an YAML configuration file with the --config option. Some of the
+configuration options defined in the kubeadm config file are also available as command line flags, but only
+the most common/simple use case are supported with this approach.
+
+A kubeadm config file could contain multiple configuration types separated using three dashes (“---”).
+
+kubeadm supports the following configuration types:
+
+```yaml
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: InitConfiguration
+
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: ClusterConfiguration
+
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+kind: KubeProxyConfiguration
+
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: JoinConfiguration
+```
+
+To print the defaults for "init" and "join" actions use the following commands:
+
+```shell
+kubeadm config print init-defaults
+kubeadm config print join-defaults
+```
+
+The list of configuration types that must be included in a configuration file depends by the action you are
+performing (init or join) and by the configuration options you are going to use (defaults or advanced customization).
+
+If some configuration types are not provided, or provided only partially, kubeadm will use default values; defaults
+provided by kubeadm includes also enforcing consistency of values across components when required (e.g.
+cluster-cidr flag on controller manager and clusterCIDR on kube-proxy).
+
+Users are always allowed to override default values, with the only exception of a small subset of setting with
+relevance for security (e.g. enforce authorization-mode Node and RBAC on api server)
+
+If the user provides a configuration types that is not expected for the action you are performing, kubeadm will
+ignore those types and print a warning.
+
+## Kubeadm init configuration types
+
+When executing kubeadm init with the `--config` option, the following configuration types could be used:
+InitConfiguration, ClusterConfiguration, KubeProxyConfiguration, KubeletConfiguration, but only one
+between InitConfiguration and ClusterConfiguration is mandatory.
+
+```yaml
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: InitConfiguration
+bootstrapTokens:
+ ...
+nodeRegistration:
+ ...
+```
+
+The InitConfiguration type should be used to configure runtime settings, that in case of kubeadm init
+are the configuration of the bootstrap token and all the setting which are specific to the node where kubeadm
+is executed, including:
+
+- NodeRegistration, that holds fields that relate to registering the new node to the cluster;
+ use it to customize the node name, the CRI socket to use or any other settings that should apply to this
+ node only (e.g. the node ip).
+
+- LocalAPIEndpoint, that represents the endpoint of the instance of the API server to be deployed on this node;
+ use it e.g. to customize the API server advertise address.
+
+ ```yaml
+ apiVersion: kubeadm.k8s.io/v1beta2
+ kind: ClusterConfiguration
+ networking:
+ ...
+ etcd:
+ ...
+ apiServer:
+ extraArgs:
+ ...
+ extraVolumes:
+ ...
+ ```
+
+The ClusterConfiguration type should be used to configure cluster-wide settings,
+including settings for:
+
+- Networking, that holds configuration for the networking topology of the cluster; use it e.g. to customize
+ pod subnet or services subnet.
+- Etcd configurations; use it e.g. to customize the local etcd or to configure the API server
+ for using an external etcd cluster.
+- kube-apiserver, kube-scheduler, kube-controller-manager configurations; use it to customize control-plane
+ components by adding customized setting or overriding kubeadm default settings.
+
+ ```yaml
+ apiVersion: kubeproxy.config.k8s.io/v1alpha1
+ kind: KubeProxyConfiguration
+ ...
+ ```
+
+The KubeProxyConfiguration type should be used to change the configuration passed to kube-proxy instances deployed
+in the cluster. If this object is not provided or provided only partially, kubeadm applies defaults.
+
+See https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ or https://godoc.org/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration
+for kube proxy official documentation.
+
+```yaml
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+...
+```
+
+The KubeletConfiguration type should be used to change the configurations that will be passed to all kubelet instances
+deployed in the cluster. If this object is not provided or provided only partially, kubeadm applies defaults.
+
+See https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/ or https://godoc.org/k8s.io/kubelet/config/v1beta1#KubeletConfiguration
+for kubelet official documentation.
+
+Here is a fully populated example of a single YAML file containing multiple
+configuration types to be used during a `kubeadm init` run.
+
+```yaml
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: InitConfiguration
+bootstrapTokens:
+ - token: "9a08jv.c0izixklcxtmnze7"
+ description: "kubeadm bootstrap token"
+ ttl: "24h"
+ - token: "783bde.3f89s0fje9f38fhf"
+ description: "another bootstrap token"
+ usages:
+ - authentication
+ - signing
+ groups:
+ - system:bootstrappers:kubeadm:default-node-token
+nodeRegistration:
+ name: "ec2-10-100-0-1"
+ criSocket: "/var/run/dockershim.sock"
+ taints:
+ - key: "kubeadmNode"
+ value: "master"
+ effect: "NoSchedule"
+ kubeletExtraArgs:
+ cgroup-driver: "cgroupfs"
+ ignorePreflightErrors:
+ - IsPrivilegedUser
+localAPIEndpoint:
+ advertiseAddress: "10.100.0.1"
+ bindPort: 6443
+certificateKey: "e6a2eb8581237ab72a4f494f30285ec12a9694d750b9785706a83bfcbbbd2204"
+---
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: ClusterConfiguration
+etcd:
+ # one of local or external
+ local:
+ imageRepository: "k8s.gcr.io"
+ imageTag: "3.2.24"
+ dataDir: "/var/lib/etcd"
+ extraArgs:
+ listen-client-urls: "http://10.100.0.1:2379"
+ serverCertSANs:
+ - "ec2-10-100-0-1.compute-1.amazonaws.com"
+ peerCertSANs:
+ - "10.100.0.1"
+ # external:
+ # endpoints:
+ # - "10.100.0.1:2379"
+ # - "10.100.0.2:2379"
+ # caFile: "/etcd/kubernetes/pki/etcd/etcd-ca.crt"
+ # certFile: "/etcd/kubernetes/pki/etcd/etcd.crt"
+ # keyFile: "/etcd/kubernetes/pki/etcd/etcd.key"
+ networking:
+ serviceSubnet: "10.96.0.0/12"
+ podSubnet: "10.100.0.1/24"
+ dnsDomain: "cluster.local"
+ kubernetesVersion: "v1.12.0"
+ controlPlaneEndpoint: "10.100.0.1:6443"
+ apiServer:
+ extraArgs:
+ authorization-mode: "Node,RBAC"
+ extraVolumes:
+ - name: "some-volume"
+ hostPath: "/etc/some-path"
+ mountPath: "/etc/some-pod-path"
+ readOnly: false
+ pathType: File
+ certSANs:
+ - "10.100.1.1"
+ - "ec2-10-100-0-1.compute-1.amazonaws.com"
+ timeoutForControlPlane: 4m0s
+ controllerManager:
+ extraArgs:
+ "node-cidr-mask-size": "20"
+ extraVolumes:
+ - name: "some-volume"
+ hostPath: "/etc/some-path"
+ mountPath: "/etc/some-pod-path"
+ readOnly: false
+ pathType: File
+ scheduler:
+ extraArgs:
+ address: "10.100.0.1"
+ extraVolumes:
+ - name: "some-volume"
+ hostPath: "/etc/some-path"
+ mountPath: "/etc/some-pod-path"
+ readOnly: false
+ pathType: File
+certificatesDir: "/etc/kubernetes/pki"
+imageRepository: "k8s.gcr.io"
+useHyperKubeImage: false
+clusterName: "example-cluster"
+---
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+# kubelet specific options here
+---
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+kind: KubeProxyConfiguration
+# kube-proxy specific options here
+```
+
+## Kubeadm join configuration types
+
+When executing kubeadm join with the `--config` option, the JoinConfiguration type should be provided.
+
+```yaml
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: JoinConfiguration
+...
+```
+
+The JoinConfiguration type should be used to configure runtime settings, that in case of kubeadm join
+are the discovery method used for accessing the cluster info and all the setting which are specific
+to the node where kubeadm is executed, including:
+
+- NodeRegistration, that holds fields that relate to registering the new node to the cluster;
+ use it to customize the node name, the CRI socket to use or any other settings that should apply to this
+ node only (e.g. the node ip).
+
+- APIEndpoint, that represents the endpoint of the instance of the API server to be eventually deployed on this node.
+
+## Resource Types
+
+
+- [ClusterConfiguration](#kubeadm-k8s-io-v1beta2-ClusterConfiguration)
+- [ClusterStatus](#kubeadm-k8s-io-v1beta2-ClusterStatus)
+- [InitConfiguration](#kubeadm-k8s-io-v1beta2-InitConfiguration)
+- [JoinConfiguration](#kubeadm-k8s-io-v1beta2-JoinConfiguration)
+
+
+
+
+## `ClusterConfiguration` {#kubeadm-k8s-io-v1beta2-ClusterConfiguration}
+
+
+
+
+
+ClusterConfiguration contains cluster-wide configuration for a kubeadm cluster
+
+
+ `networking` holds configuration for the networking topology of the cluster.
+
+
+
+
kubernetesVersion[Required]
+string
+
+
+ `kubernetesVersion` is the target version of the control plane.
+
+
+
+
controlPlaneEndpoint[Required]
+string
+
+
+ `controlPlaneEndpoint` sets a stable IP address or DNS name for the control plane; it
+can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
+In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort
+are used; in case the ControlPlaneEndpoint is specified but without a TCP port,
+the BindPort is used.
+Possible usages are:
+
+- In a cluster with more than one control plane instances, this field should be
+ assigned the address of the external load balancer in front of the
+ control plane instances.
+- In environments with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the control plane.
+ `certificatesDir` specifies where to store or look for all required certificates.
+
+
+
+
imageRepository[Required]
+string
+
+
+ `imageRepository` sets the container registry to pull images from.
+If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is
+a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+`gcr.io/k8s-staging-ci-images` will be used as a default for control plane
+components and for kube-proxy, while `k8s.gcr.io` will be used for all the other images.
+
+
+
+
useHyperKubeImage[Required]
+bool
+
+
+ `useHyperKubeImage` controls if hyperkube should be used for Kubernetes
+components instead of their respective separate images
+DEPRECATED: As hyperkube is itself deprecated, this fields is too. It will
+be removed in future kubeadm config versions, kubeadm will print multiple
+warnings when this is set to true, and at some point it may become ignored.
+
+
+
+
featureGates[Required]
+map[string]bool
+
+
+ Feature gates enabled by the user.
+
+
+
+
clusterName[Required]
+string
+
+
+ The cluster name
+
+
+
+
+
+
+
+
+## `ClusterStatus` {#kubeadm-k8s-io-v1beta2-ClusterStatus}
+
+
+
+
+
+ClusterStatus contains the cluster status. The ClusterStatus will be stored in the kubeadm-config
+ConfigMap in the cluster, and then updated by kubeadm when additional control plane instance joins or leaves the cluster.
+
+
+ `apiEndpoints` currently available in the cluster, one for each control
+plane/API server instance. The key of the map is the IP of the host's default interface
+
+
+
+
+
+
+
+
+## `InitConfiguration` {#kubeadm-k8s-io-v1beta2-InitConfiguration}
+
+
+
+
+
+InitConfiguration contains a list of elements that is specific "kubeadm init"-only runtime
+information.
+
+
+ `bootstrapTokens` is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
+This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature
+ `localAPIEndpoint` represents the endpoint of the API server instance that's deployed on this control plane node
+In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
+is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
+configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
+on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
+fails you may set the desired value here.
+
+
+
+
certificateKey[Required]
+string
+
+
+ `certificateKey` sets the key with which certificates and keys are encrypted prior to being uploaded in
+a Secret in the cluster during the "uploadcerts" init phase.
+
+
+
+
+
+
+
+
+## `JoinConfiguration` {#kubeadm-k8s-io-v1beta2-JoinConfiguration}
+
+
+
+
+
+JoinConfiguration contains elements describing a particular node.
+
+
+ `nodeRegistration` holds fields that relate to registering the new control-plane
+node to the cluster
+
+
+
+
caCertPath[Required]
+string
+
+
+ `caCertPath` is the path to the SSL certificate authority used to
+secure comunications between node and control-plane.
+Defaults to "/etc/kubernetes/pki/ca.crt".
+ `controlPlane` defines the additional control plane instance to be deployed on the
+joining node. If nil, no additional control plane instance will be deployed.
+
+
+
+
+
+
+
+
+## `APIEndpoint` {#kubeadm-k8s-io-v1beta2-APIEndpoint}
+
+
+
+
+**Appears in:**
+
+- [ClusterStatus](#kubeadm-k8s-io-v1beta2-ClusterStatus)
+
+- [InitConfiguration](#kubeadm-k8s-io-v1beta2-InitConfiguration)
+
+- [JoinControlPlane](#kubeadm-k8s-io-v1beta2-JoinControlPlane)
+
+
+APIEndpoint struct contains elements of API server instance deployed on a node.
+
+
+
Field
Description
+
+
+
+
+
advertiseAddress[Required]
+string
+
+
+ `advertiseAddress` sets the IP address for the API server to advertise.
+
+
+
+
bindPort[Required]
+int32
+
+
+ `bindPort` sets the secure port for the API Server to bind to. Defaults to 6443.
+
+
+
+
+
+
+
+
+## `APIServer` {#kubeadm-k8s-io-v1beta2-APIServer}
+
+
+
+
+**Appears in:**
+
+- [ClusterConfiguration](#kubeadm-k8s-io-v1beta2-ClusterConfiguration)
+
+
+APIServer holds settings necessary for API server deployments in the cluster
+
+
+ `expires` specifies the timestamp when this token expires. Defaults to being set
+dynamically at runtime based on the `ttl`. `expires` and `ttl` are mutually exclusive.
+
+
+
+
usages[Required]
+[]string
+
+
+ `usages` describes the ways in which this token can be used. Can by default be used
+for establishing bidirectional trust, but that can be changed here.
+
+
+
+
groups[Required]
+[]string
+
+
+ `groups` specifies the extra groups that this token will authenticate as when/if
+used for authentication
+
+
+
+
+
+
+
+
+## `BootstrapTokenDiscovery` {#kubeadm-k8s-io-v1beta2-BootstrapTokenDiscovery}
+
+
+
+
+**Appears in:**
+
+- [Discovery](#kubeadm-k8s-io-v1beta2-Discovery)
+
+
+BootstrapTokenDiscovery is used to set the options for bootstrap token based discovery
+
+
+
Field
Description
+
+
+
+
+
token[Required]
+string
+
+
+ `token` is a token used to validate cluster information fetched from the control-plane.
+
+
+
+
apiServerEndpoint[Required]
+string
+
+
+ `apiServerEndpoint` is an IP or domain name to the API server from which
+information will be fetched.
+
+
+
+
caCertHashes[Required]
+[]string
+
+
+ discovery is used. The root CA found during discovery must match one of these
+values. Specifying an empty set disables root CA pinning, which can be unsafe.
+Each hash is specified as `:`, where the only currently supported
+type is "sha256". This is a hex-encoded SHA-256 hash of the Subject Public Key
+Info (SPKI) object in DER-encoded ASN.1. These hashes can be calculated using,
+for example, OpenSSL.
+
+
+
+
unsafeSkipCAVerification[Required]
+bool
+
+
+ `unsafeSkipCAVerification` allows token-based discovery without CA verification
+via `caCertHashes`. This can weaken the security of kubeadm since other nodes
+can impersonate the control-plane.
+
+
+
+
+
+
+
+
+## `BootstrapTokenString` {#kubeadm-k8s-io-v1beta2-BootstrapTokenString}
+
+
+
+
+**Appears in:**
+
+- [BootstrapToken](#kubeadm-k8s-io-v1beta2-BootstrapToken)
+
+
+BootstrapTokenString is a token of the format abcdef.abcdef0123456789 that is used
+for both validation of the practically of the API server from a joining node's point
+of view and as an authentication method for the node in the bootstrap phase of
+"kubeadm join". This token is and should be short-lived
+
+
+
Field
Description
+
+
+
+
+
-[Required]
+string
+
+
+ No description provided.
+
+
+
+
+
-[Required]
+string
+
+
+ No description provided.
+
+
+
+
+
+
+
+
+
+## `ControlPlaneComponent` {#kubeadm-k8s-io-v1beta2-ControlPlaneComponent}
+
+
+
+
+**Appears in:**
+
+- [ClusterConfiguration](#kubeadm-k8s-io-v1beta2-ClusterConfiguration)
+
+- [APIServer](#kubeadm-k8s-io-v1beta2-APIServer)
+
+
+ControlPlaneComponent holds settings common to control plane component of the cluster
+
+
+
Field
Description
+
+
+
+
+
extraArgs[Required]
+map[string]string
+
+
+ `extraArgs` is an extra set of flags to pass to the control plane component.
+ `extraVolumes` is an extra set of host volumes, mounted to the control plane component.
+
+
+
+
+
+
+
+
+## `DNS` {#kubeadm-k8s-io-v1beta2-DNS}
+
+
+
+
+**Appears in:**
+
+- [ClusterConfiguration](#kubeadm-k8s-io-v1beta2-ClusterConfiguration)
+
+
+DNS defines the DNS addon that should be used in the cluster
+
+
+ `file` specifies a file or URL to a kubeconfig file from which to load cluster information.
+`bootstrapToken` and `file` are mutually exclusive.
+
+
+
+
tlsBootstrapToken[Required]
+string
+
+
+ `tlsBootstrapToken` is a token used for TLS bootstrapping.
+If `bootstrapToken` is set, this field is defaulted to `bootstrapToken.token`,
+but can be overridden.
+If `file` is set, this field ∗∗must be set∗∗ in case the KubeConfigFile does
+not contain any other authentication information
+ `external` describes how to connect to an external etcd cluster.
+`local` and `external` are mutually exclusive.
+
+
+
+
+
+
+
+
+## `ExternalEtcd` {#kubeadm-k8s-io-v1beta2-ExternalEtcd}
+
+
+
+
+**Appears in:**
+
+- [Etcd](#kubeadm-k8s-io-v1beta2-Etcd)
+
+
+ExternalEtcd describes an external etcd cluster.
+Kubeadm has no knowledge of where certificate files live and they must be supplied.
+
+
+
Field
Description
+
+
+
+
+
endpoints[Required]
+[]string
+
+
+ `endpoints` are endpoints of etcd members. This field is required.
+
+
+
+
caFile[Required]
+string
+
+
+ `caFile` is an SSL Certificate Authority file used to secure etcd communication.
+Required if using a TLS connection.
+
+
+
+
certFile[Required]
+string
+
+
+ `certFile` is an SSL certification file used to secure etcd communication.
+Required if using a TLS connection.
+
+
+
+
keyFile[Required]
+string
+
+
+ `keyFile` is an SSL key file used to secure etcd communication.
+Required if using a TLS connection.
+
+
+
+
+
+
+
+
+## `FileDiscovery` {#kubeadm-k8s-io-v1beta2-FileDiscovery}
+
+
+
+
+**Appears in:**
+
+- [Discovery](#kubeadm-k8s-io-v1beta2-Discovery)
+
+
+FileDiscovery is used to specify a file or URL to a kubeconfig file from which to load cluster information
+
+
+
Field
Description
+
+
+
+
+
kubeConfigPath[Required]
+string
+
+
+ `kubeConfigPath` specifies the actual file path or URL to the kubeconfig file
+from which to load cluster information
+
+
+
+
+
+
+
+
+## `HostPathMount` {#kubeadm-k8s-io-v1beta2-HostPathMount}
+
+
+
+
+**Appears in:**
+
+- [ControlPlaneComponent](#kubeadm-k8s-io-v1beta2-ControlPlaneComponent)
+
+
+HostPathMount contains elements describing volumes that are mounted from the host.
+
+
+
Field
Description
+
+
+
+
+
name[Required]
+string
+
+
+ `name` is the volume name inside the Pod template.
+
+
+
+
hostPath[Required]
+string
+
+
+ `hostPath` is the path in the host that will be mounted inside the Pod.
+
+
+
+
mountPath[Required]
+string
+
+
+ `mountPath` is the path inside the Pod where the `hostPath` volume is mounted.
+ `pathType` is the type of the `hostPath` volume.
+
+
+
+
+
+
+
+
+## `ImageMeta` {#kubeadm-k8s-io-v1beta2-ImageMeta}
+
+
+
+
+**Appears in:**
+
+- [DNS](#kubeadm-k8s-io-v1beta2-DNS)
+
+- [LocalEtcd](#kubeadm-k8s-io-v1beta2-LocalEtcd)
+
+
+ImageMeta allows to customize the image used for components that are not
+originated from the Kubernetes/Kubernetes release process
+
+
+
Field
Description
+
+
+
+
+
imageRepository[Required]
+string
+
+
+ `imageRepository` sets the container registry to pull images from.
+If not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+
+
+
+
imageTag[Required]
+string
+
+
+ `imageTag` allows to specify a tag for the image.
+In case this value is set, kubeadm does not change automatically the
+version of the above components during upgrades.
+
+
+
+
+
+
+
+
+## `JoinControlPlane` {#kubeadm-k8s-io-v1beta2-JoinControlPlane}
+
+
+
+
+**Appears in:**
+
+- [JoinConfiguration](#kubeadm-k8s-io-v1beta2-JoinConfiguration)
+
+
+JoinControlPlane contains elements describing an additional control plane instance to be deployed on the joining node.
+
+
+ `localAPIEndpoint` represents the endpoint of the API server instance to be deployed
+on this node.
+
+
+
+
certificateKey[Required]
+string
+
+
+ `certificateKey` is the key that is used for decryption of certificates after they
+are downloaded from the secret upon joining a new control plane node. The
+corresponding encryption key is in the InitConfiguration.
+
+
+
+
+
+
+
+
+## `LocalEtcd` {#kubeadm-k8s-io-v1beta2-LocalEtcd}
+
+
+
+
+**Appears in:**
+
+- [Etcd](#kubeadm-k8s-io-v1beta2-Etcd)
+
+
+LocalEtcd describes that kubeadm should run an etcd cluster locally
+
+
+ `serviceSubnet` is the subnet used by k8s services. Defaults to "10.96.0.0/12".
+
+
+
+
podSubnet[Required]
+string
+
+
+ `podSubnet` is the subnet used by Pods.
+
+
+
+
dnsDomain[Required]
+string
+
+
+ `dnsDomain` is the DNS domain used by k8s services. Defaults to "cluster.local".
+
+
+
+
+
+
+
+
+## `NodeRegistrationOptions` {#kubeadm-k8s-io-v1beta2-NodeRegistrationOptions}
+
+
+
+
+**Appears in:**
+
+- [InitConfiguration](#kubeadm-k8s-io-v1beta2-InitConfiguration)
+
+- [JoinConfiguration](#kubeadm-k8s-io-v1beta2-JoinConfiguration)
+
+
+NodeRegistrationOptions holds fields that relate to registering a new control-plane or node to the cluster, either via "kubeadm init" or "kubeadm join"
+
+
+
Field
Description
+
+
+
+
+
name[Required]
+string
+
+
+ `name` is the `.metadata.name` field of the Node API object that will be created in this
+`kubeadm init` or `kubeadm join` operation.
+This field is also used in the CommonName field of the kubelet's client certificate to the
+API server. Defaults to the hostname of the node if not provided.
+
+
+
+
criSocket[Required]
+string
+
+
+ `criSocket` is used to retrieve container runtime info. This information will be
+annotated to the Node API object, for later re-use.
+ `taints` specifies the taints the Node API object should be registered with. If
+this field is unset, i.e. nil, in the `kubeadm init` process, it will be defaulted
+to `['"node-role.kubernetes.io/master"=""']`. If you don't want to taint your
+control-plane node, set this field to an empty list, i.e. `taints: []` in the YAML
+file. This field is solely used for Node registration.
+
+
+
+
kubeletExtraArgs[Required]
+map[string]string
+
+
+ `kubeletExtraArgs` passes through extra arguments to the kubelet. The arguments here
+are passed to the kubelet command line via the environment file kubeadm writes at
+runtime for the kubelet to source. This overrides the generic base-level
+configuration in the "kubelet-config-1.X" ConfigMap. Flags have higher priority when
+parsing. These values are local and specific to the node kubeadm is executing on.
+
+
+
+
ignorePreflightErrors[Required]
+[]string
+
+
+ `ignorePreflightErrors` provides a slice of pre-flight errors to be ignored when
+the current node is registered.
+
+
+
+
+
+
+
diff --git a/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md b/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md
new file mode 100644
index 0000000000..5f73e8b3a8
--- /dev/null
+++ b/content/en/docs/reference/config-api/kubeadm-config.v1beta3.md
@@ -0,0 +1,1535 @@
+---
+title: kubeadm Configuration (v1beta3)
+content_type: tool-reference
+package: kubeadm.k8s.io/v1beta3
+auto_generated: true
+---
+Package v1beta3 defines the v1beta3 version of the kubeadm configuration file format.
+This version improves on the v1beta2 format by fixing some minor issues and adding a few new fields.
+
+A list of changes since v1beta2:
+
+- The deprecated `ClusterConfiguration.useHyperKubeImage` field has been removed.
+ Kubeadm no longer supports the hyperkube image.
+- The `ClusterConfiguration.dns.type` field has been removed since CoreDNS is the only supported
+ DNS server type by kubeadm.
+- Include "datapolicy" tags on the fields that hold secrets.
+ This would result in the field values to be omitted when API structures are printed with klog.
+- Add `InitConfiguration.skipPhases`, `JoinConfiguration.skipPhases` to allow skipping
+ a list of phases during kubeadm init/join command execution.
+- Add `InitConfiguration.nodeRegistration.imagePullPolicy" and
+ `JoinConfiguration.nodeRegistration.imagePullPolicy` to allow specifying
+ the images pull policy during kubeadm "init" and "join". The value must be
+ one of "Always", "Never" or "IfNotPresent". "IfNotPresent" is the default,
+ which has been the existing behavior prior to this addition.
+- Add `InitConfiguration.patches.directory`, `JoinConfiguration.patches.directory`
+ to allow the user to configure a directory from which to take patches for
+ components deployed by kubeadm.
+- Move the `BootstrapToken∗` API and related utilities out of the "kubeadm" API group
+ to a new group "bootstraptoken". The kubeadm API version v1beta3 no longer contains
+ the `BootstrapToken∗` structures.
+
+## Migration from old kubeadm config versions
+
+- kubeadm v1.15.x and newer can be used to migrate from the v1beta1 to v1beta2.
+- kubeadm v1.22.x no longer supports v1beta1 and older APIs, but can be used to migrate v1beta2 to v1beta3.
+
+## Basics
+
+The preferred way to configure kubeadm is to pass an YAML configuration file with the --config option. Some of the
+configuration options defined in the kubeadm config file are also available as command line flags, but only
+the most common/simple use case are supported with this approach.
+
+A kubeadm config file could contain multiple configuration types separated using three dashes (“---”).
+
+kubeadm supports the following configuration types:
+
+```yaml
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: InitConfiguration
+---
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: ClusterConfiguration
+---
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+---
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+kind: KubeProxyConfiguration
+---
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: JoinConfiguration
+```
+
+To print the defaults for "init" and "join" actions use the following commands:
+
+```shell
+kubeadm config print init-defaults
+kubeadm config print join-defaults
+```
+
+The list of configuration types that must be included in a configuration file depends by the action you are
+performing (init or join) and by the configuration options you are going to use (defaults or advanced customization).
+
+If some configuration types are not provided, or provided only partially, kubeadm will use default values; defaults
+provided by kubeadm includes also enforcing consistency of values across components when required (e.g.
+cluster-cidr flag on controller manager and clusterCIDR on kube-proxy).
+
+Users are always allowed to override default values, with the only exception of a small subset of setting with
+relevance for security (e.g. enforce authorization-mode Node and RBAC on api server)
+
+If the user provides a configuration types that is not expected for the action you are performing, kubeadm will
+ignore those types and print a warning.
+
+## Kubeadm init configuration types
+
+When executing kubeadm init with the `--config` option, the following configuration types could be used:
+InitConfiguration, ClusterConfiguration, KubeProxyConfiguration, KubeletConfiguration, but only one
+between InitConfiguration and ClusterConfiguration is mandatory.
+
+```yaml
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: InitConfiguration
+bootstrapTokens:
+ ...
+nodeRegistration:
+ ...
+```
+
+The InitConfiguration type should be used to configure runtime settings, that in case of kubeadm init
+are the configuration of the bootstrap token and all the setting which are specific to the node where kubeadm
+is executed, including:
+
+- NodeRegistration, that holds fields that relate to registering the new node to the cluster;
+ use it to customize the node name, the CRI socket to use or any other settings that should apply to this
+ node only (e.g. the node ip).
+
+- LocalAPIEndpoint, that represents the endpoint of the instance of the API server to be deployed on this node;
+ use it e.g. to customize the API server advertise address.
+
+ ```yaml
+ apiVersion: kubeadm.k8s.io/v1beta3
+ kind: ClusterConfiguration
+ networking:
+ ...
+ etcd:
+ ...
+ apiServer:
+ extraArgs:
+ ...
+ extraVolumes:
+ ...
+ ...
+ ```
+
+The ClusterConfiguration type should be used to configure cluster-wide settings,
+including settings for:
+
+- Networking, that holds configuration for the networking topology of the cluster; use it e.g. to customize
+ pod subnet or services subnet.
+- Etcd configurations; use it e.g. to customize the local etcd or to configure the API server
+ for using an external etcd cluster.
+- kube-apiserver, kube-scheduler, kube-controller-manager configurations; use it to customize control-plane
+ components by adding customized setting or overriding kubeadm default settings.
+
+ ```yaml
+ apiVersion: kubeproxy.config.k8s.io/v1alpha1
+ kind: KubeProxyConfiguration
+ ...
+ ```
+
+The KubeProxyConfiguration type should be used to change the configuration passed to kube-proxy instances deployed
+in the cluster. If this object is not provided or provided only partially, kubeadm applies defaults.
+
+See https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ or https://godoc.org/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration
+for kube proxy official documentation.
+
+```yaml
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+...
+```
+
+The KubeletConfiguration type should be used to change the configurations that will be passed to all kubelet instances
+deployed in the cluster. If this object is not provided or provided only partially, kubeadm applies defaults.
+
+See https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/ or https://godoc.org/k8s.io/kubelet/config/v1beta1#KubeletConfiguration
+for kubelet official documentation.
+
+Here is a fully populated example of a single YAML file containing multiple
+configuration types to be used during a `kubeadm init` run.
+
+```yaml
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: InitConfiguration
+bootstrapTokens:
+ - token: "9a08jv.c0izixklcxtmnze7"
+ description: "kubeadm bootstrap token"
+ ttl: "24h"
+ - token: "783bde.3f89s0fje9f38fhf"
+ description: "another bootstrap token"
+ usages:
+ - authentication
+ - signing
+ groups:
+ - system:bootstrappers:kubeadm:default-node-token
+nodeRegistration:
+ name: "ec2-10-100-0-1"
+ criSocket: "/var/run/dockershim.sock"
+ taints:
+ - key: "kubeadmNode"
+ value: "master"
+ effect: "NoSchedule"
+ kubeletExtraArgs:
+ v: 4
+ ignorePreflightErrors:
+ - IsPrivilegedUser
+ imagePullPolicy: "IfNotPresent"
+localAPIEndpoint:
+ advertiseAddress: "10.100.0.1"
+ bindPort: 6443
+certificateKey: "e6a2eb8581237ab72a4f494f30285ec12a9694d750b9785706a83bfcbbbd2204"
+skipPhases:
+ - add/kube-proxy
+---
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: ClusterConfiguration
+etcd:
+ # one of local or external
+ local:
+ imageRepository: "k8s.gcr.io"
+ imageTag: "3.2.24"
+ dataDir: "/var/lib/etcd"
+ extraArgs:
+ listen-client-urls: "http://10.100.0.1:2379"
+ serverCertSANs:
+ - "ec2-10-100-0-1.compute-1.amazonaws.com"
+ peerCertSANs:
+ - "10.100.0.1"
+ # external:
+ # endpoints:
+ # - "10.100.0.1:2379"
+ # - "10.100.0.2:2379"
+ # caFile: "/etcd/kubernetes/pki/etcd/etcd-ca.crt"
+ # certFile: "/etcd/kubernetes/pki/etcd/etcd.crt"
+ # keyFile: "/etcd/kubernetes/pki/etcd/etcd.key"
+networking:
+ serviceSubnet: "10.96.0.0/12"
+ podSubnet: "10.100.0.1/24"
+ dnsDomain: "cluster.local"
+kubernetesVersion: "v1.12.0"
+controlPlaneEndpoint: "10.100.0.1:6443"
+apiServer:
+ extraArgs:
+ authorization-mode: "Node,RBAC"
+ extraVolumes:
+ - name: "some-volume"
+ hostPath: "/etc/some-path"
+ mountPath: "/etc/some-pod-path"
+ readOnly: false
+ pathType: File
+ certSANs:
+ - "10.100.1.1"
+ - "ec2-10-100-0-1.compute-1.amazonaws.com"
+ timeoutForControlPlane: 4m0s
+controllerManager:
+ extraArgs:
+ "node-cidr-mask-size": "20"
+ extraVolumes:
+ - name: "some-volume"
+ hostPath: "/etc/some-path"
+ mountPath: "/etc/some-pod-path"
+ readOnly: false
+ pathType: File
+scheduler:
+ extraArgs:
+ address: "10.100.0.1"
+ extraVolumes:
+ - name: "some-volume"
+ hostPath: "/etc/some-path"
+ mountPath: "/etc/some-pod-path"
+ readOnly: false
+ pathType: File
+certificatesDir: "/etc/kubernetes/pki"
+imageRepository: "k8s.gcr.io"
+clusterName: "example-cluster"
+---
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+# kubelet specific options here
+---
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+kind: KubeProxyConfiguration
+# kube-proxy specific options here
+```
+
+## Kubeadm join configuration types
+
+When executing kubeadm join with the `--config` option, the JoinConfiguration type should be provided.
+
+```yaml
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: JoinConfiguration
+...
+```
+
+The JoinConfiguration type should be used to configure runtime settings, that in case of kubeadm join
+are the discovery method used for accessing the cluster info and all the setting which are specific
+to the node where kubeadm is executed, including:
+
+- NodeRegistration, that holds fields that relate to registering the new node to the cluster;
+ use it to customize the node name, the CRI socket to use or any other settings that should apply to this
+ node only (e.g. the node ip).
+- APIEndpoint, that represents the endpoint of the instance of the API server to be eventually
+ deployed on this node.
+
+## Resource Types
+
+
+- [ClusterConfiguration](#kubeadm-k8s-io-v1beta3-ClusterConfiguration)
+- [InitConfiguration](#kubeadm-k8s-io-v1beta3-InitConfiguration)
+- [JoinConfiguration](#kubeadm-k8s-io-v1beta3-JoinConfiguration)
+
+
+
+
+## `ClusterConfiguration` {#kubeadm-k8s-io-v1beta3-ClusterConfiguration}
+
+
+
+
+
+ClusterConfiguration contains cluster-wide configuration for a kubeadm cluster
+
+
+ `networking` holds configuration for the networking topology of the cluster.
+
+
+
+
kubernetesVersion
+string
+
+
+ `kubernetesVersion` is the target version of the control plane.
+
+
+
+
controlPlaneEndpoint
+string
+
+
+ `controlPlaneEndpoint` sets a stable IP address or DNS name for the control plane; it
+can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port.
+In case the `controlPlaneEndpoint` is not specified, the `advertiseAddress` + `bindPort`
+are used; in case the `controlPlaneEndpoint` is specified but without a TCP port,
+the `bindPort` of the `localAPIEndpoint` is used.
+Possible usages are:
+
+- In a cluster with more than one control plane instances, this field should be
+ assigned the address of the external load balancer in front of the
+ control plane instances.
+- In environments with enforced node recycling, the ControlPlaneEndpoint
+ could be used for assigning a stable DNS to the control plane.
+ `certificatesDir` specifies where to store or look for all required certificates.
+
+
+
+
imageRepository
+string
+
+
+ `imageRepository` sets the container registry to pull images from.
+If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is
+a CI build (kubernetes version starts with `ci/` or `ci-cross/`)
+`gcr.io/k8s-staging-ci-images` will be used as a default for control plane
+components and for kube-proxy, while `k8s.gcr.io` will be used for all the other images.
+
+
+
+
featureGates
+map[string]bool
+
+
+ Feature gates enabled by the user.
+
+
+
+
clusterName
+string
+
+
+ The cluster name.
+
+
+
+
+
+
+
+
+## `InitConfiguration` {#kubeadm-k8s-io-v1beta3-InitConfiguration}
+
+
+
+
+
+InitConfiguration contains a list of elements that is specific "kubeadm init"-only runtime
+information.
+
+
+ `bootstrapTokens` is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create.
+This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature.
+ `localAPIEndpoint` represents the endpoint of the API server instance that's deployed on this control plane node
+In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint
+is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This
+configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible
+on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process
+fails you may set the desired value here.
+
+
+
+
certificateKey
+string
+
+
+ `certificateKey` sets the key with which certificates and keys are encrypted prior to being uploaded in
+a Secret in the cluster during the "uploadcerts" init phase.
+
+
+
+
skipPhases
+[]string
+
+
+ `skipPhases` is a list of phases to skip during command execution.
+The list of phases can be obtained with the `kubeadm init --help` command.
+The flag `--skip-phases` takes precedence over this field.
+ `nodeRegistration` holds fields that relate to registering the new control-plane
+node to the cluster
+
+
+
+
caCertPath
+string
+
+
+ `caCertPath` is the path to the SSL certificate authority used to
+secure comunications between node and control-plane.
+Defaults to "/etc/kubernetes/pki/ca.crt".
+ `controlPlane` defines the additional control plane instance to be deployed on the
+joining node. If nil, no additional control plane instance will be deployed.
+
+
+
+
skipPhases
+[]string
+
+
+ `skipPhases` is a list of phases to skip during command execution.
+The list of phases can be obtained with the `kubeadm join --help` command.
+The flag `--skip-phases` takes precedence over this field.
+ `timeoutForControlPlane` controls the timeout that we use for API server to appear
+
+
+
+
+
+
+
+
+## `BootstrapTokenDiscovery` {#kubeadm-k8s-io-v1beta3-BootstrapTokenDiscovery}
+
+
+
+
+**Appears in:**
+
+- [Discovery](#kubeadm-k8s-io-v1beta3-Discovery)
+
+
+BootstrapTokenDiscovery is used to set the options for bootstrap token based discovery
+
+
+
Field
Description
+
+
+
+
+
token[Required]
+string
+
+
+ `token` is a token used to validate cluster information fetched from the control-plane.
+
+
+
+
apiServerEndpoint
+string
+
+
+ `apiServerEndpoint` is an IP or domain name to the API server from which
+information will be fetched.
+
+
+
+
caCertHashes
+[]string
+
+
+ CACertHashes specifies a set of public key pins to verify when token-based
+discovery is used. The root CA found during discovery must match one of these
+values. Specifying an empty set disables root CA pinning, which can be unsafe.
+Each hash is specified as `:`, where the only currently supported
+type is "sha256". This is a hex-encoded SHA-256 hash of the Subject Public Key
+Info (SPKI) object in DER-encoded ASN.1. These hashes can be calculated using,
+for example, OpenSSL.
+
+
+
+
unsafeSkipCAVerification
+bool
+
+
+ `unsafeSkipCAVerification` allows token-based discovery without CA verification
+via `caCertHashes`. This can weaken the security of kubeadm since other nodes
+can impersonate the control-plane.
+
+
+
+
+
+
+
+
+## `ControlPlaneComponent` {#kubeadm-k8s-io-v1beta3-ControlPlaneComponent}
+
+
+
+
+**Appears in:**
+
+- [ClusterConfiguration](#kubeadm-k8s-io-v1beta3-ClusterConfiguration)
+
+- [APIServer](#kubeadm-k8s-io-v1beta3-APIServer)
+
+
+ControlPlaneComponent holds settings common to control plane component of the cluster
+
+
+
Field
Description
+
+
+
+
+
extraArgs
+map[string]string
+
+
+ `extraArgs` is an extra set of flags to pass to the control plane component.
+A key in this map is the flag name as it appears on the
+command line except without leading dash(es).
+ `extraVolumes` is an extra set of host volumes, mounted to the control plane component.
+
+
+
+
+
+
+
+
+## `DNS` {#kubeadm-k8s-io-v1beta3-DNS}
+
+
+
+
+**Appears in:**
+
+- [ClusterConfiguration](#kubeadm-k8s-io-v1beta3-ClusterConfiguration)
+
+
+DNS defines the DNS addon that should be used in the cluster
+
+
+ `file` specifies a file or URL to a kubeconfig file from which to load cluster information.
+`bootstrapToken` and `file` are mutually exclusive.
+
+
+
+
tlsBootstrapToken
+string
+
+
+ `tlsBootstrapToken` is a token used for TLS bootstrapping.
+If `bootstrapToken` is set, this field is defaulted to `bootstrapToken.token`,
+but can be overridden.
+If `file` is set, this field ∗∗must be set∗∗ in case the KubeConfigFile does
+not contain any other authentication information
+ `external` describes how to connect to an external etcd cluster.
+`local` and `external` are mutually exclusive.
+
+
+
+
+
+
+
+
+## `ExternalEtcd` {#kubeadm-k8s-io-v1beta3-ExternalEtcd}
+
+
+
+
+**Appears in:**
+
+- [Etcd](#kubeadm-k8s-io-v1beta3-Etcd)
+
+
+ExternalEtcd describes an external etcd cluster.
+Kubeadm has no knowledge of where certificate files live and they must be supplied.
+
+
+
Field
Description
+
+
+
+
+
endpoints[Required]
+[]string
+
+
+ `endpoints` are endpoints of etcd members. This field is required.
+
+
+
+
caFile[Required]
+string
+
+
+ `caFile` is an SSL Certificate Authority file used to secure etcd communication.
+Required if using a TLS connection.
+
+
+
+
certFile[Required]
+string
+
+
+ `certFile` is an SSL certification file used to secure etcd communication.
+Required if using a TLS connection.
+
+
+
+
keyFile[Required]
+string
+
+
+ `keyFile` is an SSL key file used to secure etcd communication.
+Required if using a TLS connection.
+
+
+
+
+
+
+
+
+## `FileDiscovery` {#kubeadm-k8s-io-v1beta3-FileDiscovery}
+
+
+
+
+**Appears in:**
+
+- [Discovery](#kubeadm-k8s-io-v1beta3-Discovery)
+
+
+FileDiscovery is used to specify a file or URL to a kubeconfig file from which to load cluster information
+
+
+
Field
Description
+
+
+
+
+
kubeConfigPath[Required]
+string
+
+
+ `kubeConfigPath` specifies the actual file path or URL to the kubeconfig file
+from which to load cluster information
+
+
+
+
+
+
+
+
+## `HostPathMount` {#kubeadm-k8s-io-v1beta3-HostPathMount}
+
+
+
+
+**Appears in:**
+
+- [ControlPlaneComponent](#kubeadm-k8s-io-v1beta3-ControlPlaneComponent)
+
+
+HostPathMount contains elements describing volumes that are mounted from the host.
+
+
+
Field
Description
+
+
+
+
+
name[Required]
+string
+
+
+ `name` is the volume name inside the Pod template.
+
+
+
+
hostPath[Required]
+string
+
+
+ `hostPath` is the path in the host that will be mounted inside the Pod.
+
+
+
+
mountPath[Required]
+string
+
+
+ `mountPath` is the path inside the Pod where the `hostPath` volume is mounted.
+ `pathType` is the type of the `hostPath` volume.
+
+
+
+
+
+
+
+
+## `ImageMeta` {#kubeadm-k8s-io-v1beta3-ImageMeta}
+
+
+
+
+**Appears in:**
+
+- [DNS](#kubeadm-k8s-io-v1beta3-DNS)
+
+- [LocalEtcd](#kubeadm-k8s-io-v1beta3-LocalEtcd)
+
+
+ImageMeta allows to customize the image used for components that are not
+originated from the Kubernetes/Kubernetes release process
+
+
+
Field
Description
+
+
+
+
+
imageRepository
+string
+
+
+ `imageRepository` sets the container registry to pull images from.
+If not set, the ImageRepository defined in ClusterConfiguration will be used instead.
+
+
+
+
imageTag
+string
+
+
+ `imageTag` allows to specify a tag for the image.
+In case this value is set, kubeadm does not change automatically the
+version of the above components during upgrades.
+
+
+
+
+
+
+
+
+## `JoinControlPlane` {#kubeadm-k8s-io-v1beta3-JoinControlPlane}
+
+
+
+
+**Appears in:**
+
+- [JoinConfiguration](#kubeadm-k8s-io-v1beta3-JoinConfiguration)
+
+
+JoinControlPlane contains elements describing an additional control plane instance to be deployed on the joining node.
+
+
+ `localAPIEndpoint` represents the endpoint of the API server instance to be deployed
+on this node.
+
+
+
+
certificateKey
+string
+
+
+ `certificateKey` is the key that is used for decryption of certificates after they
+are downloaded from the secret upon joining a new control plane node. The
+corresponding encryption key is in the InitConfiguration.
+
+
+
+
+
+
+
+
+## `LocalEtcd` {#kubeadm-k8s-io-v1beta3-LocalEtcd}
+
+
+
+
+**Appears in:**
+
+- [Etcd](#kubeadm-k8s-io-v1beta3-Etcd)
+
+
+LocalEtcd describes that kubeadm should run an etcd cluster locally
+
+
(Members of ImageMeta are embedded into this type.)
+ `ImageMeta` allows to customize the container used for etcd.
+
+
+
+
dataDir[Required]
+string
+
+
+ `dataDir` is the directory etcd will place its data.
+Defaults to "/var/lib/etcd".
+
+
+
+
extraArgs
+map[string]string
+
+
+ `extraArgs` are extra arguments provided to the etcd binary
+when run inside a static pod.
+A key in this map is the flag name as it appears on the command line except
+without leading dash(es).
+
+
+
+
serverCertSANs
+[]string
+
+
+ `serverCertSANs` sets extra Subject Alternative Names for the etcd server signing cert.
+
+
+
+
peerCertSANs
+[]string
+
+
+ `peerCertSANs` sets extra Subject Alternative Names for the etcd peer signing cert.
+ `serviceSubnet` is the subnet used by k8s services. Defaults to "10.96.0.0/12".
+
+
+
+
podSubnet
+string
+
+
+ `podSubnet` is the subnet used by Pods.
+
+
+
+
dnsDomain
+string
+
+
+ `dnsDomain` is the DNS domain used by k8s services. Defaults to "cluster.local".
+
+
+
+
+
+
+
+
+## `NodeRegistrationOptions` {#kubeadm-k8s-io-v1beta3-NodeRegistrationOptions}
+
+
+
+
+**Appears in:**
+
+- [InitConfiguration](#kubeadm-k8s-io-v1beta3-InitConfiguration)
+
+- [JoinConfiguration](#kubeadm-k8s-io-v1beta3-JoinConfiguration)
+
+
+NodeRegistrationOptions holds fields that relate to registering a new control-plane or node to the cluster, either via "kubeadm init" or "kubeadm join"
+
+
+
Field
Description
+
+
+
+
+
name
+string
+
+
+ `name` is the `.metadata.name` field of the Node API object that will be created in this
+`kubeadm init` or `kubeadm join` operation.
+This field is also used in the `CommonName` field of the kubelet's client certificate to the
+API server. Defaults to the hostname of the node if not provided.
+
+
+
+
criSocket
+string
+
+
+ `criSocket` is used to retrieve container runtime info. This information will be
+annotated to the Node API object, for later re-use.
+ `taints` specifies the taints the Node API object should be registered with. If
+this field is unset, i.e. nil, in the `kubeadm init` process, it will be defaulted
+to `['"node-role.kubernetes.io/master"=""']`. If you don't want to taint your
+control-plane node, set this field to an empty list, i.e. `taints: []` in the YAML
+file. This field is solely used for Node registration.
+
+
+
+
kubeletExtraArgs
+map[string]string
+
+
+ `kubeletExtraArgs` passes through extra arguments to the kubelet. The arguments here
+are passed to the kubelet command line via the environment file kubeadm writes at
+runtime for the kubelet to source. This overrides the generic base-level
+configuration in the "kubelet-config-1.X" ConfigMap. Flags have higher priority when
+parsing. These values are local and specific to the node kubeadm is executing on.
+A key in this map is the flag name as it appears on the command line except without
+leading dash(es).
+
+
+
+
ignorePreflightErrors
+[]string
+
+
+ `ignorePreflightErrors` provides a slice of pre-flight errors to be ignored when
+the current node is registered.
+ `imagePullPolicy` specifies the policy for image pulling during `kubeadm init` and
+`kubeadm join` operations.
+The value of this field must be one of "Always", "IfNotPresent" or "Never".
+If this field is unset kubeadm will default it to "IfNotPresent", or pull the required
+images if not present on the host.
+
+
+
+
+
+
+
+
+## `Patches` {#kubeadm-k8s-io-v1beta3-Patches}
+
+
+
+
+**Appears in:**
+
+- [InitConfiguration](#kubeadm-k8s-io-v1beta3-InitConfiguration)
+
+- [JoinConfiguration](#kubeadm-k8s-io-v1beta3-JoinConfiguration)
+
+
+Patches contains options related to applying patches to components deployed by kubeadm.
+
+
+
Field
Description
+
+
+
+
+
directory
+string
+
+
+ `directory` is a path to a directory that contains files named
+`target[suffix][+patchtype].extension`.
+For example, `kube-apiserver0+merge.yaml` or just `etcd.json`. `target` can be one of
+"kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". `patchtype` can be one
+of "strategic", "merge" or "json" and they match the patch formats supported by kubectl.
+The default `patchtype` is "strategic". `extension` must be either "json" or "yaml".
+`suffix` is an optional string that can be used to determine which patches are applied
+first alpha-numerically.
+
+
+
+
+
+
+
+
+
+
+## `BootstrapToken` {#BootstrapToken}
+
+
+
+
+**Appears in:**
+
+- [InitConfiguration](#kubeadm-k8s-io-v1beta3-InitConfiguration)
+
+
+BootstrapToken describes one bootstrap token, stored as a Secret in the cluster
+
+
+ `expires` specifies the timestamp when this token expires. Defaults to being set
+dynamically at runtime based on the `ttl`. `expires` and `ttl` are mutually exclusive.
+
+
+
+
usages
+[]string
+
+
+ `usages` describes the ways in which this token can be used. Can by default be used
+for establishing bidirectional trust, but that can be changed here.
+
+
+
+
groups
+[]string
+
+
+ `groups` specifies the extra groups that this token will authenticate as when/if
+used for authentication
+
+
+
+
+
+
+## `BootstrapTokenString` {#BootstrapTokenString}
+
+
+
+
+**Appears in:**
+
+- [BootstrapToken](#BootstrapToken)
+
+
+BootstrapTokenString is a token of the format `abcdef.abcdef0123456789` that is used
+for both validation of the practically of the API server from a joining node's point
+of view and as an authentication method for the node in the bootstrap phase of
+"kubeadm join". This token is and should be short-lived.
+
+
+
Field
Description
+
+
+
+
+
-[Required]
+string
+
+
+ No description provided.
+
+
+
+
+
-[Required]
+string
+
+
+ No description provided.
+
+
+
+
+
+
diff --git a/content/en/docs/reference/config-api/kubelet-config.v1beta1.md b/content/en/docs/reference/config-api/kubelet-config.v1beta1.md
index bee05b68db..261a6dd5f8 100644
--- a/content/en/docs/reference/config-api/kubelet-config.v1beta1.md
+++ b/content/en/docs/reference/config-api/kubelet-config.v1beta1.md
@@ -39,7 +39,8 @@ KubeletConfiguration contains the configuration for the Kubelet
enableServer enables Kubelet's secured server.
Note: Kubelet's insecure port is controlled by the readOnlyPort option.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may disrupt components that interact with the Kubelet server.
Default: true
@@ -51,7 +52,8 @@ Default: true
staticPodPath is the path to the directory containing local (static) pods to
run, or the path to a single static pod file.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
the set of static pods specified at the new path may be different than the
ones the Kubelet initially started with, and this may disrupt your node.
Default: ""
@@ -64,7 +66,8 @@ Default: ""
syncFrequency is the max period between synchronizing running
containers and config.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
shortening this duration may have a negative performance impact, especially
as the number of Pods on the node increases. Alternatively, increasing this
duration will result in longer refresh times for ConfigMaps and Secrets.
@@ -77,8 +80,9 @@ Default: "1m"
fileCheckFrequency is the duration between checking config files for
-new data
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+new data.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
shortening the duration will cause the Kubelet to reload local Static Pod
configurations more frequently, which may have a negative performance impact.
Default: "20s"
- httpCheckFrequency is the duration between checking http for new data
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ httpCheckFrequency is the duration between checking http for new data.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
shortening the duration will cause the Kubelet to poll staticPodURL more
frequently, which may have a negative performance impact.
Default: "20s"
@@ -101,8 +106,9 @@ Default: "20s"
string
- staticPodURL is the URL for accessing static pods to run
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ staticPodURL is the URL for accessing static pods to run.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
the set of static pods specified at the new URL may be different than the
ones the Kubelet initially started with, and this may disrupt your node.
Default: ""
- staticPodURLHeader is a map of slices with HTTP headers to use when accessing the podURL
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ staticPodURLHeader is a map of slices with HTTP headers to use when accessing the podURL.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may disrupt the ability to read the latest set of static pods from StaticPodURL.
Default: nil
@@ -126,7 +133,8 @@ Default: nil
address is the IP address for the Kubelet to serve on (set to 0.0.0.0
for all interfaces).
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may disrupt components that interact with the Kubelet server.
Default: "0.0.0.0"
@@ -137,7 +145,9 @@ Default: "0.0.0.0"
port is the port for the Kubelet to serve on.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+The port number must be between 1 and 65535, inclusive.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may disrupt components that interact with the Kubelet server.
Default: 10250
@@ -149,7 +159,10 @@ Default: 10250
readOnlyPort is the read-only port for the Kubelet to serve on with
no authentication/authorization.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+The port number must be between 1 and 65535, inclusive.
+Setting this field to 0 disables the read-only service.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may disrupt components that interact with the Kubelet server.
Default: 0 (disabled)
@@ -164,7 +177,8 @@ if any, concatenated after server cert). If tlsCertFile and
tlsPrivateKeyFile are not provided, a self-signed certificate
and key are generated for the public address and saved to the directory
passed to the Kubelet's --cert-dir flag.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may disrupt components that interact with the Kubelet server.
Default: ""
@@ -174,8 +188,9 @@ Default: ""
string
- tlsPrivateKeyFile is the file containing x509 private key matching tlsCertFile
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ tlsPrivateKeyFile is the file containing x509 private key matching tlsCertFile.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may disrupt components that interact with the Kubelet server.
Default: ""
@@ -185,9 +200,10 @@ Default: ""
[]string
- TLSCipherSuites is the list of allowed cipher suites for the server.
+ tlsCipherSuites is the list of allowed cipher suites for the server.
Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may disrupt components that interact with the Kubelet server.
Default: nil
@@ -197,9 +213,10 @@ Default: nil
string
- TLSMinVersion is the minimum TLS version supported.
+ tlsMinVersion is the minimum TLS version supported.
Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may disrupt components that interact with the Kubelet server.
Default: ""
@@ -212,7 +229,8 @@ Default: ""
rotateCertificates enables client certificate rotation. The Kubelet will request a
new certificate from the certificates.k8s.io API. This requires an approver to approve the
certificate signing requests.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
disabling it may disrupt the Kubelet's ability to authenticate with the API server
after the current certificate expires.
Default: false
@@ -225,10 +243,11 @@ Default: false
serverTLSBootstrap enables server certificate bootstrap. Instead of self
signing a serving certificate, the Kubelet will request a certificate from
-the certificates.k8s.io API. This requires an approver to approve the
-certificate signing requests. The RotateKubeletServerCertificate feature
-must be enabled.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+the 'certificates.k8s.io' API. This requires an approver to approve the
+certificate signing requests (CSR). The RotateKubeletServerCertificate feature
+must be enabled when setting this field.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
disabling it will stop the renewal of Kubelet server certificates, which can
disrupt components that interact with the Kubelet server in the long term,
due to certificate expiration.
@@ -240,8 +259,9 @@ Default: false
- authentication specifies how requests to the Kubelet's server are authenticated
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ authentication specifies how requests to the Kubelet's server are authenticated.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may disrupt components that interact with the Kubelet server.
Defaults:
anonymous:
@@ -256,8 +276,9 @@ Defaults:
KubeletAuthorization
- authorization specifies how requests to the Kubelet's server are authorized
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ authorization specifies how requests to the Kubelet's server are authorized.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may disrupt components that interact with the Kubelet server.
Defaults:
mode: Webhook
@@ -272,8 +293,10 @@ Defaults:
registryPullQPS is the limit of registry pulls per second.
-Set to 0 for no limit.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+The value must not be a negative number.
+Setting it to 0 means no limit.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may impact scalability by changing the amount of traffic produced
by image pulls.
Default: 5
@@ -286,8 +309,10 @@ Default: 5
registryBurst is the maximum size of bursty pulls, temporarily allows
pulls to burst to this number, while still not exceeding registryPullQPS.
-Only used if registryPullQPS > 0.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+The value must not be a negative number.
+Only used if registryPullQPS is greater than 0.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may impact scalability by changing the amount of traffic produced
by image pulls.
Default: 10
@@ -299,8 +324,9 @@ Default: 10
eventRecordQPS is the maximum event creations per second. If 0, there
-is no limit enforced.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+is no limit enforced. The value cannot be a negative number.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may impact scalability by changing the amount of traffic produced by
event creations.
Default: 5
@@ -313,8 +339,10 @@ Default: 5
eventBurst is the maximum size of a burst of event creations, temporarily
allows event creations to burst to this number, while still not exceeding
-eventRecordQPS. Only used if eventRecordQPS > 0.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+eventRecordQPS. This field canot be a negative number and it is only used
+when eventRecordQPS > 0.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may impact scalability by changing the amount of traffic produced by
event creations.
Default: 10
@@ -328,7 +356,8 @@ Default: 10
enableDebuggingHandlers enables server endpoints for log access
and local running of containers and commands, including the exec,
attach, logs, and portforward features.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
disabling it may disrupt components that interact with the Kubelet server.
Default: true
@@ -339,7 +368,8 @@ Default: true
enableContentionProfiling enables lock contention profiling, if enableDebuggingHandlers is true.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
enabling it may carry a performance impact.
Default: false
@@ -349,8 +379,10 @@ Default: false
int32
- healthzPort is the port of the localhost healthz endpoint (set to 0 to disable)
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ healthzPort is the port of the localhost healthz endpoint (set to 0 to disable).
+A valid number is between 1 and 65535.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may disrupt components that monitor Kubelet health.
Default: 10248
@@ -360,8 +392,9 @@ Default: 10248
string
- healthzBindAddress is the IP address for the healthz server to serve on
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ healthzBindAddress is the IP address for the healthz server to serve on.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may disrupt components that monitor Kubelet health.
Default: "127.0.0.1"
@@ -373,7 +406,8 @@ Default: "127.0.0.1"
oomScoreAdj is The oom-score-adj value for kubelet process. Values
must be within the range [-1000, 1000].
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may impact the stability of nodes under memory pressure.
Default: -999
@@ -386,7 +420,7 @@ Default: -999
clusterDomain is the DNS domain for this cluster. If set, kubelet will
configure all containers to search this domain in addition to the
host's search domains.
-Dynamic Kubelet Config (beta): Dynamically updating this field is not recommended,
+Dynamic Kubelet Config (deprecated): Dynamically updating this field is not recommended,
as it should be kept in sync with the rest of the cluster.
Default: ""
@@ -399,7 +433,8 @@ Default: ""
clusterDNS is a list of IP addresses for the cluster DNS server. If set,
kubelet will configure all containers to use this for DNS resolution
instead of the host's DNS servers.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
changes will only take effect on Pods created after the update. Draining
the node is recommended before changing this field.
Default: nil
@@ -412,7 +447,8 @@ Default: nil
streamingConnectionIdleTimeout is the maximum time a streaming connection
can be idle before the connection is automatically closed.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may impact components that rely on infrequent updates over streaming
connections to the Kubelet server.
Default: "4h"
@@ -428,7 +464,8 @@ status. If node lease feature is not enabled, it is also the frequency that
kubelet posts node status to master.
Note: When node lease feature is not enabled, be cautious when changing the
constant, it must work with nodeMonitorGracePeriod in nodecontroller.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may impact node scalability, and also that the node controller's
nodeMonitorGracePeriod must be set to N∗NodeStatusUpdateFrequency,
where N is the number of retries before the node controller marks
@@ -445,10 +482,10 @@ Default: "10s"
status to master if node status does not change. Kubelet will ignore this
frequency and post node status immediately if any change is detected. It is
only used when node lease feature is enabled. nodeStatusReportFrequency's
-default value is 1m. But if nodeStatusUpdateFrequency is set explicitly,
+default value is 5m. But if nodeStatusUpdateFrequency is set explicitly,
nodeStatusReportFrequency's default value will be set to
nodeStatusUpdateFrequency for backward compatibility.
-Default: "1m"
+Default: "5m"
@@ -462,8 +499,10 @@ health by having the Kubelet create and periodically renew a lease, named after
in the kube-node-lease namespace. If the lease expires, the node can be considered unhealthy.
The lease is currently renewed every 10s, per KEP-0009. In the future, the lease renewal interval
may be set based on the lease duration.
+The field value must be greater than 0.
Requires the NodeLease feature gate to be enabled.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
decreasing the duration may reduce tolerance for issues that temporarily prevent
the Kubelet from renewing the lease (e.g. a short-lived network issue).
Default: 40
@@ -476,7 +515,8 @@ Default: 40
imageMinimumGCAge is the minimum age for an unused image before it is
garbage collected.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may trigger or delay garbage collection, and may change the image overhead
on the node.
Default: "2m"
@@ -488,9 +528,12 @@ Default: "2m"
imageGCHighThresholdPercent is the percent of disk usage after which
-image garbage collection is always run. The percent is calculated as
-this field value out of 100.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+image garbage collection is always run. The percent is calculated by
+dividing this field value by 100, so this field must be between 0 and
+100, inclusive. When specified, the value must be greater than
+imageGCLowThresholdPercent.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may trigger or delay garbage collection, and may change the image overhead
on the node.
Default: 85
@@ -503,8 +546,11 @@ Default: 85
imageGCLowThresholdPercent is the percent of disk usage before which
image garbage collection is never run. Lowest disk usage to garbage
-collect to. The percent is calculated as this field value out of 100.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+collect to. The percent is calculated by dividing this field value by 100,
+so the field value must be between 0 and 100, inclusive. When specified, the
+value must be less than imageGCHighThresholdPercent.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may trigger or delay garbage collection, and may change the image overhead
on the node.
Default: 80
- How frequently to calculate and cache volume disk usage for all pods
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ volumeStatsAggPeriod is the frequency for calculating and caching volume
+disk usage for all pods.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
shortening the period may carry a performance impact.
Default: "1m"
@@ -527,7 +575,7 @@ Default: "1m"
kubeletCgroups is the absolute name of cgroups to isolate the kubelet in
-Dynamic Kubelet Config (beta): This field should not be updated without a full node
+Dynamic Kubelet Config (deprecated): This field should not be updated without a full node
reboot. It is safest to keep this value the same as the local config.
Default: ""
@@ -540,7 +588,8 @@ Default: ""
systemCgroups is absolute name of cgroups in which to place
all non-kernel processes that are not already in a container. Empty
for no container. Rolling back the flag requires a reboot.
-Dynamic Kubelet Config (beta): This field should not be updated without a full node
+The cgroupRoot must be specified if this field is not empty.
+Dynamic Kubelet Config (deprecated): This field should not be updated without a full node
reboot. It is safest to keep this value the same as the local config.
Default: ""
@@ -552,7 +601,7 @@ Default: ""
cgroupRoot is the root cgroup to use for pods. This is handled by the
container runtime on a best effort basis.
-Dynamic Kubelet Config (beta): This field should not be updated without a full node
+Dynamic Kubelet Config (deprecated): This field should not be updated without a full node
reboot. It is safest to keep this value the same as the local config.
Default: ""
@@ -562,10 +611,10 @@ Default: ""
bool
- Enable QoS based Cgroup hierarchy: top level cgroups for QoS Classes
-And all Burstable and BestEffort pods are brought up under their
-specific top level QoS cgroup.
-Dynamic Kubelet Config (beta): This field should not be updated without a full node
+ cgroupsPerQOS enable QoS based CGroup hierarchy: top level CGroups for QoS classes
+and all Burstable and BestEffort Pods are brought up under their specific top level
+QoS CGroup.
+Dynamic Kubelet Config (deprecated): This field should not be updated without a full node
reboot. It is safest to keep this value the same as the local config.
Default: true
@@ -575,8 +624,9 @@ Default: true
string
- driver that the kubelet uses to manipulate cgroups on the host (cgroupfs or systemd)
-Dynamic Kubelet Config (beta): This field should not be updated without a full node
+ cgroupDriver is the driver kubelet uses to manipulate CGroups on the host (cgroupfs
+or systemd).
+Dynamic Kubelet Config (deprecated): This field should not be updated without a full node
reboot. It is safest to keep this value the same as the local config.
Default: "cgroupfs"
@@ -586,11 +636,24 @@ Default: "cgroupfs"
string
- CPUManagerPolicy is the name of the policy to use.
+ cpuManagerPolicy is the name of the policy to use.
Requires the CPUManager feature gate to be enabled.
+Dynamic Kubelet Config (deprecated): This field should not be updated without a full node
+reboot. It is safest to keep this value the same as the local config.
+Default: "None"
+
+
+
+
cpuManagerPolicyOptions
+map[string]string
+
+
+ cpuManagerPolicyOptions is a set of key=value which allows to set extra options
+to fine tune the behaviour of the cpu manager policies.
+Requires both the "CPUManager" and "CPUManagerPolicyOptions" feature gates to be enabled.
Dynamic Kubelet Config (beta): This field should not be updated without a full node
reboot. It is safest to keep this value the same as the local config.
-Default: "none"
- CPU Manager reconciliation period.
+ cpuManagerReconcilePeriod is the reconciliation period for the CPU Manager.
Requires the CPUManager feature gate to be enabled.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
shortening the period may carry a performance impact.
Default: "10s"
+
memoryManagerPolicy
+string
+
+
+ memoryManagerPolicy is the name of the policy to use by memory manager.
+Requires the MemoryManager feature gate to be enabled.
+Dynamic Kubelet Config (deprecated): This field should not be updated without a full node
+reboot. It is safest to keep this value the same as the local config.
+Default: "none"
+
+
+
topologyManagerPolicy string
- TopologyManagerPolicy is the name of the policy to use.
+ topologyManagerPolicy is the name of the topology manager policy to use.
+Valid values include:
+
+- `restricted`: kubelet only allows pods with optimal NUMA node alignment for
+ requested resources;
+- `best-effort`: kubelet will favor pods with NUMA alignment of CPU and device
+ resources;
+- `none`: kublet has no knowledge of NUMA alignment of a pod's CPU and device resources.
+- `single-numa-node`: kubelet only allows pods with a single NUMA alignment
+ of CPU and device resources.
+
Policies other than "none" require the TopologyManager feature gate to be enabled.
-Dynamic Kubelet Config (beta): This field should not be updated without a full node
+Dynamic Kubelet Config (deprecated): This field should not be updated without a full node
reboot. It is safest to keep this value the same as the local config.
Default: "none"
@@ -622,8 +708,12 @@ Default: "none"
string
- TopologyManagerScope represents the scope of topology hint generation
-that topology manager requests and hint providers generate.
+ topologyManagerScope represents the scope of topology hint generation
+that topology manager requests and hint providers generate. Valid values include:
+
+- `container`: topology policy is applied on a per-container basis.
+- `pod`: topology policy is applied on a per-pod basis.
+
"pod" scope requires the TopologyManager feature gate to be enabled.
Default: "container"
@@ -638,7 +728,7 @@ the minimum percentage of a resource reserved for exclusive use by the
guaranteed QoS tier.
Currently supported resources: "memory"
Requires the QOSReserved feature gate to be enabled.
-Dynamic Kubelet Config (beta): This field should not be updated without a full node
+Dynamic Kubelet Config (deprecated): This field should not be updated without a full node
reboot. It is safest to keep this value the same as the local config.
Default: nil
@@ -650,7 +740,8 @@ Default: nil
runtimeRequestTimeout is the timeout for all runtime requests except long running
requests - pull, logs, exec and attach.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may disrupt components that interact with the Kubelet server.
Default: "2m"
@@ -664,12 +755,15 @@ Default: "2m"
bridge for hairpin packets.
Setting this flag allows endpoints in a Service to loadbalance back to
themselves if they should try to access their own Service. Values:
- "promiscuous-bridge": make the container bridge promiscuous.
- "hairpin-veth": set the hairpin flag on container veth interfaces.
- "none": do nothing.
-Generally, one must set --hairpin-mode=hairpin-veth to achieve hairpin NAT,
+
+- "promiscuous-bridge": make the container bridge promiscuous.
+- "hairpin-veth": set the hairpin flag on container veth interfaces.
+- "none": do nothing.
+
+Generally, one must set `--hairpin-mode=hairpin-veth to` achieve hairpin NAT,
because promiscuous-bridge assumes the existence of a container bridge named cbr0.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may require a node reboot, depending on the network plugin.
Default: "promiscuous-bridge"
@@ -679,8 +773,10 @@ Default: "promiscuous-bridge"
int32
- maxPods is the number of pods that can run on this Kubelet.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ maxPods is the maximum number of Pods that can run on this Kubelet.
+The value must be a non-negative integer.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
changes may cause Pods to fail admission on Kubelet restart, and may change
the value reported in Node.Status.Capacity[v1.ResourcePods], thus affecting
future scheduling decisions. Increasing this value may also decrease performance,
@@ -693,9 +789,9 @@ Default: 110
string
- The CIDR to use for pod IP addresses, only used in standalone mode.
-In cluster mode, this is obtained from the master.
-Dynamic Kubelet Config (beta): This field should always be set to the empty default.
+ podCIDR is the CIDR to use for pod IP addresses, only used in standalone mode.
+In cluster mode, this is obtained from the control plane.
+Dynamic Kubelet Config (deprecated): This field should always be set to the empty default.
It should only set for standalone Kubelets, which cannot use Dynamic Kubelet Config.
Default: ""
@@ -705,8 +801,9 @@ Default: ""
int64
- PodPidsLimit is the maximum number of pids in any pod.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ podPidsLimit is the maximum number of PIDs in any pod.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
lowering it may prevent container processes from forking after the change.
Default: -1
@@ -716,9 +813,10 @@ Default: -1
string
- ResolverConfig is the resolver configuration file used as the basis
+ resolvConf is the resolver configuration file used as the basis
for the container DNS resolution configuration.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
changes will only take effect on Pods created after the update. Draining
the node is recommended before changing this field.
Default: "/etc/resolv.conf"
- RunOnce causes the Kubelet to check the API server once for pods,
+ runOnce causes the Kubelet to check the API server once for pods,
run those in addition to the pods specified by static pod files, and exit.
Default: false
@@ -741,7 +839,8 @@ Default: false
cpuCFSQuota enables CPU CFS quota enforcement for containers that
specify CPU limits.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
disabling it may reduce node stability.
Default: true
- CPUCFSQuotaPeriod is the CPU CFS quota period value, cpu.cfs_period_us.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ cpuCFSQuotaPeriod is the CPU CFS quota period value, `cpu.cfs_period_us`.
+The value must be between 1 us and 1 second, inclusive.
+Requires the CustomCPUCFSQuotaPeriod feature gate to be enabled.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
limits set for containers will result in different cpu.cfs_quota settings. This
will trigger container restarts on the node being reconfigured.
Default: "100ms"
@@ -763,9 +865,11 @@ Default: "100ms"
int32
- nodeStatusMaxImages caps the number of images reported in Node.Status.Images.
+ nodeStatusMaxImages caps the number of images reported in Node.status.images.
+The value must be greater than -2.
Note: If -1 is specified, no cap will be applied. If 0 is specified, no image is returned.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
different values can be reported on node status.
Default: 50
@@ -776,7 +880,9 @@ Default: 50
maxOpenFiles is Number of files that can be opened by Kubelet process.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+The value must be a non-negative number.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may impact the ability of the Kubelet to interact with the node's filesystem.
Default: 1000000
@@ -787,7 +893,8 @@ Default: 1000000
contentType is contentType of requests sent to apiserver.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may impact the ability for the Kubelet to communicate with the API server.
If the Kubelet loses contact with the API server due to a change to this field,
the change cannot be reverted via dynamic Kubelet config.
@@ -799,8 +906,9 @@ Default: "application/vnd.kubernetes.protobuf"
int32
- kubeAPIQPS is the QPS to use while talking with kubernetes apiserver
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ kubeAPIQPS is the QPS to use while talking with kubernetes apiserver.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may impact scalability by changing the amount of traffic the Kubelet
sends to the API server.
Default: 5
@@ -811,8 +919,10 @@ Default: 5
int32
- kubeAPIBurst is the burst to allow while talking with kubernetes apiserver
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ kubeAPIBurst is the burst to allow while talking with kubernetes API server.
+This field cannot be a negative number.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may impact scalability by changing the amount of traffic the Kubelet
sends to the API server.
Default: 10
@@ -827,7 +937,8 @@ Default: 10
at a time. We recommend ∗not∗ changing the default value on nodes that
run docker daemon with version < 1.9 or an Aufs storage backend.
Issue #10959 has more details.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may impact the performance of image pulls.
Default: true
@@ -837,9 +948,11 @@ Default: true
map[string]string
- Map of signal names to quantities that defines hard eviction thresholds. For example: {"memory.available": "300Mi"}.
+ evictionHard is a map of signal names to quantities that defines hard eviction
+thresholds. For example: `{"memory.available": "300Mi"}`.
To explicitly disable, pass a 0% or 100% threshold on an arbitrary resource.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may trigger or delay Pod evictions.
Default:
memory.available: "100Mi"
@@ -853,9 +966,10 @@ Default:
map[string]string
- Map of signal names to quantities that defines soft eviction thresholds.
-For example: {"memory.available": "300Mi"}.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ evictionSoft is a map of signal names to quantities that defines soft eviction thresholds.
+For example: `{"memory.available": "300Mi"}`.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may trigger or delay Pod evictions, and may change the allocatable reported
by the node.
Default: nil
- Map of signal names to quantities that defines grace periods for each soft eviction signal.
-For example: {"memory.available": "30s"}.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ evictionSoftGracePeriod is a map of signal names to quantities that defines grace
+periods for each soft eviction signal. For example: `{"memory.available": "30s"}`.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may trigger or delay Pod evictions.
Default: nil
- Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ evictionPressureTransitionPeriod is the duration for which the kubelet has to wait
+before transitioning out of an eviction pressure condition.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
lowering it may decrease the stability of the node when the node is overcommitted.
Default: "5m"
@@ -889,13 +1006,14 @@ Default: "5m"
int32
- Maximum allowed grace period (in seconds) to use when terminating pods in
-response to a soft eviction threshold being met. This value effectively caps
-the Pod's TerminationGracePeriodSeconds value during soft evictions.
+ evictionMaxPodGracePeriod is the maximum allowed grace period (in seconds) to use
+when terminating pods in response to a soft eviction threshold being met. This value
+effectively caps the Pod's terminationGracePeriodSeconds value during soft evictions.
Note: Due to issue #64530, the behavior has a bug where this value currently just
overrides the grace period during soft eviction, which can increase the grace
period from what is set on the Pod. This bug will be fixed in a future release.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
lowering it decreases the amount of time Pods will have to gracefully clean
up before being killed during a soft eviction.
Default: 0
- Map of signal names to quantities that defines minimum reclaims, which describe the minimum
-amount of a given resource the kubelet will reclaim when performing a pod eviction while
-that resource is under pressure. For example: {"imagefs.available": "2Gi"}
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ evictionMinimumReclaim is a map of signal names to quantities that defines minimum reclaims,
+which describe the minimum amount of a given resource the kubelet will reclaim when
+performing a pod eviction while that resource is under pressure.
+For example: `{"imagefs.available": "2Gi"}`.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may change how well eviction can manage resource pressure.
Default: nil
@@ -919,11 +1039,13 @@ Default: nil
int32
- podsPerCore is the maximum number of pods per core. Cannot exceed MaxPods.
-If 0, this field is ignored.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ podsPerCore is the maximum number of pods per core. Cannot exceed maxPods.
+The value must be a non-negative integer.
+If 0, there is no limit on the number of Pods.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
changes may cause Pods to fail admission on Kubelet restart, and may change
-the value reported in Node.Status.Capacity[v1.ResourcePods], thus affecting
+the value reported in `Node.status.capacity.pods`, thus affecting
future scheduling decisions. Increasing this value may also decrease performance,
as more Pods can be packed into a single node.
Default: 0
@@ -936,8 +1058,9 @@ Default: 0
enableControllerAttachDetach enables the Attach/Detach controller to
manage attachment/detachment of volumes scheduled to this node, and
-disables kubelet from executing any attach/detach operations
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+disables kubelet from executing any attach/detach operations.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
changing which component is responsible for volume management on a live node
may result in volumes refusing to detach if the node is not drained prior to
the update, and if Pods are scheduled to the node before the
@@ -954,7 +1077,8 @@ Default: true
protectKernelDefaults, if true, causes the Kubelet to error if kernel
flags are not as it expects. Otherwise the Kubelet will attempt to modify
kernel flags to match its expectation.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
enabling it may cause the Kubelet to crash-loop if the Kernel is not configured as
Kubelet expects.
Default: false
@@ -965,10 +1089,12 @@ Default: false
bool
- If true, Kubelet ensures a set of iptables rules are present on host.
-These rules will serve as utility rules for various components, e.g. KubeProxy.
-The rules will be created based on IPTablesMasqueradeBit and IPTablesDropBit.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ makeIPTablesUtilChains, if true, causes the Kubelet ensures a set of iptables rules
+are present on host.
+These rules will serve as utility rules for various components, e.g. kube-proxy.
+The rules will be created based on iptablesMasqueradeBit and iptablesDropBit.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
disabling it will prevent the Kubelet from healing locally misconfigured iptables rules.
Default: true
@@ -978,11 +1104,12 @@ Default: true
int32
- iptablesMasqueradeBit is the bit of the iptables fwmark space to mark for SNAT
+ iptablesMasqueradeBit is the bit of the iptables fwmark space to mark for SNAT.
Values must be within the range [0, 31]. Must be different from other mark bits.
Warning: Please match the value of the corresponding parameter in kube-proxy.
-TODO: clean up IPTablesMasqueradeBit in kube-proxy
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+TODO: clean up IPTablesMasqueradeBit in kube-proxy.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it needs to be coordinated with other components, like kube-proxy, and the update
will only be effective if MakeIPTablesUtilChains is enabled.
Default: 14
@@ -995,7 +1122,8 @@ Default: 14
iptablesDropBit is the bit of the iptables fwmark space to mark for dropping packets.
Values must be within the range [0, 31]. Must be different from other mark bits.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it needs to be coordinated with other components, like kube-proxy, and the update
will only be effective if MakeIPTablesUtilChains is enabled.
Default: 15
- featureGates is a map of feature names to bools that enable or disable alpha/experimental
+ featureGates is a map of feature names to bools that enable or disable experimental
features. This field modifies piecemeal the built-in default values from
"k8s.io/kubernetes/pkg/features/kube_features.go".
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider the
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider the
documentation for the features you are enabling or disabling. While we
encourage feature developers to make it possible to dynamically enable
and disable features, some changes may require node reboots, and some
@@ -1023,19 +1152,29 @@ Default: nil
failSwapOn tells the Kubelet to fail to start if swap is enabled on the node.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
setting it to true will cause the Kubelet to crash-loop if swap is enabled.
Default: true
+ memorySwap configures swap memory available to container workloads.
+
+
+
containerLogMaxSize string
- A quantity defines the maximum size of the container log file before it is rotated.
-For example: "5Mi" or "256Ki".
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ containerLogMaxSize is a quantity defining the maximum size of the container log
+file before it is rotated. For example: "5Mi" or "256Ki".
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may trigger log rotation.
Default: "10Mi"
@@ -1045,8 +1184,10 @@ Default: "10Mi"
int32
- Maximum number of container log files that can be present for a container.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ containerLogMaxFiles specifies the maximum number of container log files that can
+be present for a container.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
lowering it may cause log files to be deleted.
Default: 5
- ConfigMapAndSecretChangeDetectionStrategy is a mode in which
-config map and secret managers are running.
+ configMapAndSecretChangeDetectionStrategy is a mode in which ConfigMap and Secret
+managers are running. Valid values include:
+
+- `Get`: kubelet fetches necessary objects directly from the API server;
+- `Cache`: kubelet uses TTL cache for object fetched from the API server;
+- `Watch`: kubelet uses watches to observe changes to objects that are in its interest.
+
Default: "Watch"
@@ -1070,7 +1216,8 @@ Default: "Watch"
pairs that describe resources reserved for non-kubernetes components.
Currently only cpu and memory are supported.
See http://kubernetes.io/docs/user-guide/compute-resources for more detail.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may not be possible to increase the reserved resources, because this
requires resizing cgroups. Always look for a NodeAllocatableEnforced event
after updating this field to ensure that the update was successful.
@@ -1082,11 +1229,13 @@ Default: nil
map[string]string
- A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs
+ kubeReserved is a set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs
that describe resources reserved for kubernetes system components.
Currently cpu, memory and local storage for root file system are supported.
-See http://kubernetes.io/docs/user-guide/compute-resources for more detail.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+for more details.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may not be possible to increase the reserved resources, because this
requires resizing cgroups. Always look for a NodeAllocatableEnforced event
after updating this field to ensure that the update was successful.
@@ -1098,9 +1247,10 @@ Default: nil
string
- This ReservedSystemCPUs option specifies the cpu list reserved for the host level system threads and kubernetes related threads.
-This provide a "static" CPU list rather than the "dynamic" list by system-reserved and kube-reserved.
-This option overwrites CPUs provided by system-reserved and kube-reserved.
+ The reservedSystemCPUs option specifies the CPU list reserved for the host
+level system threads and kubernetes related threads. This provide a "static"
+CPU list rather than the "dynamic" list by systemReserved and kubeReserved.
+This option does not support systemReservedCgroup or kubeReservedCgroup.
@@ -1108,11 +1258,13 @@ This option overwrites CPUs provided by system-reserved and kube-reserved.
string
- The previous version for which you want to show hidden metrics.
+ showHiddenMetricsForVersion is the previous version for which you want to show
+hidden metrics.
Only the previous minor version is meaningful, other values will not be allowed.
-The format is ., e.g.: '1.16'.
-The purpose of this format is make sure you have the opportunity to notice if the next release hides additional metrics,
-rather than being surprised when they are permanently removed in the release after that.
+The format is `.`, e.g.: `1.16`.
+The purpose of this format is make sure you have the opportunity to notice
+if the next release hides additional metrics, rather than being surprised
+when they are permanently removed in the release after that.
Default: ""
@@ -1121,9 +1273,11 @@ Default: ""
string
- This flag helps kubelet identify absolute name of top level cgroup used to enforce `SystemReserved` compute resource reservation for OS system daemons.
-Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information.
-Dynamic Kubelet Config (beta): This field should not be updated without a full node
+ systemReservedCgroup helps the kubelet identify absolute name of top level CGroup used
+to enforce `systemReserved` compute resource reservation for OS system daemons.
+Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md)
+doc for more information.
+Dynamic Kubelet Config (deprecated): This field should not be updated without a full node
reboot. It is safest to keep this value the same as the local config.
Default: ""
@@ -1133,9 +1287,11 @@ Default: ""
string
- This flag helps kubelet identify absolute name of top level cgroup used to enforce `KubeReserved` compute resource reservation for Kubernetes node system daemons.
-Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information.
-Dynamic Kubelet Config (beta): This field should not be updated without a full node
+ kubeReservedCgroup helps the kubelet identify absolute name of top level CGroup used
+to enforce `KubeReserved` compute resource reservation for Kubernetes node system daemons.
+Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md)
+doc for more information.
+Dynamic Kubelet Config (deprecated): This field should not be updated without a full node
reboot. It is safest to keep this value the same as the local config.
Default: ""
@@ -1146,10 +1302,16 @@ Default: ""
This flag specifies the various Node Allocatable enforcements that Kubelet needs to perform.
-This flag accepts a list of options. Acceptable options are `none`, `pods`, `system-reserved` & `kube-reserved`.
+This flag accepts a list of options. Acceptable options are `none`, `pods`,
+`system-reserved` and `kube-reserved`.
If `none` is specified, no other options may be specified.
-Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md) doc for more information.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+When `system-reserved` is in the list, systemReservedCgroup must be specified.
+When `kube-reserved` is in the list, kubeReservedCgroup must be specified.
+This field is supported only when `cgroupsPerQOS` is set to true.
+Refer to [Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md)
+for more information.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
removing enforcements may reduce the stability of the node. Alternatively, adding
enforcements may reduce the stability of components which were using more than
the reserved amount of resources; for example, enforcing kube-reserved may cause
@@ -1163,9 +1325,9 @@ Default: ["pods"]
[]string
- A comma separated whitelist of unsafe sysctls or sysctl patterns (ending in ∗).
-Unsafe sysctl groups are kernel.shm∗, kernel.msg∗, kernel.sem, fs.mqueue.∗, and net.∗.
-These sysctls are namespaced but not allowed by default. For example: "kernel.msg∗,net.ipv4.route.min_pmtu"
+ A comma separated whitelist of unsafe sysctls or sysctl patterns (ending in `∗`).
+Unsafe sysctl groups are `kernel.shm∗`, `kernel.msg∗`, `kernel.sem`, `fs.mqueue.∗`,
+and `net.∗`. For example: "`kernel.msg∗,net.ipv4.route.min_pmtu`"
Default: []
@@ -1176,7 +1338,8 @@ Default: []
volumePluginDir is the full path of the directory in which to search
for additional third party volume plugins.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that changing
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that changing
the volumePluginDir may disrupt workloads relying on third party volume plugins.
Default: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/"
- providerID, if set, sets the unique id of the instance that an external provider (i.e. cloudprovider)
-can use to identify a specific node.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ providerID, if set, sets the unique ID of the instance that an external
+provider (i.e. cloudprovider) can use to identify a specific node.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may impact the ability of the Kubelet to interact with cloud providers.
Default: ""
@@ -1198,9 +1362,11 @@ Default: ""
bool
- kernelMemcgNotification, if set, the kubelet will integrate with the kernel memcg notification
-to determine if memory eviction thresholds are crossed rather than polling.
-Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
+ kernelMemcgNotification, if set, instructs the the kubelet to integrate with the
+kernel memcg notification for determining if memory eviction thresholds are
+exceeded rather than polling.
+If DynamicKubeletConfig (deprecated; default off) is on, when
+dynamically updating this field, consider that
it may impact the way Kubelet interacts with the kernel.
Default: false
- Logging specifies the options of logging.
-Refer [Logs Options](https://github.com/kubernetes/component-base/blob/master/logs/options.go) for more information.
-Defaults:
+ logging specifies the options of logging.
+Refer to [Logs Options](https://github.com/kubernetes/component-base/blob/master/logs/options.go)
+for more information.
+Default:
Format: text
- ShutdownGracePeriod specifies the total duration that the node should delay the shutdown and total grace period for pod termination during a node shutdown.
-Default: "30s"
+ shutdownGracePeriod specifies the total duration that the node should delay the
+shutdown and total grace period for pod termination during a node shutdown.
+Default: "0s"
@@ -1239,9 +1407,81 @@ Default: "30s"
meta/v1.Duration
- ShutdownGracePeriodCriticalPods specifies the duration used to terminate critical pods during a node shutdown. This should be less than ShutdownGracePeriod.
-For example, if ShutdownGracePeriod=30s, and ShutdownGracePeriodCriticalPods=10s, during a node shutdown the first 20 seconds would be reserved for gracefully terminating normal pods, and the last 10 seconds would be reserved for terminating critical pods.
-Default: "10s"
+ shutdownGracePeriodCriticalPods specifies the duration used to terminate critical
+pods during a node shutdown. This should be less than shutdownGracePeriod.
+For example, if shutdownGracePeriod=30s, and shutdownGracePeriodCriticalPods=10s,
+during a node shutdown the first 20 seconds would be reserved for gracefully
+terminating normal pods, and the last 10 seconds would be reserved for terminating
+critical pods.
+Default: "0s"
+
+
+
+
+ reservedMemory specifies a comma-separated list of memory reservations for NUMA nodes.
+The parameter makes sense only in the context of the memory manager feature.
+The memory manager will not allocate reserved memory for container workloads.
+For example, if you have a NUMA0 with 10Gi of memory and the reservedMemory was
+specified to reserve 1Gi of memory at NUMA0, the memory manager will assume that
+only 9Gi is available for allocation.
+You can specify a different amount of NUMA node and memory types.
+You can omit this parameter at all, but you should be aware that the amount of
+reserved memory from all NUMA nodes should be equal to the amount of memory specified
+by the [node allocatable](https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable).
+If at least one node allocatable parameter has a non-zero value, you will need
+to specify at least one NUMA node.
+Also, avoid specifying:
+
+1. Duplicates, the same NUMA node, and memory type, but with a different value.
+2. zero limits for any memory type.
+3. NUMAs nodes IDs that do not exist under the machine.
+4. memory types except for memory and hugepages-
+
+Default: nil
+
+
+
+
enableProfilingHandler
+bool
+
+
+ enableProfilingHandler enables profiling via web interface host:port/debug/pprof/
+Default: true
+
+
+
+
enableDebugFlagsHandler
+bool
+
+
+ enableDebugFlagsHandler enables flags endpoint via web interface host:port/debug/flags/v
+Default: true
+
+
+
+
seccompDefault
+bool
+
+
+ SeccompDefault enables the use of `RuntimeDefault` as the default seccomp profile for all workloads.
+This requires the corresponding SeccompDefault feature gate to be enabled as well.
+Default: false
+
+
+
+
memoryThrottlingFactor
+float64
+
+
+ MemoryThrottlingFactor specifies the factor multiplied by the memory limit or node allocatable memory
+when setting the cgroupv2 memory.high value to enforce MemoryQoS.
+Decreasing this factor will set lower high limit for container cgroups and put heavier reclaim pressure
+while increasing will put less reclaim pressure.
+See http://kep.k8s.io/2570 for more details.
+Default: 0.8
@@ -1271,10 +1511,10 @@ It exists in the kubeletconfig API group because it is classified as a versioned
enabled allows anonymous requests to the kubelet server.
-Requests that are not rejected by another authentication method are treated as anonymous requests.
-Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated.
+Requests that are not rejected by another authentication method are treated as
+anonymous requests.
+Anonymous requests have a username of `system:anonymous`, and a group name of
+`system:unauthenticated`.
@@ -1351,7 +1593,7 @@ Anonymous requests have a username of system:anonymous, and a group name of syst
KubeletX509Authentication
- x509 contains settings related to x509 client certificate authentication
+ x509 contains settings related to x509 client certificate authentication.
@@ -1359,7 +1601,7 @@ Anonymous requests have a username of system:anonymous, and a group name of syst
KubeletWebhookAuthentication
- webhook contains settings related to webhook bearer token authentication
+ webhook contains settings related to webhook bearer token authentication.
@@ -1367,7 +1609,7 @@ Anonymous requests have a username of system:anonymous, and a group name of syst
KubeletAnonymousAuthentication
- anonymous contains settings related to anonymous authentication
+ anonymous contains settings related to anonymous authentication.
@@ -1399,7 +1641,7 @@ Anonymous requests have a username of system:anonymous, and a group name of syst
mode is the authorization mode to apply to requests to the kubelet server.
-Valid values are AlwaysAllow and Webhook.
+Valid values are `AlwaysAllow` and `Webhook`.
Webhook mode uses the SubjectAccessReview API to determine authorization.
@@ -1455,7 +1697,8 @@ Webhook mode uses the SubjectAccessReview API to determine authorization.
bool
- enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API
+ enabled allows bearer token authentication backed by the
+tokenreviews.authentication.k8s.io API.
@@ -1494,7 +1737,8 @@ Webhook mode uses the SubjectAccessReview API to determine authorization.
meta/v1.Duration
- cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer.
+ cacheAuthorizedTTL is the duration to cache 'authorized' responses from the
+webhook authorizer.
@@ -1502,7 +1746,8 @@ Webhook mode uses the SubjectAccessReview API to determine authorization.
meta/v1.Duration
- cacheUnauthorizedTTL is the duration to cache 'unauthorized' responses from the webhook authorizer.
+ cacheUnauthorizedTTL is the duration to cache 'unauthorized' responses from
+the webhook authorizer.
@@ -1533,8 +1778,9 @@ Webhook mode uses the SubjectAccessReview API to determine authorization.
string
- clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate
-signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName,
+ clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request
+presenting a client certificate signed by one of the authorities in the bundle
+is authenticated with a username corresponding to the CommonName,
and groups corresponding to the Organization in the client certificate.
@@ -1544,6 +1790,80 @@ and groups corresponding to the Organization in the client certificate.
+## `MemoryReservation` {#kubelet-config-k8s-io-v1beta1-MemoryReservation}
+
+
+
+
+**Appears in:**
+
+- [KubeletConfiguration](#kubelet-config-k8s-io-v1beta1-KubeletConfiguration)
+
+
+MemoryReservation specifies the memory reservation of different types for each NUMA node
+
+
+ swapBehavior configures swap memory available to container workloads. May be one of
+"", "LimitedSwap": workload combined memory and swap usage cannot exceed pod memory limit
+"UnlimitedSwap": workloads can use unlimited swap, up to the allocatable limit.
+
+
+
+
+
+
+
+
## `ResourceChangeDetectionStrategy` {#kubelet-config-k8s-io-v1beta1-ResourceChangeDetectionStrategy}
(Alias of `string`)
diff --git a/content/en/docs/reference/glossary/affinity.md b/content/en/docs/reference/glossary/affinity.md
new file mode 100644
index 0000000000..e5cfc92ea2
--- /dev/null
+++ b/content/en/docs/reference/glossary/affinity.md
@@ -0,0 +1,22 @@
+---
+title: Affinity
+id: affinity
+date: 2019-01-11
+full_link: /docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+short_description: >
+ Rules used by the scheduler to determine where to place pods
+aka:
+tags:
+- fundamental
+---
+
+In Kubernetes, _affinity_ is a set of rules that give hints to the scheduler about where to place pods.
+
+
+There are two kinds of affinity:
+* [node affinity](/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity)
+* [pod-to-pod affinity](/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity)
+
+The rules are defined using the Kubernetes {{< glossary_tooltip term_id="label" text="labels">}},
+and {{< glossary_tooltip term_id="selector" text="selectors">}} specified in {{< glossary_tooltip term_id="pod" text="pods" >}},
+and they can be either required or preferred, depending on how strictly you want the scheduler to enforce them.
diff --git a/content/en/docs/reference/glossary/annotation.md b/content/en/docs/reference/glossary/annotation.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/api-eviction.md b/content/en/docs/reference/glossary/api-eviction.md
index b13238c955..69fc9d9b0c 100644
--- a/content/en/docs/reference/glossary/api-eviction.md
+++ b/content/en/docs/reference/glossary/api-eviction.md
@@ -2,7 +2,7 @@
title: API-initiated eviction
id: api-eviction
date: 2021-04-27
-full_link: /docs/concepts/scheduling-eviction/pod-eviction/#api-eviction
+full_link: /docs/concepts/scheduling-eviction/api-eviction/
short_description: >
API-initiated eviction is the process by which you use the Eviction API to create an
Eviction object that triggers graceful pod termination.
diff --git a/content/en/docs/reference/glossary/application-architect.md b/content/en/docs/reference/glossary/application-architect.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/application-developer.md b/content/en/docs/reference/glossary/application-developer.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/approver.md b/content/en/docs/reference/glossary/approver.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/certificate.md b/content/en/docs/reference/glossary/certificate.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/cla.md b/content/en/docs/reference/glossary/cla.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/cloud-controller-manager.md b/content/en/docs/reference/glossary/cloud-controller-manager.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/cloud-provider.md b/content/en/docs/reference/glossary/cloud-provider.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/cluster-architect.md b/content/en/docs/reference/glossary/cluster-architect.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/cluster-operator.md b/content/en/docs/reference/glossary/cluster-operator.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/cluster.md b/content/en/docs/reference/glossary/cluster.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/cncf.md b/content/en/docs/reference/glossary/cncf.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/code-contributor.md b/content/en/docs/reference/glossary/code-contributor.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/configmap.md b/content/en/docs/reference/glossary/configmap.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/container-env-variables.md b/content/en/docs/reference/glossary/container-env-variables.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/container.md b/content/en/docs/reference/glossary/container.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/contributor.md b/content/en/docs/reference/glossary/contributor.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/controller.md b/content/en/docs/reference/glossary/controller.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/cronjob.md b/content/en/docs/reference/glossary/cronjob.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/customresourcedefinition.md b/content/en/docs/reference/glossary/customresourcedefinition.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/daemonset.md b/content/en/docs/reference/glossary/daemonset.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/deployment.md b/content/en/docs/reference/glossary/deployment.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/developer.md b/content/en/docs/reference/glossary/developer.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/docker.md b/content/en/docs/reference/glossary/docker.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/downstream.md b/content/en/docs/reference/glossary/downstream.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/dynamic-volume-provisioning.md b/content/en/docs/reference/glossary/dynamic-volume-provisioning.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/etcd.md b/content/en/docs/reference/glossary/etcd.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/eviction.md b/content/en/docs/reference/glossary/eviction.md
new file mode 100644
index 0000000000..4437e43354
--- /dev/null
+++ b/content/en/docs/reference/glossary/eviction.md
@@ -0,0 +1,18 @@
+---
+title: Eviction
+id: eviction
+date: 2021-05-08
+full_link: /docs/concepts/scheduling-eviction/
+short_description: >
+ Process of terminating one or more Pods on Nodes
+aka:
+tags:
+- operation
+---
+
+Eviction is the process of terminating one or more Pods on Nodes.
+
+
+There are two kinds of eviction:
+* [Node-pressure eviction](/docs/concepts/scheduling-eviction/node-pressure-eviction/)
+* [API-initiated eviction](/docs/concepts/scheduling-eviction/api-eviction/)
diff --git a/content/en/docs/reference/glossary/finalizer.md b/content/en/docs/reference/glossary/finalizer.md
new file mode 100644
index 0000000000..c44386fbf3
--- /dev/null
+++ b/content/en/docs/reference/glossary/finalizer.md
@@ -0,0 +1,31 @@
+---
+title: Finalizer
+id: finalizer
+date: 2021-07-07
+full_link: /docs/concepts/overview/working-with-objects/finalizers/
+short_description: >
+ A namespaced key that tells Kubernetes to wait until specific conditions are met
+ before it fully deletes an object marked for deletion.
+aka:
+tags:
+- fundamental
+- operation
+---
+Finalizers are namespaced keys that tell Kubernetes to wait until specific
+conditions are met before it fully deletes resources marked for deletion.
+Finalizers alert {{}}
+to clean up resources the deleted object owned.
+
+
+
+When you tell Kubernetes to delete an object that has finalizers specified for
+it, the Kubernetes API marks the object for deletion, putting it into a
+read-only state. The target object remains in a terminating state while the
+control plane, or other components, take the actions defined by the finalizers.
+After these actions are complete, the controller removes the relevant finalizers
+from the target object. When the `metadata.finalizers` field is empty,
+Kubernetes considers the deletion complete.
+
+You can use finalizers to control {{}}
+of resources. For example, you can define a finalizer to clean up related resources or
+infrastructure before the controller deletes the target resource.
\ No newline at end of file
diff --git a/content/en/docs/reference/glossary/garbage-collection.md b/content/en/docs/reference/glossary/garbage-collection.md
new file mode 100644
index 0000000000..ec2fe19af7
--- /dev/null
+++ b/content/en/docs/reference/glossary/garbage-collection.md
@@ -0,0 +1,24 @@
+---
+title: Garbage Collection
+id: garbage-collection
+date: 2021-07-07
+full_link: /docs/concepts/workloads/controllers/garbage-collection/
+short_description: >
+ A collective term for the various mechanisms Kubernetes uses to clean up cluster
+ resources.
+
+aka:
+tags:
+- fundamental
+- operation
+---
+ Garbage collection is a collective term for the various mechanisms Kubernetes uses to clean up
+ cluster resources.
+
+
+
+Kubernetes uses garbage collection to clean up resources like [unused containers and images](/docs/concepts/workloads/controllers/garbage-collection/#containers-images),
+[failed Pods](/docs/concepts/workloads/pods/pod-lifecycle/#pod-garbage-collection),
+[objects owned by the targeted resource](/docs/concepts/overview/working-with-objects/owners-dependents/),
+[completed Jobs](/docs/concepts/workloads/controllers/ttlafterfinished/), and resources
+that have expired or failed.
\ No newline at end of file
diff --git a/content/en/docs/reference/glossary/helm-chart.md b/content/en/docs/reference/glossary/helm-chart.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/horizontal-pod-autoscaler.md b/content/en/docs/reference/glossary/horizontal-pod-autoscaler.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/image.md b/content/en/docs/reference/glossary/image.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/index.md b/content/en/docs/reference/glossary/index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/ingress.md b/content/en/docs/reference/glossary/ingress.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/init-container.md b/content/en/docs/reference/glossary/init-container.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/istio.md b/content/en/docs/reference/glossary/istio.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/job.md b/content/en/docs/reference/glossary/job.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/kops.md b/content/en/docs/reference/glossary/kops.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/kube-apiserver.md b/content/en/docs/reference/glossary/kube-apiserver.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/kube-controller-manager.md b/content/en/docs/reference/glossary/kube-controller-manager.md
old mode 100755
new mode 100644
index fa4205292c..78c22b32c7
--- a/content/en/docs/reference/glossary/kube-controller-manager.md
+++ b/content/en/docs/reference/glossary/kube-controller-manager.md
@@ -11,7 +11,7 @@ tags:
- architecture
- fundamental
---
- Control Plane component that runs {{< glossary_tooltip text="controller" term_id="controller" >}} processes.
+ Control plane component that runs {{< glossary_tooltip text="controller" term_id="controller" >}} processes.
diff --git a/content/en/docs/reference/glossary/kube-proxy.md b/content/en/docs/reference/glossary/kube-proxy.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/kube-scheduler.md b/content/en/docs/reference/glossary/kube-scheduler.md
old mode 100755
new mode 100644
index a1a91a1527..96fc11a71d
--- a/content/en/docs/reference/glossary/kube-scheduler.md
+++ b/content/en/docs/reference/glossary/kube-scheduler.md
@@ -2,7 +2,7 @@
title: kube-scheduler
id: kube-scheduler
date: 2018-04-12
-full_link: /docs/reference/generated/kube-scheduler/
+full_link: /docs/reference/command-line-tools-reference/kube-scheduler/
short_description: >
Control plane component that watches for newly created pods with no assigned node, and selects a node for them to run on.
diff --git a/content/en/docs/reference/glossary/kubeadm.md b/content/en/docs/reference/glossary/kubeadm.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/kubectl.md b/content/en/docs/reference/glossary/kubectl.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/kubelet.md b/content/en/docs/reference/glossary/kubelet.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/kubernetes-api.md b/content/en/docs/reference/glossary/kubernetes-api.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/label.md b/content/en/docs/reference/glossary/label.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/limitrange.md b/content/en/docs/reference/glossary/limitrange.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/managed-service.md b/content/en/docs/reference/glossary/managed-service.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/member.md b/content/en/docs/reference/glossary/member.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/minikube.md b/content/en/docs/reference/glossary/minikube.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/mirror-pod.md b/content/en/docs/reference/glossary/mirror-pod.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/name.md b/content/en/docs/reference/glossary/name.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/namespace.md b/content/en/docs/reference/glossary/namespace.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/network-policy.md b/content/en/docs/reference/glossary/network-policy.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/node.md b/content/en/docs/reference/glossary/node.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/object.md b/content/en/docs/reference/glossary/object.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/operator-pattern.md b/content/en/docs/reference/glossary/operator-pattern.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/persistent-volume-claim.md b/content/en/docs/reference/glossary/persistent-volume-claim.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/persistent-volume.md b/content/en/docs/reference/glossary/persistent-volume.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/platform-developer.md b/content/en/docs/reference/glossary/platform-developer.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/pod-priority.md b/content/en/docs/reference/glossary/pod-priority.md
index 994f8bc4d8..f0e0a0f1c6 100644
--- a/content/en/docs/reference/glossary/pod-priority.md
+++ b/content/en/docs/reference/glossary/pod-priority.md
@@ -2,7 +2,7 @@
title: Pod Priority
id: pod-priority
date: 2019-01-31
-full_link: /docs/concepts/configuration/pod-priority-preemption/#pod-priority
+full_link: /docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority
short_description: >
Pod Priority indicates the importance of a Pod relative to other Pods.
@@ -14,4 +14,4 @@ tags:
-[Pod Priority](/docs/concepts/configuration/pod-priority-preemption/#pod-priority) gives the ability to set scheduling priority of a Pod to be higher and lower than other Pods — an important feature for production clusters workload.
+[Pod Priority](/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) gives the ability to set scheduling priority of a Pod to be higher and lower than other Pods — an important feature for production clusters workload.
diff --git a/content/en/docs/reference/glossary/pod-security-policy.md b/content/en/docs/reference/glossary/pod-security-policy.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/pod.md b/content/en/docs/reference/glossary/pod.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/preemption.md b/content/en/docs/reference/glossary/preemption.md
index f27e36c66f..1a1f0e929a 100644
--- a/content/en/docs/reference/glossary/preemption.md
+++ b/content/en/docs/reference/glossary/preemption.md
@@ -2,7 +2,7 @@
title: Preemption
id: preemption
date: 2019-01-31
-full_link: /docs/concepts/configuration/pod-priority-preemption/#preemption
+full_link: /docs/concepts/scheduling-eviction/pod-priority-preemption/#preemption
short_description: >
Preemption logic in Kubernetes helps a pending Pod to find a suitable Node by evicting low priority Pods existing on that Node.
@@ -14,4 +14,4 @@ tags:
-If a Pod cannot be scheduled, the scheduler tries to [preempt](/docs/concepts/configuration/pod-priority-preemption/#preemption) lower priority Pods to make scheduling of the pending Pod possible.
+If a Pod cannot be scheduled, the scheduler tries to [preempt](/docs/concepts/scheduling-eviction/pod-priority-preemption/#preemption) lower priority Pods to make scheduling of the pending Pod possible.
diff --git a/content/en/docs/reference/glossary/proxy.md b/content/en/docs/reference/glossary/proxy.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/qos-class.md b/content/en/docs/reference/glossary/qos-class.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/rbac.md b/content/en/docs/reference/glossary/rbac.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/replica-set.md b/content/en/docs/reference/glossary/replica-set.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/replication-controller.md b/content/en/docs/reference/glossary/replication-controller.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/resource-quota.md b/content/en/docs/reference/glossary/resource-quota.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/reviewer.md b/content/en/docs/reference/glossary/reviewer.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/secret.md b/content/en/docs/reference/glossary/secret.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/security-context.md b/content/en/docs/reference/glossary/security-context.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/selector.md b/content/en/docs/reference/glossary/selector.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/service-account.md b/content/en/docs/reference/glossary/service-account.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/service-broker.md b/content/en/docs/reference/glossary/service-broker.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/service-catalog.md b/content/en/docs/reference/glossary/service-catalog.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/service.md b/content/en/docs/reference/glossary/service.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/sig.md b/content/en/docs/reference/glossary/sig.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/statefulset.md b/content/en/docs/reference/glossary/statefulset.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/static-pod.md b/content/en/docs/reference/glossary/static-pod.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/storage-class.md b/content/en/docs/reference/glossary/storage-class.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/sysctl.md b/content/en/docs/reference/glossary/sysctl.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/uid.md b/content/en/docs/reference/glossary/uid.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/upstream.md b/content/en/docs/reference/glossary/upstream.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/userns.md b/content/en/docs/reference/glossary/userns.md
new file mode 100644
index 0000000000..acfe754993
--- /dev/null
+++ b/content/en/docs/reference/glossary/userns.md
@@ -0,0 +1,28 @@
+---
+title: user namespace
+id: userns
+date: 2021-07-13
+full_link: https://man7.org/linux/man-pages/man7/user_namespaces.7.html
+short_description: >
+ A Linux kernel feature to emulate superuser privilege for unprivileged users.
+
+aka:
+tags:
+- security
+---
+
+A kernel feature to emulate root. Used for "rootless containers".
+
+
+
+User namespaces are a Linux kernel feature that allows a non-root user to
+emulate superuser ("root") privileges,
+for example in order to run containers without being a superuser outside the container.
+
+User namespace is effective for mitigating damage of potential container break-out attacks.
+
+In the context of user namespaces, the namespace is a Linux kernel feature, and not a
+{{< glossary_tooltip text="namespace" term_id="namespace" >}} in the Kubernetes sense
+of the term.
+
+
diff --git a/content/en/docs/reference/glossary/volume-plugin.md b/content/en/docs/reference/glossary/volume-plugin.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/volume.md b/content/en/docs/reference/glossary/volume.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/glossary/wg.md b/content/en/docs/reference/glossary/wg.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/issues-security/security.md b/content/en/docs/reference/issues-security/security.md
index 43b01a4172..7fe91a037a 100644
--- a/content/en/docs/reference/issues-security/security.md
+++ b/content/en/docs/reference/issues-security/security.md
@@ -29,7 +29,7 @@ To make a report, submit your vulnerability to the [Kubernetes bug bounty progra
You can also email the private [security@kubernetes.io](mailto:security@kubernetes.io) list with the security details and the details expected for [all Kubernetes bug reports](https://git.k8s.io/kubernetes/.github/ISSUE_TEMPLATE/bug-report.md).
-You may encrypt your email to this list using the GPG keys of the [Product Security Committee members](https://git.k8s.io/security/README.md#product-security-committee-psc). Encryption using GPG is NOT required to make a disclosure.
+You may encrypt your email to this list using the GPG keys of the [Security Response Committee members](https://git.k8s.io/security/README.md#product-security-committee-psc). Encryption using GPG is NOT required to make a disclosure.
### When Should I Report a Vulnerability?
@@ -47,13 +47,13 @@ You may encrypt your email to this list using the GPG keys of the [Product Secur
## Security Vulnerability Response
-Each report is acknowledged and analyzed by Product Security Committee members within 3 working days. This will set off the [Security Release Process](https://git.k8s.io/security/security-release-process.md#disclosures).
+Each report is acknowledged and analyzed by Security Response Committee members within 3 working days. This will set off the [Security Release Process](https://git.k8s.io/security/security-release-process.md#disclosures).
-Any vulnerability information shared with Product Security Committee stays within Kubernetes project and will not be disseminated to other projects unless it is necessary to get the issue fixed.
+Any vulnerability information shared with Security Response Committee stays within Kubernetes project and will not be disseminated to other projects unless it is necessary to get the issue fixed.
As the security issue moves from triage, to identified fix, to release planning we will keep the reporter updated.
## Public Disclosure Timing
-A public disclosure date is negotiated by the Kubernetes Product Security Committee and the bug submitter. We prefer to fully disclose the bug as soon as possible once a user mitigation is available. It is reasonable to delay disclosure when the bug or the fix is not yet fully understood, the solution is not well-tested, or for vendor coordination. The timeframe for disclosure is from immediate (especially if it's already publicly known) to a few weeks. For a vulnerability with a straightforward mitigation, we expect report date to disclosure date to be on the order of 7 days. The Kubernetes Product Security Committee holds the final say when setting a disclosure date.
+A public disclosure date is negotiated by the Kubernetes Security Response Committee and the bug submitter. We prefer to fully disclose the bug as soon as possible once a user mitigation is available. It is reasonable to delay disclosure when the bug or the fix is not yet fully understood, the solution is not well-tested, or for vendor coordination. The timeframe for disclosure is from immediate (especially if it's already publicly known) to a few weeks. For a vulnerability with a straightforward mitigation, we expect report date to disclosure date to be on the order of 7 days. The Kubernetes Security Response Committee holds the final say when setting a disclosure date.
diff --git a/content/en/docs/reference/kubectl/_index.md b/content/en/docs/reference/kubectl/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/kubectl/kubectl.md b/content/en/docs/reference/kubectl/kubectl.md
index 2cb2db7f9f..1b855168e5 100644
--- a/content/en/docs/reference/kubectl/kubectl.md
+++ b/content/en/docs/reference/kubectl/kubectl.md
@@ -328,7 +328,31 @@ kubectl [flags]
+## {{% heading "envvars" %}}
+
+
+
+
+
+
+
+
+
KUBECONFIG
+
+
+
Path to the kubectl configuration ("kubeconfig") file. Default: "$HOME/.kube/config"
+
+
+
+
KUBECTL_COMMAND_HEADERS
+
+
+
When set to false, turns off extra HTTP headers detailing invoked kubectl command (Kubernetes version v1.22 or later)
+
+
+
+
## {{% heading "seealso" %}}
diff --git a/content/en/docs/reference/kubectl/overview.md b/content/en/docs/reference/kubectl/overview.md
index f8ec7e5603..611065eead 100644
--- a/content/en/docs/reference/kubectl/overview.md
+++ b/content/en/docs/reference/kubectl/overview.md
@@ -71,6 +71,32 @@ Flags that you specify from the command line override default values and any cor
If you need help, run `kubectl help` from the terminal window.
+## In-cluster authentication and namespace overrides
+
+By default `kubectl` will first determine if it is running within a pod, and thus in a cluster. It starts by checking for the `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` environment variables and the existence of a service account token file at `/var/run/secrets/kubernetes.io/serviceaccount/token`. If all three are found in-cluster authentication is assumed.
+
+To maintain backwards compatibility, if the `POD_NAMESPACE` environment variable is set during in-cluster authentication it will override the default namespace from the from the service account token. Any manifests or tools relying on namespace defaulting will be affected by this.
+
+**`POD_NAMESPACE` environment variable**
+
+If the `POD_NAMESPACE` environment variable is set, cli operations on namespaced resources will default to the variable value. For example, if the variable is set to `seattle`, `kubectl get pods` would return pods in the `seattle` namespace. This is because pods are a namespaced resource, and no namespace was provided in the command. Review the output of `kubectl api-resources` to determine if a resource is namespaced.
+
+Explicit use of `--namespace ` overrides this behavior.
+
+**How kubectl handles ServiceAccount tokens**
+
+If:
+* there is Kubernetes service account token file mounted at
+ `/var/run/secrets/kubernetes.io/serviceaccount/token`, and
+* the `KUBERNETES_SERVICE_HOST` environment variable is set, and
+* the `KUBERNETES_SERVICE_PORT` environment variable is set, and
+* you don't explicitly specify a namespace on the kubectl command line
+then kubectl assumes it is running in your cluster. The kubectl tool looks up the
+namespace of that ServiceAccount (this is the same as the namespace of the Pod)
+and acts against that namespace. This is different from what happens outside of a
+cluster; when kubectl runs outside a cluster and you don't specify a namespace,
+the kubectl command acts against the `default` namespace.
+
## Operations
The following table includes short descriptions and the general syntax for all of the `kubectl` operations:
@@ -89,7 +115,7 @@ Operation | Syntax | Description
`cluster-info` | `kubectl cluster-info [flags]` | Display endpoint information about the master and services in the cluster.
`completion` | `kubectl completion SHELL [options]` | Output shell completion code for the specified shell (bash or zsh).
`config` | `kubectl config SUBCOMMAND [flags]` | Modifies kubeconfig files. See the individual subcommands for details.
-`convert` | `kubectl convert -f FILENAME [options]` | Convert config files between different API versions. Both YAML and JSON formats are accepted.
+`convert` | `kubectl convert -f FILENAME [options]` | Convert config files between different API versions. Both YAML and JSON formats are accepted. Note - requires `kubectl-convert` plugin to be installed.
`cordon` | `kubectl cordon NODE [options]` | Mark node as unschedulable.
`cp` | `kubectl cp [options]` | Copy files and directories to and from containers.
`create` | `kubectl create -f FILENAME [flags]` | Create one or more resources from a file or stdin.
diff --git a/content/en/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1.md b/content/en/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1.md
index 5cf56dd6e6..a02b668387 100644
--- a/content/en/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1.md
+++ b/content/en/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1.md
@@ -49,7 +49,7 @@ This API can be used to request client certificates to authenticate to kube-apis
- **spec** (}}">CertificateSigningRequestSpec), required
- spec contains the certificate request, and is immutable after creation. Only the request, signerName, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users.
+ spec contains the certificate request, and is immutable after creation. Only the request, signerName, expirationSeconds, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users.
- **status** (}}">CertificateSigningRequestStatus)
@@ -95,6 +95,23 @@ CertificateSigningRequestSpec contains the certificate request.
5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
6. Whether or not requests for CA certificates are allowed.
+- **expirationSeconds** (int32)
+
+ expirationSeconds is the requested duration of validity of the issued certificate. The certificate signer may issue a certificate with a different validity duration so a client must check the delta between the notBefore and and notAfter fields in the issued certificate to determine the actual duration.
+
+ The v1.22+ in-tree implementations of the well-known Kubernetes signers will honor this field as long as the requested duration is not greater than the maximum duration they will honor per the --cluster-signing-duration CLI flag to the Kubernetes controller manager.
+
+ Certificate signers may not honor this field for various reasons:
+
+ 1. Old signer that is unaware of the field (such as the in-tree
+ implementations prior to v1.22)
+ 2. Signer whose configured maximum is shorter than the requested duration
+ 3. Signer whose configured minimum is longer than the requested duration
+
+ The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
+
+ As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
+
- **extra** (map[string][]string)
extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
@@ -630,6 +647,8 @@ PATCH /apis/certificates.k8s.io/v1/certificatesigningrequests/{name}
200 (}}">CertificateSigningRequest): OK
+201 (}}">CertificateSigningRequest): Created
+
401: Unauthorized
@@ -678,6 +697,8 @@ PATCH /apis/certificates.k8s.io/v1/certificatesigningrequests/{name}/approval
200 (}}">CertificateSigningRequest): OK
+201 (}}">CertificateSigningRequest): Created
+
401: Unauthorized
@@ -726,6 +747,8 @@ PATCH /apis/certificates.k8s.io/v1/certificatesigningrequests/{name}/status
200 (}}">CertificateSigningRequest): OK
+201 (}}">CertificateSigningRequest): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/authentication-resources/service-account-v1.md b/content/en/docs/reference/kubernetes-api/authentication-resources/service-account-v1.md
index a83d44bbf9..250bc29d07 100644
--- a/content/en/docs/reference/kubernetes-api/authentication-resources/service-account-v1.md
+++ b/content/en/docs/reference/kubernetes-api/authentication-resources/service-account-v1.md
@@ -416,6 +416,8 @@ PATCH /api/v1/namespaces/{namespace}/serviceaccounts/{name}
200 (}}">ServiceAccount): OK
+201 (}}">ServiceAccount): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/authentication-resources/token-request-v1.md b/content/en/docs/reference/kubernetes-api/authentication-resources/token-request-v1.md
index b9ee5ab858..f215074e82 100644
--- a/content/en/docs/reference/kubernetes-api/authentication-resources/token-request-v1.md
+++ b/content/en/docs/reference/kubernetes-api/authentication-resources/token-request-v1.md
@@ -40,12 +40,15 @@ TokenRequest requests a token for a given service account.
- **metadata** (}}">ObjectMeta)
+ Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (}}">TokenRequestSpec), required
+ Spec holds information about the request being evaluated
- **status** (}}">TokenRequestStatus)
+ Status is filled in by the server and indicates whether the token can be authenticated.
diff --git a/content/en/docs/reference/kubernetes-api/authentication-resources/token-review-v1.md b/content/en/docs/reference/kubernetes-api/authentication-resources/token-review-v1.md
index df71bf4e1a..8740fb27a4 100644
--- a/content/en/docs/reference/kubernetes-api/authentication-resources/token-review-v1.md
+++ b/content/en/docs/reference/kubernetes-api/authentication-resources/token-review-v1.md
@@ -40,6 +40,7 @@ TokenReview attempts to authenticate a token to a known user. Note: TokenReview
- **metadata** (}}">ObjectMeta)
+ Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (}}">TokenReviewSpec), required
diff --git a/content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-binding-v1.md b/content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-binding-v1.md
index ad6a0ff732..993148295b 100644
--- a/content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-binding-v1.md
+++ b/content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-binding-v1.md
@@ -351,6 +351,8 @@ PATCH /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/{name}
200 (}}">ClusterRoleBinding): OK
+201 (}}">ClusterRoleBinding): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1.md b/content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1.md
index cc58c7804e..307d6ffff0 100644
--- a/content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1.md
+++ b/content/en/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1.md
@@ -66,11 +66,11 @@ ClusterRole is a cluster level, logical grouping of PolicyRules that can be refe
- **rules.resources** ([]string)
- Resources is a list of resources this rule applies to. ResourceAll represents all resources.
+ Resources is a list of resources this rule applies to. '*' represents all resources.
- **rules.verbs** ([]string), required
- Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
+ Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. '*' represents all verbs.
- **rules.resourceNames** ([]string)
@@ -347,6 +347,8 @@ PATCH /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}
200 (}}">ClusterRole): OK
+201 (}}">ClusterRole): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/authorization-resources/local-subject-access-review-v1.md b/content/en/docs/reference/kubernetes-api/authorization-resources/local-subject-access-review-v1.md
index a163bfa743..d1a61db7d6 100644
--- a/content/en/docs/reference/kubernetes-api/authorization-resources/local-subject-access-review-v1.md
+++ b/content/en/docs/reference/kubernetes-api/authorization-resources/local-subject-access-review-v1.md
@@ -40,6 +40,7 @@ LocalSubjectAccessReview checks whether or not a user or group can perform an ac
- **metadata** (}}">ObjectMeta)
+ Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (}}">SubjectAccessReviewSpec), required
diff --git a/content/en/docs/reference/kubernetes-api/authorization-resources/role-binding-v1.md b/content/en/docs/reference/kubernetes-api/authorization-resources/role-binding-v1.md
index bb847f3370..f02dcee05a 100644
--- a/content/en/docs/reference/kubernetes-api/authorization-resources/role-binding-v1.md
+++ b/content/en/docs/reference/kubernetes-api/authorization-resources/role-binding-v1.md
@@ -444,6 +444,8 @@ PATCH /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{na
200 (}}">RoleBinding): OK
+201 (}}">RoleBinding): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/authorization-resources/role-v1.md b/content/en/docs/reference/kubernetes-api/authorization-resources/role-v1.md
index 6c1f8b1fde..d96769ef24 100644
--- a/content/en/docs/reference/kubernetes-api/authorization-resources/role-v1.md
+++ b/content/en/docs/reference/kubernetes-api/authorization-resources/role-v1.md
@@ -55,11 +55,11 @@ Role is a namespaced, logical grouping of PolicyRules that can be referenced as
- **rules.resources** ([]string)
- Resources is a list of resources this rule applies to. ResourceAll represents all resources.
+ Resources is a list of resources this rule applies to. '*' represents all resources.
- **rules.verbs** ([]string), required
- Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
+ Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. '*' represents all verbs.
- **rules.resourceNames** ([]string)
@@ -429,6 +429,8 @@ PATCH /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name}
200 (}}">Role): OK
+201 (}}">Role): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/authorization-resources/self-subject-access-review-v1.md b/content/en/docs/reference/kubernetes-api/authorization-resources/self-subject-access-review-v1.md
index 430a4a953b..a8496aab72 100644
--- a/content/en/docs/reference/kubernetes-api/authorization-resources/self-subject-access-review-v1.md
+++ b/content/en/docs/reference/kubernetes-api/authorization-resources/self-subject-access-review-v1.md
@@ -40,6 +40,7 @@ SelfSubjectAccessReview checks whether or the current user can perform an action
- **metadata** (}}">ObjectMeta)
+ Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (}}">SelfSubjectAccessReviewSpec), required
diff --git a/content/en/docs/reference/kubernetes-api/authorization-resources/self-subject-rules-review-v1.md b/content/en/docs/reference/kubernetes-api/authorization-resources/self-subject-rules-review-v1.md
index 82ab54ec4f..f8d85dc23c 100644
--- a/content/en/docs/reference/kubernetes-api/authorization-resources/self-subject-rules-review-v1.md
+++ b/content/en/docs/reference/kubernetes-api/authorization-resources/self-subject-rules-review-v1.md
@@ -40,6 +40,7 @@ SelfSubjectRulesReview enumerates the set of actions the current user can perfor
- **metadata** (}}">ObjectMeta)
+ Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (}}">SelfSubjectRulesReviewSpec), required
@@ -105,7 +106,7 @@ SelfSubjectRulesReview enumerates the set of actions the current user can perfor
## SelfSubjectRulesReviewSpec {#SelfSubjectRulesReviewSpec}
-
+SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview.
diff --git a/content/en/docs/reference/kubernetes-api/authorization-resources/subject-access-review-v1.md b/content/en/docs/reference/kubernetes-api/authorization-resources/subject-access-review-v1.md
index 5c8d23ea4d..cae105ba24 100644
--- a/content/en/docs/reference/kubernetes-api/authorization-resources/subject-access-review-v1.md
+++ b/content/en/docs/reference/kubernetes-api/authorization-resources/subject-access-review-v1.md
@@ -40,6 +40,7 @@ SubjectAccessReview checks whether or not a user or group can perform an action.
- **metadata** (}}">ObjectMeta)
+ Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (}}">SubjectAccessReviewSpec), required
diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/api-service-v1.md b/content/en/docs/reference/kubernetes-api/cluster-resources/api-service-v1.md
index 45f3629c39..9f06c7b3fe 100644
--- a/content/en/docs/reference/kubernetes-api/cluster-resources/api-service-v1.md
+++ b/content/en/docs/reference/kubernetes-api/cluster-resources/api-service-v1.md
@@ -40,6 +40,7 @@ APIService represents a server for a particular GroupVersion. Name must be "vers
- **metadata** (}}">ObjectMeta)
+ Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (}}">APIServiceSpec)
@@ -166,9 +167,11 @@ APIServiceList is a list of APIService objects.
- **metadata** (}}">ListMeta)
+ Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **items** ([]}}">APIService), required
+ Items is the list of APIService
@@ -486,6 +489,8 @@ PATCH /apis/apiregistration.k8s.io/v1/apiservices/{name}
200 (}}">APIService): OK
+201 (}}">APIService): Created
+
401: Unauthorized
@@ -534,6 +539,8 @@ PATCH /apis/apiregistration.k8s.io/v1/apiservices/{name}/status
200 (}}">APIService): OK
+201 (}}">APIService): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/event-v1.md b/content/en/docs/reference/kubernetes-api/cluster-resources/event-v1.md
index d01f3ee709..644496e7f0 100644
--- a/content/en/docs/reference/kubernetes-api/cluster-resources/event-v1.md
+++ b/content/en/docs/reference/kubernetes-api/cluster-resources/event-v1.md
@@ -492,6 +492,8 @@ PATCH /apis/events.k8s.io/v1/namespaces/{namespace}/events/{name}
200 (}}">Event): OK
+201 (}}">Event): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/flow-schema-v1beta1.md b/content/en/docs/reference/kubernetes-api/cluster-resources/flow-schema-v1beta1.md
index 8329c6016b..0df4386eb1 100644
--- a/content/en/docs/reference/kubernetes-api/cluster-resources/flow-schema-v1beta1.md
+++ b/content/en/docs/reference/kubernetes-api/cluster-resources/flow-schema-v1beta1.md
@@ -106,10 +106,11 @@ FlowSchemaSpec describes how the FlowSchema's specification looks like.
- **rules.subjects.kind** (string), required
- Required
+ `kind` indicates which one of the other fields is non-empty. Required
- **rules.subjects.group** (GroupSubject)
+ `group` matches based on user group name.
*GroupSubject holds detailed information for group-kind subject.*
@@ -120,6 +121,7 @@ FlowSchemaSpec describes how the FlowSchema's specification looks like.
- **rules.subjects.serviceAccount** (ServiceAccountSubject)
+ `serviceAccount` matches ServiceAccounts.
*ServiceAccountSubject holds detailed information for service-account-kind subject.*
@@ -134,6 +136,7 @@ FlowSchemaSpec describes how the FlowSchema's specification looks like.
- **rules.subjects.user** (UserSubject)
+ `user` matches based on username.
*UserSubject holds detailed information for user-kind subject.*
@@ -588,6 +591,8 @@ PATCH /apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas/{name}
200 (}}">FlowSchema): OK
+201 (}}">FlowSchema): Created
+
401: Unauthorized
@@ -636,6 +641,8 @@ PATCH /apis/flowcontrol.apiserver.k8s.io/v1beta1/flowschemas/{name}/status
200 (}}">FlowSchema): OK
+201 (}}">FlowSchema): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/lease-v1.md b/content/en/docs/reference/kubernetes-api/cluster-resources/lease-v1.md
index 8f74401a59..4db3251991 100644
--- a/content/en/docs/reference/kubernetes-api/cluster-resources/lease-v1.md
+++ b/content/en/docs/reference/kubernetes-api/cluster-resources/lease-v1.md
@@ -442,6 +442,8 @@ PATCH /apis/coordination.k8s.io/v1/namespaces/{namespace}/leases/{name}
200 (}}">Lease): OK
+201 (}}">Lease): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/namespace-v1.md b/content/en/docs/reference/kubernetes-api/cluster-resources/namespace-v1.md
index a05f7f4f26..8ae6934385 100644
--- a/content/en/docs/reference/kubernetes-api/cluster-resources/namespace-v1.md
+++ b/content/en/docs/reference/kubernetes-api/cluster-resources/namespace-v1.md
@@ -492,6 +492,8 @@ PATCH /api/v1/namespaces/{name}
200 (}}">Namespace): OK
+201 (}}">Namespace): Created
+
401: Unauthorized
@@ -540,6 +542,8 @@ PATCH /api/v1/namespaces/{name}/status
200 (}}">Namespace): OK
+201 (}}">Namespace): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md b/content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md
index 23764d9033..0046895782 100644
--- a/content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md
+++ b/content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md
@@ -62,17 +62,17 @@ NodeSpec describes the attributes that a node is created with.
- **configSource** (NodeConfigSource)
- If specified, the source to get node configuration from The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field
+ Deprecated. If specified, the source of the node's configuration. The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field. This field is deprecated as of 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
- *NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
+ *NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
- **configSource.configMap** (ConfigMapNodeConfigSource)
ConfigMap is a reference to a Node's ConfigMap
- *ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
+ *ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
- **configSource.configMap.kubeletConfigKey** (string), required
@@ -226,14 +226,14 @@ NodeStatus is information about the current status of a node.
Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error.
- *NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
+ *NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
- **config.active.configMap** (ConfigMapNodeConfigSource)
ConfigMap is a reference to a Node's ConfigMap
- *ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
+ *ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
- **config.active.configMap.kubeletConfigKey** (string), required
@@ -260,14 +260,14 @@ NodeStatus is information about the current status of a node.
Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned.
- *NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
+ *NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
- **config.assigned.configMap** (ConfigMapNodeConfigSource)
ConfigMap is a reference to a Node's ConfigMap
- *ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
+ *ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
- **config.assigned.configMap.kubeletConfigKey** (string), required
@@ -298,14 +298,14 @@ NodeStatus is information about the current status of a node.
LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future.
- *NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
+ *NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
- **config.lastKnownGood.configMap** (ConfigMapNodeConfigSource)
ConfigMap is a reference to a Node's ConfigMap
- *ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
+ *ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
- **config.lastKnownGood.configMap.kubeletConfigKey** (string), required
@@ -352,7 +352,7 @@ NodeStatus is information about the current status of a node.
*Describe a container image*
- - **images.names** ([]string), required
+ - **images.names** ([]string)
Names by which this image is known. e.g. ["k8s.gcr.io/hyperkube:v1.0.7", "dockerhub.io/google_containers/hyperkube:v1.0.7"]
@@ -770,6 +770,8 @@ PATCH /api/v1/nodes/{name}
200 (}}">Node): OK
+201 (}}">Node): Created
+
401: Unauthorized
@@ -818,6 +820,8 @@ PATCH /api/v1/nodes/{name}/status
200 (}}">Node): OK
+201 (}}">Node): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/priority-level-configuration-v1beta1.md b/content/en/docs/reference/kubernetes-api/cluster-resources/priority-level-configuration-v1beta1.md
index e7bd624556..eda105ab73 100644
--- a/content/en/docs/reference/kubernetes-api/cluster-resources/priority-level-configuration-v1beta1.md
+++ b/content/en/docs/reference/kubernetes-api/cluster-resources/priority-level-configuration-v1beta1.md
@@ -493,6 +493,8 @@ PATCH /apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations/{na
200 (}}">PriorityLevelConfiguration): OK
+201 (}}">PriorityLevelConfiguration): Created
+
401: Unauthorized
@@ -541,6 +543,8 @@ PATCH /apis/flowcontrol.apiserver.k8s.io/v1beta1/prioritylevelconfigurations/{na
200 (}}">PriorityLevelConfiguration): OK
+201 (}}">PriorityLevelConfiguration): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/runtime-class-v1.md b/content/en/docs/reference/kubernetes-api/cluster-resources/runtime-class-v1.md
index b505277ccc..fad02bc731 100644
--- a/content/en/docs/reference/kubernetes-api/cluster-resources/runtime-class-v1.md
+++ b/content/en/docs/reference/kubernetes-api/cluster-resources/runtime-class-v1.md
@@ -366,6 +366,8 @@ PATCH /apis/node.k8s.io/v1/runtimeclasses/{name}
200 (}}">RuntimeClass): OK
+201 (}}">RuntimeClass): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/common-definitions/object-meta.md b/content/en/docs/reference/kubernetes-api/common-definitions/object-meta.md
index 81d66b38c7..40c7899adc 100644
--- a/content/en/docs/reference/kubernetes-api/common-definitions/object-meta.md
+++ b/content/en/docs/reference/kubernetes-api/common-definitions/object-meta.md
@@ -99,6 +99,10 @@ ObjectMeta is metadata that all persisted resources must have, which includes al
Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.
+ - **managedFields.subresource** (string)
+
+ Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.
+
- **managedFields.time** (Time)
Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'
diff --git a/content/en/docs/reference/kubernetes-api/common-parameters/common-parameters.md b/content/en/docs/reference/kubernetes-api/common-parameters/common-parameters.md
index deb8164881..45a90e0411 100644
--- a/content/en/docs/reference/kubernetes-api/common-parameters/common-parameters.md
+++ b/content/en/docs/reference/kubernetes-api/common-parameters/common-parameters.md
@@ -28,7 +28,7 @@ guide. You can file document formatting bugs against the
## allowWatchBookmarks {#allowWatchBookmarks}
-allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored.
+allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/config-map-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/config-map-v1.md
index be3ef5c8e4..774f12ae97 100644
--- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/config-map-v1.md
+++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/config-map-v1.md
@@ -414,6 +414,8 @@ PATCH /api/v1/namespaces/{namespace}/configmaps/{name}
200 (}}">ConfigMap): OK
+201 (}}">ConfigMap): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md
index 22fcf194ee..db3a2a389b 100644
--- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md
+++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md
@@ -64,9 +64,11 @@ CSIDriverSpec is the specification of a CSIDriver.
- **fsGroupPolicy** (string)
- Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details. This field is alpha-level, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate.
+ Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details. This field is beta, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate.
This field is immutable.
+
+ Defaults to ReadWriteOnceWithFSType, which will examine each volume to determine if Kubernetes should modify ownership and permissions of the volume. With the default policy the defined fsGroup will only be applied if a fstype is defined and the volume's access mode contains ReadWriteOnce.
- **podInfoOnMount** (boolean)
@@ -82,8 +84,6 @@ CSIDriverSpec is the specification of a CSIDriver.
RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.
Note: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.
-
- This is a beta feature and only available when the CSIServiceAccountToken feature is enabled.
- **storageCapacity** (boolean)
@@ -110,8 +110,6 @@ CSIDriverSpec is the specification of a CSIDriver.
}
Note: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.
-
- This is a beta feature and only available when the CSIServiceAccountToken feature is enabled.
*TokenRequest contains parameters of a service account token.*
@@ -399,6 +397,8 @@ PATCH /apis/storage.k8s.io/v1/csidrivers/{name}
200 (}}">CSIDriver): OK
+201 (}}">CSIDriver): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-node-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-node-v1.md
index 343ab01135..5eb65b7e54 100644
--- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-node-v1.md
+++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-node-v1.md
@@ -355,6 +355,8 @@ PATCH /apis/storage.k8s.io/v1/csinodes/{name}
200 (}}">CSINode): OK
+201 (}}">CSINode): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-storage-capacity-v1beta1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-storage-capacity-v1beta1.md
index cc915b8b15..08c6572f89 100644
--- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-storage-capacity-v1beta1.md
+++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-storage-capacity-v1beta1.md
@@ -436,6 +436,8 @@ PATCH /apis/storage.k8s.io/v1beta1/namespaces/{namespace}/csistoragecapacities/{
200 (}}">CSIStorageCapacity): OK
+201 (}}">CSIStorageCapacity): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1.md
index f73ded9ff5..e1461951e8 100644
--- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1.md
+++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1.md
@@ -102,7 +102,16 @@ PersistentVolumeClaimSpec describes the common attributes of storage devices and
- **dataSource** (}}">TypedLocalObjectReference)
- This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.
+ This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.
+
+- **dataSourceRef** (}}">TypedLocalObjectReference)
+
+ Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While DataSource ignores disallowed values (dropping them), DataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
@@ -604,6 +613,8 @@ PATCH /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}
200 (}}">PersistentVolumeClaim): OK
+201 (}}">PersistentVolumeClaim): Created
+
401: Unauthorized
@@ -657,6 +668,8 @@ PATCH /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}/status
200 (}}">PersistentVolumeClaim): OK
+201 (}}">PersistentVolumeClaim): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1.md
index c5c68b19d7..86c689dc44 100644
--- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1.md
+++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1.md
@@ -1189,6 +1189,8 @@ PATCH /api/v1/persistentvolumes/{name}
200 (}}">PersistentVolume): OK
+201 (}}">PersistentVolume): Created
+
401: Unauthorized
@@ -1237,6 +1239,8 @@ PATCH /api/v1/persistentvolumes/{name}/status
200 (}}">PersistentVolume): OK
+201 (}}">PersistentVolume): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1.md
index 5e75c90b79..bb2710e4c8 100644
--- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1.md
+++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1.md
@@ -418,6 +418,8 @@ PATCH /api/v1/namespaces/{namespace}/secrets/{name}
200 (}}">Secret): OK
+201 (}}">Secret): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/storage-class-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/storage-class-v1.md
index c00f36797d..e5cb3b4b3e 100644
--- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/storage-class-v1.md
+++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/storage-class-v1.md
@@ -54,6 +54,8 @@ StorageClasses are non-namespaced; the name of the storage class according to et
- **allowedTopologies** ([]TopologySelectorTerm)
+ *Atomic: will be replaced during a merge*
+
Restrict the node topologies where volumes can be dynamically provisioned. Each volume plugin defines its own supported topology specifications. An empty TopologySelectorTerm list means there is no topology restriction. This field is only honored by servers that enable the VolumeScheduling feature.
@@ -357,6 +359,8 @@ PATCH /apis/storage.k8s.io/v1/storageclasses/{name}
200 (}}">StorageClass): OK
+201 (}}">StorageClass): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1.md
index b9bc3ee831..332053b4a9 100644
--- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1.md
+++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1.md
@@ -479,6 +479,8 @@ PATCH /apis/storage.k8s.io/v1/volumeattachments/{name}
200 (}}">VolumeAttachment): OK
+201 (}}">VolumeAttachment): Created
+
401: Unauthorized
@@ -527,6 +529,8 @@ PATCH /apis/storage.k8s.io/v1/volumeattachments/{name}/status
200 (}}">VolumeAttachment): OK
+201 (}}">VolumeAttachment): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/extend-resources/custom-resource-definition-v1.md b/content/en/docs/reference/kubernetes-api/extend-resources/custom-resource-definition-v1.md
index ce88ef945d..89cb9687f6 100644
--- a/content/en/docs/reference/kubernetes-api/extend-resources/custom-resource-definition-v1.md
+++ b/content/en/docs/reference/kubernetes-api/extend-resources/custom-resource-definition-v1.md
@@ -40,6 +40,7 @@ CustomResourceDefinition represents a resource that should be exposed on the API
- **metadata** (}}">ObjectMeta)
+ Standard object's metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (}}">CustomResourceDefinitionSpec), required
@@ -590,6 +591,7 @@ CustomResourceDefinitionList is a list of CustomResourceDefinition objects.
- **metadata** (}}">ListMeta)
+ Standard object's metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
@@ -907,6 +909,8 @@ PATCH /apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}
200 (}}">CustomResourceDefinition): OK
+201 (}}">CustomResourceDefinition): Created
+
401: Unauthorized
@@ -955,6 +959,8 @@ PATCH /apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}/status
200 (}}">CustomResourceDefinition): OK
+201 (}}">CustomResourceDefinition): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/extend-resources/mutating-webhook-configuration-v1.md b/content/en/docs/reference/kubernetes-api/extend-resources/mutating-webhook-configuration-v1.md
index e335c9fc2e..499daa6405 100644
--- a/content/en/docs/reference/kubernetes-api/extend-resources/mutating-webhook-configuration-v1.md
+++ b/content/en/docs/reference/kubernetes-api/extend-resources/mutating-webhook-configuration-v1.md
@@ -479,6 +479,8 @@ PATCH /apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/{name}
200 (}}">MutatingWebhookConfiguration): OK
+201 (}}">MutatingWebhookConfiguration): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1.md b/content/en/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1.md
index a985763cb3..417f90402e 100644
--- a/content/en/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1.md
+++ b/content/en/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1.md
@@ -469,6 +469,8 @@ PATCH /apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/{nam
200 (}}">ValidatingWebhookConfiguration): OK
+201 (}}">ValidatingWebhookConfiguration): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/policy-resources/limit-range-v1.md b/content/en/docs/reference/kubernetes-api/policy-resources/limit-range-v1.md
index 5d84379b6e..36d9ff42c4 100644
--- a/content/en/docs/reference/kubernetes-api/policy-resources/limit-range-v1.md
+++ b/content/en/docs/reference/kubernetes-api/policy-resources/limit-range-v1.md
@@ -447,6 +447,8 @@ PATCH /api/v1/namespaces/{namespace}/limitranges/{name}
200 (}}">LimitRange): OK
+201 (}}">LimitRange): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/policy-resources/network-policy-v1.md b/content/en/docs/reference/kubernetes-api/policy-resources/network-policy-v1.md
index 6643b81bee..2ba558d7b1 100644
--- a/content/en/docs/reference/kubernetes-api/policy-resources/network-policy-v1.md
+++ b/content/en/docs/reference/kubernetes-api/policy-resources/network-policy-v1.md
@@ -121,7 +121,7 @@ NetworkPolicySpec provides the specification of a NetworkPolicy
- **ingress.ports.endPort** (int32)
- If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. This feature is in Alpha state and should be enabled using the Feature Gate "NetworkPolicyEndPort".
+ If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. This feature is in Beta state and is enabled by default. It can be disabled using the Feature Gate "NetworkPolicyEndPort".
- **ingress.ports.protocol** (string)
@@ -184,7 +184,7 @@ NetworkPolicySpec provides the specification of a NetworkPolicy
- **egress.ports.endPort** (int32)
- If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. This feature is in Alpha state and should be enabled using the Feature Gate "NetworkPolicyEndPort".
+ If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. This feature is in Beta state and is enabled by default. It can be disabled using the Feature Gate "NetworkPolicyEndPort".
- **egress.ports.protocol** (string)
@@ -550,6 +550,8 @@ PATCH /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}
200 (}}">NetworkPolicy): OK
+201 (}}">NetworkPolicy): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1.md b/content/en/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1.md
index 3b21024aeb..5b88652bb2 100644
--- a/content/en/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1.md
+++ b/content/en/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1.md
@@ -604,6 +604,8 @@ PATCH /apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets/{name}
200 (}}">PodDisruptionBudget): OK
+201 (}}">PodDisruptionBudget): Created
+
401: Unauthorized
@@ -657,6 +659,8 @@ PATCH /apis/policy/v1/namespaces/{namespace}/poddisruptionbudgets/{name}/status
200 (}}">PodDisruptionBudget): OK
+201 (}}">PodDisruptionBudget): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/policy-resources/pod-security-policy-v1beta1.md b/content/en/docs/reference/kubernetes-api/policy-resources/pod-security-policy-v1beta1.md
index b6050390e6..2f03cfa5bf 100644
--- a/content/en/docs/reference/kubernetes-api/policy-resources/pod-security-policy-v1beta1.md
+++ b/content/en/docs/reference/kubernetes-api/policy-resources/pod-security-policy-v1beta1.md
@@ -590,6 +590,8 @@ PATCH /apis/policy/v1beta1/podsecuritypolicies/{name}
200 (}}">PodSecurityPolicy): OK
+201 (}}">PodSecurityPolicy): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/policy-resources/resource-quota-v1.md b/content/en/docs/reference/kubernetes-api/policy-resources/resource-quota-v1.md
index 2f66235c0f..e71631863e 100644
--- a/content/en/docs/reference/kubernetes-api/policy-resources/resource-quota-v1.md
+++ b/content/en/docs/reference/kubernetes-api/policy-resources/resource-quota-v1.md
@@ -555,6 +555,8 @@ PATCH /api/v1/namespaces/{namespace}/resourcequotas/{name}
200 (}}">ResourceQuota): OK
+201 (}}">ResourceQuota): Created
+
401: Unauthorized
@@ -608,6 +610,8 @@ PATCH /api/v1/namespaces/{namespace}/resourcequotas/{name}/status
200 (}}">ResourceQuota): OK
+201 (}}">ResourceQuota): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md b/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md
index a405d50660..b602f0e728 100644
--- a/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md
+++ b/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md
@@ -505,6 +505,8 @@ PATCH /apis/discovery.k8s.io/v1/namespaces/{namespace}/endpointslices/{name}
200 (}}">EndpointSlice): OK
+201 (}}">EndpointSlice): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/service-resources/endpoints-v1.md b/content/en/docs/reference/kubernetes-api/service-resources/endpoints-v1.md
index acc7d938f9..ccc385b983 100644
--- a/content/en/docs/reference/kubernetes-api/service-resources/endpoints-v1.md
+++ b/content/en/docs/reference/kubernetes-api/service-resources/endpoints-v1.md
@@ -134,7 +134,7 @@ Endpoints is a collection of endpoints that implement the actual service. Exampl
- **subsets.ports.appProtocol** (string)
- The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. This is a beta field that is guarded by the ServiceAppProtocol feature gate and enabled by default.
+ The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
@@ -496,6 +496,8 @@ PATCH /api/v1/namespaces/{namespace}/endpoints/{name}
200 (}}">Endpoints): OK
+201 (}}">Endpoints): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/service-resources/ingress-class-v1.md b/content/en/docs/reference/kubernetes-api/service-resources/ingress-class-v1.md
index c549ac2f83..335597af49 100644
--- a/content/en/docs/reference/kubernetes-api/service-resources/ingress-class-v1.md
+++ b/content/en/docs/reference/kubernetes-api/service-resources/ingress-class-v1.md
@@ -354,6 +354,8 @@ PATCH /apis/networking.k8s.io/v1/ingressclasses/{name}
200 (}}">IngressClass): OK
+201 (}}">IngressClass): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/service-resources/ingress-v1.md b/content/en/docs/reference/kubernetes-api/service-resources/ingress-v1.md
index 00fe1bb617..7bdec1fcb2 100644
--- a/content/en/docs/reference/kubernetes-api/service-resources/ingress-v1.md
+++ b/content/en/docs/reference/kubernetes-api/service-resources/ingress-v1.md
@@ -107,11 +107,7 @@ IngressSpec describes the Ingress the user wishes to exist.
Backend defines the referenced service endpoint to which the traffic will be forwarded to.
- - **rules.http.paths.path** (string)
-
- Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. When unspecified, all paths from incoming requests are matched.
-
- - **rules.http.paths.pathType** (string)
+ - **rules.http.paths.pathType** (string), required
PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is
done on a path element by element basis. A path element refers is the
@@ -125,6 +121,10 @@ IngressSpec describes the Ingress the user wishes to exist.
or treat it identically to Prefix or Exact path types.
Implementations are required to support all path types.
+ - **rules.http.paths.path** (string)
+
+ Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix".
+
- **tls** ([]IngressTLS)
*Atomic: will be replaced during a merge*
@@ -685,6 +685,8 @@ PATCH /apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses/{name}
200 (}}">Ingress): OK
+201 (}}">Ingress): Created
+
401: Unauthorized
@@ -738,6 +740,8 @@ PATCH /apis/networking.k8s.io/v1/namespaces/{namespace}/ingresses/{name}/status
200 (}}">Ingress): OK
+201 (}}">Ingress): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/service-resources/service-v1.md b/content/en/docs/reference/kubernetes-api/service-resources/service-v1.md
index 7b9fd5f32c..c49b2607c1 100644
--- a/content/en/docs/reference/kubernetes-api/service-resources/service-v1.md
+++ b/content/en/docs/reference/kubernetes-api/service-resources/service-v1.md
@@ -96,11 +96,11 @@ ServiceSpec describes the attributes that a user creates on a service.
- **ports.nodePort** (int32)
- The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
+ The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
- **ports.appProtocol** (string)
- The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. This is a beta field that is guarded by the ServiceAppProtocol feature gate and enabled by default.
+ The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
- **type** (string)
@@ -144,7 +144,7 @@ ServiceSpec describes the attributes that a user creates on a service.
- **loadBalancerSourceRanges** ([]string)
- If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
+ If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
- **loadBalancerClass** (string)
@@ -188,13 +188,9 @@ ServiceSpec describes the attributes that a user creates on a service.
timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && \<=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
-- **topologyKeys** ([]string)
-
- topologyKeys is a preference-order list of topology keys which implementations of services should use to preferentially sort endpoints when accessing this Service, it can not be used at the same time as externalTrafficPolicy=Local. Topology keys must be valid label keys and at most 16 keys may be specified. Endpoints are chosen based on the first topology key with available backends. If this field is specified and all entries have no backends that match the topology of the client, the service has no backends for that client and connections should fail. The special value "*" may be used to mean "any topology". This catch-all value, if used, only makes sense as the last value in the list. If this is not specified or empty, no topology constraints will be applied. This field is alpha-level and is only honored by servers that enable the ServiceTopology feature. This field is deprecated and will be removed in a future version.
-
- **allocateLoadBalancerNodePorts** (boolean)
- allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. allocateLoadBalancerNodePorts may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is alpha-level and is only honored by servers that enable the ServiceLBNodePortControl feature.
+ allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature.
@@ -733,6 +729,8 @@ PATCH /api/v1/namespaces/{namespace}/services/{name}
200 (}}">Service): OK
+201 (}}">Service): Created
+
401: Unauthorized
@@ -786,6 +784,8 @@ PATCH /api/v1/namespaces/{namespace}/services/{name}/status
200 (}}">Service): OK
+201 (}}">Service): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/controller-revision-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/controller-revision-v1.md
index 23b324fb6e..bf3ffa7f12 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/controller-revision-v1.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/controller-revision-v1.md
@@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "ControllerRevision implements an immutable snapshot of state data."
title: "ControllerRevision"
-weight: 8
+weight: 7
auto_generated: true
---
@@ -440,6 +440,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/controllerrevisions/{name}
200 (}}">ControllerRevision): OK
+201 (}}">ControllerRevision): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/cron-job-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/cron-job-v1.md
index a518d1f72a..3aa5ceb8be 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/cron-job-v1.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/cron-job-v1.md
@@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "CronJob represents the configuration of a single cron job."
title: "CronJob"
-weight: 11
+weight: 10
auto_generated: true
---
@@ -572,6 +572,8 @@ PATCH /apis/batch/v1/namespaces/{namespace}/cronjobs/{name}
200 (}}">CronJob): OK
+201 (}}">CronJob): Created
+
401: Unauthorized
@@ -625,6 +627,8 @@ PATCH /apis/batch/v1/namespaces/{namespace}/cronjobs/{name}/status
200 (}}">CronJob): OK
+201 (}}">CronJob): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/daemon-set-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/daemon-set-v1.md
index 2a313f533f..9d7eb6c24c 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/daemon-set-v1.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/daemon-set-v1.md
@@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "DaemonSet represents the configuration of a daemon set."
title: "DaemonSet"
-weight: 9
+weight: 8
auto_generated: true
---
@@ -92,14 +92,14 @@ DaemonSetSpec is the specification of a daemon set.
- **updateStrategy.rollingUpdate.maxSurge** (IntOrString)
- The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption. This is an alpha field and requires enabling DaemonSetUpdateSurge feature gate.
+ The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption. This is beta field and enabled/disabled by DaemonSetUpdateSurge feature gate.
*IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.*
- **updateStrategy.rollingUpdate.maxUnavailable** (IntOrString)
- The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding down to a minimum of one. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.
+ The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.
*IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.*
@@ -629,6 +629,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/daemonsets/{name}
200 (}}">DaemonSet): OK
+201 (}}">DaemonSet): Created
+
401: Unauthorized
@@ -682,6 +684,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/daemonsets/{name}/status
200 (}}">DaemonSet): OK
+201 (}}">DaemonSet): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/deployment-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/deployment-v1.md
index f304fd9239..c56bf76df7 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/deployment-v1.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/deployment-v1.md
@@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "Deployment enables declarative updates for Pods and ReplicaSets."
title: "Deployment"
-weight: 6
+weight: 5
auto_generated: true
---
@@ -40,7 +40,7 @@ Deployment enables declarative updates for Pods and ReplicaSets.
- **metadata** (}}">ObjectMeta)
- Standard object metadata.
+ Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (}}">DeploymentSpec)
@@ -642,6 +642,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/deployments/{name}
200 (}}">Deployment): OK
+201 (}}">Deployment): Created
+
401: Unauthorized
@@ -695,6 +697,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/deployments/{name}/status
200 (}}">Deployment): OK
+201 (}}">Deployment): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/ephemeral-containers-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/ephemeral-containers-v1.md
deleted file mode 100644
index 960fc9c8c4..0000000000
--- a/content/en/docs/reference/kubernetes-api/workload-resources/ephemeral-containers-v1.md
+++ /dev/null
@@ -1,621 +0,0 @@
----
-api_metadata:
- apiVersion: "v1"
- import: "k8s.io/api/core/v1"
- kind: "EphemeralContainers"
-content_type: "api_reference"
-description: "A list of ephemeral containers used with the Pod ephemeralcontainers subresource."
-title: "EphemeralContainers"
-weight: 2
-auto_generated: true
----
-
-
-
-`apiVersion: v1`
-
-`import "k8s.io/api/core/v1"`
-
-
-## EphemeralContainers {#EphemeralContainers}
-
-A list of ephemeral containers used with the Pod ephemeralcontainers subresource.
-
-
-
-- **apiVersion**: v1
-
-
-- **kind**: EphemeralContainers
-
-
-- **metadata** (}}">ObjectMeta)
-
-
-- **ephemeralContainers** ([]}}">EphemeralContainer), required
-
- *Patch strategy: merge on key `name`*
-
- A list of ephemeral containers associated with this pod. New ephemeral containers may be appended to this list, but existing ephemeral containers may not be removed or modified.
-
-
-
-
-
-## EphemeralContainer {#EphemeralContainer}
-
-An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag.
-
-
-
-- **name** (string), required
-
- Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.
-
-- **targetContainerName** (string)
-
- If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.
-
-
-
-### Image
-
-
-- **image** (string)
-
- Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
-
-- **imagePullPolicy** (string)
-
- Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
-
-### Entrypoint
-
-
-- **command** ([]string)
-
- Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
-- **args** ([]string)
-
- Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
-
-- **workingDir** (string)
-
- Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
-
-### Environment variables
-
-
-- **env** ([]EnvVar)
-
- *Patch strategy: merge on key `name`*
-
- List of environment variables to set in the container. Cannot be updated.
-
-
- *EnvVar represents an environment variable present in a Container.*
-
- - **env.name** (string), required
-
- Name of the environment variable. Must be a C_IDENTIFIER.
-
- - **env.value** (string)
-
- Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
-
- - **env.valueFrom** (EnvVarSource)
-
- Source for the environment variable's value. Cannot be used if value is not empty.
-
-
- *EnvVarSource represents a source for the value of an EnvVar.*
-
- - **env.valueFrom.configMapKeyRef** (ConfigMapKeySelector)
-
- Selects a key of a ConfigMap.
-
-
- *Selects a key from a ConfigMap.*
-
- - **env.valueFrom.configMapKeyRef.key** (string), required
-
- The key to select.
-
- - **env.valueFrom.configMapKeyRef.name** (string)
-
- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- - **env.valueFrom.configMapKeyRef.optional** (boolean)
-
- Specify whether the ConfigMap or its key must be defined
-
- - **env.valueFrom.fieldRef** (}}">ObjectFieldSelector)
-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\']`, `metadata.annotations['\']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
-
- - **env.valueFrom.resourceFieldRef** (}}">ResourceFieldSelector)
-
- Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
-
- - **env.valueFrom.secretKeyRef** (SecretKeySelector)
-
- Selects a key of a secret in the pod's namespace
-
-
- *SecretKeySelector selects a key of a Secret.*
-
- - **env.valueFrom.secretKeyRef.key** (string), required
-
- The key of the secret to select from. Must be a valid secret key.
-
- - **env.valueFrom.secretKeyRef.name** (string)
-
- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- - **env.valueFrom.secretKeyRef.optional** (boolean)
-
- Specify whether the Secret or its key must be defined
-
-- **envFrom** ([]EnvFromSource)
-
- List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
-
-
- *EnvFromSource represents the source of a set of ConfigMaps*
-
- - **envFrom.configMapRef** (ConfigMapEnvSource)
-
- The ConfigMap to select from
-
-
- *ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
-
- The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.*
-
- - **envFrom.configMapRef.name** (string)
-
- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- - **envFrom.configMapRef.optional** (boolean)
-
- Specify whether the ConfigMap must be defined
-
- - **envFrom.prefix** (string)
-
- An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
-
- - **envFrom.secretRef** (SecretEnvSource)
-
- The Secret to select from
-
-
- *SecretEnvSource selects a Secret to populate the environment variables with.
-
- The contents of the target Secret's Data field will represent the key-value pairs as environment variables.*
-
- - **envFrom.secretRef.name** (string)
-
- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-
- - **envFrom.secretRef.optional** (boolean)
-
- Specify whether the Secret must be defined
-
-### Volumes
-
-
-- **volumeMounts** ([]VolumeMount)
-
- *Patch strategy: merge on key `mountPath`*
-
- Pod volumes to mount into the container's filesystem. Cannot be updated.
-
-
- *VolumeMount describes a mounting of a Volume within a container.*
-
- - **volumeMounts.mountPath** (string), required
-
- Path within the container at which the volume should be mounted. Must not contain ':'.
-
- - **volumeMounts.name** (string), required
-
- This must match the Name of a Volume.
-
- - **volumeMounts.mountPropagation** (string)
-
- mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
-
- - **volumeMounts.readOnly** (boolean)
-
- Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
-
- - **volumeMounts.subPath** (string)
-
- Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
-
- - **volumeMounts.subPathExpr** (string)
-
- Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
-
-- **volumeDevices** ([]VolumeDevice)
-
- *Patch strategy: merge on key `devicePath`*
-
- volumeDevices is the list of block devices to be used by the container.
-
-
- *volumeDevice describes a mapping of a raw block device within a container.*
-
- - **volumeDevices.devicePath** (string), required
-
- devicePath is the path inside of the container that the device will be mapped to.
-
- - **volumeDevices.name** (string), required
-
- name must match the name of a persistentVolumeClaim in the pod
-
-### Lifecycle
-
-
-- **terminationMessagePath** (string)
-
- Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
-
-- **terminationMessagePolicy** (string)
-
- Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
-
-### Debugging
-
-
-- **stdin** (boolean)
-
- Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
-
-- **stdinOnce** (boolean)
-
- Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
-
-- **tty** (boolean)
-
- Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
-
-### Not allowed
-
-
-- **ports** ([]ContainerPort)
-
- Ports are not allowed for ephemeral containers.
-
-
- *ContainerPort represents a network port in a single container.*
-
- - **ports.containerPort** (int32), required
-
- Number of port to expose on the pod's IP address. This must be a valid port number, 0 \< x \< 65536.
-
- - **ports.hostIP** (string)
-
- What host IP to bind the external port to.
-
- - **ports.hostPort** (int32)
-
- Number of port to expose on the host. If specified, this must be a valid port number, 0 \< x \< 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
-
- - **ports.name** (string)
-
- If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
-
- - **ports.protocol** (string)
-
- Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
-
-- **resources** (ResourceRequirements)
-
- Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
-
-
- *ResourceRequirements describes the compute resource requirements.*
-
- - **resources.limits** (map[string]}}">Quantity)
-
- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
- - **resources.requests** (map[string]}}">Quantity)
-
- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-
-- **lifecycle** (Lifecycle)
-
- Lifecycle is not allowed for ephemeral containers.
-
-
- *Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.*
-
- - **lifecycle.postStart** (}}">Handler)
-
- PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
-
- - **lifecycle.preStop** (}}">Handler)
-
- PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
-
-- **livenessProbe** (}}">Probe)
-
- Probes are not allowed for ephemeral containers.
-
-- **readinessProbe** (}}">Probe)
-
- Probes are not allowed for ephemeral containers.
-
-- **securityContext** (SecurityContext)
-
- SecurityContext is not allowed for ephemeral containers.
-
-
- *SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.*
-
- - **securityContext.runAsUser** (int64)
-
- The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
- - **securityContext.runAsNonRoot** (boolean)
-
- Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
- - **securityContext.runAsGroup** (int64)
-
- The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
- - **securityContext.readOnlyRootFilesystem** (boolean)
-
- Whether this container has a read-only root filesystem. Default is false.
-
- - **securityContext.procMount** (string)
-
- procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.
-
- - **securityContext.privileged** (boolean)
-
- Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.
-
- - **securityContext.allowPrivilegeEscalation** (boolean)
-
- AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
-
- - **securityContext.capabilities** (Capabilities)
-
- The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
-
-
- *Adds and removes POSIX capabilities from running containers.*
-
- - **securityContext.capabilities.add** ([]string)
-
- Added capabilities
-
- - **securityContext.capabilities.drop** ([]string)
-
- Removed capabilities
-
- - **securityContext.seccompProfile** (SeccompProfile)
-
- The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options.
-
-
- *SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.*
-
- - **securityContext.seccompProfile.type** (string), required
-
- type indicates which kind of seccomp profile will be applied. Valid options are:
-
- Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
-
- - **securityContext.seccompProfile.localhostProfile** (string)
-
- localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
-
- - **securityContext.seLinuxOptions** (SELinuxOptions)
-
- The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
- *SELinuxOptions are the labels to be applied to the container*
-
- - **securityContext.seLinuxOptions.level** (string)
-
- Level is SELinux level label that applies to the container.
-
- - **securityContext.seLinuxOptions.role** (string)
-
- Role is a SELinux role label that applies to the container.
-
- - **securityContext.seLinuxOptions.type** (string)
-
- Type is a SELinux type label that applies to the container.
-
- - **securityContext.seLinuxOptions.user** (string)
-
- User is a SELinux user label that applies to the container.
-
- - **securityContext.windowsOptions** (WindowsSecurityContextOptions)
-
- The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-
- *WindowsSecurityContextOptions contain Windows-specific options and credentials.*
-
- - **securityContext.windowsOptions.gmsaCredentialSpec** (string)
-
- GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
-
- - **securityContext.windowsOptions.gmsaCredentialSpecName** (string)
-
- GMSACredentialSpecName is the name of the GMSA credential spec to use.
-
- - **securityContext.windowsOptions.runAsUserName** (string)
-
- The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
-- **startupProbe** (}}">Probe)
-
- Probes are not allowed for ephemeral containers.
-
-
-
-## Operations {#Operations}
-
-
-
-
-
-
-
-
-
-
-### `get` read ephemeralcontainers of the specified Pod
-
-#### HTTP Request
-
-GET /api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers
-
-#### Parameters
-
-
-- **name** (*in path*): string, required
-
- name of the EphemeralContainers
-
-
-- **namespace** (*in path*): string, required
-
- }}">namespace
-
-
-- **pretty** (*in query*): string
-
- }}">pretty
-
-
-
-#### Response
-
-
-200 (}}">EphemeralContainers): OK
-
-401: Unauthorized
-
-
-### `update` replace ephemeralcontainers of the specified Pod
-
-#### HTTP Request
-
-PUT /api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers
-
-#### Parameters
-
-
-- **name** (*in path*): string, required
-
- name of the EphemeralContainers
-
-
-- **namespace** (*in path*): string, required
-
- }}">namespace
-
-
-- **body**: }}">EphemeralContainers, required
-
-
-
-
-- **dryRun** (*in query*): string
-
- }}">dryRun
-
-
-- **fieldManager** (*in query*): string
-
- }}">fieldManager
-
-
-- **pretty** (*in query*): string
-
- }}">pretty
-
-
-
-#### Response
-
-
-200 (}}">EphemeralContainers): OK
-
-201 (}}">EphemeralContainers): Created
-
-401: Unauthorized
-
-
-### `patch` partially update ephemeralcontainers of the specified Pod
-
-#### HTTP Request
-
-PATCH /api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers
-
-#### Parameters
-
-
-- **name** (*in path*): string, required
-
- name of the EphemeralContainers
-
-
-- **namespace** (*in path*): string, required
-
- }}">namespace
-
-
-- **body**: }}">Patch, required
-
-
-
-
-- **dryRun** (*in query*): string
-
- }}">dryRun
-
-
-- **fieldManager** (*in query*): string
-
- }}">fieldManager
-
-
-- **force** (*in query*): boolean
-
- }}">force
-
-
-- **pretty** (*in query*): string
-
- }}">pretty
-
-
-
-#### Response
-
-
-200 (}}">EphemeralContainers): OK
-
-401: Unauthorized
-
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v1.md
index a62d79e4f7..d2da0c286a 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v1.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v1.md
@@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "configuration of a horizontal pod autoscaler."
title: "HorizontalPodAutoscaler"
-weight: 12
+weight: 11
auto_generated: true
---
@@ -567,6 +567,8 @@ PATCH /apis/autoscaling/v1/namespaces/{namespace}/horizontalpodautoscalers/{name
200 (}}">HorizontalPodAutoscaler): OK
+201 (}}">HorizontalPodAutoscaler): Created
+
401: Unauthorized
@@ -620,6 +622,8 @@ PATCH /apis/autoscaling/v1/namespaces/{namespace}/horizontalpodautoscalers/{name
200 (}}">HorizontalPodAutoscaler): OK
+201 (}}">HorizontalPodAutoscaler): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v2beta2.md b/content/en/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v2beta2.md
index 9d326e2131..67894ab9c4 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v2beta2.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v2beta2.md
@@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "HorizontalPodAutoscaler is the configuration for a horizontal pod autoscaler, which automatically manages the replica count of any resource implementing the scale subresource based on the metrics specified."
title: "HorizontalPodAutoscaler v2beta2"
-weight: 13
+weight: 12
auto_generated: true
---
@@ -1119,6 +1119,8 @@ PATCH /apis/autoscaling/v2beta2/namespaces/{namespace}/horizontalpodautoscalers/
200 (}}">HorizontalPodAutoscaler): OK
+201 (}}">HorizontalPodAutoscaler): Created
+
401: Unauthorized
@@ -1172,6 +1174,8 @@ PATCH /apis/autoscaling/v2beta2/namespaces/{namespace}/horizontalpodautoscalers/
200 (}}">HorizontalPodAutoscaler): OK
+201 (}}">HorizontalPodAutoscaler): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md
index 4848a36d4d..0f61e522eb 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/job-v1.md
@@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "Job represents the configuration of a single job."
title: "Job"
-weight: 10
+weight: 9
auto_generated: true
---
@@ -86,9 +86,9 @@ JobSpec describes how the job execution will look like.
`NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. Each Pod completion is homologous to each other.
- `Indexed` means that the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1), available in the annotation batch.kubernetes.io/job-completion-index. The Job is considered complete when there is one successfully completed Pod for each index. When value is `Indexed`, .spec.completions must be specified and `.spec.parallelism` must be less than or equal to 10^5.
+ `Indexed` means that the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1), available in the annotation batch.kubernetes.io/job-completion-index. The Job is considered complete when there is one successfully completed Pod for each index. When value is `Indexed`, .spec.completions must be specified and `.spec.parallelism` must be less than or equal to 10^5. In addition, The Pod name takes the form `$(job-name)-$(index)-$(random-string)`, the Pod hostname takes the form `$(job-name)-$(index)`.
- This field is alpha-level and is only honored by servers that enable the IndexedJob feature gate. More completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, the controller skips updates for the Job.
+ This field is beta-level. More completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, the controller skips updates for the Job.
- **backoffLimit** (int32)
@@ -104,7 +104,9 @@ JobSpec describes how the job execution will look like.
- **suspend** (boolean)
- Suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. This is an alpha field and requires the SuspendJob feature gate to be enabled; otherwise this field may not be set to true. Defaults to false.
+ Suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.
+
+ This field is beta-level, gated by SuspendJob feature flag (enabled by default).
### Selector
@@ -196,6 +198,30 @@ JobStatus represents the current state of a Job.
(brief) reason for the condition's last transition.
+- **uncountedTerminatedPods** (UncountedTerminatedPods)
+
+ UncountedTerminatedPods holds the UIDs of Pods that have terminated but the job controller hasn't yet accounted for in the status counters.
+
+ The job controller creates pods with a finalizer. When a pod terminates (succeeded or failed), the controller does three steps to account for it in the job status: (1) Add the pod UID to the arrays in this field. (2) Remove the pod finalizer. (3) Remove the pod UID from the arrays while increasing the corresponding
+ counter.
+
+ This field is alpha-level. The job controller only makes use of this field when the feature gate PodTrackingWithFinalizers is enabled. Old jobs might not be tracked using this field, in which case the field remains null.
+
+
+ *UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't been accounted in Job status counters.*
+
+ - **uncountedTerminatedPods.failed** ([]string)
+
+ *Set: unique values will be kept during a merge*
+
+ Failed holds UIDs of failed Pods.
+
+ - **uncountedTerminatedPods.succeeded** ([]string)
+
+ *Set: unique values will be kept during a merge*
+
+ Succeeded holds UIDs of succeeded Pods.
+
@@ -639,6 +665,8 @@ PATCH /apis/batch/v1/namespaces/{namespace}/jobs/{name}
200 (}}">Job): OK
+201 (}}">Job): Created
+
401: Unauthorized
@@ -692,6 +720,8 @@ PATCH /apis/batch/v1/namespaces/{namespace}/jobs/{name}/status
200 (}}">Job): OK
+201 (}}">Job): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/pod-template-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/pod-template-v1.md
index 9a0bbecab1..7e75ea07de 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/pod-template-v1.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/pod-template-v1.md
@@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "PodTemplate describes a template for creating copies of a predefined pod."
title: "PodTemplate"
-weight: 3
+weight: 2
auto_generated: true
---
@@ -424,6 +424,8 @@ PATCH /api/v1/namespaces/{namespace}/podtemplates/{name}
200 (}}">PodTemplate): OK
+201 (}}">PodTemplate): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md
index d16d9b0a85..8c166cfd9e 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/pod-v1.md
@@ -159,7 +159,7 @@ PodSpec is a description of a pod.
- **runtimeClassName** (string)
- RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.
+ RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class This is a beta feature as of Kubernetes v1.14.
- **priorityClassName** (string)
@@ -216,7 +216,7 @@ PodSpec is a description of a pod.
- **readinessGates** ([]PodReadinessGate)
- If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md
+ If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
*PodReadinessGate contains the reference to a pod condition*
@@ -428,6 +428,10 @@ PodSpec is a description of a pod.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ - **securityContext.windowsOptions.hostProcess** (boolean)
+
+ HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+
- **securityContext.windowsOptions.runAsUserName** (string)
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@@ -441,12 +445,12 @@ PodSpec is a description of a pod.
- **overhead** (map[string]}}">Quantity)
- Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.
+ Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md This field is beta-level as of Kubernetes v1.18, and is only honored by servers that enable the PodOverhead feature.
### Alpha level
-- **ephemeralContainers** ([]}}">EphemeralContainer)
+- **ephemeralContainers** ([]}}">EphemeralContainer)
*Patch strategy: merge on key `name`*
@@ -489,11 +493,11 @@ A single application container that you want to run within a pod.
- **command** ([]string)
- Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- **args** ([]string)
- Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- **workingDir** (string)
@@ -551,7 +555,7 @@ A single application container that you want to run within a pod.
- **env.value** (string)
- Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
- **env.valueFrom** (EnvVarSource)
@@ -765,7 +769,7 @@ A single application container that you want to run within a pod.
- **securityContext** (SecurityContext)
- Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
*SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.*
@@ -868,6 +872,10 @@ A single application container that you want to run within a pod.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ - **securityContext.windowsOptions.hostProcess** (boolean)
+
+ HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+
- **securityContext.windowsOptions.runAsUserName** (string)
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
@@ -889,6 +897,432 @@ A single application container that you want to run within a pod.
+## EphemeralContainer {#EphemeralContainer}
+
+An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag.
+
+
+
+- **name** (string), required
+
+ Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.
+
+- **targetContainerName** (string)
+
+ If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.
+
+
+
+### Image
+
+
+- **image** (string)
+
+ Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+
+- **imagePullPolicy** (string)
+
+ Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+
+### Entrypoint
+
+
+- **command** ([]string)
+
+ Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+- **args** ([]string)
+
+ Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
+- **workingDir** (string)
+
+ Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+### Environment variables
+
+
+- **env** ([]EnvVar)
+
+ *Patch strategy: merge on key `name`*
+
+ List of environment variables to set in the container. Cannot be updated.
+
+
+ *EnvVar represents an environment variable present in a Container.*
+
+ - **env.name** (string), required
+
+ Name of the environment variable. Must be a C_IDENTIFIER.
+
+ - **env.value** (string)
+
+ Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
+
+ - **env.valueFrom** (EnvVarSource)
+
+ Source for the environment variable's value. Cannot be used if value is not empty.
+
+
+ *EnvVarSource represents a source for the value of an EnvVar.*
+
+ - **env.valueFrom.configMapKeyRef** (ConfigMapKeySelector)
+
+ Selects a key of a ConfigMap.
+
+
+ *Selects a key from a ConfigMap.*
+
+ - **env.valueFrom.configMapKeyRef.key** (string), required
+
+ The key to select.
+
+ - **env.valueFrom.configMapKeyRef.name** (string)
+
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ - **env.valueFrom.configMapKeyRef.optional** (boolean)
+
+ Specify whether the ConfigMap or its key must be defined
+
+ - **env.valueFrom.fieldRef** (}}">ObjectFieldSelector)
+
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\']`, `metadata.annotations['\']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+
+ - **env.valueFrom.resourceFieldRef** (}}">ResourceFieldSelector)
+
+ Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+
+ - **env.valueFrom.secretKeyRef** (SecretKeySelector)
+
+ Selects a key of a secret in the pod's namespace
+
+
+ *SecretKeySelector selects a key of a Secret.*
+
+ - **env.valueFrom.secretKeyRef.key** (string), required
+
+ The key of the secret to select from. Must be a valid secret key.
+
+ - **env.valueFrom.secretKeyRef.name** (string)
+
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ - **env.valueFrom.secretKeyRef.optional** (boolean)
+
+ Specify whether the Secret or its key must be defined
+
+- **envFrom** ([]EnvFromSource)
+
+ List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+
+
+ *EnvFromSource represents the source of a set of ConfigMaps*
+
+ - **envFrom.configMapRef** (ConfigMapEnvSource)
+
+ The ConfigMap to select from
+
+
+ *ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+ The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.*
+
+ - **envFrom.configMapRef.name** (string)
+
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ - **envFrom.configMapRef.optional** (boolean)
+
+ Specify whether the ConfigMap must be defined
+
+ - **envFrom.prefix** (string)
+
+ An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+
+ - **envFrom.secretRef** (SecretEnvSource)
+
+ The Secret to select from
+
+
+ *SecretEnvSource selects a Secret to populate the environment variables with.
+
+ The contents of the target Secret's Data field will represent the key-value pairs as environment variables.*
+
+ - **envFrom.secretRef.name** (string)
+
+ Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ - **envFrom.secretRef.optional** (boolean)
+
+ Specify whether the Secret must be defined
+
+### Volumes
+
+
+- **volumeMounts** ([]VolumeMount)
+
+ *Patch strategy: merge on key `mountPath`*
+
+ Pod volumes to mount into the container's filesystem. Cannot be updated.
+
+
+ *VolumeMount describes a mounting of a Volume within a container.*
+
+ - **volumeMounts.mountPath** (string), required
+
+ Path within the container at which the volume should be mounted. Must not contain ':'.
+
+ - **volumeMounts.name** (string), required
+
+ This must match the Name of a Volume.
+
+ - **volumeMounts.mountPropagation** (string)
+
+ mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+
+ - **volumeMounts.readOnly** (boolean)
+
+ Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+
+ - **volumeMounts.subPath** (string)
+
+ Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+
+ - **volumeMounts.subPathExpr** (string)
+
+ Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+
+- **volumeDevices** ([]VolumeDevice)
+
+ *Patch strategy: merge on key `devicePath`*
+
+ volumeDevices is the list of block devices to be used by the container.
+
+
+ *volumeDevice describes a mapping of a raw block device within a container.*
+
+ - **volumeDevices.devicePath** (string), required
+
+ devicePath is the path inside of the container that the device will be mapped to.
+
+ - **volumeDevices.name** (string), required
+
+ name must match the name of a persistentVolumeClaim in the pod
+
+### Lifecycle
+
+
+- **terminationMessagePath** (string)
+
+ Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+
+- **terminationMessagePolicy** (string)
+
+ Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+
+### Debugging
+
+
+- **stdin** (boolean)
+
+ Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+
+- **stdinOnce** (boolean)
+
+ Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+
+- **tty** (boolean)
+
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
+
+### Not allowed
+
+
+- **ports** ([]ContainerPort)
+
+ Ports are not allowed for ephemeral containers.
+
+
+ *ContainerPort represents a network port in a single container.*
+
+ - **ports.containerPort** (int32), required
+
+ Number of port to expose on the pod's IP address. This must be a valid port number, 0 \< x \< 65536.
+
+ - **ports.hostIP** (string)
+
+ What host IP to bind the external port to.
+
+ - **ports.hostPort** (int32)
+
+ Number of port to expose on the host. If specified, this must be a valid port number, 0 \< x \< 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+
+ - **ports.name** (string)
+
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+
+ - **ports.protocol** (string)
+
+ Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+
+- **resources** (ResourceRequirements)
+
+ Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
+
+
+ *ResourceRequirements describes the compute resource requirements.*
+
+ - **resources.limits** (map[string]}}">Quantity)
+
+ Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+ - **resources.requests** (map[string]}}">Quantity)
+
+ Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+- **lifecycle** (Lifecycle)
+
+ Lifecycle is not allowed for ephemeral containers.
+
+
+ *Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.*
+
+ - **lifecycle.postStart** (}}">Handler)
+
+ PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+
+ - **lifecycle.preStop** (}}">Handler)
+
+ PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+
+- **livenessProbe** (}}">Probe)
+
+ Probes are not allowed for ephemeral containers.
+
+- **readinessProbe** (}}">Probe)
+
+ Probes are not allowed for ephemeral containers.
+
+- **securityContext** (SecurityContext)
+
+ Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+
+
+ *SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.*
+
+ - **securityContext.runAsUser** (int64)
+
+ The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+ - **securityContext.runAsNonRoot** (boolean)
+
+ Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+ - **securityContext.runAsGroup** (int64)
+
+ The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+ - **securityContext.readOnlyRootFilesystem** (boolean)
+
+ Whether this container has a read-only root filesystem. Default is false.
+
+ - **securityContext.procMount** (string)
+
+ procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.
+
+ - **securityContext.privileged** (boolean)
+
+ Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.
+
+ - **securityContext.allowPrivilegeEscalation** (boolean)
+
+ AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
+
+ - **securityContext.capabilities** (Capabilities)
+
+ The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
+
+
+ *Adds and removes POSIX capabilities from running containers.*
+
+ - **securityContext.capabilities.add** ([]string)
+
+ Added capabilities
+
+ - **securityContext.capabilities.drop** ([]string)
+
+ Removed capabilities
+
+ - **securityContext.seccompProfile** (SeccompProfile)
+
+ The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options.
+
+
+ *SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.*
+
+ - **securityContext.seccompProfile.type** (string), required
+
+ type indicates which kind of seccomp profile will be applied. Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+ - **securityContext.seccompProfile.localhostProfile** (string)
+
+ localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
+ - **securityContext.seLinuxOptions** (SELinuxOptions)
+
+ The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+
+ *SELinuxOptions are the labels to be applied to the container*
+
+ - **securityContext.seLinuxOptions.level** (string)
+
+ Level is SELinux level label that applies to the container.
+
+ - **securityContext.seLinuxOptions.role** (string)
+
+ Role is a SELinux role label that applies to the container.
+
+ - **securityContext.seLinuxOptions.type** (string)
+
+ Type is a SELinux type label that applies to the container.
+
+ - **securityContext.seLinuxOptions.user** (string)
+
+ User is a SELinux user label that applies to the container.
+
+ - **securityContext.windowsOptions** (WindowsSecurityContextOptions)
+
+ The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+
+ *WindowsSecurityContextOptions contain Windows-specific options and credentials.*
+
+ - **securityContext.windowsOptions.gmsaCredentialSpec** (string)
+
+ GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
+ - **securityContext.windowsOptions.gmsaCredentialSpecName** (string)
+
+ GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
+ - **securityContext.windowsOptions.hostProcess** (boolean)
+
+ HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+
+ - **securityContext.windowsOptions.runAsUserName** (string)
+
+ The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+- **startupProbe** (}}">Probe)
+
+ Probes are not allowed for ephemeral containers.
+
+
+
## Handler {#Handler}
Handler defines a specific action that should be taken
@@ -1057,7 +1491,7 @@ Pod affinity is a group of inter pod affinity scheduling rules.
- **preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector** (}}">LabelSelector)
- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
- **preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaces** ([]string)
@@ -1084,7 +1518,7 @@ Pod affinity is a group of inter pod affinity scheduling rules.
- **requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector** (}}">LabelSelector)
- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
- **requiredDuringSchedulingIgnoredDuringExecution.namespaces** ([]string)
@@ -1124,7 +1558,7 @@ Pod anti affinity is a group of inter pod anti affinity scheduling rules.
- **preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector** (}}">LabelSelector)
- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
- **preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaces** ([]string)
@@ -1151,7 +1585,7 @@ Pod anti affinity is a group of inter pod anti affinity scheduling rules.
- **requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector** (}}">LabelSelector)
- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+ A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
- **requiredDuringSchedulingIgnoredDuringExecution.namespaces** ([]string)
@@ -1243,7 +1677,7 @@ Probe describes a health check to be performed against a container to determine
- **terminationGracePeriodSeconds** (int64)
- Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is an alpha field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- **periodSeconds** (int32)
@@ -1996,6 +2430,39 @@ GET /api/v1/namespaces/{namespace}/pods/{name}
+#### Response
+
+
+200 (}}">Pod): OK
+
+401: Unauthorized
+
+
+### `get` read ephemeralcontainers of the specified Pod
+
+#### HTTP Request
+
+GET /api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers
+
+#### Parameters
+
+
+- **name** (*in path*): string, required
+
+ name of the Pod
+
+
+- **namespace** (*in path*): string, required
+
+ }}">namespace
+
+
+- **pretty** (*in query*): string
+
+ }}">pretty
+
+
+
#### Response
@@ -2322,6 +2789,56 @@ PUT /api/v1/namespaces/{namespace}/pods/{name}
+- **dryRun** (*in query*): string
+
+ }}">dryRun
+
+
+- **fieldManager** (*in query*): string
+
+ }}">fieldManager
+
+
+- **pretty** (*in query*): string
+
+ }}">pretty
+
+
+
+#### Response
+
+
+200 (}}">Pod): OK
+
+201 (}}">Pod): Created
+
+401: Unauthorized
+
+
+### `update` replace ephemeralcontainers of the specified Pod
+
+#### HTTP Request
+
+PUT /api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers
+
+#### Parameters
+
+
+- **name** (*in path*): string, required
+
+ name of the Pod
+
+
+- **namespace** (*in path*): string, required
+
+ }}">namespace
+
+
+- **body**: }}">Pod, required
+
+
+
+
- **dryRun** (*in query*): string
}}">dryRun
@@ -2448,6 +2965,63 @@ PATCH /api/v1/namespaces/{namespace}/pods/{name}
200 (}}">Pod): OK
+201 (}}">Pod): Created
+
+401: Unauthorized
+
+
+### `patch` partially update ephemeralcontainers of the specified Pod
+
+#### HTTP Request
+
+PATCH /api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers
+
+#### Parameters
+
+
+- **name** (*in path*): string, required
+
+ name of the Pod
+
+
+- **namespace** (*in path*): string, required
+
+ }}">namespace
+
+
+- **body**: }}">Patch, required
+
+
+
+
+- **dryRun** (*in query*): string
+
+ }}">dryRun
+
+
+- **fieldManager** (*in query*): string
+
+ }}">fieldManager
+
+
+- **force** (*in query*): boolean
+
+ }}">force
+
+
+- **pretty** (*in query*): string
+
+ }}">pretty
+
+
+
+#### Response
+
+
+200 (}}">Pod): OK
+
+201 (}}">Pod): Created
+
401: Unauthorized
@@ -2501,6 +3075,8 @@ PATCH /api/v1/namespaces/{namespace}/pods/{name}/status
200 (}}">Pod): OK
+201 (}}">Pod): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/priority-class-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/priority-class-v1.md
index 020c25c05a..cd96fe6790 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/priority-class-v1.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/priority-class-v1.md
@@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "PriorityClass defines mapping from a priority class name to the priority integer value."
title: "PriorityClass"
-weight: 14
+weight: 13
auto_generated: true
---
@@ -325,6 +325,8 @@ PATCH /apis/scheduling.k8s.io/v1/priorityclasses/{name}
200 (}}">PriorityClass): OK
+201 (}}">PriorityClass): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/replica-set-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/replica-set-v1.md
index 7a344128c8..f2c5f894af 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/replica-set-v1.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/replica-set-v1.md
@@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "ReplicaSet ensures that a specified number of pod replicas are running at any given time."
title: "ReplicaSet"
-weight: 5
+weight: 4
auto_generated: true
---
@@ -581,6 +581,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/replicasets/{name}
200 (}}">ReplicaSet): OK
+201 (}}">ReplicaSet): Created
+
401: Unauthorized
@@ -634,6 +636,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/replicasets/{name}/status
200 (}}">ReplicaSet): OK
+201 (}}">ReplicaSet): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/replication-controller-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/replication-controller-v1.md
index c14db8ece9..890897ecbb 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/replication-controller-v1.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/replication-controller-v1.md
@@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "ReplicationController represents the configuration of a replication controller."
title: "ReplicationController"
-weight: 4
+weight: 3
auto_generated: true
---
@@ -581,6 +581,8 @@ PATCH /api/v1/namespaces/{namespace}/replicationcontrollers/{name}
200 (}}">ReplicationController): OK
+201 (}}">ReplicationController): Created
+
401: Unauthorized
@@ -634,6 +636,8 @@ PATCH /api/v1/namespaces/{namespace}/replicationcontrollers/{name}/status
200 (}}">ReplicationController): OK
+201 (}}">ReplicationController): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/kubernetes-api/workload-resources/stateful-set-v1.md b/content/en/docs/reference/kubernetes-api/workload-resources/stateful-set-v1.md
index ec097d7cce..6bc6da0e15 100644
--- a/content/en/docs/reference/kubernetes-api/workload-resources/stateful-set-v1.md
+++ b/content/en/docs/reference/kubernetes-api/workload-resources/stateful-set-v1.md
@@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "StatefulSet represents a set of pods with consistent identities."
title: "StatefulSet"
-weight: 7
+weight: 6
auto_generated: true
---
@@ -43,6 +43,7 @@ The StatefulSet guarantees that a given network identity will always map to the
- **metadata** (}}">ObjectMeta)
+ Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **spec** (}}">StatefulSetSpec)
@@ -112,6 +113,10 @@ A StatefulSetSpec is the specification of a StatefulSet.
volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name.
+- **minReadySeconds** (int32)
+
+ Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.
+
@@ -138,6 +143,10 @@ StatefulSetStatus represents the current state of a StatefulSet.
updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by updateRevision.
+- **availableReplicas** (int32)
+
+ Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset. This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate. Remove omitempty when graduating to beta
+
- **collisionCount** (int32)
collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.
@@ -204,9 +213,11 @@ StatefulSetList is a collection of StatefulSets.
- **metadata** (}}">ListMeta)
+ Standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- **items** ([]}}">StatefulSet), required
+ Items is the list of stateful sets.
@@ -627,6 +638,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}
200 (}}">StatefulSet): OK
+201 (}}">StatefulSet): Created
+
401: Unauthorized
@@ -680,6 +693,8 @@ PATCH /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/status
200 (}}">StatefulSet): OK
+201 (}}">StatefulSet): Created
+
401: Unauthorized
diff --git a/content/en/docs/reference/labels-annotations-taints.md b/content/en/docs/reference/labels-annotations-taints.md
index 29f3a63a8c..07e6d19426 100644
--- a/content/en/docs/reference/labels-annotations-taints.md
+++ b/content/en/docs/reference/labels-annotations-taints.md
@@ -200,7 +200,7 @@ Used on: Service
The kube-proxy has this label for custom proxy, which delegates service control to custom proxy.
-## experimental.windows.kubernetes.io/isolation-type
+## experimental.windows.kubernetes.io/isolation-type (deprecated) {#experimental-windows-kubernetes-io-isolation-type}
Example: `experimental.windows.kubernetes.io/isolation-type: "hyperv"`
@@ -210,6 +210,7 @@ The annotation is used to run Windows containers with Hyper-V isolation. To use
{{< note >}}
You can only set this annotation on Pods that have a single container.
+Starting from v1.20, this annotation is deprecated. Experimental Hyper-V support was removed in 1.21.
{{< /note >}}
## ingressclass.kubernetes.io/is-default-class
@@ -262,11 +263,29 @@ The value of the annotation is the container name that is default for this Pod.
## endpoints.kubernetes.io/over-capacity
-Example: `endpoints.kubernetes.io/over-capacity:warning`
+Example: `endpoints.kubernetes.io/over-capacity:truncated`
Used on: Endpoints
-In Kubernetes clusters v1.21 (or later), the Endpoints controller adds this annotation to an Endpoints resource if it has more than 1000 endpoints. The annotation indicates that the Endpoints resource is over capacity.
+In Kubernetes clusters v1.22 (or later), the Endpoints controller adds this annotation to an Endpoints resource if it has more than 1000 endpoints. The annotation indicates that the Endpoints resource is over capacity and the number of endpoints has been truncated to 1000.
+
+## batch.kubernetes.io/job-tracking
+
+Example: `batch.kubernetes.io/job-tracking: ""`
+
+Used on: Jobs
+
+The presence of this annotation on a Job indicates that the control plane is
+[tracking the Job status using finalizers](/docs/concepts/workloads/controllers/job/#job-tracking-with-finalizers).
+You should **not** manually add or remove this annotation.
+
+## scheduler.alpha.kubernetes.io/preferAvoidPods (deprecated) {#scheduleralphakubernetesio-preferavoidpods}
+
+Used on: Nodes
+
+This annotation requires the [NodePreferAvoidPods scheduling plugin](/docs/reference/scheduling/config/#scheduling-plugins)
+to be enabled. The plugin is deprecated since Kubernetes 1.22.
+Use [Taints and Tolerations](/docs/concepts/scheduling-eviction/taint-and-toleration/) instead.
**The taints listed below are always used on Nodes**
@@ -323,3 +342,87 @@ Sets this taint on a node to mark it as unusable, when kubelet is started with t
Example: `node.cloudprovider.kubernetes.io/shutdown:NoSchedule`
If a Node is in a cloud provider specified shutdown state, the Node gets tainted accordingly with `node.cloudprovider.kubernetes.io/shutdown` and the taint effect of `NoSchedule`.
+
+## pod-security.kubernetes.io/enforce
+
+Example: `pod-security.kubernetes.io/enforce: baseline`
+
+Used on: Namespace
+
+Value **must** be one of `privileged`, `baseline`, or `restricted` which correspond to
+[Pod Security Standard](/docs/concepts/security/pod-security-standards) levels. Specifically,
+the `enforce` label _prohibits_ the creation of any Pod in the labeled Namespace which does not meet
+the requirements outlined in the indicated level.
+
+See [Enforcing Pod Security at the Namespace Level](/docs/concepts/security/pod-security-admission)
+for more information.
+
+## pod-security.kubernetes.io/enforce-version
+
+Example: `pod-security.kubernetes.io/enforce-version: {{< skew latestVersion >}}`
+
+Used on: Namespace
+
+Value **must** be `latest` or a valid Kubernetes version in the format `v.`.
+This determines the version of the [Pod Security Standard](/docs/concepts/security/pod-security-standards)
+policies to apply when validating a submitted Pod.
+
+See [Enforcing Pod Security at the Namespace Level](/docs/concepts/security/pod-security-admission)
+for more information.
+
+## pod-security.kubernetes.io/audit
+
+Example: `pod-security.kubernetes.io/audit: baseline`
+
+Used on: Namespace
+
+Value **must** be one of `privileged`, `baseline`, or `restricted` which correspond to
+[Pod Security Standard](/docs/concepts/security/pod-security-standards) levels. Specifically,
+the `audit` label does not prevent the creation of a Pod in the labeled Namespace which does not meet
+the requirements outlined in the indicated level, but adds an audit annotation to that Pod.
+
+See [Enforcing Pod Security at the Namespace Level](/docs/concepts/security/pod-security-admission)
+for more information.
+
+## pod-security.kubernetes.io/audit-version
+
+Example: `pod-security.kubernetes.io/audit-version: {{< skew latestVersion >}}`
+
+Used on: Namespace
+
+Value **must** be `latest` or a valid Kubernetes version in the format `v.`.
+This determines the version of the [Pod Security Standard](/docs/concepts/security/pod-security-standards)
+policies to apply when validating a submitted Pod.
+
+See [Enforcing Pod Security at the Namespace Level](/docs/concepts/security/pod-security-admission)
+for more information.
+
+## pod-security.kubernetes.io/warn
+
+Example: `pod-security.kubernetes.io/warn: baseline`
+
+Used on: Namespace
+
+Value **must** be one of `privileged`, `baseline`, or `restricted` which correspond to
+[Pod Security Standard](/docs/concepts/security/pod-security-standards) levels. Specifically,
+the `warn` label does not prevent the creation of a Pod in the labeled Namespace which does not meet the
+requirements outlined in the indicated level, but returns a warning to the user after doing so.
+Note that warnings are also displayed when creating or updating objects that contain Pod templates,
+such as Deployments, Jobs, StatefulSets, etc.
+
+See [Enforcing Pod Security at the Namespace Level](/docs/concepts/security/pod-security-admission)
+for more information.
+
+## pod-security.kubernetes.io/warn-version
+
+Example: `pod-security.kubernetes.io/warn-version: {{< skew latestVersion >}}`
+
+Used on: Namespace
+
+Value **must** be `latest` or a valid Kubernetes version in the format `v.`.
+This determines the version of the [Pod Security Standard](/docs/concepts/security/pod-security-standards)
+policies to apply when validating a submitted Pod. Note that warnings are also displayed when creating
+or updating objects that contain Pod templates, such as Deployments, Jobs, StatefulSets, etc.
+
+See [Enforcing Pod Security at the Namespace Level](/docs/concepts/security/pod-security-admission)
+for more information.
\ No newline at end of file
diff --git a/content/en/docs/reference/scheduling/config.md b/content/en/docs/reference/scheduling/config.md
index 1e140e6300..e30ab2e133 100644
--- a/content/en/docs/reference/scheduling/config.md
+++ b/content/en/docs/reference/scheduling/config.md
@@ -15,18 +15,19 @@ file and passing its path as a command line argument.
A scheduling Profile allows you to configure the different stages of scheduling
in the {{< glossary_tooltip text="kube-scheduler" term_id="kube-scheduler" >}}.
-Each stage is exposed in a extension point. Plugins provide scheduling behaviors
+Each stage is exposed in an extension point. Plugins provide scheduling behaviors
by implementing one or more of these extension points.
You can specify scheduling profiles by running `kube-scheduler --config `,
-using the
-[KubeSchedulerConfiguration (v1beta1)](/docs/reference/config-api/kube-scheduler-config.v1beta1/)
+using the
+KubeSchedulerConfiguration ([v1beta1](/docs/reference/config-api/kube-scheduler-config.v1beta1/)
+or [v1beta2](/docs/reference/config-api/kube-scheduler-config.v1beta2/))
struct.
A minimal configuration looks as follows:
```yaml
-apiVersion: kubescheduler.config.k8s.io/v1beta1
+apiVersion: kubescheduler.config.k8s.io/v1beta2
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: /etc/srv/kubernetes/kube-scheduler/kubeconfig
@@ -48,38 +49,41 @@ You can configure a single instance of `kube-scheduler` to run
Scheduling happens in a series of stages that are exposed through the following
extension points:
-1. `QueueSort`: These plugins provide an ordering function that is used to
+1. `queueSort`: These plugins provide an ordering function that is used to
sort pending Pods in the scheduling queue. Exactly one queue sort plugin
may be enabled at a time.
-1. `PreFilter`: These plugins are used to pre-process or check information
+1. `preFilter`: These plugins are used to pre-process or check information
about a Pod or the cluster before filtering. They can mark a pod as
unschedulable.
-1. `Filter`: These plugins are the equivalent of Predicates in a scheduling
+1. `filter`: These plugins are the equivalent of Predicates in a scheduling
Policy and are used to filter out nodes that can not run the Pod. Filters
are called in the configured order. A pod is marked as unschedulable if no
nodes pass all the filters.
-1. `PreScore`: This is an informational extension point that can be used
+1. `postFilter`: These plugins are called in their configured order when no
+ feasible nodes were found for the pod. If any `postFilter` plugin marks the
+ Pod _schedulable_, the remaining plugins are not called.
+1. `preScore`: This is an informational extension point that can be used
for doing pre-scoring work.
-1. `Score`: These plugins provide a score to each node that has passed the
+1. `score`: These plugins provide a score to each node that has passed the
filtering phase. The scheduler will then select the node with the highest
weighted scores sum.
-1. `Reserve`: This is an informational extension point that notifies plugins
+1. `reserve`: This is an informational extension point that notifies plugins
when resources have been reserved for a given Pod. Plugins also implement an
`Unreserve` call that gets called in the case of failure during or after
`Reserve`.
-1. `Permit`: These plugins can prevent or delay the binding of a Pod.
-1. `PreBind`: These plugins perform any work required before a Pod is bound.
-1. `Bind`: The plugins bind a Pod to a Node. Bind plugins are called in order
+1. `permit`: These plugins can prevent or delay the binding of a Pod.
+1. `preBind`: These plugins perform any work required before a Pod is bound.
+1. `bind`: The plugins bind a Pod to a Node. `bind` plugins are called in order
and once one has done the binding, the remaining plugins are skipped. At
least one bind plugin is required.
-1. `PostBind`: This is an informational extension point that is called after
+1. `postBind`: This is an informational extension point that is called after
a Pod has been bound.
For each extension point, you could disable specific [default plugins](#scheduling-plugins)
or enable your own. For example:
```yaml
-apiVersion: kubescheduler.config.k8s.io/v1beta1
+apiVersion: kubescheduler.config.k8s.io/v1beta2
kind: KubeSchedulerConfiguration
profiles:
- plugins:
@@ -99,106 +103,109 @@ desired.
### Scheduling plugins
-1. `UnReserve`: This is an informational extension point that is called if
- a Pod is rejected after being reserved and put on hold by a `Permit` plugin.
-
-## Scheduling plugins
-
The following plugins, enabled by default, implement one or more of these
extension points:
-- `SelectorSpread`: Favors spreading across nodes for Pods that belong to
- {{< glossary_tooltip text="Services" term_id="service" >}},
- {{< glossary_tooltip text="ReplicaSets" term_id="replica-set" >}} and
- {{< glossary_tooltip text="StatefulSets" term_id="statefulset" >}}.
- Extension points: `PreScore`, `Score`.
- `ImageLocality`: Favors nodes that already have the container images that the
Pod runs.
- Extension points: `Score`.
+ Extension points: `score`.
- `TaintToleration`: Implements
[taints and tolerations](/docs/concepts/scheduling-eviction/taint-and-toleration/).
- Implements extension points: `Filter`, `Prescore`, `Score`.
+ Implements extension points: `filter`, `preScore`, `score`.
- `NodeName`: Checks if a Pod spec node name matches the current node.
- Extension points: `Filter`.
+ Extension points: `filter`.
- `NodePorts`: Checks if a node has free ports for the requested Pod ports.
- Extension points: `PreFilter`, `Filter`.
+ Extension points: `preFilter`, `filter`.
- `NodePreferAvoidPods`: Scores nodes according to the node
{{< glossary_tooltip text="annotation" term_id="annotation" >}}
`scheduler.alpha.kubernetes.io/preferAvoidPods`.
- Extension points: `Score`.
+ Extension points: `score`.
- `NodeAffinity`: Implements
[node selectors](/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector)
and [node affinity](/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity).
- Extension points: `Filter`, `Score`.
+ Extension points: `filter`, `score`.
- `PodTopologySpread`: Implements
[Pod topology spread](/docs/concepts/workloads/pods/pod-topology-spread-constraints/).
- Extension points: `PreFilter`, `Filter`, `PreScore`, `Score`.
+ Extension points: `preFilter`, `filter`, `preScore`, `score`.
- `NodeUnschedulable`: Filters out nodes that have `.spec.unschedulable` set to
true.
- Extension points: `Filter`.
+ Extension points: `filter`.
- `NodeResourcesFit`: Checks if the node has all the resources that the Pod is
- requesting.
- Extension points: `PreFilter`, `Filter`.
+ requesting. The score can use one of three strategies: `LeastAllocated`
+ (default), `MostAllocated` and `RequestedToCapacityRatio`.
+ Extension points: `preFilter`, `filter`, `score`.
- `NodeResourcesBalancedAllocation`: Favors nodes that would obtain a more
balanced resource usage if the Pod is scheduled there.
- Extension points: `Score`.
-- `NodeResourcesLeastAllocated`: Favors nodes that have a low allocation of
- resources.
- Extension points: `Score`.
+ Extension points: `score`.
- `VolumeBinding`: Checks if the node has or if it can bind the requested
{{< glossary_tooltip text="volumes" term_id="volume" >}}.
- Extension points: `PreFilter`, `Filter`, `Reserve`, `PreBind`, `Score`.
+ Extension points: `preFilter`, `filter`, `reserve`, `preBind`, `score`.
{{< note >}}
- `Score` extension point is enabled when `VolumeCapacityPriority` feature is
+ `score` extension point is enabled when `VolumeCapacityPriority` feature is
enabled. It prioritizes the smallest PVs that can fit the requested volume
size.
{{< /note >}}
- `VolumeRestrictions`: Checks that volumes mounted in the node satisfy
restrictions that are specific to the volume provider.
- Extension points: `Filter`.
+ Extension points: `filter`.
- `VolumeZone`: Checks that volumes requested satisfy any zone requirements they
might have.
- Extension points: `Filter`.
+ Extension points: `filter`.
- `NodeVolumeLimits`: Checks that CSI volume limits can be satisfied for the
node.
- Extension points: `Filter`.
+ Extension points: `filter`.
- `EBSLimits`: Checks that AWS EBS volume limits can be satisfied for the node.
- Extension points: `Filter`.
+ Extension points: `filter`.
- `GCEPDLimits`: Checks that GCP-PD volume limits can be satisfied for the node.
- Extension points: `Filter`.
+ Extension points: `filter`.
- `AzureDiskLimits`: Checks that Azure disk volume limits can be satisfied for
the node.
- Extension points: `Filter`.
+ Extension points: `filter`.
- `InterPodAffinity`: Implements
[inter-Pod affinity and anti-affinity](/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity).
- Extension points: `PreFilter`, `Filter`, `PreScore`, `Score`.
+ Extension points: `preFilter`, `filter`, `preScore`, `score`.
- `PrioritySort`: Provides the default priority based sorting.
- Extension points: `QueueSort`.
+ Extension points: `queueSort`.
- `DefaultBinder`: Provides the default binding mechanism.
- Extension points: `Bind`.
+ Extension points: `bind`.
- `DefaultPreemption`: Provides the default preemption mechanism.
- Extension points: `PostFilter`.
+ Extension points: `postFilter`.
You can also enable the following plugins, through the component config APIs,
that are not enabled by default:
+- `SelectorSpread`: Favors spreading across nodes for Pods that belong to
+ {{< glossary_tooltip text="Services" term_id="service" >}},
+ {{< glossary_tooltip text="ReplicaSets" term_id="replica-set" >}} and
+ {{< glossary_tooltip text="StatefulSets" term_id="statefulset" >}}.
+ Extension points: `preScore`, `score`.
+- `CinderLimits`: Checks that [OpenStack Cinder](https://docs.openstack.org/cinder/)
+ volume limits can be satisfied for the node.
+ Extension points: `filter`.
+
+The following plugins are deprecated and can only be enabled in a `v1beta1`
+configuration:
+
+- `NodeResourcesLeastAllocated`: Favors nodes that have a low allocation of
+ resources.
+ Extension points: `score`.
- `NodeResourcesMostAllocated`: Favors nodes that have a high allocation of
resources.
- Extension points: `Score`.
+ Extension points: `score`.
- `RequestedToCapacityRatio`: Favor nodes according to a configured function of
the allocated resources.
- Extension points: `Score`.
-- `CinderVolume`: Checks that OpenStack Cinder volume limits can be satisfied
- for the node.
- Extension points: `Filter`.
+ Extension points: `score`.
- `NodeLabel`: Filters and / or scores a node according to configured
{{< glossary_tooltip text="label(s)" term_id="label" >}}.
- Extension points: `Filter`, `Score`.
+ Extension points: `filter`, `score`.
- `ServiceAffinity`: Checks that Pods that belong to a
{{< glossary_tooltip term_id="service" >}} fit in a set of nodes defined by
configured labels. This plugin also favors spreading the Pods belonging to a
Service across nodes.
- Extension points: `PreFilter`, `Filter`, `Score`.
+ Extension points: `preFilter`, `filter`, `score`.
+- `NodePreferAvoidPods`: Prioritizes nodes according to the node annotation
+ `scheduler.alpha.kubernetes.io/preferAvoidPods`.
+ Extension points: `score`.
### Multiple profiles
@@ -211,7 +218,7 @@ profiles: one with the default plugins and one with all scoring plugins
disabled.
```yaml
-apiVersion: kubescheduler.config.k8s.io/v1beta1
+apiVersion: kubescheduler.config.k8s.io/v1beta2
kind: KubeSchedulerConfiguration
profiles:
- schedulerName: default-scheduler
@@ -243,7 +250,7 @@ list.
{{< /note >}}
{{< note >}}
-All profiles must use the same plugin in the QueueSort extension point and have
+All profiles must use the same plugin in the `queueSort` extension point and have
the same configuration parameters (if applicable). This is because the scheduler
only has one pending pods queue.
{{< /note >}}
@@ -253,4 +260,5 @@ only has one pending pods queue.
* Read the [kube-scheduler reference](/docs/reference/command-line-tools-reference/kube-scheduler/)
* Learn about [scheduling](/docs/concepts/scheduling-eviction/kube-scheduler/)
* Read the [kube-scheduler configuration (v1beta1)](/docs/reference/config-api/kube-scheduler-config.v1beta1/) reference
+* Read the [kube-scheduler configuration (v1beta2)](/docs/reference/config-api/kube-scheduler-config.v1beta2/) reference
diff --git a/content/en/docs/reference/scheduling/policies.md b/content/en/docs/reference/scheduling/policies.md
index 1cd80273d9..99291c2b37 100644
--- a/content/en/docs/reference/scheduling/policies.md
+++ b/content/en/docs/reference/scheduling/policies.md
@@ -104,6 +104,6 @@ The following *priorities* implement scoring:
* Learn about [scheduling](/docs/concepts/scheduling-eviction/kube-scheduler/)
* Learn about [kube-scheduler Configuration](/docs/reference/scheduling/config/)
-* Read the [kube-scheduler configuration reference (v1beta1)](/docs/reference/config-api/kube-scheduler-config.v1beta1)
+* Read the [kube-scheduler configuration reference (v1beta2)](/docs/reference/config-api/kube-scheduler-config.v1beta2)
* Read the [kube-scheduler Policy reference (v1)](/docs/reference/config-api/kube-scheduler-policy-config.v1/)
diff --git a/content/en/docs/reference/setup-tools/kubeadm/_index.md b/content/en/docs/reference/setup-tools/kubeadm/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha.md
deleted file mode 100644
index af458320a5..0000000000
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha.md
+++ /dev/null
@@ -1,61 +0,0 @@
-
-
-
-Kubeadm experimental sub-commands
-
-### Synopsis
-
-
-Kubeadm experimental sub-commands
-
-### Options
-
-
[EXPERIMENTAL] The path to the 'real' host root filesystem.
-
-
-
-
-
-
-
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_kubeconfig_user.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_kubeconfig_user.md
deleted file mode 100644
index de07cd0f7d..0000000000
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_alpha_kubeconfig_user.md
+++ /dev/null
@@ -1,102 +0,0 @@
-
-
-
-Output a kubeconfig file for an additional user
-
-### Synopsis
-
-
-Output a kubeconfig file for an additional user.
-
-Alpha Disclaimer: this command is currently alpha.
-
-```
-kubeadm alpha kubeconfig user [flags]
-```
-
-### Examples
-
-```
- # Output a kubeconfig file for an additional user named foo using a kubeadm config file bar
- kubeadm alpha kubeconfig user --client-name=foo --config=bar
-```
-
-### Options
-
-
-
-
-
-
-
-
-
-
--client-name string
-
-
-
The name of user. It will be used as the CN if client certificates are created
-
-
-
-
--config string
-
-
-
Path to a kubeadm configuration file.
-
-
-
-
-h, --help
-
-
-
help for user
-
-
-
-
--org strings
-
-
-
The orgnizations of the client certificate. It will be used as the O if client certificates are created
-
-
-
-
--token string
-
-
-
The token that should be used as the authentication mechanism for this kubeconfig, instead of client certificates
[EXPERIMENTAL] The path to the 'real' host root filesystem.
-
-
-
-
-
-
-
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_generate-csr.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_generate-csr.md
index 2a41f2e58f..1abc7d9bac 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_generate-csr.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_generate-csr.md
@@ -17,7 +17,7 @@ Generate keys and certificate signing requests
Generates keys and certificate signing requests (CSRs) for all the certificates required to run the control plane. This command also generates partial kubeconfig files with private key data in the "users > user > client-key-data" field, and for each kubeconfig file an accompanying ".csr" file is created.
-This command is designed for use in [Kubeadm External CA Mode](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#external-ca-mode). It generates CSRs which you can then submit to your external certificate authority for signing.
+This command is designed for use in [Kubeadm External CA Mode](https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#external-ca-mode). It generates CSRs which you can then submit to your external certificate authority for signing.
The PEM encoded signed certificates should then be saved alongside the key files, using ".crt" as the file extension, or in the case of kubeconfig files, the PEM encoded signed certificate should be base64 encoded and added to the kubeconfig file in the "users > user > client-certificate-data" field.
@@ -29,7 +29,7 @@ kubeadm certs generate-csr [flags]
```
# The following command will generate keys and CSRs for all control-plane certificates and kubeconfig files:
- kubeadm alpha certs generate-csr --kubeconfig-dir /tmp/etc-k8s --cert-dir /tmp/etc-k8s/pki
+ kubeadm certs generate-csr --kubeconfig-dir /tmp/etc-k8s --cert-dir /tmp/etc-k8s/pki
```
### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_admin.conf.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_admin.conf.md
index 2a81cee1d4..31192cf3f7 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_admin.conf.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_admin.conf.md
@@ -50,20 +50,6 @@ kubeadm certs renew admin.conf [flags]
Path to a kubeadm configuration file.
-
-
--csr-dir string
-
-
-
The path to output the CSRs and private keys to
-
-
-
-
--csr-only
-
-
-
Create CSRs instead of generating certificates
-
-
-h, --help
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_all.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_all.md
index b948adb65c..77ea6e45a1 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_all.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_certs_renew_all.md
@@ -44,20 +44,6 @@ kubeadm certs renew all [flags]
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_list.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_list.md
index 4634bd0a27..b7f3e05a8b 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_list.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_list.md
@@ -55,7 +55,7 @@ kubeadm config images list [flags]
--feature-gates string
-
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false)
+
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false) RootlessControlPlane=true|false (ALPHA - default=false)
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false)
+
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false) RootlessControlPlane=true|false (ALPHA - default=false)
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_migrate.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_migrate.md
index 5858bdb307..8aa2f6f1d2 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_migrate.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_migrate.md
@@ -19,9 +19,9 @@ Read an older version of the kubeadm configuration API types from a file, and ou
This command lets you convert configuration objects of older versions to the latest supported version,
locally in the CLI tool without ever touching anything in the cluster.
In this version of kubeadm, the following API versions are supported:
-- kubeadm.k8s.io/v1beta2
+- kubeadm.k8s.io/v1beta3
-Further, kubeadm can only write out config of version "kubeadm.k8s.io/v1beta2", but read both types.
+Further, kubeadm can only write out config of version "kubeadm.k8s.io/v1beta3", but read both types.
So regardless of what version you pass to the --old-config parameter here, the API object will be
read, deserialized, defaulted, converted, validated, and re-serialized when written to stdout or
--new-config if specified.
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_print.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_print.md
index 2f20d9d1ce..e8aa81abf6 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_print.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_print.md
@@ -17,7 +17,7 @@ Print configuration
This command prints configurations for subcommands provided.
-For details, see: https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2
+For details, see: https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm#section-directories
```
kubeadm config print [flags]
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init.md
index 4294cffe8b..62f4ca7e5b 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init.md
@@ -134,18 +134,11 @@ kubeadm init [flags]
Don't apply any changes; just output what would be done.
-
-
--experimental-patches string
-
-
-
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
-
-
--feature-gates string
-
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false)
+
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false) RootlessControlPlane=true|false (ALPHA - default=false)
@@ -183,6 +176,13 @@ kubeadm init [flags]
Specify the node name.
+
+
--patches string
+
+
+
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false)
+
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false) RootlessControlPlane=true|false (ALPHA - default=false)
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false)
+
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false) RootlessControlPlane=true|false (ALPHA - default=false)
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_apiserver-etcd-client.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_apiserver-etcd-client.md
index 4c8bed971a..3280fdc0eb 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_apiserver-etcd-client.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_apiserver-etcd-client.md
@@ -15,7 +15,7 @@ Generate the certificate the apiserver uses to access etcd
### Synopsis
-Generate the certificate the apiserver uses to access etcd, and save them into apiserver-etcd-client.cert and apiserver-etcd-client.key files.
+Generate the certificate the apiserver uses to access etcd, and save them into apiserver-etcd-client.crt and apiserver-etcd-client.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_apiserver-kubelet-client.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_apiserver-kubelet-client.md
index 814a9c15ff..f98f75def0 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_apiserver-kubelet-client.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_apiserver-kubelet-client.md
@@ -15,7 +15,7 @@ Generate the certificate for the API server to connect to kubelet
### Synopsis
-Generate the certificate for the API server to connect to kubelet, and save them into apiserver-kubelet-client.cert and apiserver-kubelet-client.key files.
+Generate the certificate for the API server to connect to kubelet, and save them into apiserver-kubelet-client.crt and apiserver-kubelet-client.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_apiserver.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_apiserver.md
index fa2d46ab8e..afa192d3de 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_apiserver.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_apiserver.md
@@ -15,9 +15,7 @@ Generate the certificate for serving the Kubernetes API
### Synopsis
-Generate the certificate for serving the Kubernetes API, and save them into apiserver.cert and apiserver.key files.
-
-Default SANs are kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, 10.96.0.1, 127.0.0.1
+Generate the certificate for serving the Kubernetes API, and save them into apiserver.crt and apiserver.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_ca.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_ca.md
index d12b74f19f..b94061e8d4 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_ca.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_ca.md
@@ -15,7 +15,7 @@ Generate the self-signed Kubernetes CA to provision identities for other Kuberne
### Synopsis
-Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components, and save them into ca.cert and ca.key files.
+Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components, and save them into ca.crt and ca.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-ca.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-ca.md
index 2cddb77ade..547601e364 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-ca.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-ca.md
@@ -15,7 +15,7 @@ Generate the self-signed CA to provision identities for etcd
### Synopsis
-Generate the self-signed CA to provision identities for etcd, and save them into etcd/ca.cert and etcd/ca.key files.
+Generate the self-signed CA to provision identities for etcd, and save them into etcd/ca.crt and etcd/ca.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-healthcheck-client.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-healthcheck-client.md
index 9876d5bce7..ea3755c786 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-healthcheck-client.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-healthcheck-client.md
@@ -15,7 +15,7 @@ Generate the certificate for liveness probes to healthcheck etcd
### Synopsis
-Generate the certificate for liveness probes to healthcheck etcd, and save them into etcd/healthcheck-client.cert and etcd/healthcheck-client.key files.
+Generate the certificate for liveness probes to healthcheck etcd, and save them into etcd/healthcheck-client.crt and etcd/healthcheck-client.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-peer.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-peer.md
index d86991f8f8..904b00a68f 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-peer.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-peer.md
@@ -15,7 +15,7 @@ Generate the certificate for etcd nodes to communicate with each other
### Synopsis
-Generate the certificate for etcd nodes to communicate with each other, and save them into etcd/peer.cert and etcd/peer.key files.
+Generate the certificate for etcd nodes to communicate with each other, and save them into etcd/peer.crt and etcd/peer.key files.
Default SANs are localhost, 127.0.0.1, 127.0.0.1, ::1
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-server.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-server.md
index 213cf22d2f..4b8894075c 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-server.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_etcd-server.md
@@ -15,7 +15,7 @@ Generate the certificate for serving etcd
### Synopsis
-Generate the certificate for serving etcd, and save them into etcd/server.cert and etcd/server.key files.
+Generate the certificate for serving etcd, and save them into etcd/server.crt and etcd/server.key files.
Default SANs are localhost, 127.0.0.1, 127.0.0.1, ::1
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_front-proxy-ca.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_front-proxy-ca.md
index c2d37be74f..8193d38fce 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_front-proxy-ca.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_front-proxy-ca.md
@@ -15,7 +15,7 @@ Generate the self-signed CA to provision identities for front proxy
### Synopsis
-Generate the self-signed CA to provision identities for front proxy, and save them into front-proxy-ca.cert and front-proxy-ca.key files.
+Generate the self-signed CA to provision identities for front proxy, and save them into front-proxy-ca.crt and front-proxy-ca.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_front-proxy-client.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_front-proxy-client.md
index 58a81fa7a2..d5cff5b662 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_front-proxy-client.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_certs_front-proxy-client.md
@@ -15,7 +15,7 @@ Generate the certificate for the front proxy client
### Synopsis
-Generate the certificate for the front proxy client, and save them into front-proxy-client.cert and front-proxy-client.key files.
+Generate the certificate for the front proxy client, and save them into front-proxy-client.crt and front-proxy-client.key files.
If both files already exist, kubeadm skips the generation step and existing files will be used.
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_all.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_all.md
index 45fa4a29c4..6a53512cc4 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_all.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_init_phase_control-plane_all.md
@@ -91,17 +91,17 @@ kubeadm init phase control-plane all [flags]
-
--experimental-patches string
+
--dry-run
-
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
+
Don't apply any changes; just output what would be done.
--feature-gates string
-
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false)
+
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false) RootlessControlPlane=true|false (ALPHA - default=false)
@@ -125,6 +125,13 @@ kubeadm init phase control-plane all [flags]
Choose a specific Kubernetes version for the control plane.
+
+
--patches string
+
+
+
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
+
Don't apply any changes; just output what would be done.
--feature-gates string
-
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false)
+
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false) RootlessControlPlane=true|false (ALPHA - default=false)
Choose a specific Kubernetes version for the control plane.
+
+
--patches string
+
+
+
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
+
Don't apply any changes; just output what would be done.
Choose a specific Kubernetes version for the control plane.
+
+
--patches string
+
+
+
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
+
Don't apply any changes; just output what would be done.
Choose a specific Kubernetes version for the control plane.
+
+
--patches string
+
+
+
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
-
-
-h, --help
@@ -77,6 +70,13 @@ kubeadm init phase etcd local [flags]
Choose a container registry to pull control plane images from
+
+
--patches string
+
+
+
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
+
+
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_join.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_join.md
index 3f39346c96..145f0bc340 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_join.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_join.md
@@ -69,7 +69,7 @@ control-plane-prepare Prepare the machine for serving a control plane
kubelet-start Write kubelet settings, certificates and (re)start the kubelet
control-plane-join Join a machine as a control plane instance
/etcd Add a new local etcd member
- /update-status Register the new control-plane node into the ClusterStatus maintained in the kubeadm-config ConfigMap
+ /update-status Register the new control-plane node into the ClusterStatus maintained in the kubeadm-config ConfigMap (DEPRECATED)
/mark-control-plane Mark a node as a control-plane
```
@@ -157,13 +157,6 @@ kubeadm join [api-server-endpoint] [flags]
For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.
-
-
--experimental-patches string
-
-
-
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
+
+
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_join_phase_control-plane-join_update-status.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_join_phase_control-plane-join_update-status.md
index 10127f967f..af1aac985c 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_join_phase_control-plane-join_update-status.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_join_phase_control-plane-join_update-status.md
@@ -10,12 +10,12 @@ guide. You can file document formatting bugs against the
-->
-Register the new control-plane node into the ClusterStatus maintained in the kubeadm-config ConfigMap
+Register the new control-plane node into the ClusterStatus maintained in the kubeadm-config ConfigMap (DEPRECATED)
### Synopsis
-Register the new control-plane node into the ClusterStatus maintained in the kubeadm-config ConfigMap
+Register the new control-plane node into the ClusterStatus maintained in the kubeadm-config ConfigMap (DEPRECATED)
```
kubeadm join phase control-plane-join update-status [flags]
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_join_phase_control-plane-prepare_all.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_join_phase_control-plane-prepare_all.md
index 02864ace82..661edf597d 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_join_phase_control-plane-prepare_all.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_join_phase_control-plane-prepare_all.md
@@ -93,13 +93,6 @@ kubeadm join phase control-plane-prepare all [api-server-endpoint] [flags]
For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.
-
-
--experimental-patches string
-
-
-
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
+
+
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_kubeconfig.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_kubeconfig.md
index b678061bb0..55177462d6 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_kubeconfig.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_kubeconfig.md
@@ -17,8 +17,6 @@ Kubeconfig file utilities
Kubeconfig file utilities.
-Alpha Disclaimer: this command is currently alpha.
-
### Options
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_kubeconfig_user.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_kubeconfig_user.md
index 8293ee2f27..89315e27b8 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_kubeconfig_user.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_kubeconfig_user.md
@@ -17,8 +17,6 @@ Output a kubeconfig file for an additional user
Output a kubeconfig file for an additional user.
-Alpha Disclaimer: this command is currently alpha.
-
```
kubeadm kubeconfig user [flags]
```
@@ -27,7 +25,7 @@ kubeadm kubeconfig user [flags]
```
# Output a kubeconfig file for an additional user named foo using a kubeadm config file bar
- kubeadm alpha kubeconfig user --client-name=foo --config=bar
+ kubeadm kubeconfig user --client-name=foo --config=bar
```
### Options
@@ -74,6 +72,13 @@ kubeadm kubeconfig user [flags]
The token that should be used as the authentication mechanism for this kubeconfig, instead of client certificates
+
+
--validity-period duration Default: 8760h0m0s
+
+
+
The validity period of the client certificate. It is an offset from the current time.
+
+
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset.md
index a745cb8c9e..19bdbb417a 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset.md
@@ -20,7 +20,7 @@ Performs a best effort revert of changes made to this host by 'kubeadm init' or
The "reset" command executes the following phases:
```
preflight Run reset pre-flight checks
-update-cluster-status Remove this node from the ClusterStatus object.
+update-cluster-status Remove this node from the ClusterStatus object (DEPRECATED).
remove-etcd-member Remove a local etcd member.
cleanup-node Run cleanup node.
```
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset_phase_update-cluster-status.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset_phase_update-cluster-status.md
index b73f736958..9d4b7af77f 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset_phase_update-cluster-status.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_reset_phase_update-cluster-status.md
@@ -10,12 +10,12 @@ guide. You can file document formatting bugs against the
-->
-Remove this node from the ClusterStatus object.
+Remove this node from the ClusterStatus object (DEPRECATED).
### Synopsis
-Remove this node from the ClusterStatus object if the node is a control plane node.
+Remove this node from the ClusterStatus object (DEPRECATED).
```
kubeadm reset phase update-cluster-status [flags]
diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md
index d34e01da47..3add5a98c2 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_upgrade_apply.md
@@ -72,18 +72,11 @@ kubeadm upgrade apply [version]
Perform the upgrade of etcd.
-
-
--experimental-patches string
-
-
-
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
-
-
--feature-gates string
-
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false)
+
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false) RootlessControlPlane=true|false (ALPHA - default=false)
The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.
+
+
--patches string
+
+
+
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
-
-
-h, --help
@@ -87,6 +80,13 @@ kubeadm upgrade node [flags]
The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.
+
+
--patches string
+
+
+
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.
+
+
--patches string
+
+
+
Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "target" can be one of "kube-apiserver", "kube-controller-manager", "kube-scheduler", "etcd". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false)
+
A set of key=value pairs that describe feature gates for various features. Options are: IPv6DualStack=true|false (BETA - default=true) PublicKeysECDSA=true|false (ALPHA - default=false) RootlessControlPlane=true|false (ALPHA - default=false)
diff --git a/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md b/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md
index cc7cef2543..6222685845 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md
@@ -298,26 +298,6 @@ Please note that:
2. in case of kubeadm is executed in the `--dry-run` mode, the etcd static Pod manifest is written in a temporary folder
3. Static Pod manifest generation for local etcd can be invoked individually with the [`kubeadm init phase etcd local`](/docs/reference/setup-tools/kubeadm/kubeadm-init-phase/#cmd-phase-etcd) command
-### Optional Dynamic Kubelet Configuration
-
-To use this functionality call `kubeadm alpha kubelet config enable-dynamic`. It writes the kubelet init configuration
-into `/var/lib/kubelet/config/init/kubelet` file.
-
-The init configuration is used for starting the kubelet on this specific node, providing an alternative for the kubelet drop-in file;
-such configuration will be replaced by the kubelet base configuration as described in following steps.
-See [set kubelet parameters via a config file](/docs/tasks/administer-cluster/kubelet-config-file) for additional information.
-
-Please note that:
-
-1. To make dynamic kubelet configuration work, flag `--dynamic-config-dir=/var/lib/kubelet/config/dynamic` should be specified
- in `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf`
-1. The kubelet configuration can be changed by passing a `KubeletConfiguration` object to `kubeadm init` or `kubeadm join` by using
- a configuration file `--config some-file.yaml`. The `KubeletConfiguration` object can be separated from other objects such
- as `InitConfiguration` using the `---` separator. For more details have a look at the `kubeadm config print-default` command.
-
-For more details about the `KubeletConfiguration` struct, take a look at the
-[`KubeletConfiguration` reference](/docs/reference/config-api/kubelet-config.v1beta1/).
-
### Wait for the control plane to come up
kubeadm waits (upto 4m0s) until `localhost:6443/healthz` (kube-apiserver liveness) returns `ok`. However in order to detect
@@ -327,17 +307,6 @@ deadlock conditions, kubeadm fails fast if `localhost:10255/healthz` (kubelet li
kubeadm relies on the kubelet to pull the control plane images and run them properly as static Pods.
After the control plane is up, kubeadm completes the tasks described in following paragraphs.
-### (optional) Write base kubelet configuration
-
-{{< feature-state for_k8s_version="v1.11" state="beta" >}}
-
-If kubeadm is invoked with `--feature-gates=DynamicKubeletConfig`:
-
-1. Write the kubelet base configuration into the `kubelet-base-config-v1.9` ConfigMap in the `kube-system` namespace
-2. Creates RBAC rules for granting read access to that ConfigMap to all bootstrap tokens and all kubelet instances
- (that is `system:bootstrappers:kubeadm:default-node-token` and `system:nodes` groups)
-3. Enable the dynamic kubelet configuration feature for the initial control-plane node by pointing `Node.spec.configSource` to the newly-created ConfigMap
-
### Save the kubeadm ClusterConfiguration in a ConfigMap for later reference
kubeadm saves the configuration passed to `kubeadm init` in a ConfigMap named `kubeadm-config` under `kube-system` namespace.
@@ -520,18 +489,3 @@ Please note that:
- The temporary authentication resolve to a user member of `system:bootstrappers:kubeadm:default-node-token` group which was granted
access to CSR api during the `kubeadm init` process
- The automatic CSR approval is managed by the csrapprover controller, according with configuration done the `kubeadm init` process
-
-### (optional) Write init kubelet configuration
-
-{{< feature-state for_k8s_version="v1.11" state="beta" >}}
-
-If kubeadm is invoked with `--feature-gates=DynamicKubeletConfig`:
-
-1. Read the kubelet base configuration from the `kubelet-base-config-v1.x` ConfigMap in the `kube-system` namespace using the
- Bootstrap Token credentials, and write it to disk as kubelet init configuration file `/var/lib/kubelet/config/init/kubelet`
-2. As soon as kubelet starts with the Node's own credential (`/etc/kubernetes/kubelet.conf`), update current node configuration
- specifying that the source for the node/kubelet configuration is the above ConfigMap.
-
-Please note that:
-
-1. To make dynamic kubelet configuration work, flag `--dynamic-config-dir=/var/lib/kubelet/config/dynamic` should be specified in `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf`
diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-config.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-config.md
index 0b373ee423..76d9921be1 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-config.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-config.md
@@ -10,7 +10,7 @@ weight: 50
During `kubeadm init`, kubeadm uploads the `ClusterConfiguration` object to your cluster
in a ConfigMap called `kubeadm-config` in the `kube-system` namespace. This configuration is then read during
-`kubeadm join`, `kubeadm reset` and `kubeadm upgrade`. To view this ConfigMap call `kubeadm config view`.
+`kubeadm join`, `kubeadm reset` and `kubeadm upgrade`.
You can use `kubeadm config print` to print the default configuration and `kubeadm config migrate` to
convert your old configuration files to a newer version. `kubeadm config images list` and
@@ -20,7 +20,7 @@ For more information navigate to
[Using kubeadm init with a configuration file](/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file)
or [Using kubeadm join with a configuration file](/docs/reference/setup-tools/kubeadm/kubeadm-join/#config-file).
-You can also configure several kubelet-configuration options with `kubeadm init`. These options will be the same on any node in your cluster.
+You can also configure several kubelet-configuration options with `kubeadm init`. These options will be the same on any node in your cluster.
See [Configuring each kubelet in your cluster using kubeadm](/docs/setup/production-environment/tools/kubeadm/kubelet-integration/) for details.
In Kubernetes v1.13.0 and later to list/pull kube-dns images instead of the CoreDNS image
@@ -28,7 +28,7 @@ the `--config` method described [here](/docs/reference/setup-tools/kubeadm/kubea
has to be used.
-## kubeadm config print {#cmd-config-view}
+## kubeadm config print {#cmd-config-print}
{{< include "generated/kubeadm_config_print.md" >}}
diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init-phase.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init-phase.md
index 2b6939bac6..3f9812b260 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init-phase.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init-phase.md
@@ -119,16 +119,16 @@ Use the following phase to configure bootstrap tokens.
{{< tab name="bootstrap-token" include="generated/kubeadm_init_phase_bootstrap-token.md" />}}
{{< /tabs >}}
-## kubeadm init phase kubelet-finialize {#cmd-phase-kubelet-finalize-all}
+## kubeadm init phase kubelet-finalize {#cmd-phase-kubelet-finalize-all}
Use the following phase to update settings relevant to the kubelet after TLS
bootstrap. You can use the `all` subcommand to run all `kubelet-finalize`
phases.
{{< tabs name="tab-kubelet-finalize" >}}
-{{< tab name="kublet-finalize" include="generated/kubeadm_init_phase_kubelet-finalize.md" />}}
-{{< tab name="kublet-finalize-all" include="generated/kubeadm_init_phase_kubelet-finalize_all.md" />}}
-{{< tab name="kublet-finalize-cert-rotation" include="generated/kubeadm_init_phase_kubelet-finalize_experimental-cert-rotation.md" />}}
+{{< tab name="kubelet-finalize" include="generated/kubeadm_init_phase_kubelet-finalize.md" />}}
+{{< tab name="kubelet-finalize-all" include="generated/kubeadm_init_phase_kubelet-finalize_all.md" />}}
+{{< tab name="kubelet-finalize-cert-rotation" include="generated/kubeadm_init_phase_kubelet-finalize_experimental-cert-rotation.md" />}}
{{< /tabs >}}
## kubeadm init phase addon {#cmd-phase-addon}
@@ -143,8 +143,8 @@ install them selectively.
{{< tab name="kube-proxy" include="generated/kubeadm_init_phase_addon_kube-proxy.md" />}}
{{< /tabs >}}
-For more details on each field in the `v1beta2` configuration you can navigate to our
-[API reference pages.] (https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2)
+For more details on each field in the `v1beta3` configuration you can navigate to our
+[API reference pages.](/docs/reference/config-api/kubeadm-config.v1beta3/)
## {{% heading "whatsnext" %}}
diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md
index 2260c2ca22..3779ec2fdf 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-init.md
@@ -104,6 +104,10 @@ sudo kubeadm init --skip-phases=control-plane,etcd --config=configfile.yaml
What this example would do is write the manifest files for the control plane and etcd in `/etc/kubernetes/manifests` based on the configuration in `configfile.yaml`. This allows you to modify the files and then skip these phases using `--skip-phases`. By calling the last command you will create a control plane node with the custom manifest files.
+{{< feature-state for_k8s_version="v1.22" state="beta" >}}
+
+Alternatively, you can use the `skipPhases` field under `InitConfiguration`.
+
### Using kubeadm init with a configuration file {#config-file}
{{< caution >}}
@@ -122,8 +126,8 @@ The default configuration can be printed out using the
If your configuration is not using the latest version it is **recommended** that you migrate using
the [kubeadm config migrate](/docs/reference/setup-tools/kubeadm/kubeadm-config/) command.
-For more information on the fields and usage of the configuration you can navigate to our API reference
-page and pick a version from [the list](https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm#section-directories).
+For more information on the fields and usage of the configuration you can navigate to our
+[API reference page](/docs/reference/config-api/kubeadm-config.v1beta2/).
### Adding kube-proxy parameters {#kube-proxy}
@@ -142,7 +146,7 @@ For information about passing flags to control plane components see:
By default, kubeadm pulls images from `k8s.gcr.io`. If the
requested Kubernetes version is a CI label (such as `ci/latest`)
-`gcr.io/kubernetes-ci-images` is used.
+`gcr.io/k8s-staging-ci-images` is used.
You can override this behavior by using [kubeadm with a configuration file](#config-file).
Allowed customization are:
diff --git a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-join.md b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-join.md
index 53ca4a789b..5ad349e66c 100644
--- a/content/en/docs/reference/setup-tools/kubeadm/kubeadm-join.md
+++ b/content/en/docs/reference/setup-tools/kubeadm/kubeadm-join.md
@@ -66,6 +66,10 @@ For example:
sudo kubeadm join --skip-phases=preflight --config=config.yaml
```
+{{< feature-state for_k8s_version="v1.22" state="beta" >}}
+
+Alternatively, you can use the `skipPhases` field in `JoinConfiguration`.
+
### Discovering what cluster CA to trust
The kubeadm discovery has several options, each with security tradeoffs.
@@ -282,8 +286,8 @@ The default configuration can be printed out using the
If your configuration is not using the latest version it is **recommended** that you migrate using
the [kubeadm config migrate](/docs/reference/setup-tools/kubeadm/kubeadm-config/) command.
-For more information on the fields and usage of the configuration you can navigate to our API reference
-page and pick a version from [the list](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm#pkg-subdirectories).
+For more information on the fields and usage of the configuration you can navigate to our
+[API reference](/docs/reference/config-api/kubeadm-config.v1beta2/).
## {{% heading "whatsnext" %}}
diff --git a/content/en/docs/reference/tools/_index.md b/content/en/docs/reference/tools/_index.md
index 7194ab83bd..aa65af289b 100644
--- a/content/en/docs/reference/tools/_index.md
+++ b/content/en/docs/reference/tools/_index.md
@@ -8,7 +8,7 @@ no_list: true
---
-Kubernetes contains several built-in tools to help you work with the Kubernetes system.
+Kubernetes contains several built-in tools and external tools that are commonly used or relevant that may as well be seen as required for Kubernetes to function.
@@ -26,8 +26,8 @@ to a Kubernetes cluster, troubleshoot them, and manage the cluster and its resou
## Helm
-[`Kubernetes Helm`](https://github.com/kubernetes/helm) is a tool for managing packages of pre-configured
-Kubernetes resources, aka Kubernetes charts.
+[Helm](https://helm.sh/) is a tool for managing packages of pre-configured
+Kubernetes resources. These packages are known as _Helm charts_.
Use Helm to:
diff --git a/content/en/docs/reference/using-api/api-concepts.md b/content/en/docs/reference/using-api/api-concepts.md
index da41e7c4c9..913d3db42e 100644
--- a/content/en/docs/reference/using-api/api-concepts.md
+++ b/content/en/docs/reference/using-api/api-concepts.md
@@ -192,7 +192,92 @@ For example, if there are 1,253 pods on the cluster and the client wants to rece
}
```
-Note that the `resourceVersion` of the list remains constant across each request, indicating the server is showing us a consistent snapshot of the pods. Pods that are created, updated, or deleted after version `10245` would not be shown unless the user makes a list request without the `continue` token. This allows clients to break large requests into smaller chunks and then perform a watch operation on the full set without missing any updates.
+Note that the `resourceVersion` of the list remains constant across each request,
+indicating the server is showing us a consistent snapshot of the pods. Pods that
+are created, updated, or deleted after version `10245` would not be shown unless
+the user makes a list request without the `continue` token. This allows clients
+to break large requests into smaller chunks and then perform a watch operation
+on the full set without missing any updates.
+
+`remainingItemCount` is the number of subsequent items in the list which are not
+included in this list response. If the list request contained label or field selectors,
+then the number of remaining items is unknown and the API server does not include
+a `remainingItemCount` field in its response. If the list is complete (either
+because it is not chunking or because this is the last chunk), then there are no
+more remaining items and the API server does not include a `remainingItemCount`
+field in its response. The intended use of the `remainingItemCount` is estimating
+the size of a collection.
+
+## Lists
+
+There are dozens of list types (such as `PodList`, `ServiceList`, and `NodeList`) defined in the Kubernetes API.
+You can get more information about each list type from the [Kubernetes API](/docs/reference/kubernetes-api/) documentation.
+
+When you query the API for a particular type, all items returned by that query are of that type. For example, when you
+ask for a list of services, the list type is shown as `kind: ServiceList` and each item in that list represents a single Service. For example:
+
+```console
+
+GET /api/v1/services
+---
+{
+ "kind": "ServiceList",
+ "apiVersion": "v1",
+ "metadata": {
+ "resourceVersion": "2947301"
+ },
+ "items": [
+ {
+ "metadata": {
+ "name": "kubernetes",
+ "namespace": "default",
+...
+ "metadata": {
+ "name": "kube-dns",
+ "namespace": "kube-system",
+...
+```
+
+Some tools, such as `kubectl` provide another way to query the Kubernetes API. Because the output of `kubectl` might include multiple list types, the list of items is represented as `kind: List`. For example:
+
+```console
+
+$ kubectl get services -A -o yaml
+
+apiVersion: v1
+kind: List
+metadata:
+ resourceVersion: ""
+ selfLink: ""
+items:
+- apiVersion: v1
+ kind: Service
+ metadata:
+ creationTimestamp: "2021-06-03T14:54:12Z"
+ labels:
+ component: apiserver
+ provider: kubernetes
+ name: kubernetes
+ namespace: default
+...
+- apiVersion: v1
+ kind: Service
+ metadata:
+ annotations:
+ prometheus.io/port: "9153"
+ prometheus.io/scrape: "true"
+ creationTimestamp: "2021-06-03T14:54:14Z"
+ labels:
+ k8s-app: kube-dns
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: CoreDNS
+ name: kube-dns
+ namespace: kube-system
+```
+
+{{< note >}}
+Keep in mind that the Kubernetes API does not have a `kind: List` type. `kind: List` is an internal mechanism type for lists of mixed resources and should not be depended upon.
+{{< /note >}}
## Receiving resources as Tables
diff --git a/content/en/docs/reference/using-api/client-libraries.md b/content/en/docs/reference/using-api/client-libraries.md
index 9ec9f84c5d..eed8169909 100644
--- a/content/en/docs/reference/using-api/client-libraries.md
+++ b/content/en/docs/reference/using-api/client-libraries.md
@@ -66,7 +66,6 @@ their authors, not the Kubernetes team.
| PHP | [github.com/maclof/kubernetes-client](https://github.com/maclof/kubernetes-client) |
| PHP | [github.com/travisghansen/kubernetes-client-php](https://github.com/travisghansen/kubernetes-client-php) |
| PHP | [github.com/renoki-co/php-k8s](https://github.com/renoki-co/php-k8s) |
-| Python | [github.com/eldarion-gondor/pykube](https://github.com/eldarion-gondor/pykube) |
| Python | [github.com/fiaas/k8s](https://github.com/fiaas/k8s) |
| Python | [github.com/mnubo/kubernetes-py](https://github.com/mnubo/kubernetes-py) |
| Python | [github.com/tomplus/kubernetes_asyncio](https://github.com/tomplus/kubernetes_asyncio) |
diff --git a/content/en/docs/reference/using-api/deprecation-guide.md b/content/en/docs/reference/using-api/deprecation-guide.md
old mode 100755
new mode 100644
index 73a4ae2a18..579e4c04ac
--- a/content/en/docs/reference/using-api/deprecation-guide.md
+++ b/content/en/docs/reference/using-api/deprecation-guide.md
@@ -53,11 +53,11 @@ The **events.k8s.io/v1beta1** API version of Event will no longer be served in v
* Notable changes in **events.k8s.io/v1**:
* `type` is limited to `Normal` and `Warning`
* `involvedObject` is renamed to `regarding`
- * `action`, `reason`, `reportingComponent`, and `reportingInstance` are required when creating new **events.k8s.io/v1** Events
+ * `action`, `reason`, `reportingController`, and `reportingInstance` are required when creating new **events.k8s.io/v1** Events
* use `eventTime` instead of the deprecated `firstTimestamp` field (which is renamed to `deprecatedFirstTimestamp` and not permitted in new **events.k8s.io/v1** Events)
* use `series.lastObservedTime` instead of the deprecated `lastTimestamp` field (which is renamed to `deprecatedLastTimestamp` and not permitted in new **events.k8s.io/v1** Events)
* use `series.count` instead of the deprecated `count` field (which is renamed to `deprecatedCount` and not permitted in new **events.k8s.io/v1** Events)
- * use `reportingComponent` instead of the deprecated `source.component` field (which is renamed to `deprecatedSource.component` and not permitted in new **events.k8s.io/v1** Events)
+ * use `reportingController` instead of the deprecated `source.component` field (which is renamed to `deprecatedSource.component` and not permitted in new **events.k8s.io/v1** Events)
* use `reportingInstance` instead of the deprecated `source.host` field (which is renamed to `deprecatedSource.host` and not permitted in new **events.k8s.io/v1** Events)
#### PodDisruptionBudget {#poddisruptionbudget-v125}
@@ -86,11 +86,11 @@ RuntimeClass in the **node.k8s.io/v1beta1** API version will no longer be served
### v1.22
-The **v1.22** release will stop serving the following deprecated API versions:
+The **v1.22** release stopped serving the following deprecated API versions:
#### Webhook resources {#webhook-resources-v122}
-The **admissionregistration.k8s.io/v1beta1** API version of MutatingWebhookConfiguration and ValidatingWebhookConfiguration will no longer be served in v1.22.
+The **admissionregistration.k8s.io/v1beta1** API version of MutatingWebhookConfiguration and ValidatingWebhookConfiguration is no longer served as of v1.22.
* Migrate manifests and API clients to use the **admissionregistration.k8s.io/v1** API version, available since v1.16.
* All existing persisted objects are accessible via the new APIs
@@ -104,7 +104,7 @@ The **admissionregistration.k8s.io/v1beta1** API version of MutatingWebhookConfi
#### CustomResourceDefinition {#customresourcedefinition-v122}
-The **apiextensions.k8s.io/v1beta1** API version of CustomResourceDefinition will no longer be served in v1.22.
+The **apiextensions.k8s.io/v1beta1** API version of CustomResourceDefinition is no longer served as of v1.22.
* Migrate manifests and API clients to use the **apiextensions.k8s.io/v1** API version, available since v1.16.
* All existing persisted objects are accessible via the new API
@@ -122,7 +122,7 @@ The **apiextensions.k8s.io/v1beta1** API version of CustomResourceDefinition wil
#### APIService {#apiservice-v122}
-The **apiregistration.k8s.io/v1beta1** API version of APIService will no longer be served in v1.22.
+The **apiregistration.k8s.io/v1beta1** API version of APIService is no longer served as of v1.22.
* Migrate manifests and API clients to use the **apiregistration.k8s.io/v1** API version, available since v1.10.
* All existing persisted objects are accessible via the new API
@@ -130,14 +130,14 @@ The **apiregistration.k8s.io/v1beta1** API version of APIService will no longer
#### TokenReview {#tokenreview-v122}
-The **authentication.k8s.io/v1beta1** API version of TokenReview will no longer be served in v1.22.
+The **authentication.k8s.io/v1beta1** API version of TokenReview is no longer served as of v1.22.
* Migrate manifests and API clients to use the **authentication.k8s.io/v1** API version, available since v1.6.
* No notable changes
#### SubjectAccessReview resources {#subjectaccessreview-resources-v122}
-The **authorization.k8s.io/v1beta1** API version of LocalSubjectAccessReview, SelfSubjectAccessReview, and SubjectAccessReview will no longer be served in v1.22.
+The **authorization.k8s.io/v1beta1** API version of LocalSubjectAccessReview, SelfSubjectAccessReview, and SubjectAccessReview is no longer served as of v1.22.
* Migrate manifests and API clients to use the **authorization.k8s.io/v1** API version, available since v1.6.
* Notable changes:
@@ -145,7 +145,7 @@ The **authorization.k8s.io/v1beta1** API version of LocalSubjectAccessReview, Se
#### CertificateSigningRequest {#certificatesigningrequest-v122}
-The **certificates.k8s.io/v1beta1** API version of CertificateSigningRequest will no longer be served in v1.22.
+The **certificates.k8s.io/v1beta1** API version of CertificateSigningRequest is no longer served as of v1.22.
* Migrate manifests and API clients to use the **certificates.k8s.io/v1** API version, available since v1.19.
* All existing persisted objects are accessible via the new API
@@ -160,7 +160,7 @@ The **certificates.k8s.io/v1beta1** API version of CertificateSigningRequest wil
#### Lease {#lease-v122}
-The **coordination.k8s.io/v1beta1** API version of Lease will no longer be served in v1.22.
+The **coordination.k8s.io/v1beta1** API version of Lease is no longer served as of v1.22.
* Migrate manifests and API clients to use the **coordination.k8s.io/v1** API version, available since v1.14.
* All existing persisted objects are accessible via the new API
@@ -168,7 +168,7 @@ The **coordination.k8s.io/v1beta1** API version of Lease will no longer be serve
#### Ingress {#ingress-v122}
-The **extensions/v1beta1** and **networking.k8s.io/v1beta1** API versions of Ingress will no longer be served in v1.22.
+The **extensions/v1beta1** and **networking.k8s.io/v1beta1** API versions of Ingress is no longer served as of v1.22.
* Migrate manifests and API clients to use the **networking.k8s.io/v1** API version, available since v1.19.
* All existing persisted objects are accessible via the new API
@@ -181,7 +181,7 @@ The **extensions/v1beta1** and **networking.k8s.io/v1beta1** API versions of Ing
#### IngressClass {#ingressclass-v122}
-The **networking.k8s.io/v1beta1** API version of IngressClass will no longer be served in v1.22.
+The **networking.k8s.io/v1beta1** API version of IngressClass is no longer served as of v1.22.
* Migrate manifests and API clients to use the **networking.k8s.io/v1** API version, available since v1.19.
* All existing persisted objects are accessible via the new API
@@ -189,7 +189,7 @@ The **networking.k8s.io/v1beta1** API version of IngressClass will no longer be
#### RBAC resources {#rbac-resources-v122}
-The **rbac.authorization.k8s.io/v1beta1** API version of ClusterRole, ClusterRoleBinding, Role, and RoleBinding will no longer be served in v1.22.
+The **rbac.authorization.k8s.io/v1beta1** API version of ClusterRole, ClusterRoleBinding, Role, and RoleBinding is no longer served as of v1.22.
* Migrate manifests and API clients to use the **rbac.authorization.k8s.io/v1** API version, available since v1.8.
* All existing persisted objects are accessible via the new APIs
@@ -197,7 +197,7 @@ The **rbac.authorization.k8s.io/v1beta1** API version of ClusterRole, ClusterRol
#### PriorityClass {#priorityclass-v122}
-The **scheduling.k8s.io/v1beta1** API version of PriorityClass will no longer be served in v1.22.
+The **scheduling.k8s.io/v1beta1** API version of PriorityClass is no longer served as of v1.22.
* Migrate manifests and API clients to use the **scheduling.k8s.io/v1** API version, available since v1.14.
* All existing persisted objects are accessible via the new API
@@ -205,7 +205,7 @@ The **scheduling.k8s.io/v1beta1** API version of PriorityClass will no longer be
#### Storage resources {#storage-resources-v122}
-The **storage.k8s.io/v1beta1** API version of CSIDriver, CSINode, StorageClass, and VolumeAttachment will no longer be served in v1.22.
+The **storage.k8s.io/v1beta1** API version of CSIDriver, CSINode, StorageClass, and VolumeAttachment is no longer served as of v1.22.
* Migrate manifests and API clients to use the **storage.k8s.io/v1** API version
* CSIDriver is available in **storage.k8s.io/v1** since v1.19.
diff --git a/content/en/docs/reference/using-api/health-checks.md b/content/en/docs/reference/using-api/health-checks.md
index 2c315505db..e4ce50f30d 100644
--- a/content/en/docs/reference/using-api/health-checks.md
+++ b/content/en/docs/reference/using-api/health-checks.md
@@ -18,14 +18,14 @@ The Kubernetes API server provides 3 API endpoints (`healthz`, `livez` and `read
The `healthz` endpoint is deprecated (since Kubernetes v1.16), and you should use the more specific `livez` and `readyz` endpoints instead.
The `livez` endpoint can be used with the `--livez-grace-period` [flag](/docs/reference/command-line-tools-reference/kube-apiserver) to specify the startup duration.
For a graceful shutdown you can specify the `--shutdown-delay-duration` [flag](/docs/reference/command-line-tools-reference/kube-apiserver) with the `/readyz` endpoint.
-Machines that check the `health`/`livez`/`readyz` of the API server should rely on the HTTP status code.
+Machines that check the `healthz`/`livez`/`readyz` of the API server should rely on the HTTP status code.
A status code `200` indicates the API server is `healthy`/`live`/`ready`, depending of the called endpoint.
The more verbose options shown below are intended to be used by human operators to debug their cluster or specially the state of the API server.
The following examples will show how you can interact with the health API endpoints.
For all endpoints you can use the `verbose` parameter to print out the checks and their status.
-This can be useful for a human operator to debug the current status of the Api server, it is not intended to be consumed by a machine:
+This can be useful for a human operator to debug the current status of the API server, it is not intended to be consumed by a machine:
```shell
curl -k https://localhost:6443/livez?verbose
@@ -93,7 +93,7 @@ The output show that the `etcd` check is excluded:
{{< feature-state state="alpha" >}}
-Each individual health check exposes an http endpoint and could can be checked individually.
+Each individual health check exposes an HTTP endpoint and could can be checked individually.
The schema for the individual health checks is `/livez/` where `livez` and `readyz` and be used to indicate if you want to check the liveness or the readiness of the API server.
The `` path can be discovered using the `verbose` flag from above and take the path between `[+]` and `ok`.
These individual health checks should not be consumed by machines but can be helpful for a human operator to debug a system:
diff --git a/content/en/docs/reference/using-api/server-side-apply.md b/content/en/docs/reference/using-api/server-side-apply.md
index 3d88413b50..60acb02f7d 100644
--- a/content/en/docs/reference/using-api/server-side-apply.md
+++ b/content/en/docs/reference/using-api/server-side-apply.md
@@ -12,7 +12,7 @@ min-kubernetes-server-version: 1.16
-{{< feature-state for_k8s_version="v1.16" state="beta" >}}
+{{< feature-state for_k8s_version="v1.22" state="stable" >}}
## Introduction
diff --git a/content/en/docs/setup/_index.md b/content/en/docs/setup/_index.md
index 59db384258..bb73375553 100644
--- a/content/en/docs/setup/_index.md
+++ b/content/en/docs/setup/_index.md
@@ -3,11 +3,11 @@ reviewers:
- brendandburns
- erictune
- mikedanese
-no_issue: true
title: Getting started
main_menu: true
weight: 20
content_type: concept
+no_list: true
card:
name: setup
weight: 20
@@ -24,16 +24,40 @@ This section lists the different ways to set up and run Kubernetes.
When you install Kubernetes, choose an installation type based on: ease of maintenance, security,
control, available resources, and expertise required to operate and manage a cluster.
-You can deploy a Kubernetes cluster on a local machine, cloud, on-prem datacenter, or choose a managed Kubernetes cluster. There are also custom solutions across a wide range of cloud providers, or bare metal environments.
+You can [download Kubernetes](/releases/download/) to deploy a Kubernetes cluster
+on a local machine, into the cloud, or for your own datacenter.
+
+If you don't want to manage a Kubernetes cluster yourself, you could pick a managed service, including
+[certified platforms](/docs/setup/production-environment/turnkey-solutions/).
+There are also other standardized and custom solutions across a wide range of cloud and
+bare metal environments.
## Learning environment
-If you're learning Kubernetes, use the tools supported by the Kubernetes community, or tools in the ecosystem to set up a Kubernetes cluster on a local machine.
+If you're learning Kubernetes, use the tools supported by the Kubernetes community,
+or tools in the ecosystem to set up a Kubernetes cluster on a local machine.
+See [Install tools](/docs/tasks/tools/).
## Production environment
-When evaluating a solution for a production environment, consider which aspects of operating a Kubernetes cluster (or _abstractions_) you want to manage yourself or offload to a provider.
+When evaluating a solution for a
+[production environment](/docs/setup/production-environment/), consider which aspects of
+operating a Kubernetes cluster (or _abstractions_) you want to manage yourself and which you
+prefer to hand off to a provider.
-[Kubernetes Partners](https://kubernetes.io/partners/#conformance) includes a list of [Certified Kubernetes](https://github.com/cncf/k8s-conformance/#certified-kubernetes) providers.
+For a cluster you're managing yourself, the officially supported tool
+for deploying Kubernetes is [kubeadm](/docs/setup/production-environment/tools/kubeadm/).
+
+## {{% heading "whatsnext" %}}
+
+- [Download Kubernetes](/releases/download/)
+- Download and [install tools](/docs/tasks/tools/) including `kubectl`
+- Select a [container runtime](/docs/setup/production-environment/container-runtimes/) for your new cluster
+- Learn about [best practices](/docs/setup/best-practices/) for cluster setup
+
+Kubernetes is designed for its {{< glossary_tooltip term_id="control-plane" text="control plane" >}} to
+run on Linux. Within your cluster you can run applications on Linux or other operating systems, including
+Windows.
+- Learn to [set up clusters with Windows nodes](/docs/setup/production-environment/windows/)
diff --git a/content/en/docs/setup/best-practices/cluster-large.md b/content/en/docs/setup/best-practices/cluster-large.md
index 30e8128a19..0f7fb0552e 100644
--- a/content/en/docs/setup/best-practices/cluster-large.md
+++ b/content/en/docs/setup/best-practices/cluster-large.md
@@ -12,7 +12,7 @@ or virtual machines) running Kubernetes agents, managed by the
Kubernetes {{< param "version" >}} supports clusters with up to 5000 nodes. More specifically,
Kubernetes is designed to accommodate configurations that meet *all* of the following criteria:
-* No more than 100 pods per node
+* No more than 110 pods per node
* No more than 5000 nodes
* No more than 150000 total pods
* No more than 300000 total containers
@@ -124,3 +124,6 @@ components, including cluster-critical addons.
The [cluster autoscaler](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler#readme)
integrates with a number of cloud providers to help you run the right number of
nodes for the level of resource demand in your cluster.
+
+The [addon resizer](https://github.com/kubernetes/autoscaler/tree/master/addon-resizer#readme)
+helps you in resizing the addons automatically as your cluster's scale changes.
\ No newline at end of file
diff --git a/content/en/docs/setup/best-practices/enforcing-pod-security-standards.md b/content/en/docs/setup/best-practices/enforcing-pod-security-standards.md
new file mode 100644
index 0000000000..2b7ca6144e
--- /dev/null
+++ b/content/en/docs/setup/best-practices/enforcing-pod-security-standards.md
@@ -0,0 +1,78 @@
+---
+reviewers:
+- tallclair
+- liggitt
+title: Enforcing Pod Security Standards
+weight: 40
+---
+
+
+
+This page provides an overview of best practices when it comes to enforcing
+[Pod Security Standards](/docs/concepts/security/pod-security-standards).
+
+
+
+## Using the built-in Pod Security Admission Controller
+
+{{< feature-state for_k8s_version="v1.22" state="alpha" >}}
+
+The [Pod Security Admission Controller](/docs/reference/access-authn-authz/admission-controllers/#podsecurity)
+intends to replace the deprecated PodSecurityPolicies.
+
+### Configure all cluster namespaces
+
+Namespaces that lack any configuration at all should be considered significant gaps in your cluster
+security model. We recommend taking the time to analyze the types of workloads occurring in each
+namespace, and by referencing the Pod Security Standards, decide on an appropriate level for
+each of them. Unlabeled namespaces should only indicate that they've yet to be evaluated.
+
+In the scenario that all workloads in all namespaces have the same security requirements,
+we provide an [example](/docs/concepts/security/pod-security-admission/#applying-to-all-namespaces)
+that illustrates how the PodSecurity labels can be applied in bulk.
+
+### Embrace the principle of least privilege
+
+In an ideal world, every pod in every namespace would meet the requirements of the `restricted`
+policy. However, this is not possible nor practical, as some workloads will require elevated
+privileges for legitimate reasons.
+
+- Namespaces allowing `privileged` workloads should establish and enforce appropriate access controls.
+- For workloads running in those permissive namespaces, maintain documentation about their unique
+ security requirements. If at all possible, consider how those requirements could be further
+ constrained.
+
+### Adopt a multi-mode strategy
+
+The `audit` and `warn` modes of the Pod Security Standards admission controller make it easy to
+collect important security insights about your pods without breaking existing workloads.
+
+It is good practice to enable these modes for all namespaces, setting them to the _desired_ level
+and version you would eventually like to `enforce`. The warnings and audit annotations generated in
+this phase can guide you toward that state. If you expect workload authors to make changes to fit
+within the desired level, enable the `warn` mode. If you expect to use audit logs to monitor/drive
+changes to fit within the desired level, enable the `audit` mode.
+
+When you have the `enforce` mode set to your desired value, these modes can still be useful in a
+few different ways:
+
+- By setting `warn` to the same level as `enforce`, clients will receive warnings when attempting
+ to create Pods (or resources that have Pod templates) that do not pass validation. This will help
+ them update those resources to become compliant.
+- In Namespaces that pin `enforce` to a specific non-latest version, setting the `audit` and `warn`
+ modes to the same level as `enforce`, but to the `latest` version, gives visibility into settings
+ that were allowed by previous versions but are not allowed per current best practices.
+
+## Third-party alternatives
+
+{{% thirdparty-content %}}
+
+Other alternatives for enforcing security profiles are being developed in the Kubernetes
+ecosystem:
+
+- [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper).
+
+The decision to go with a _built-in_ solution (e.g. PodSecurity admission controller) versus a
+third-party tool is entirely dependent on your own situation. When evaluating any solution,
+trust of your supply chain is crucial. Ultimately, using _any_ of the aforementioned approaches
+will be better than doing nothing.
\ No newline at end of file
diff --git a/content/en/docs/setup/learning-environment/_index.md b/content/en/docs/setup/learning-environment/_index.md
index 672bbd69ed..6abebc3976 100644
--- a/content/en/docs/setup/learning-environment/_index.md
+++ b/content/en/docs/setup/learning-environment/_index.md
@@ -11,7 +11,7 @@ weight: 20
{{/* If you're localizing this page, you only need to copy the front matter */}}
{{/* and add a redirect into "/static/_redirects", for YOUR localization. */}}
-->
-
+
+
diff --git a/content/en/docs/setup/production-environment/_index.md b/content/en/docs/setup/production-environment/_index.md
index fc99c31a7d..1611170ec9 100644
--- a/content/en/docs/setup/production-environment/_index.md
+++ b/content/en/docs/setup/production-environment/_index.md
@@ -9,7 +9,7 @@ no_list: true
A production-quality Kubernetes cluster requires planning and preparation.
If your Kubernetes cluster is to run critical workloads, it must be configured to be resilient.
This page explains steps you can take to set up a production-ready cluster,
-or to uprate an existing cluster for production use.
+or to promote an existing cluster for production use.
If you're already familiar with production setup and want the links, skip to
[What's next](#what-s-next).
diff --git a/content/en/docs/setup/production-environment/container-runtimes.md b/content/en/docs/setup/production-environment/container-runtimes.md
index 188a02673a..fa72d04ced 100644
--- a/content/en/docs/setup/production-environment/container-runtimes.md
+++ b/content/en/docs/setup/production-environment/container-runtimes.md
@@ -57,6 +57,38 @@ If you have automation that makes it feasible, replace the node with another usi
configuration, or reinstall it using automation.
{{< /caution >}}
+## Cgroup v2
+
+Cgroup v2 is the next version of the cgroup Linux API. Differently than cgroup v1, there is a single
+hierarchy instead of a different one for each controller.
+
+The new version offers several improvements over cgroup v1, some of these improvements are:
+
+- cleaner and easier to use API
+- safe sub-tree delegation to containers
+- newer features like Pressure Stall Information
+
+Even if the kernel supports a hybrid configuration where some controllers are managed by cgroup v1
+and some others by cgroup v2, Kubernetes supports only the same cgroup version to manage all the
+controllers.
+
+If systemd doesn't use cgroup v2 by default, you can configure the system to use it by adding
+`systemd.unified_cgroup_hierarchy=1` to the kernel command line.
+
+```shell
+# dnf install -y grubby && \
+ sudo grubby \
+ --update-kernel=ALL \
+ --args=”systemd.unified_cgroup_hierarchy=1"
+```
+
+To apply the configuration, it is necessary to reboot the node.
+
+There should not be any noticeable difference in the user experience when switching to cgroup v2, unless
+users are accessing the cgroup file system directly, either on the node or from within the containers.
+
+In order to use it, cgroup v2 must be supported by the CRI runtime as well.
+
### Migrating to the `systemd` driver in kubeadm managed clusters
Follow this [Migration guide](/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/)
diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md b/content/en/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md
index 8a9828a7ad..58086c1eef 100644
--- a/content/en/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md
+++ b/content/en/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md
@@ -1,79 +1,108 @@
---
reviewers:
- sig-cluster-lifecycle
-title: Customizing control plane configuration with kubeadm
+title: Customizing components with the kubeadm API
content_type: concept
weight: 40
---
+This page covers how to customize the components that kubeadm deploys. For control plane components
+you can use flags in the `ClusteConfiguration` structure or patches per-node. For the kubelet
+and kube-proxy you can use `KubeletConfiguration` and `KubeProxyConfiguration`, accordingly.
+
+All of these options are possible via the kubeadm configuration API.
+For more details on each field in the configuration you can navigate to our
+[API reference pages](/docs/reference/config-api/kubeadm-config.v1beta3/).
+
+{{< note >}}
+Customizing the CoreDNS deployment of kubeadm is currently not supported. You must manually
+patch the `kube-system/coredns` {{< glossary_tooltip text="ConfigMap" term_id="configmap" >}}
+and recreate the CoreDNS {{< glossary_tooltip text="Pods" term_id="pod" >}} after that. Alternatively,
+you can skip the default CoreDNS deployment and deploy your own variant.
+For more details on that see [Using init phases with kubeadm](/docs/reference/setup-tools/kubeadm/kubeadm-init/#init-phases).
+{{< /note >}}
+
+
+
{{< feature-state for_k8s_version="v1.12" state="stable" >}}
-The kubeadm `ClusterConfiguration` object exposes the field `extraArgs` that can override the default flags passed to control plane
-components such as the APIServer, ControllerManager and Scheduler. The components are defined using the following fields:
+## Customizing the control plane with flags in `ClusterConfiguration`
+
+The kubeadm `ClusterConfiguration` object exposes a way for users to override the default
+flags passed to control plane components such as the APIServer, ControllerManager, Scheduler and Etcd.
+The components are defined using the following structures:
- `apiServer`
- `controllerManager`
- `scheduler`
+- `etcd`
-The `extraArgs` field consist of `key: value` pairs. To override a flag for a control plane component:
+These structures contain a common `extraArgs` field, that consists of `key: value` pairs.
+To override a flag for a control plane component:
-1. Add the appropriate fields to your configuration.
-2. Add the flags to override to the field.
+1. Add the appropriate `extraArgs` to your configuration.
+2. Add flags to the `extraArgs` field.
3. Run `kubeadm init` with `--config `.
-For more details on each field in the configuration you can navigate to our
-[API reference pages](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2#ClusterConfiguration).
-
{{< note >}}
-You can generate a `ClusterConfiguration` object with default values by running `kubeadm config print init-defaults` and saving the output to a file of your choice.
+You can generate a `ClusterConfiguration` object with default values by running `kubeadm config print init-defaults`
+and saving the output to a file of your choice.
{{< /note >}}
+{{< note >}}
+The `ClusterConfiguration` object is currently global in kubeadm clusters. This means that any flags that you add,
+will apply to all instances of the same component on different nodes. To apply individual configuration per component
+on different nodes you can use [patches](#patches).
+{{< /note >}}
+{{< note >}}
+Duplicate flags (keys), or passing the same flag `--foo` multiple times, is currently not supported.
+To workaround that you must use [patches](#patches).
+{{< /note >}}
-
-
-## APIServer flags
+### APIServer flags
For details, see the [reference documentation for kube-apiserver](/docs/reference/command-line-tools-reference/kube-apiserver/).
Example usage:
+
```yaml
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: v1.16.0
apiServer:
extraArgs:
- advertise-address: 192.168.0.103
anonymous-auth: "false"
enable-admission-plugins: AlwaysPullImages,DefaultStorageClass
audit-log-path: /home/johndoe/audit.log
```
-## ControllerManager flags
+### ControllerManager flags
For details, see the [reference documentation for kube-controller-manager](/docs/reference/command-line-tools-reference/kube-controller-manager/).
Example usage:
+
```yaml
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: v1.16.0
controllerManager:
extraArgs:
cluster-signing-key-file: /home/johndoe/keys/ca.key
- bind-address: 0.0.0.0
deployment-controller-sync-period: "50"
```
-## Scheduler flags
+### Scheduler flags
For details, see the [reference documentation for kube-scheduler](/docs/reference/command-line-tools-reference/kube-scheduler/).
Example usage:
+
```yaml
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: v1.16.0
scheduler:
@@ -87,4 +116,95 @@ scheduler:
pathType: "File"
```
+### Etcd flags
+For details, see the [etcd server documentation](https://etcd.io/docs/).
+
+Example usage:
+
+```yaml
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: ClusterConfiguration
+etcd:
+ local:
+ extraArgs:
+ election-timeout: 1000
+```
+
+## Customizing the control plane with patches {#patches}
+
+{{< feature-state for_k8s_version="v1.22" state="beta" >}}
+
+Kubeadm allows you to pass a directory with patch files to `InitConfiguration` and `JoinConfiguration`
+on individual nodes. These patches can be used as the last customization step before the control
+plane component manifests are written to disk.
+
+You can pass this file to `kubeadm init` with `--config `:
+
+```yaml
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: InitConfiguration
+nodeRegistration:
+ patches:
+ directory: /home/user/somedir
+```
+
+{{< note >}}
+For `kubeadm init` you can pass a file containing both a `ClusterConfiguration` and `InitConfiguration`
+separated by `---`.
+{{< /note >}}
+
+You can pass this file to `kubeadm join` with `--config `:
+
+```yaml
+apiVersion: kubeadm.k8s.io/v1beta3
+kind: JoinConfiguration
+nodeRegistration:
+ patches:
+ directory: /home/user/somedir
+```
+
+The directory must contain files named `target[suffix][+patchtype].extension`.
+For example, `kube-apiserver0+merge.yaml` or just `etcd.json`.
+
+- `target` can be one of `kube-apiserver`, `kube-controller-manager`, `kube-scheduler` and `etcd`.
+- `patchtype` can be one of `strategic`, `merge` or `json` and these must match the patching formats
+[supported by kubectl](/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch).
+The default `patchtype` is `strategic`.
+- `extension` must be either `json` or `yaml`.
+- `suffix` is an optional string that can be used to determine which patches are applied first
+alpha-numerically.
+
+{{< note >}}
+If you are using `kubeadm upgrade` to upgrade your kubeadm nodes you must again provide the same
+patches, so that the customization is preserved after upgrade. To do that you can use the `--patches`
+flag, which must point to the same directory. `kubeadm upgrade` currently does not support a configuration
+API structure that can be used for the same purpose.
+{{< /note >}}
+
+## Customizing the kubelet
+
+To customize the kubelet you can add a `KubeletConfiguration` next to the `ClusterConfiguration` or
+`InitConfiguration` separated by `---` within the same configuration file. This file can then be passed to `kubeadm init`.
+
+{{< note >}}
+kubeadm applies the same `KubeletConfiguration` to all nodes in the cluster. To apply node
+specific settings you can use kubelet flags as overrides by passing them in the `nodeRegistration.kubeletExtraArgs`
+field supported by both `InitConfiguration` and `JoinConfiguration`. Some kubelet flags are deprecated,
+so check their status in the [kubelet reference documentation](/docs/reference/command-line-tools-reference/kubelet)
+before using them.
+{{< /note >}}
+
+For more details see [Configuring each kubelet in your cluster using kubeadm](/docs/setup/production-environment/tools/kubeadm/kubelet-integration)
+
+## Customizing kube-proxy
+
+To customize kube-proxy you can pass a `KubeProxyConfiguration` next your `ClusterConfiguration` or
+`InitConfiguration` to `kubeadm init` separated by `---`.
+
+For more details you can navigate to our [API reference pages](/docs/reference/config-api/kubeadm-config.v1beta3/).
+
+{{< note >}}
+kubeadm deploys kube-proxy as a {{< glossary_tooltip text="DaemonSet" term_id="daemonset" >}}, which means
+that the `KubeProxyConfiguration` would apply to all instances of kube-proxy in the cluster.
+{{< /note >}}
diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md b/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md
index 0a394ad022..0c7d176c5f 100644
--- a/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md
+++ b/content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md
@@ -8,9 +8,12 @@ weight: 30
-Using `kubeadm`, you can create a minimum viable Kubernetes cluster that conforms to best practices. In fact, you can use `kubeadm` to set up a cluster that will pass the [Kubernetes Conformance tests](https://kubernetes.io/blog/2017/10/software-conformance-certification).
-`kubeadm` also supports other cluster
-lifecycle functions, such as [bootstrap tokens](/docs/reference/access-authn-authz/bootstrap-tokens/) and cluster upgrades.
+
+Using `kubeadm`, you can create a minimum viable Kubernetes cluster that conforms to best practices.
+In fact, you can use `kubeadm` to set up a cluster that will pass the
+[Kubernetes Conformance tests](https://kubernetes.io/blog/2017/10/software-conformance-certification).
+`kubeadm` also supports other cluster lifecycle functions, such as
+[bootstrap tokens](/docs/reference/access-authn-authz/bootstrap-tokens/) and cluster upgrades.
The `kubeadm` tool is good if you need:
@@ -42,7 +45,8 @@ To follow this guide, you need:
You also need to use a version of `kubeadm` that can deploy the version
of Kubernetes that you want to use in your new cluster.
-[Kubernetes' version and version skew support policy](/docs/setup/release/version-skew-policy/#supported-versions) applies to `kubeadm` as well as to Kubernetes overall.
+[Kubernetes' version and version skew support policy](/docs/setup/release/version-skew-policy/#supported-versions)
+applies to `kubeadm` as well as to Kubernetes overall.
Check that policy to learn about what versions of Kubernetes and `kubeadm`
are supported. This page is written for Kubernetes {{< param "version" >}}.
@@ -97,7 +101,8 @@ a provider-specific value. See [Installing a Pod network add-on](#pod-network).
1. (Optional) Since version 1.14, `kubeadm` tries to detect the container runtime on Linux
by using a list of well known domain socket paths. To use different container runtime or
if there are more than one installed on the provisioned node, specify the `--cri-socket`
-argument to `kubeadm init`. See [Installing runtime](/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-runtime).
+argument to `kubeadm init`. See
+[Installing a runtime](/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-runtime).
1. (Optional) Unless otherwise specified, `kubeadm` uses the network interface associated
with the default gateway to set the advertise address for this particular control-plane node's API server.
To use a different network interface, specify the `--apiserver-advertise-address=` argument
@@ -139,9 +144,12 @@ is not supported by kubeadm.
For more information about `kubeadm init` arguments, see the [kubeadm reference guide](/docs/reference/setup-tools/kubeadm/).
-To configure `kubeadm init` with a configuration file see [Using kubeadm init with a configuration file](/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file).
+To configure `kubeadm init` with a configuration file see
+[Using kubeadm init with a configuration file](/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file).
-To customize control plane components, including optional IPv6 assignment to liveness probe for control plane components and etcd server, provide extra arguments to each component as documented in [custom arguments](/docs/setup/production-environment/tools/kubeadm/control-plane-flags/).
+To customize control plane components, including optional IPv6 assignment to liveness probe
+for control plane components and etcd server, provide extra arguments to each component as documented in
+[custom arguments](/docs/setup/production-environment/tools/kubeadm/control-plane-flags/).
To run `kubeadm init` again, you must first [tear down the cluster](#tear-down).
@@ -292,11 +300,13 @@ The nodes are where your workloads (containers and Pods, etc) run. To add new no
* SSH to the machine
* Become root (e.g. `sudo su -`)
+* [Install a runtime](/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-runtime)
+ if needed
* Run the command that was output by `kubeadm init`. For example:
-```bash
-kubeadm join --token : --discovery-token-ca-cert-hash sha256:
-```
+ ```bash
+ kubeadm join --token : --discovery-token-ca-cert-hash sha256:
+ ```
If you do not have the token, you can get it by running the following command on the control-plane node:
@@ -415,7 +425,7 @@ and make sure that the node is empty, then deconfigure the node.
Talking to the control-plane node with the appropriate credentials, run:
```bash
-kubectl drain --delete-local-data --force --ignore-daemonsets
+kubectl drain --delete-emptydir-data --force --ignore-daemonsets
```
Before removing the node, reset the state installed by `kubeadm`:
diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/dual-stack-support.md b/content/en/docs/setup/production-environment/tools/kubeadm/dual-stack-support.md
index 767787179c..39930cca37 100644
--- a/content/en/docs/setup/production-environment/tools/kubeadm/dual-stack-support.md
+++ b/content/en/docs/setup/production-environment/tools/kubeadm/dual-stack-support.md
@@ -21,7 +21,7 @@ For each server that you want to use as a {{< glossary_tooltip text="node" term_
You need to have an IPv4 and and IPv6 address range to use. Cluster operators typically
use private address ranges for IPv4. For IPv6, a cluster operator typically chooses a global
-unicast address block from within `2000::/3`, using a range that is assigned to the operator.
+unicast address block from within `2000::/3`, using a range that is assigned to the operator.
You don't have to route the cluster's IP address ranges to the public internet.
The size of the IP address allocations should be suitable for the number of Pods and
@@ -30,7 +30,7 @@ Services that you are planning to run.
{{< note >}}
If you are upgrading an existing cluster then, by default, the `kubeadm upgrade` command
changes the [feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
-`IPv6DualStack` to `true` if that is not already enabled.
+`IPv6DualStack` to `true` if that is not already enabled.
However, `kubeadm` does not support making modifications to the pod IP address range
(“cluster CIDR”) nor to the cluster's Service address range (“Service CIDR”).
{{< /note >}}
@@ -45,11 +45,11 @@ similar to the following example:
kubeadm init --pod-network-cidr=10.244.0.0/16,2001:db8:42:0::/56 --service-cidr=10.96.0.0/16,2001:db8:42:1::/112
```
-To make things clearer, here is an example kubeadm [configuration file](https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2) `kubeadm-config.yaml` for the primary dual-stack control plane node.
+To make things clearer, here is an example kubeadm [configuration file](https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3) `kubeadm-config.yaml` for the primary dual-stack control plane node.
```yaml
---
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
featureGates:
IPv6DualStack: true
@@ -57,7 +57,7 @@ networking:
podSubnet: 10.244.0.0/16,2001:db8:42:0::/56
serviceSubnet: 10.96.0.0/16,2001:db8:42:1::/112
---
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: "10.100.0.1"
@@ -85,10 +85,10 @@ The `--apiserver-advertise-address` flag does not support dual-stack.
Before joining a node, make sure that the node has IPv6 routable network interface and allows IPv6 forwarding.
-Here is an example kubeadm [configuration file](https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2) `kubeadm-config.yaml` for joining a worker node to the cluster.
+Here is an example kubeadm [configuration file](https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3) `kubeadm-config.yaml` for joining a worker node to the cluster.
```yaml
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
kind: JoinConfiguration
discovery:
bootstrapToken:
@@ -98,9 +98,9 @@ nodeRegistration:
node-ip: 10.100.0.3,fd00:1:2:3::3
```
-Also, here is an example kubeadm [configuration file](https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2) `kubeadm-config.yaml` for joining another control plane node to the cluster.
+Also, here is an example kubeadm [configuration file](https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3) `kubeadm-config.yaml` for joining another control plane node to the cluster.
```yaml
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
kind: JoinConfiguration
controlPlane:
localAPIEndpoint:
@@ -124,7 +124,7 @@ kubeadm join --config=kubeadm-config.yaml ...
### Create a single-stack cluster
{{< note >}}
-Enabling the dual-stack feature doesn't mean that you need to use dual-stack addressing.
+Enabling the dual-stack feature doesn't mean that you need to use dual-stack addressing.
You can deploy a single-stack cluster that has the dual-stack networking feature enabled.
{{< /note >}}
@@ -134,10 +134,10 @@ In 1.21 the `IPv6DualStack` feature is Beta and the feature gate is defaulted to
kubeadm init --feature-gates IPv6DualStack=false
```
-To make things more clear, here is an example kubeadm [configuration file](https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2) `kubeadm-config.yaml` for the single-stack control plane node.
+To make things more clear, here is an example kubeadm [configuration file](https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3) `kubeadm-config.yaml` for the single-stack control plane node.
```yaml
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
featureGates:
IPv6DualStack: false
@@ -150,3 +150,4 @@ networking:
* [Validate IPv4/IPv6 dual-stack](/docs/tasks/network/validate-dual-stack) networking
* Read about [Dual-stack](/docs/concepts/services-networking/dual-stack/) cluster networking
+* Learn more about the kubeadm [configuration format](/docs/reference/config-api/kubeadm-config.v1beta2/)
diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/high-availability.md b/content/en/docs/setup/production-environment/tools/kubeadm/high-availability.md
index e387e2d41c..5206529f5c 100644
--- a/content/en/docs/setup/production-environment/tools/kubeadm/high-availability.md
+++ b/content/en/docs/setup/production-environment/tools/kubeadm/high-availability.md
@@ -115,7 +115,7 @@ option. Your cluster requirements may need a different configuration.
{{< note >}}
The `kubeadm init` flags `--config` and `--certificate-key` cannot be mixed, therefore if you want
- to use the [kubeadm configuration](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2)
+ to use the [kubeadm configuration](/docs/reference/config-api/kubeadm-config.v1beta3/)
you must add the `certificateKey` field in the appropriate config locations
(under `InitConfiguration` and `JoinConfiguration: controlPlane`).
{{< /note >}}
@@ -230,7 +230,7 @@ in the kubeadm config file.
1. Create a file called `kubeadm-config.yaml` with the following contents:
- apiVersion: kubeadm.k8s.io/v1beta2
+ apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: stable
controlPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT"
diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
index c997156827..24c5d4383d 100644
--- a/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
+++ b/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
@@ -11,7 +11,7 @@ card:
This page shows how to install the `kubeadm` toolbox.
-For information how to create a cluster with kubeadm once you have performed this installation process, see the [Using kubeadm to Create a Cluster](/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/) page.
+For information on how to create a cluster with kubeadm once you have performed this installation process, see the [Using kubeadm to Create a Cluster](/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/) page.
@@ -240,8 +240,9 @@ Install CNI plugins (required for most pod network):
```bash
CNI_VERSION="v0.8.2"
+ARCH="amd64"
sudo mkdir -p /opt/cni/bin
-curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-amd64-${CNI_VERSION}.tgz" | sudo tar -C /opt/cni/bin -xz
+curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz" | sudo tar -C /opt/cni/bin -xz
```
Define the directory to download command files
@@ -260,15 +261,17 @@ Install crictl (required for kubeadm / Kubelet Container Runtime Interface (CRI)
```bash
CRICTL_VERSION="v1.17.0"
-curl -L "https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-amd64.tar.gz" | sudo tar -C $DOWNLOAD_DIR -xz
+ARCH="amd64"
+curl -L "https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-${ARCH}.tar.gz" | sudo tar -C $DOWNLOAD_DIR -xz
```
Install `kubeadm`, `kubelet`, `kubectl` and add a `kubelet` systemd service:
```bash
RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)"
+ARCH="amd64"
cd $DOWNLOAD_DIR
-sudo curl -L --remote-name-all https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/{kubeadm,kubelet,kubectl}
+sudo curl -L --remote-name-all https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/${ARCH}/{kubeadm,kubelet,kubectl}
sudo chmod +x {kubeadm,kubelet,kubectl}
RELEASE_VERSION="v0.4.0"
@@ -314,4 +317,3 @@ If you are running into difficulties with kubeadm, please consult our [troublesh
## {{% heading "whatsnext" %}}
* [Using kubeadm to Create a Cluster](/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/)
-
diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md b/content/en/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md
index 9e95a69f47..0319ee17fc 100644
--- a/content/en/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md
+++ b/content/en/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md
@@ -95,7 +95,7 @@ this example.
HOST=${ETCDHOSTS[$i]}
NAME=${NAMES[$i]}
cat << EOF > /tmp/${HOST}/kubeadmcfg.yaml
- apiVersion: "kubeadm.k8s.io/v1beta2"
+ apiVersion: "kubeadm.k8s.io/v1beta3"
kind: ClusterConfiguration
etcd:
local:
diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm.md b/content/en/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm.md
index 5de8afd20b..8baf5e9dd6 100644
--- a/content/en/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm.md
+++ b/content/en/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm.md
@@ -89,23 +89,11 @@ If you notice that `kubeadm init` hangs after printing out the following line:
This may be caused by a number of problems. The most common are:
- network connection problems. Check that your machine has full network connectivity before continuing.
-- the default cgroup driver configuration for the kubelet differs from that used by Docker.
- Check the system log file (e.g. `/var/log/message`) or examine the output from `journalctl -u kubelet`. If you see something like the following:
-
- ```shell
- error: failed to run Kubelet: failed to create kubelet:
- misconfiguration: kubelet cgroup driver: "systemd" is different from docker cgroup driver: "cgroupfs"
- ```
-
- There are two common ways to fix the cgroup driver problem:
-
- 1. Install Docker again following instructions
- [here](/docs/setup/production-environment/container-runtimes/#docker).
-
- 1. Change the kubelet config to match the Docker cgroup driver manually, you can refer to
- [Configure cgroup driver used by kubelet on control-plane node](/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#configure-cgroup-driver-used-by-kubelet-on-control-plane-node)
-
-- control plane Docker containers are crashlooping or hanging. You can check this by running `docker ps` and investigating each container by running `docker logs`.
+- the cgroup driver of the container runtime differs from that of the kubelet. To understand how to
+configure it properly see [Configuring a cgroup driver](/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/).
+- control plane containers are crashlooping or hanging. You can check this by running `docker ps`
+and investigating each container by running `docker logs`. For other container runtime see
+[Debugging Kubernetes nodes with crictl](/docs/tasks/debug-application-cluster/crictl/).
## kubeadm blocks when removing managed containers
@@ -175,7 +163,7 @@ services](/docs/concepts/services-networking/service/#nodeport) or use `HostNetw
## Pods are not accessible via their Service IP
-- Many network add-ons do not yet enable [hairpin mode](/docs/tasks/debug-application-cluster/debug-service/#a-pod-cannot-reach-itself-via-service-ip)
+- Many network add-ons do not yet enable [hairpin mode](/docs/tasks/debug-application-cluster/debug-service/#a-pod-fails-to-reach-itself-via-the-service-ip)
which allows pods to access themselves via their Service IP. This is an issue related to
[CNI](https://github.com/containernetworking/cni/issues/476). Please contact the network
add-on provider to get the latest status of their support for hairpin mode.
@@ -220,6 +208,25 @@ Unable to connect to the server: x509: certificate signed by unknown authority (
sudo chown $(id -u):$(id -g) $HOME/.kube/config
```
+## Kubelet client certificate rotation fails {#kubelet-client-cert}
+
+By default, kubeadm configures a kubelet with automatic rotation of client certificates by using the `/var/lib/kubelet/pki/kubelet-client-current.pem` symlink specified in `/etc/kubernetes/kubelet.conf`.
+If this rotation process fails you might see errors such as `x509: certificate has expired or is not yet valid`
+in kube-apiserver logs. To fix the issue you must follow these steps:
+
+1. Backup and delete `/etc/kubernetes/kubelet.conf` and `/var/lib/kubelet/pki/kubelet-client*` from the failed node.
+1. From a working control plane node in the cluster that has `/etc/kubernetes/pki/ca.key` execute
+`kubeadm kubeconfig user --org system:nodes --client-name system:node:$NODE > kubelet.conf`.
+`$NODE` must be set to the name of the existing failed node in the cluster.
+Modify the resulted `kubelet.conf` manually to adjust the cluster name and server endpoint,
+or pass `kubeconfig user --config` (it accepts `InitConfiguration`). If your cluster does not have
+the `ca.key` you must sign the embedded certificates in the `kubelet.conf` externally.
+1. Copy this resulted `kubelet.conf` to `/etc/kubernetes/kubelet.conf` on the failed node.
+1. Restart the kubelet (`systemctl restart kubelet`) on the failed node and wait for
+`/var/lib/kubelet/pki/kubelet-client-current.pem` to be recreated.
+1. Run `kubeadm init phase kubelet-finalize all` on the failed node. This will make the new
+`kubelet.conf` file use `/var/lib/kubelet/pki/kubelet-client-current.pem` and will restart the kubelet.
+1. Make sure the node becomes `Ready`.
## Default NIC When using flannel as the pod network in Vagrant
The following error might indicate that something was wrong in the pod network:
@@ -251,7 +258,12 @@ Error from server: Get https://10.19.0.41:10250/containerLogs/default/mysql-ddc6
curl http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/address
```
- The workaround is to tell `kubelet` which IP to use using `--node-ip`. When using DigitalOcean, it can be the public one (assigned to `eth0`) or the private one (assigned to `eth1`) should you want to use the optional private network. The [`KubeletExtraArgs` section of the kubeadm `NodeRegistrationOptions` structure](https://github.com/kubernetes/kubernetes/blob/release-1.13/cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go) can be used for this.
+ The workaround is to tell `kubelet` which IP to use using `--node-ip`.
+ When using DigitalOcean, it can be the public one (assigned to `eth0`) or
+ the private one (assigned to `eth1`) should you want to use the optional
+ private network. The `kubeletExtraArgs` section of the kubeadm
+ [`NodeRegistrationOptions` structure](/docs/reference/config-api/kubeadm-config.v1beta2/#kubeadm-k8s-io-v1beta2-NodeRegistrationOptions)
+ can be used for this.
Then restart `kubelet`:
@@ -324,7 +336,7 @@ Alternatively, you can try separating the `key=value` pairs like so:
`--apiserver-extra-args "enable-admission-plugins=LimitRanger,enable-admission-plugins=NamespaceExists"`
but this will result in the key `enable-admission-plugins` only having the value of `NamespaceExists`.
-A known workaround is to use the kubeadm [configuration file](/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#apiserver-flags).
+A known workaround is to use the kubeadm [configuration file](/docs/reference/config-api/kubeadm-config.v1beta2/).
## kube-proxy scheduled before node is initialized by cloud-controller-manager
@@ -348,23 +360,6 @@ kubectl -n kube-system patch ds kube-proxy -p='{ "spec": { "template": { "spec":
The tracking issue for this problem is [here](https://github.com/kubernetes/kubeadm/issues/1027).
-## The NodeRegistration.Taints field is omitted when marshalling kubeadm configuration
-
-*Note: This [issue](https://github.com/kubernetes/kubeadm/issues/1358) only applies to tools that marshal kubeadm types (e.g. to a YAML configuration file). It will be fixed in kubeadm API v1beta2.*
-
-By default, kubeadm applies the `node-role.kubernetes.io/master:NoSchedule` taint to control-plane nodes.
-If you prefer kubeadm to not taint the control-plane node, and set `InitConfiguration.NodeRegistration.Taints` to an empty slice,
-the field will be omitted when marshalling. When the field is omitted, kubeadm applies the default taint.
-
-There are at least two workarounds:
-
-1. Use the `node-role.kubernetes.io/master:PreferNoSchedule` taint instead of an empty slice. [Pods will get scheduled on masters](/docs/concepts/scheduling-eviction/taint-and-toleration/), unless other nodes have capacity.
-
-2. Remove the taint after kubeadm init exits:
-```bash
-kubectl taint nodes NODE_NAME node-role.kubernetes.io/master:NoSchedule-
-```
-
## `/usr` is mounted read-only on nodes {#usr-mounted-read-only}
On Linux distributions such as Fedora CoreOS or Flatcar Container Linux, the directory `/usr` is mounted as a read-only filesystem.
@@ -374,19 +369,19 @@ Kubernetes components like the kubelet and kube-controller-manager use the defau
for the feature to work.
To workaround this issue you can configure the flex-volume directory using the kubeadm
-[configuration file](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2).
+[configuration file](/docs/reference/config-api/kubeadm-config.v1beta3/).
On the primary control-plane Node (created using `kubeadm init`) pass the following
file using `--config`:
```yaml
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
volume-plugin-dir: "/opt/libexec/kubernetes/kubelet-plugins/volume/exec/"
---
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
controllerManager:
extraArgs:
@@ -396,7 +391,7 @@ controllerManager:
On joining Nodes:
```yaml
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
diff --git a/content/en/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md b/content/en/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md
index 587b34b58f..c3757824c5 100644
--- a/content/en/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md
+++ b/content/en/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md
@@ -67,10 +67,9 @@ nodes and Linux containers on Linux nodes.
| Kubernetes version | Windows Server LTSC releases | Windows Server SAC releases |
| --- | --- | --- | --- |
-| *Kubernetes v1.19* | Windows Server 2019 | Windows Server ver 1909, Windows Server ver 2004 |
| *Kubernetes v1.20* | Windows Server 2019 | Windows Server ver 1909, Windows Server ver 2004 |
| *Kubernetes v1.21* | Windows Server 2019 | Windows Server ver 2004, Windows Server ver 20H2 |
-
+| *Kubernetes v1.22* | Windows Server 2019 | Windows Server ver 2004, Windows Server ver 20H2 |
Information on the different Windows Server servicing channels including their
support models can be found at
@@ -100,8 +99,14 @@ limitation and compatibility rules will change.
#### Pause Image
-Microsoft maintains a Windows pause infrastructure container at
-`mcr.microsoft.com/oss/kubernetes/pause:3.4.1`.
+Kubernetes maintains a multi-architecture image that includes support for Windows.
+For Kubernetes v1.22 the recommended pause image is `k8s.gcr.io/pause:3.5`.
+The [source code](https://github.com/kubernetes/kubernetes/tree/master/build/pause)
+is available on GitHub.
+
+Microsoft maintains a multi-architecture image with Linux and Windows amd64 support at `mcr.microsoft.com/oss/kubernetes/pause:3.5`.
+This image is built from the same source as the Kubernetes maintained image but all of the Windows binaries are [authenticode signed](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode) by Microsoft.
+The Microsoft maintained image is recommended for production environments when signed binaries are required.
#### Compute
@@ -236,7 +241,7 @@ deployed as powershell scripts on the host, support Windows nodes:
##### CSI Plugins
-{{< feature-state for_k8s_version="v1.19" state="beta" >}}
+{{< feature-state for_k8s_version="v1.22" state="stable" >}}
Code associated with {{< glossary_tooltip text="CSI" term_id="csi" >}} plugins
ship as out-of-tree scripts and binaries that are typically distributed as
@@ -245,21 +250,15 @@ DaemonSets and StatefulSets. CSI plugins handle a wide range of volume
management actions in Kubernetes: provisioning/de-provisioning/resizing of
volumes, attaching/detaching of volumes to/from a Kubernetes node and
mounting/dismounting a volume to/from individual containers in a pod,
-backup/restore of persistent data using snapshots and cloning. CSI plugins
-typically consist of node plugins (that run on each node as a DaemonSet) and
-controller plugins.
+backup/restore of persistent data using snapshots and cloning.
-CSI node plugins (especially those associated with persistent volumes exposed
-as either block devices or over a shared file-system) need to perform various
-privileged operations like scanning of disk devices, mounting of file systems,
-etc. These operations differ for each host operating system. For Linux worker
-nodes, containerized CSI node plugins are typically deployed as privileged
-containers. For Windows worker nodes, privileged operations for containerized
-CSI node plugins is supported using
-[csi-proxy](https://github.com/kubernetes-csi/csi-proxy), a community-managed,
-stand-alone binary that needs to be pre-installed on each Windows node. Please
-refer to the deployment guide of the CSI plugin you wish to deploy for further
-details.
+CSI plugins communicate with a CSI node plugin which performs the local storage operations.
+On Windows nodes CSI node plugins typically call APIs exposed by the community-managed
+[csi-proxy](https://github.com/kubernetes-csi/csi-proxy) which handles the local storage operations.
+
+Please refer to the deployment guide of the environment where you wish to deploy a Windows CSI plugin
+for further details around installation.
+You may also refer to the following [installation steps](https://github.com/kubernetes-csi/csi-proxy#installation).
#### Networking
@@ -1068,9 +1067,8 @@ contributors. Follow the instructions in the SIG-Windows
Register kubelet.exe:
```powershell
- # Microsoft releases the pause infrastructure container at mcr.microsoft.com/oss/kubernetes/pause:3.4.1
nssm install kubelet C:\k\kubelet.exe
- nssm set kubelet AppParameters --hostname-override= --v=6 --pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.4.1 --resolv-conf="" --allow-privileged=true --enable-debugging-handlers --cluster-dns= --cluster-domain=cluster.local --kubeconfig=c:\k\config --hairpin-mode=promiscuous-bridge --image-pull-progress-deadline=20m --cgroups-per-qos=false --log-dir= --logtostderr=false --enforce-node-allocatable="" --network-plugin=cni --cni-bin-dir=c:\k\cni --cni-conf-dir=c:\k\cni\config
+ nssm set kubelet AppParameters --hostname-override= --v=6 --pod-infra-container-image=k8s.gcr.io/pause:3.5 --resolv-conf="" --allow-privileged=true --enable-debugging-handlers --cluster-dns= --cluster-domain=cluster.local --kubeconfig=c:\k\config --hairpin-mode=promiscuous-bridge --image-pull-progress-deadline=20m --cgroups-per-qos=false --log-dir= --logtostderr=false --enforce-node-allocatable="" --network-plugin=cni --cni-bin-dir=c:\k\cni --cni-conf-dir=c:\k\cni\config
nssm set kubelet AppDirectory C:\k
nssm start kubelet
```
@@ -1239,11 +1237,11 @@ contributors. Follow the instructions in the SIG-Windows
* `kubectl port-forward` fails with "unable to do port forwarding: wincat not found"
- This was implemented in Kubernetes 1.15 by including wincat.exe in the
- pause infrastructure container `mcr.microsoft.com/oss/kubernetes/pause:3.4.1`.
- Be sure to use these versions or newer ones. If you would like to build your
- own pause infrastructure container be sure to include
- [wincat](https://github.com/kubernetes-sigs/sig-windows-tools/tree/master/cmd/wincat).
+ Port forwarding support for Windows requires wincat.exe to be available in the
+ [pause infrastructure container](#pause-image).
+ Ensure you are using a supported image that is compatable with your Windows OS version.
+ If you would like to build your own pause infrastructure container be sure to include
+ [wincat](https://github.com/kubernetes/kubernetes/tree/master/build/pause/windows/wincat).
* My Kubernetes installation is failing because my Windows Server node is
behind a proxy
@@ -1265,10 +1263,8 @@ contributors. Follow the instructions in the SIG-Windows
to accommodate worker containers crashing or restarting without losing any of
the networking configuration.
- The "pause" (infrastructure) image is hosted on Microsoft Container Registry
- (MCR). You can access it using `mcr.microsoft.com/oss/kubernetes/pause:3.4.1`.
- For more details, see the
- [DOCKERFILE](https://github.com/kubernetes-sigs/windows-testing/blob/master/images/pause/Dockerfile).
+ Refer to the [pause image](#pause-image) section to find the recommended version
+ of the pause image.
### Further investigation
@@ -1337,4 +1333,3 @@ guide is available
[here](/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes/). We are
also making investments in cluster API to ensure Windows nodes are properly
provisioned.
-
diff --git a/content/en/docs/setup/production-environment/windows/user-guide-windows-containers.md b/content/en/docs/setup/production-environment/windows/user-guide-windows-containers.md
index 7ddf5397ae..ec47f5637a 100644
--- a/content/en/docs/setup/production-environment/windows/user-guide-windows-containers.md
+++ b/content/en/docs/setup/production-environment/windows/user-guide-windows-containers.md
@@ -26,7 +26,7 @@ This guide walks you through the steps to configure and deploy a Windows contain
## Before you begin
* Create a Kubernetes cluster that includes a
-[master and a worker node running Windows Server](/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes)
+control plane and a [worker node running Windows Server](/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes/)
* It is important to note that creating and deploying services and workloads on Kubernetes
behaves in much the same way for Linux and Windows containers.
[Kubectl commands](/docs/reference/kubectl/overview/) to interface with the cluster are identical.
@@ -105,15 +105,15 @@ the container port 80 is exposed directly to the service.
1. Check that the deployment succeeded. To verify:
* Two containers per pod on the Windows node, use `docker ps`
- * Two pods listed from the Linux master, use `kubectl get pods`
- * Node-to-pod communication across the network, `curl` port 80 of your pod IPs from the Linux master
+ * Two pods listed from the Linux control plane node, use `kubectl get pods`
+ * Node-to-pod communication across the network, `curl` port 80 of your pod IPs from the Linux control plane node
to check for a web server response
* Pod-to-pod communication, ping between pods (and across hosts, if you have more than one Windows node)
using docker exec or kubectl exec
* Service-to-pod communication, `curl` the virtual service IP (seen under `kubectl get services`)
- from the Linux master and from individual pods
+ from the Linux control plane node and from individual pods
* Service discovery, `curl` the service name with the Kubernetes [default DNS suffix](/docs/concepts/services-networking/dns-pod-service/#services)
- * Inbound connectivity, `curl` the NodePort from the Linux master or machines outside of the cluster
+ * Inbound connectivity, `curl` the NodePort from the Linux control plane node or machines outside of the cluster
* Outbound connectivity, `curl` external IPs from inside the pod using kubectl exec
{{< note >}}
@@ -184,7 +184,7 @@ For example: `--register-with-taints='os=windows:NoSchedule'`
By adding a taint to all Windows nodes, nothing will be scheduled on them (that includes existing Linux Pods).
In order for a Windows Pod to be scheduled on a Windows node,
-it would need both the nodeSelector to choose Windows, and the appropriate matching toleration.
+it would need both the nodeSelector and the appropriate matching toleration to choose Windows.
```yaml
nodeSelector:
diff --git a/content/en/docs/tasks/access-application-cluster/_index.md b/content/en/docs/tasks/access-application-cluster/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md b/content/en/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md
index e32a6ba02c..8b79d7042f 100644
--- a/content/en/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md
+++ b/content/en/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md
@@ -7,7 +7,6 @@ card:
weight: 40
---
-
This page shows how to configure access to multiple clusters by using
@@ -22,19 +21,21 @@ It does not mean that there is a file named `kubeconfig`.
{{< /note >}}
+{{< warning >}}
+Only use kubeconfig files from trusted sources. Using a specially-crafted kubeconfig file could result in malicious code execution or file exposure.
+If you must use an untrusted kubeconfig file, inspect it carefully first, much as you would a shell script.
+{{< /warning>}}
+
## {{% heading "prerequisites" %}}
-
{{< include "task-tutorial-prereqs.md" >}}
To check that {{< glossary_tooltip text="kubectl" term_id="kubectl" >}} is installed,
run `kubectl version --client`. The kubectl version should be
-[within one minor version](/docs/setup/release/version-skew-policy/#kubectl) of your
+[within one minor version](/releases/version-skew-policy/#kubectl) of your
cluster's API server.
-
-
## Define clusters, users, and contexts
@@ -186,7 +187,7 @@ kubectl config --kubeconfig=config-demo view --minify
The output shows configuration information associated with the `dev-frontend` context:
-```shell
+```yaml
apiVersion: v1
clusters:
- cluster:
@@ -238,7 +239,6 @@ kubectl config --kubeconfig=config-demo use-context dev-storage
View configuration associated with the new current context, `dev-storage`.
-
```shell
kubectl config --kubeconfig=config-demo view --minify
```
@@ -247,7 +247,7 @@ kubectl config --kubeconfig=config-demo view --minify
In your `config-exercise` directory, create a file named `config-demo-2` with this content:
-```shell
+```yaml
apiVersion: v1
kind: Config
preferences: {}
@@ -269,13 +269,17 @@ current value of your `KUBECONFIG` environment variable, so you can restore it l
For example:
### Linux
+
```shell
export KUBECONFIG_SAVED=$KUBECONFIG
```
+
### Windows PowerShell
-```shell
+
+```powershell
$Env:KUBECONFIG_SAVED=$ENV:KUBECONFIG
```
+
The `KUBECONFIG` environment variable is a list of paths to configuration files. The list is
colon-delimited for Linux and Mac, and semicolon-delimited for Windows. If you have
a `KUBECONFIG` environment variable, familiarize yourself with the configuration files
@@ -284,11 +288,14 @@ in the list.
Temporarily append two paths to your `KUBECONFIG` environment variable. For example:
### Linux
+
```shell
export KUBECONFIG=$KUBECONFIG:config-demo:config-demo-2
```
+
### Windows PowerShell
-```shell
+
+```powershell
$Env:KUBECONFIG=("config-demo;config-demo-2")
```
@@ -303,7 +310,7 @@ environment variable. In particular, notice that the merged information has the
`dev-ramp-up` context from the `config-demo-2` file and the three contexts from
the `config-demo` file:
-```shell
+```yaml
contexts:
- context:
cluster: development
@@ -347,11 +354,14 @@ If you have a `$HOME/.kube/config` file, and it's not already listed in your
For example:
### Linux
+
```shell
export KUBECONFIG=$KUBECONFIG:$HOME/.kube/config
```
+
### Windows Powershell
-```shell
+
+```powershell
$Env:KUBECONFIG="$Env:KUBECONFIG;$HOME\.kube\config"
```
@@ -367,23 +377,19 @@ kubectl config view
Return your `KUBECONFIG` environment variable to its original value. For example:
### Linux
+
```shell
export KUBECONFIG=$KUBECONFIG_SAVED
```
+
### Windows PowerShell
-```shell
+
+```powershell
$Env:KUBECONFIG=$ENV:KUBECONFIG_SAVED
```
-
-
## {{% heading "whatsnext" %}}
-
* [Organizing Cluster Access Using kubeconfig Files](/docs/concepts/configuration/organize-cluster-access-kubeconfig/)
* [kubectl config](/docs/reference/generated/kubectl/kubectl-commands#config)
-
-
-
-
diff --git a/content/en/docs/tasks/access-application-cluster/create-external-load-balancer.md b/content/en/docs/tasks/access-application-cluster/create-external-load-balancer.md
index 7dcc613232..23f6f91a2c 100644
--- a/content/en/docs/tasks/access-application-cluster/create-external-load-balancer.md
+++ b/content/en/docs/tasks/access-application-cluster/create-external-load-balancer.md
@@ -4,47 +4,44 @@ content_type: task
weight: 80
---
-
-This page shows how to create an External Load Balancer.
+This page shows how to create an external load balancer.
-{{< note >}}
-This feature is only available for cloud providers or environments which support external load balancers.
-{{< /note >}}
-
-When creating a service, you have the option of automatically creating a
-cloud network load balancer. This provides an externally-accessible IP address
-that sends traffic to the correct port on your cluster nodes
+When creating a {{< glossary_tooltip text="Service" term_id="service" >}}, you have
+the option of automatically creating a cloud load balancer. This provides an
+externally-accessible IP address that sends traffic to the correct port on your cluster
+nodes,
_provided your cluster runs in a supported environment and is configured with
the correct cloud load balancer provider package_.
-For information on provisioning and using an Ingress resource that can give
-services externally-reachable URLs, load balance the traffic, terminate SSL etc.,
-please check the [Ingress](/docs/concepts/services-networking/ingress/)
+You can also use an {{< glossary_tooltip term_id="ingress" >}} in place of Service.
+For more information, check the [Ingress](/docs/concepts/services-networking/ingress/)
documentation.
-
-
## {{% heading "prerequisites" %}}
-* {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+{{< include "task-tutorial-prereqs.md" >}}
+Your cluster must be running in a cloud or other environment that already has support
+for configuring external load balancers.
-## Configuration file
+## Create a Service
+
+### Create a Service from a manifest
To create an external load balancer, add the following line to your
-[service configuration file](/docs/concepts/services-networking/service/#loadbalancer):
+Service manifest:
```yaml
type: LoadBalancer
```
-Your configuration file might look like:
+Your manifest might then look like:
```yaml
apiVersion: v1
@@ -60,19 +57,19 @@ spec:
type: LoadBalancer
```
-## Using kubectl
+### Create a Service using kubectl
You can alternatively create the service with the `kubectl expose` command and
its `--type=LoadBalancer` flag:
```bash
-kubectl expose rc example --port=8765 --target-port=9376 \
+kubectl expose deployment example --port=8765 --target-port=9376 \
--name=example-service --type=LoadBalancer
```
-This command creates a new service using the same selectors as the referenced
-resource (in the case of the example above, a replication controller named
-`example`).
+This command creates a new Service using the same selectors as the referenced
+resource (in the case of the example above, a
+{{< glossary_tooltip text="Deployment" term_id="deployment" >}} named `example`).
For more information, including optional flags, refer to the
[`kubectl expose` reference](/docs/reference/generated/kubectl/kubectl-commands/#expose).
@@ -86,59 +83,63 @@ information through `kubectl`:
kubectl describe services example-service
```
-which should produce output like this:
+which should produce output similar to:
-```bash
- Name: example-service
- Namespace: default
- Labels:
- Annotations:
- Selector: app=example
- Type: LoadBalancer
- IP: 10.67.252.103
- LoadBalancer Ingress: 192.0.2.89
- Port: 80/TCP
- NodePort: 32445/TCP
- Endpoints: 10.64.0.4:80,10.64.1.5:80,10.64.2.4:80
- Session Affinity: None
- Events:
+```
+Name: example-service
+Namespace: default
+Labels: app=example
+Annotations:
+Selector: app=example
+Type: LoadBalancer
+IP Families:
+IP: 10.3.22.96
+IPs: 10.3.22.96
+LoadBalancer Ingress: 192.0.2.89
+Port: 8765/TCP
+TargetPort: 9376/TCP
+NodePort: 30593/TCP
+Endpoints: 172.17.0.3:9376
+Session Affinity: None
+External Traffic Policy: Cluster
+Events:
```
-The IP address is listed next to `LoadBalancer Ingress`.
+The load balancer's IP address is listed next to `LoadBalancer Ingress`.
{{< note >}}
If you are running your service on Minikube, you can find the assigned IP address and port with:
-{{< /note >}}
```bash
minikube service example-service --url
```
+{{< /note >}}
## Preserving the client source IP
-Due to the implementation of this feature, the source IP seen in the target
-container is *not the original source IP* of the client. To enable
-preservation of the client IP, the following fields can be configured in the
-service spec (supported in GCE/Google Kubernetes Engine environments):
+By default, the source IP seen in the target container is *not the original
+source IP* of the client. To enable preservation of the client IP, the following
+fields can be configured in the `.spec` of the Service:
-* `service.spec.externalTrafficPolicy` - denotes if this Service desires to route
-external traffic to node-local or cluster-wide endpoints. There are two available
-options: Cluster (default) and Local. Cluster obscures the client source
-IP and may cause a second hop to another node, but should have good overall
-load-spreading. Local preserves the client source IP and avoids a second hop
-for LoadBalancer and NodePort type services, but risks potentially imbalanced
-traffic spreading.
-* `service.spec.healthCheckNodePort` - specifies the health check node port
-(numeric port number) for the service. If `healthCheckNodePort` isn't specified,
-the service controller allocates a port from your cluster's NodePort range. You
-can configure that range by setting an API server command line option,
-`--service-node-port-range`. It will use the
-user-specified `healthCheckNodePort` value if specified by the client. It only has an
-effect when `type` is set to LoadBalancer and `externalTrafficPolicy` is set
-to Local.
+* `.spec.externalTrafficPolicy` - denotes if this Service desires to route
+ external traffic to node-local or cluster-wide endpoints. There are two available
+ options: `Cluster` (default) and `Local`. `Cluster` obscures the client source
+ IP and may cause a second hop to another node, but should have good overall
+ load-spreading. `Local` preserves the client source IP and avoids a second hop
+ for LoadBalancer and NodePort type Services, but risks potentially imbalanced
+ traffic spreading.
+* `.spec.healthCheckNodePort` - specifies the health check node port
+ (numeric port number) for the service. If you don't specify
+ `healthCheckNodePort`, the service controller allocates a port from your
+ cluster's NodePort range.
+ You can configure that range by setting an API server command line option,
+ `--service-node-port-range`. The Service will use the user-specified
+ `healthCheckNodePort` value if you specify it, provided that the
+ Service `type` is set to LoadBalancer and `externalTrafficPolicy` is set
+ to `Local`.
-Setting `externalTrafficPolicy` to Local in the Service configuration file
-activates this feature.
+Setting `externalTrafficPolicy` to Local in the Service manifest
+activates this feature. For example:
```yaml
apiVersion: v1
@@ -155,7 +156,20 @@ spec:
type: LoadBalancer
```
-## Garbage Collecting Load Balancers
+### Caveats and limitations when preserving source IPs
+
+Load balancing services from some cloud providers do not let you configure different weights for each target.
+
+With each target weighted equally in terms of sending traffic to Nodes, external
+traffic is not equally load balanced across different Pods. The external load balancer
+is unaware of the number of Pods on each node that are used as a target.
+
+Where `NumServicePods << _NumNodes` or `NumServicePods >> NumNodes`, a fairly close-to-equal
+distribution will be seen, even without weights.
+
+Internal pod to pod traffic should behave similar to ClusterIP services, with equal probability across all pods.
+
+## Garbage collecting load balancers
{{< feature-state for_k8s_version="v1.17" state="stable" >}}
@@ -172,32 +186,18 @@ The finalizer will only be removed after the load balancer resource is cleaned u
This prevents dangling load balancer resources even in corner cases such as the
service controller crashing.
-## External Load Balancer Providers
+## External load balancer providers
It is important to note that the datapath for this functionality is provided by a load balancer external to the Kubernetes cluster.
When the Service `type` is set to LoadBalancer, Kubernetes provides functionality equivalent to `type` equals ClusterIP to pods
-within the cluster and extends it by programming the (external to Kubernetes) load balancer with entries for the Kubernetes
-pods. The Kubernetes service controller automates the creation of the external load balancer, health checks (if needed),
-firewall rules (if needed) and retrieves the external IP allocated by the cloud provider and populates it in the service
-object.
-
-## Caveats and Limitations when preserving source IPs
-
-GCE/AWS load balancers do not provide weights for their target pools. This was not an issue with the old LB
-kube-proxy rules which would correctly balance across all endpoints.
-
-With the new functionality, the external traffic is not equally load balanced across pods, but rather
-equally balanced at the node level (because GCE/AWS and other external LB implementations do not have the ability
-for specifying the weight per node, they balance equally across all target nodes, disregarding the number of
-pods on each node).
-
-We can, however, state that for NumServicePods << NumNodes or NumServicePods >> NumNodes, a fairly close-to-equal
-distribution will be seen, even without weights.
-
-Once the external load balancers provide weights, this functionality can be added to the LB programming path.
-*Future Work: No support for weights is provided for the 1.4 release, but may be added at a future date*
-
-Internal pod to pod traffic should behave similar to ClusterIP services, with equal probability across all pods.
+within the cluster and extends it by programming the (external to Kubernetes) load balancer with entries for the nodes
+hosting the relevant Kubernetes pods. The Kubernetes control plane automates the creation of the external load balancer,
+health checks (if needed), and packet filtering rules (if needed). Once the cloud provider allocates an IP address for the load
+balancer, the control plane looks up that external IP address and populates it into the Service object.
+## {{% heading "whatsnext" %}}
+* Read about [Service](/docs/concepts/services-networking/service/)
+* Read about [Ingress](/docs/concepts/services-networking/ingress/)
+* Read [Connecting Applications with Services](/docs/concepts/services-networking/connect-applications-service/)
diff --git a/content/en/docs/tasks/access-application-cluster/ingress-minikube.md b/content/en/docs/tasks/access-application-cluster/ingress-minikube.md
index ce7d4d4dde..65249e8fc8 100644
--- a/content/en/docs/tasks/access-application-cluster/ingress-minikube.md
+++ b/content/en/docs/tasks/access-application-cluster/ingress-minikube.md
@@ -44,6 +44,7 @@ This page shows you how to set up a simple Ingress which routes requests to Serv
1. Verify that the NGINX Ingress controller is running
+
{{< tabs name="tab_with_md" >}}
{{% tab name="minikube v1.19 or later" %}}
```shell
@@ -83,6 +84,22 @@ storage-provisioner 1/1 Running 0 2m
+ ```shell
+ kubectl get pods -n ingress-nginx
+ ```
+
+ {{< note >}}This can take up to a minute.{{< /note >}}
+
+ Output:
+
+ ```shell
+ NAME READY STATUS RESTARTS AGE
+ ingress-nginx-admission-create-2tgrf 0/1 Completed 0 3m28s
+ ingress-nginx-admission-patch-68b98 0/1 Completed 0 3m28s
+ ingress-nginx-controller-59b45fb494-lzmw2 1/1 Running 0 3m28s
+ ```
+
+
## Deploy a hello, world app
1. Create a Deployment using the following command:
diff --git a/content/en/docs/tasks/access-application-cluster/port-forward-access-application-cluster.md b/content/en/docs/tasks/access-application-cluster/port-forward-access-application-cluster.md
index a0b4d78dab..ba8f7b1244 100644
--- a/content/en/docs/tasks/access-application-cluster/port-forward-access-application-cluster.md
+++ b/content/en/docs/tasks/access-application-cluster/port-forward-access-application-cluster.md
@@ -31,7 +31,7 @@ for database debugging.
1. Create a Deployment that runs MongoDB:
```shell
- kubectl apply -f https://k8s.io/examples/application/guestbook/mongo-deployment.yaml
+ kubectl apply -f https://k8s.io/examples/application/mongodb/mongo-deployment.yaml
```
The output of a successful command verifies that the deployment was created:
@@ -84,7 +84,7 @@ for database debugging.
2. Create a Service to expose MongoDB on the network:
```shell
- kubectl apply -f https://k8s.io/examples/application/guestbook/mongo-service.yaml
+ kubectl apply -f https://k8s.io/examples/application/mongodb/mongo-service.yaml
```
The output of a successful command verifies that the Service was created:
diff --git a/content/en/docs/tasks/access-application-cluster/web-ui-dashboard.md b/content/en/docs/tasks/access-application-cluster/web-ui-dashboard.md
index 5c402e0304..0182bbad73 100644
--- a/content/en/docs/tasks/access-application-cluster/web-ui-dashboard.md
+++ b/content/en/docs/tasks/access-application-cluster/web-ui-dashboard.md
@@ -2,8 +2,9 @@
reviewers:
- bryk
- mikedanese
-- rf232
-title: Web UI (Dashboard)
+title: Deploy and Access the Kubernetes Dashboard
+description: >-
+ Deploy the web UI (Kubernetes Dashboard) and access it.
content_type: concept
weight: 10
card:
@@ -34,7 +35,7 @@ Dashboard also provides information on the state of Kubernetes resources in your
The Dashboard UI is not deployed by default. To deploy it, run the following command:
```
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
```
## Accessing the Dashboard UI
@@ -49,7 +50,9 @@ The sample user created in the tutorial will have administrative privileges and
{{< /warning >}}
### Command line proxy
-You can access Dashboard using the kubectl command-line tool by running the following command:
+
+You can enable access to the Dashboard using the `kubectl` command-line tool,
+by running the following command:
```
kubectl proxy
@@ -60,7 +63,8 @@ Kubectl will make Dashboard available at [http://localhost:8001/api/v1/namespace
The UI can _only_ be accessed from the machine where the command is executed. See `kubectl proxy --help` for more options.
{{< note >}}
-Kubeconfig Authentication method does NOT support external identity providers or x509 certificate-based authentication.
+The kubeconfig authentication method does **not** support external identity providers
+or X.509 certificate-based authentication.
{{< /note >}}
## Welcome view
@@ -75,7 +79,7 @@ In addition, you can view which system applications are running by default in th
## Deploying containerized applications
Dashboard lets you create and deploy a containerized application as a Deployment and optional Service with a simple wizard.
-You can either manually specify application details, or upload a YAML or JSON file containing application configuration.
+You can either manually specify application details, or upload a YAML or JSON _manifest_ file containing application configuration.
Click the **CREATE** button in the upper right corner of any page to begin.
@@ -186,13 +190,14 @@ If needed, you can expand the **Advanced options** section where you can specify
### Uploading a YAML or JSON file
Kubernetes supports declarative configuration.
-In this style, all configuration is stored in YAML or JSON configuration files
-using the Kubernetes [API](/docs/concepts/overview/kubernetes-api/) resource schemas.
+In this style, all configuration is stored in manifests (YAML or JSON configuration files).
+The manifests use Kubernetes [API](/docs/concepts/overview/kubernetes-api/) resource schemas.
As an alternative to specifying application details in the deploy wizard,
-you can define your application in YAML or JSON files, and upload the files using Dashboard.
+you can define your application in one or more manifests, and upload the files using Dashboard.
## Using Dashboard
+
Following sections describe views of the Kubernetes Dashboard UI; what they provide and how can they be used.
### Navigation
@@ -203,8 +208,9 @@ this can be changed using the namespace selector located in the navigation menu.
Dashboard shows most Kubernetes object kinds and groups them in a few menu categories.
-#### Admin Overview
-For cluster and namespace administrators, Dashboard lists Nodes, Namespaces and Persistent Volumes and has detail views for them.
+#### Admin overview
+
+For cluster and namespace administrators, Dashboard lists Nodes, Namespaces and PersistentVolumes and has detail views for them.
Node list view contains CPU and memory usage metrics aggregated across all Nodes.
The details view shows the metrics for a Node, its specification, status,
allocated resources, events and pods running on the node.
@@ -212,14 +218,14 @@ allocated resources, events and pods running on the node.
#### Workloads
Shows all applications running in the selected namespace.
-The view lists applications by workload kind (e.g., Deployments, Replica Sets, Stateful Sets, etc.)
+The view lists applications by workload kind (for example: Deployments, ReplicaSets, StatefulSets).
and each workload kind can be viewed separately.
The lists summarize actionable information about the workloads,
-such as the number of ready pods for a Replica Set or current memory usage for a Pod.
+such as the number of ready pods for a ReplicaSet or current memory usage for a Pod.
Detail views for workloads show status and specification information and
surface relationships between objects.
-For example, Pods that Replica Set is controlling or New Replica Sets and Horizontal Pod Autoscalers for Deployments.
+For example, Pods that ReplicaSet is controlling or new ReplicaSets and HorizontalPodAutoscalers for Deployments.
#### Services
@@ -230,9 +236,9 @@ internal endpoints for cluster connections and external endpoints for external u
#### Storage
-Storage view shows Persistent Volume Claim resources which are used by applications for storing data.
+Storage view shows PersistentVolumeClaim resources which are used by applications for storing data.
-#### Config Maps and Secrets
+#### ConfigMaps and Secrets {#config-maps-and-secrets}
Shows all Kubernetes resources that are used for live configuration of applications running in clusters.
The view allows for editing and managing config objects and displays secrets hidden by default.
diff --git a/content/en/docs/tasks/administer-cluster/_index.md b/content/en/docs/tasks/administer-cluster/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tasks/administer-cluster/access-cluster-api.md b/content/en/docs/tasks/administer-cluster/access-cluster-api.md
index 0275cadabf..827cb50f7c 100644
--- a/content/en/docs/tasks/administer-cluster/access-cluster-api.md
+++ b/content/en/docs/tasks/administer-cluster/access-cluster-api.md
@@ -30,7 +30,7 @@ Check the location and credentials that kubectl knows about with this command:
kubectl config view
```
-Many of the [examples](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/) provide an introduction to using
+Many of the [examples](https://github.com/kubernetes/examples/tree/master/) provide an introduction to using
kubectl. Complete documentation is found in the [kubectl manual](/docs/reference/kubectl/overview/).
### Directly accessing the REST API
diff --git a/content/en/docs/tasks/administer-cluster/certificates.md b/content/en/docs/tasks/administer-cluster/certificates.md
index 6361b20d16..2338b0cdc7 100644
--- a/content/en/docs/tasks/administer-cluster/certificates.md
+++ b/content/en/docs/tasks/administer-cluster/certificates.md
@@ -116,6 +116,9 @@ manually through `easyrsa`, `openssl` or `cfssl`.
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key \
-CAcreateserial -out server.crt -days 10000 \
-extensions v3_ext -extfile csr.conf
+1. View the certificate signing request:
+
+ openssl req -noout -text -in ./server.csr
1. View the certificate:
openssl x509 -noout -text -in ./server.crt
diff --git a/content/en/docs/tasks/administer-cluster/change-pv-reclaim-policy.md b/content/en/docs/tasks/administer-cluster/change-pv-reclaim-policy.md
index be7cbf2673..6a11b4f2d3 100644
--- a/content/en/docs/tasks/administer-cluster/change-pv-reclaim-policy.md
+++ b/content/en/docs/tasks/administer-cluster/change-pv-reclaim-policy.md
@@ -26,7 +26,7 @@ volume is automatically deleted when a user deletes the corresponding
PersistentVolumeClaim. This automatic behavior might be inappropriate if the volume
contains precious data. In that case, it is more appropriate to use the "Retain"
policy. With the "Retain" policy, if a user deletes a PersistentVolumeClaim,
-the corresponding PersistentVolume is not be deleted. Instead, it is moved to the
+the corresponding PersistentVolume will not be deleted. Instead, it is moved to the
Released phase, where all of its data can be manually recovered.
## Changing the reclaim policy of a PersistentVolume
diff --git a/content/en/docs/tasks/administer-cluster/controller-manager-leader-migration.md b/content/en/docs/tasks/administer-cluster/controller-manager-leader-migration.md
index 8b141f9da0..ddfa8e592e 100644
--- a/content/en/docs/tasks/administer-cluster/controller-manager-leader-migration.md
+++ b/content/en/docs/tasks/administer-cluster/controller-manager-leader-migration.md
@@ -10,7 +10,7 @@ content_type: task
-{{< feature-state state="alpha" for_k8s_version="v1.21" >}}
+{{< feature-state state="beta" for_k8s_version="v1.22" >}}
{{< glossary_definition term_id="cloud-controller-manager" length="all" prepend="The cloud-controller-manager is">}}
@@ -20,21 +20,21 @@ As part of the [cloud provider extraction effort](https://kubernetes.io/blog/201
Leader Migration provides a mechanism in which HA clusters can safely migrate "cloud specific" controllers between the `kube-controller-manager` and the `cloud-controller-manager` via a shared resource lock between the two components while upgrading the replicated control plane. For a single-node control plane, or if unavailability of controller managers can be tolerated during the upgrade, Leader Migration is not needed and this guide can be ignored.
-Leader Migration is an alpha feature that is disabled by default and it requires `--enable-leader-migration` to be set on controller managers. It can be enabled by setting the feature gate `ControllerManagerLeaderMigration` plus `--enable-leader-migration` on `kube-controller-manager` or `cloud-controller-manager`. Leader Migration only applies during the upgrade and can be safely disabled or left enabled after the upgrade is complete.
+Leader Migration can be enabled by setting `--enable-leader-migration` on `kube-controller-manager` or `cloud-controller-manager`. Leader Migration only applies during the upgrade and can be safely disabled or left enabled after the upgrade is complete.
This guide walks you through the manual process of upgrading the control plane from `kube-controller-manager` with built-in cloud provider to running both `kube-controller-manager` and `cloud-controller-manager`. If you use a tool to administrator the cluster, please refer to the documentation of the tool and the cloud provider for more details.
## {{% heading "prerequisites" %}}
-It is assumed that the control plane is running Kubernetes version N and to be upgraded to version N + 1. Although it is possible to migrate within the same version, ideally the migration should be performed as part of a upgrade so that changes of configuration can be aligned to releases. The exact versions of N and N + 1 depend on each cloud provider. For example, if a cloud provider builds a `cloud-controller-manager` to work with Kubernetes 1.22, then N can be 1.21 and N + 1 can be 1.22.
+It is assumed that the control plane is running Kubernetes version N and to be upgraded to version N + 1. Although it is possible to migrate within the same version, ideally the migration should be performed as part of an upgrade so that changes of configuration can be aligned to each release. The exact versions of N and N + 1 depend on each cloud provider. For example, if a cloud provider builds a `cloud-controller-manager` to work with Kubernetes 1.22, then N can be 1.21 and N + 1 can be 1.22.
The control plane nodes should run `kube-controller-manager` with Leader Election enabled through `--leader-elect=true`. As of version N, an in-tree cloud privider must be set with `--cloud-provider` flag and `cloud-controller-manager` should not yet be deployed.
-The out-of-tree cloud provider must have built a `cloud-controller-manager` with Leader Migration implmentation. If the cloud provider imports `k8s.io/cloud-provider` and `k8s.io/controller-manager` of version v0.21.0 or later, Leader Migration will be avaliable.
+The out-of-tree cloud provider must have built a `cloud-controller-manager` with Leader Migration implementation. If the cloud provider imports `k8s.io/cloud-provider` and `k8s.io/controller-manager` of version v0.21.0 or later, Leader Migration will be available. However, for version before v0.22.0, Leader Migration is alpha and requires feature gate `ControllerManagerLeaderMigration` to be enabled.
This guide assumes that kubelet of each control plane node starts `kube-controller-manager` and `cloud-controller-manager` as static pods defined by their manifests. If the components run in a different setting, please adjust the steps accordingly.
-For authorization, this guide assumes that the cluser uses RBAC. If another authorization mode grants permissions to `kube-controller-manager` and `cloud-controller-manager` components, please grant the needed access in a way that matches the mode.
+For authorization, this guide assumes that the cluster uses RBAC. If another authorization mode grants permissions to `kube-controller-manager` and `cloud-controller-manager` components, please grant the needed access in a way that matches the mode.
@@ -52,11 +52,13 @@ Do the same to the `system::leader-locking-cloud-controller-manager` role.
### Initial Leader Migration configuration
-Leader Migration requires a configuration file representing the state of controller-to-manager assignment. At this moment, with in-tree cloud provider, `kube-controller-manager` runs `route`, `service`, and `cloud-node-lifecycle`. The following example configuration shows the assignment.
+Leader Migration optionally takes a configuration file representing the state of controller-to-manager assignment. At this moment, with in-tree cloud provider, `kube-controller-manager` runs `route`, `service`, and `cloud-node-lifecycle`. The following example configuration shows the assignment.
+
+Leader Migration can be enabled without a configuration. Please see [Default Configuration](#default-configuration) for details.
```yaml
kind: LeaderMigrationConfiguration
-apiVersion: controllermanager.config.k8s.io/v1alpha1
+apiVersion: controllermanager.config.k8s.io/v1beta1
leaderName: cloud-provider-extraction-migration
resourceLock: leases
controllerLeaders:
@@ -70,7 +72,6 @@ controllerLeaders:
On each control plane node, save the content to `/etc/leadermigration.conf`, and update the manifest of `kube-controller-manager` so that the file is mounted inside the container at the same location. Also, update the same manifest to add the following arguments:
-- `--feature-gates=ControllerManagerLeaderMigration=true` to enable Leader Migration which is an alpha feature
- `--enable-leader-migration` to enable Leader Migration on the controller manager
- `--leader-migration-config=/etc/leadermigration.conf` to set configuration file
@@ -82,7 +83,7 @@ In version N + 1, the desired state of controller-to-manager assignment can be r
```yaml
kind: LeaderMigrationConfiguration
-apiVersion: controllermanager.config.k8s.io/v1alpha1
+apiVersion: controllermanager.config.k8s.io/v1beta1
leaderName: cloud-provider-extraction-migration
resourceLock: leases
controllerLeaders:
@@ -113,6 +114,13 @@ Now that the control plane has been upgraded to run both `kube-controller-manage
In a rolling manager, update manifest of `cloud-controller-manager` to unset both `--enable-leader-migration` and `--leader-migration-config=` flag, also remove the mount of `/etc/leadermigration.conf`, and finally remove `/etc/leadermigration.conf`. To re-enable Leader Migration, recreate the configuration file and add its mount and the flags that enable Leader Migration back to `cloud-controller-manager`.
+### Default Configuration
+
+Starting Kubernetes 1.22, Leader Migration provides a default configuration suitable for the default controller-to-manager assignment.
+The default configuration can be enabled by setting `--enable-leader-migration` but without `--leader-migration-config=`.
+
+For `kube-controller-manager` and `cloud-controller-manager`, if there are no flags that enable any in-tree cloud provider or change ownership of controllers, the default configuration can be used to avoid manual creation of the configuration file.
+
## {{% heading "whatsnext" %}}
- Read the [Controller Manager Leader Migration](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cloud-provider/2436-controller-manager-leader-migration) enhancement proposal
diff --git a/content/en/docs/tasks/administer-cluster/cpu-management-policies.md b/content/en/docs/tasks/administer-cluster/cpu-management-policies.md
index 5ffc40781a..9eb7d7febb 100644
--- a/content/en/docs/tasks/administer-cluster/cpu-management-policies.md
+++ b/content/en/docs/tasks/administer-cluster/cpu-management-policies.md
@@ -58,12 +58,16 @@ frequency is set through a new Kubelet configuration value
`--cpu-manager-reconcile-period`. If not specified, it defaults to the same
duration as `--node-status-update-frequency`.
+The behavior of the static policy can be fine-tuned using the `--cpu-manager-policy-options` flag.
+The flag takes a comma-separated list of `key=value` policy options.
+
### None policy
The `none` policy explicitly enables the existing default CPU
affinity scheme, providing no affinity beyond what the OS scheduler does
automatically. Limits on CPU usage for
-[Guaranteed pods](/docs/tasks/configure-pod-container/quality-service-pod/)
+[Guaranteed pods](/docs/tasks/configure-pod-container/quality-service-pod/) and
+[Burstable pods](/docs/tasks/configure-pod-container/quality-service-pod/)
are enforced using CFS quota.
### Static policy
@@ -212,4 +216,14 @@ and `requests` are set equal to `limits` when not explicitly specified. And the
container's resource limit for the CPU resource is an integer greater than or
equal to one. The `nginx` container is granted 2 exclusive CPUs.
+#### Static policy options
+If the `full-pcpus-only` policy option is specified, the static policy will always allocate full physical cores.
+You can enable this option by adding `full-pcups-only=true` to the CPUManager policy options.
+By default, without this option, the static policy allocates CPUs using a topology-aware best-fit allocation.
+On SMT enabled systems, the policy can allocate individual virtual cores, which correspond to hardware threads.
+This can lead to different containers sharing the same physical cores; this behaviour in turn contributes
+to the [noisy neighbours problem](https://en.wikipedia.org/wiki/Cloud_computing_issues#Performance_interference_and_noisy_neighbors).
+With the option enabled, the pod will be admitted by the kubelet only if the CPU request of all its containers
+can be fulfilled by allocating full physical cores.
+If the pod does not pass the admission, it will be put in Failed state with the message `SMTAlignmentError`.
diff --git a/content/en/docs/tasks/administer-cluster/dns-custom-nameservers.md b/content/en/docs/tasks/administer-cluster/dns-custom-nameservers.md
index 308b066651..bd2fb3684c 100644
--- a/content/en/docs/tasks/administer-cluster/dns-custom-nameservers.md
+++ b/content/en/docs/tasks/administer-cluster/dns-custom-nameservers.md
@@ -28,7 +28,7 @@ explains how to use `kubeadm` to migrate from `kube-dns`.
DNS is a built-in Kubernetes service launched automatically
using the _addon manager_
-[cluster add-on](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/README.md).
+[cluster add-on](http://releases.k8s.io/master/cluster/addons/README.md).
As of Kubernetes v1.12, CoreDNS is the recommended DNS Server, replacing kube-dns. If your cluster
originally used kube-dns, you may still have `kube-dns` deployed rather than CoreDNS.
diff --git a/content/en/docs/tasks/administer-cluster/dns-debugging-resolution.md b/content/en/docs/tasks/administer-cluster/dns-debugging-resolution.md
index faed4e1cb1..6bc41d2170 100644
--- a/content/en/docs/tasks/administer-cluster/dns-debugging-resolution.md
+++ b/content/en/docs/tasks/administer-cluster/dns-debugging-resolution.md
@@ -288,6 +288,13 @@ This should probably be implemented eventually.
Linux's libc (a.k.a. glibc) has a limit for the DNS `nameserver` records to 3 by default. What's more, for the glibc versions which are older than glibc-2.17-222 ([the new versions update see this issue](https://access.redhat.com/solutions/58028)), the allowed number of DNS `search` records has been limited to 6 ([see this bug from 2005](https://bugzilla.redhat.com/show_bug.cgi?id=168253)). Kubernetes needs to consume 1 `nameserver` record and 3 `search` records. This means that if a local installation already uses 3 `nameserver`s or uses more than 3 `search`es while your glibc version is in the affected list, some of those settings will be lost. To work around the DNS `nameserver` records limit, the node can run `dnsmasq`, which will provide more `nameserver` entries. You can also use kubelet's `--resolv-conf` flag. To fix the DNS `search` records limit, consider upgrading your linux distribution or upgrading to an unaffected version of glibc.
+{{< note >}}
+
+With [Expanded DNS Configuration](/docs/concepts/services-networking/dns-pod-service/#expanded-dns-configuration),
+Kubernetes allows more DNS `search` records.
+
+{{< /note >}}
+
If you are using Alpine version 3.3 or earlier as your base image, DNS may not
work properly due to a known issue with Alpine.
Kubernetes [issue 30215](https://github.com/kubernetes/kubernetes/issues/30215)
diff --git a/content/en/docs/tasks/administer-cluster/encrypt-data.md b/content/en/docs/tasks/administer-cluster/encrypt-data.md
index 8499855bb0..66427133b2 100644
--- a/content/en/docs/tasks/administer-cluster/encrypt-data.md
+++ b/content/en/docs/tasks/administer-cluster/encrypt-data.md
@@ -157,7 +157,7 @@ program to retrieve the contents of your secret.
kubectl describe secret secret1 -n default
```
- should match `mykey: bXlkYXRh`, mydata is encoded, check [decoding a secret](/docs/concepts/configuration/secret#decoding-a-secret) to
+ should match `mykey: bXlkYXRh`, mydata is encoded, check [decoding a secret](/docs/tasks/configmap-secret/managing-secret-using-kubectl/#decoding-secret) to
completely decode the secret.
diff --git a/content/en/docs/tasks/administer-cluster/highly-available-control-plane.md b/content/en/docs/tasks/administer-cluster/highly-available-control-plane.md
index 339f48e41a..f50bfb01d9 100644
--- a/content/en/docs/tasks/administer-cluster/highly-available-control-plane.md
+++ b/content/en/docs/tasks/administer-cluster/highly-available-control-plane.md
@@ -10,7 +10,7 @@ aliases: [ '/docs/tasks/administer-cluster/highly-available-master/' ]
{{< feature-state for_k8s_version="v1.5" state="alpha" >}}
-You can replicate Kubernetes control plane nodes in `kube-up` or `kube-down` scripts for Google Compute Engine.
+You can replicate Kubernetes control plane nodes in `kube-up` or `kube-down` scripts for Google Compute Engine. However this scripts are not suitable for any sort of production use, it's widely used in the project's CI.
This document describes how to use kube-up/down scripts to manage a highly available (HA) control plane and how HA control planes are implemented for use with GCE.
@@ -156,14 +156,14 @@ and the IP address of the first replica will be promoted to IP address of load b
Similarly, after removal of the penultimate control plane node, the load balancer will be removed and its IP address will be assigned to the last remaining replica.
Please note that creation and removal of load balancer are complex operations and it may take some time (~20 minutes) for them to propagate.
-### Master service & kubelets
+### Control plane service & kubelets
Instead of trying to keep an up-to-date list of Kubernetes apiserver in the Kubernetes service,
the system directs all traffic to the external IP:
* in case of a single node control plane, the IP points to the control plane node,
-* in case of an HA control plane, the IP points to the load balancer in-front of the masters.
+* in case of an HA control plane, the IP points to the load balancer in-front of the control plane nodes.
Similarly, the external IP will be used by kubelets to communicate with the control plane.
diff --git a/content/en/docs/tasks/administer-cluster/kubeadm/_index.md b/content/en/docs/tasks/administer-cluster/kubeadm/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md b/content/en/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
index 9d8c672dfe..56af353f89 100644
--- a/content/en/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
+++ b/content/en/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
@@ -163,7 +163,7 @@ Instructions to do so are available at [Install Docker Engine - Enterprise on Wi
#### Install wins, kubelet, and kubeadm
```PowerShell
-curl.exe -LO https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/PrepareNode.ps1
+curl.exe -LO https://raw.githubusercontent.com/kubernetes-sigs/sig-windows-tools/master/kubeadm/scripts/PrepareNode.ps1
.\PrepareNode.ps1 -KubernetesVersion {{< param "fullversion" >}}
```
@@ -206,7 +206,7 @@ If you're using a different interface rather than Ethernet (i.e. "Ethernet0 2")
#### Install wins, kubelet, and kubeadm
```PowerShell
-curl.exe -LO https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/PrepareNode.ps1
+curl.exe -LO https://raw.githubusercontent.com/kubernetes-sigs/sig-windows-tools/master/kubeadm/scripts/PrepareNode.ps1
.\PrepareNode.ps1 -KubernetesVersion {{< param "fullversion" >}} -ContainerRuntime containerD
```
diff --git a/content/en/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver.md b/content/en/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver.md
index 9ed45bd07f..31a9ff0e33 100644
--- a/content/en/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver.md
+++ b/content/en/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver.md
@@ -33,10 +33,8 @@ driver of the kubelet.
{{< note >}}
-{{< feature-state for_k8s_version="v1.21" state="stable" >}}
-
-If the user is not setting the `cgroupDriver` field under `KubeletConfiguration`,
-`kubeadm init` will default it to `systemd`.
+In v1.22, if the user is not setting the `cgroupDriver` field under `KubeletConfiguration`,
+`kubeadm` will default it to `systemd`.
{{< /note >}}
A minimal example of configuring the field explicitly:
@@ -44,7 +42,7 @@ A minimal example of configuring the field explicitly:
```yaml
# kubeadm-config.yaml
kind: ClusterConfiguration
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
kubernetesVersion: v1.21.0
---
kind: KubeletConfiguration
diff --git a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
index e706bf0267..3d4959b536 100644
--- a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
+++ b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
@@ -85,7 +85,11 @@ Additionally, kubeadm informs the user if the certificate is externally managed;
{{< /warning >}}
{{< note >}}
-`kubelet.conf` is not included in the list above because kubeadm configures kubelet for automatic certificate renewal.
+`kubelet.conf` is not included in the list above because kubeadm configures kubelet
+for [automatic certificate renewal](/docs/tasks/tls/certificate-rotation/)
+with rotatable certificates under `/var/lib/kubelet/pki`.
+To repair an expired kubelet client certificate see
+[Kubelet client certificate rotation fails](/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm/#kubelet-client-cert).
{{< /note >}}
{{< warning >}}
@@ -122,7 +126,17 @@ command. In that case, you should explicitly set `--certificate-renewal=true`.
You can renew your certificates manually at any time with the `kubeadm certs renew` command.
-This command performs the renewal using CA (or front-proxy-CA) certificate and key stored in `/etc/kubernetes/pki`.
+This command performs the renewal using CA (or front-proxy-CA) certificate and key stored in `/etc/kubernetes/pki`.
+
+After running the command you should restart the control plane Pods. This is required since
+dynamic certificate reload is currently not supported for all components and certificates.
+[Static Pods](/docs/tasks/configure-pod-container/static-pod/) are managed by the local kubelet
+and not by the API Server, thus kubectl cannot be used to delete and restart them.
+To restart a static Pod you can temporarily remove its manifest file from `/etc/kubernetes/manifests/`
+and wait for 20 seconds (see the `fileCheckFrequency` value in [KubeletConfiguration struct](/docs/reference/config-api/kubelet-config.v1beta1/).
+The kubelet will terminate the Pod if it's no longer in the manifest directory.
+You can then move the file back and after another `fileCheckFrequency` period, the kubelet will recreate
+the Pod and the certificate renewal for the component can complete.
{{< warning >}}
If you are running an HA cluster, this command needs to be executed on all the control-plane nodes.
@@ -142,7 +156,7 @@ The Kubernetes certificates normally reach their expiration date after one year.
## Renew certificates with the Kubernetes certificates API
-This section provide more details about how to execute manual certificate renewal using the Kubernetes certificates API.
+This section provides more details about how to execute manual certificate renewal using the Kubernetes certificates API.
{{< caution >}}
These are advanced topics for users who need to integrate their organization's certificate infrastructure into a kubeadm-built cluster. If the default kubeadm configuration satisfies your needs, you should let kubeadm manage certificates instead.
@@ -157,10 +171,10 @@ The built-in signer is part of [`kube-controller-manager`](/docs/reference/comma
To activate the built-in signer, you must pass the `--cluster-signing-cert-file` and `--cluster-signing-key-file` flags.
-If you're creating a new cluster, you can use a kubeadm [configuration file](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2):
+If you're creating a new cluster, you can use a kubeadm [configuration file](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3):
```yaml
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
controllerManager:
extraArgs:
@@ -219,7 +233,7 @@ To configure the kubelets in a new kubeadm cluster to obtain properly signed ser
certificates you must pass the following minimal configuration to `kubeadm init`:
```yaml
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
---
apiVersion: kubelet.config.k8s.io/v1beta1
diff --git a/content/en/docs/tasks/administer-cluster/kubelet-config-file.md b/content/en/docs/tasks/administer-cluster/kubelet-config-file.md
index b49c84220a..668f4532a5 100644
--- a/content/en/docs/tasks/administer-cluster/kubelet-config-file.md
+++ b/content/en/docs/tasks/administer-cluster/kubelet-config-file.md
@@ -30,17 +30,18 @@ Here is an example of what this file might look like:
```
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
+address: "192.168.0.8",
+port: 20250,
+serializeImagePulls: false,
evictionHard:
memory.available: "200Mi"
```
-In the example, the Kubelet is configured to evict Pods when available memory drops below 200Mi.
+In the example, the Kubelet is configured to serve on IP address 192.168.0.8 and port 20250, pull images in parallel,
+and evict Pods when available memory drops below 200Mi.
All other Kubelet configuration values are left at their built-in defaults, unless overridden
by flags. Command line flags which target the same value as a config file will override that value.
-For a trick to generate a configuration file from a live node, see
-[Reconfigure a Node's Kubelet in a Live Cluster](/docs/tasks/administer-cluster/reconfigure-kubelet).
-
## Start a Kubelet process configured via the config file
{{< note >}}
@@ -65,12 +66,6 @@ In the above example, this version is `kubelet.config.k8s.io/v1beta1`.
-## Relationship to Dynamic Kubelet Config
-
-If you are using the [Dynamic Kubelet Configuration](/docs/tasks/administer-cluster/reconfigure-kubelet)
-feature, the combination of configuration provided via `--config` and any flags which override these values
-is considered the default "last known good" configuration by the automatic rollback mechanism.
-
## {{% heading "whatsnext" %}}
- Learn more about kubelet configuration by checking the
diff --git a/content/en/docs/tasks/administer-cluster/kubelet-in-userns.md b/content/en/docs/tasks/administer-cluster/kubelet-in-userns.md
new file mode 100644
index 0000000000..7b90c5cfd1
--- /dev/null
+++ b/content/en/docs/tasks/administer-cluster/kubelet-in-userns.md
@@ -0,0 +1,252 @@
+---
+title: Running Kubernetes Node Components as a Non-root User
+content_type: task
+min-kubernetes-server-version: 1.22
+---
+
+
+
+{{< feature-state for_k8s_version="v1.22" state="alpha" >}}
+
+This document describes how to run Kubernetes Node components such as kubelet, CRI, OCI, and CNI
+without root privileges, by using a {{< glossary_tooltip text="user namespace" term_id="userns" >}}.
+
+This technique is also known as _rootless mode_.
+
+{{< note >}}
+This document describes how to run Kubernetes Node components (and hence pods) a non-root user.
+
+If you are just looking for how to run a pod as a non-root user, see [SecurityContext](/docs/tasks/configure-pod-container/security-context/).
+{{< /note >}}
+
+## {{% heading "prerequisites" %}}
+
+{{% version-check %}}
+
+* [Enable Cgroup v2](https://rootlesscontaine.rs/getting-started/common/cgroup2/)
+* [Enable systemd with user session](https://rootlesscontaine.rs/getting-started/common/login/)
+* [Configure several sysctl values, depending on host Linux distribution](https://rootlesscontaine.rs/getting-started/common/sysctl/)
+* [Ensure that your unprivileged user is listed in `/etc/subuid` and `/etc/subgid`](https://rootlesscontaine.rs/getting-started/common/subuid/)
+
+* `KubeletInUserNamespace` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
+
+
+
+## Running Kubernetes inside Rootless Docker/Podman
+
+[kind](https://kind.sigs.k8s.io/) supports running Kubernetes inside a Rootless Docker or Rootless Podman.
+
+See [Running kind with Rootless Docker](https://kind.sigs.k8s.io/docs/user/rootless/).
+
+
+
+## Running Rootless Kubernetes directly on a host
+
+{{% thirdparty-content %}}
+
+### K3s
+
+[K3s](https://k3s.io/) experimentally supports rootless mode.
+
+See [Running K3s with Rootless mode](https://rancher.com/docs/k3s/latest/en/advanced/#running-k3s-with-rootless-mode-experimental) for the usage.
+
+### Usernetes
+[Usernetes](https://github.com/rootless-containers/usernetes) is a reference distribution of Kubernetes that can be installed under `$HOME` directory without the root privilege.
+
+Usernetes supports both containerd and CRI-O as CRI runtimes.
+Usernetes supports multi-node clusters using Flannel (VXLAN).
+
+See [the Usernetes repo](https://github.com/rootless-containers/usernetes) for the usage.
+
+## Manually deploy a node that runs the kubelet in a user namespace {#userns-the-hard-way}
+
+This section provides hints for running Kubernetes in a user namespace manually.
+
+{{< note >}}
+This section is intended to be read by developers of Kubernetes distributions, not by end users.
+{{< /note >}}
+
+### Creating a user namespace
+
+The first step is to create a {{< glossary_tooltip text="user namespace" term_id="userns" >}}.
+
+If you are trying to run Kubernetes in a user-namespaced container such as
+Rootless Docker/Podman or LXC/LXD, you are all set, and you can go to the next subsection.
+
+Otherwise you have to create a user namespace by yourself, by calling `unshare(2)` with `CLONE_NEWUSER`.
+
+A user namespace can be also unshared by using command line tools such as:
+- [RootlessKit](https://github.com/rootless-containers/rootlesskit)
+- [become-root](https://github.com/giuseppe/become-root)
+- [`unshare(1)`](https://man7.org/linux/man-pages/man1/unshare.1.html)
+
+After unsharing the user namespace, you will also have to unshare other namespaces such as mount namespace.
+
+You do *not* need to call `chroot()` nor `pivot_root()` after unsharing the mount namespace,
+however, you have to mount writable filesystems on several directories *in* the namespace.
+
+At least, the following directories need to be writable *in* the namespace (not *outside* the namespace):
+
+- `/etc`
+- `/run`
+- `/var/logs`
+- `/var/lib/kubelet`
+- `/var/lib/cni`
+- `/var/lib/containerd` (for containerd)
+- `/var/lib/containers` (for CRI-O)
+
+### Creating a delegated cgroup tree
+
+In addition to the user namespace, you also need to have a writable cgroup tree with cgroup v2.
+
+{{< note >}}
+Kubernetes support for running Node components in user namespaces requires cgroup v2.
+Cgroup v1 is not supported.
+{{< /note >}}
+
+If you are trying to run Kubernetes in Rootless Docker/Podman or LXC/LXD on a systemd-based host, you are all set.
+
+Otherwise you have to create a systemd unit with `Delegate=yes` property to delegate a cgroup tree with writable permission.
+
+On your node, systemd must already be configured to allow delegation; for more details, see
+[cgroup v2](https://rootlesscontaine.rs/getting-started/common/cgroup2/) in the Rootless
+Containers documentation.
+
+### Configuring network
+{{% thirdparty-content %}}
+
+The network namespace of the Node components has to have a non-loopback interface, which can be for example configured with
+slirp4netns, VPNKit, or lxc-user-nic.
+
+The network namespaces of the Pods can be configured with regular CNI plugins.
+For multi-node networking, Flannel (VXLAN, 8472/UDP) is known to work.
+
+Ports such as the kubelet port (10250/TCP) and `NodePort` service ports have to be exposed from the Node network namespace to
+the host with an external port forwarder, such as RootlessKit, slirp4netns, or socat.
+
+You can use the port forwarder from K3s; see https://github.com/k3s-io/k3s/blob/v1.21.2+k3s1/pkg/rootlessports/controller.go
+
+### Configuring CRI
+
+The kubelet relies on a container runtime. You should deploy a container runtime such as containerd or CRI-O and ensure that it is running within the user namespace before the kubelet starts.
+
+{{< tabs name="cri" >}}
+{{% tab name="containerd" %}}
+
+Running CRI plugin of containerd in a user namespace is supported since containerd 1.4.
+
+Running containerd within a user namespace requires the following configuration:
+
+```toml
+version = 2
+
+[plugins."io.containerd.grpc.v1.cri"]
+# Disable AppArmor
+ disable_apparmor = true
+# Ignore an error during setting oom_score_adj
+ restrict_oom_score_adj = true
+# Disable hugetlb cgroup v2 controller (because systemd does not support delegating hugetlb controller)
+ disable_hugetlb_controller = true
+
+[plugins."io.containerd.grpc.v1.cri".containerd]
+# Using non-fuse overlayfs is also possible for kernel >= 5.11, but requires SELinux to be disabled
+ snapshotter = "fuse-overlayfs"
+
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+# We use cgroupfs that is delegated by systemd, so we do not use SystemdCgroup driver
+# (unless you run another systemd in the namespace)
+ SystemdCgroup = false
+```
+
+{{% /tab %}}
+{{% tab name="CRI-O" %}}
+
+Running CRI-O in a user namespace is supported since CRI-O 1.22.
+
+CRI-O requires an environment variable `_CRIO_ROOTLESS=1` to be set.
+
+The following configuration is also recommended:
+
+```toml
+[crio]
+ storage_driver = "overlay"
+# Using non-fuse overlayfs is also possible for kernel >= 5.11, but requires SELinux to be disabled
+ storage_option = ["overlay.mount_program=/usr/local/bin/fuse-overlayfs"]
+
+[crio.runtime]
+# We use cgroupfs that is delegated by systemd, so we do not use "systemd" driver
+# (unless you run another systemd in the namespace)
+ cgroup_manager = "cgroupfs"
+```
+
+{{% /tab %}}
+{{< /tabs >}}
+
+### Configuring kubelet
+
+Running kubelet in a user namespace requires the following configuration:
+
+```yaml
+kind: KubeletConfiguration
+apiVersion: kubelet.config.k8s.io/v1beta1
+featureGates:
+ KubeletInUserNamespace: true
+# We use cgroupfs that is delegated by systemd, so we do not use "systemd" driver
+# (unless you run another systemd in the namespace)
+cgroupDriver: "cgroupfs"
+```
+
+When the `KubeletInUserNamespace` feature gate is enabled, kubelet ignores errors that may happen during setting the following sysctl values:
+- `vm.overcommit_memory`
+- `vm.panic_on_oom`
+- `kernel.panic`
+- `kernel.panic_on_oops`
+- `kernel.keys.root_maxkeys`
+- `kernel.keys.root_maxbytes`.
+ (these are sysctl values for the host, not for the containers).
+
+Within a user namespace, the kubelet also ignores any error raised from trying to open `/dev/kmsg`.
+This feature gate also allows kube-proxy to ignore an error during setting `RLIMIT_NOFILE`.
+
+The `KubeletInUserNamespace` feature gate was introduced in Kubernetes v1.22 with "alpha" status.
+
+Running kubelet in a user namespace without using this feature gate is also possible by mounting a specially crafted proc filesystem,
+but not officially supported.
+
+### Configuring kube-proxy
+
+Running kube-proxy in a user namespace requires the following configuration:
+
+```yaml
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+kind: KubeProxyConfiguration
+mode: "iptables" # or "userspace"
+conntrack:
+# Skip setting sysctl value "net.netfilter.nf_conntrack_max"
+ maxPerCore: 0
+# Skip setting "net.netfilter.nf_conntrack_tcp_timeout_established"
+ tcpEstablishedTimeout: 0s
+# Skip setting "net.netfilter.nf_conntrack_tcp_timeout_close"
+ tcpCloseWaitTimeout: 0s
+```
+
+## Caveats
+
+- Most of "non-local" volume drivers such as `nfs` and `iscsi` do not work.
+ Local volumes like `local`, `hostPath`, `emptyDir`, `configMap`, `secret`, and `downwardAPI` are known to work.
+
+- Some CNI plugins may not work. Flannel (VXLAN) is known to work.
+
+For more on this, see the [Caveats and Future work](https://rootlesscontaine.rs/caveats/) page
+on the rootlesscontaine.rs website.
+
+## {{% heading "seealso" %}}
+- [rootlesscontaine.rs](https://rootlesscontaine.rs/)
+- [Rootless Containers 2020 (KubeCon NA 2020)](https://www.slideshare.net/AkihiroSuda/kubecon-na-2020-containerd-rootless-containers-2020)
+- [Running kind with Rootless Docker](https://kind.sigs.k8s.io/docs/user/rootless/)
+- [Usernetes](https://github.com/rootless-containers/usernetes)
+- [Running K3s with rootless mode](https://rancher.com/docs/k3s/latest/en/advanced/#running-k3s-with-rootless-mode-experimental)
+- [KEP-2033: Kubelet-in-UserNS (aka Rootless mode)](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2033-kubelet-in-userns-aka-rootless)
diff --git a/content/en/docs/tasks/administer-cluster/memory-manager.md b/content/en/docs/tasks/administer-cluster/memory-manager.md
index 60f2ded206..27a0ed2405 100644
--- a/content/en/docs/tasks/administer-cluster/memory-manager.md
+++ b/content/en/docs/tasks/administer-cluster/memory-manager.md
@@ -1,5 +1,5 @@
---
-title: Memory Manager
+title: Utilizing the NUMA-aware Memory Manager
reviewers:
- klueska
@@ -11,7 +11,7 @@ min-kubernetes-server-version: v1.21
-{{< feature-state state="alpha" for_k8s_version="v1.21" >}}
+{{< feature-state state="beta" for_k8s_version="v1.22" >}}
The Kubernetes *Memory Manager* enables the feature of guaranteed memory (and hugepages) allocation for pods in the `Guaranteed` {{< glossary_tooltip text="QoS class" term_id="qos-class" >}}.
@@ -29,12 +29,14 @@ To align memory resources with other requested resources in a Pod Spec:
- the CPU Manager should be enabled and proper CPU Manager policy should be configured on a Node. See [control CPU Management Policies](/docs/tasks/administer-cluster/cpu-management-policies/);
- the Topology Manager should be enabled and proper Topology Manager policy should be configured on a Node. See [control Topology Management Policies](/docs/tasks/administer-cluster/topology-manager/).
-Support for the Memory Manager requires `MemoryManager` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) to be enabled.
+Starting from v1.22, the Memory Manager is enabled by default through `MemoryManager` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/).
-That is, the `kubelet` must be started with the following flag:
+Preceding v1.22, the `kubelet` must be started with the following flag:
`--feature-gates=MemoryManager=true`
+in order to enable the Memory Manager feature.
+
## How Memory Manager Operates?
The Memory Manager currently offers the guaranteed memory (and hugepages) allocation for Pods in Guaranteed QoS class. To immediately put the Memory Manager into operation follow the guidelines in the section [Memory Manager configuration](#memory-manager-configuration), and subsequently, prepare and deploy a `Guaranteed` pod as illustrated in the section [Placing a Pod in the Guaranteed QoS class](#placing-a-pod-in-the-guaranteed-qos-class).
@@ -51,7 +53,7 @@ The Memory Manager updates the Node Map during the startup and runtime as follow
This occurs once a node administrator employs `--reserved-memory` (section [Reserved memory flag](#reserved-memory-flag)). In this case, the Node Map becomes updated to reflect this reservation as illustrated in [Memory Manager KEP: Memory Maps at start-up (with examples)][5].
-The administrator must provide `--reserved-memory` flag when `static` policy is configured.
+The administrator must provide `--reserved-memory` flag when `Static` policy is configured.
### Runtime
@@ -61,7 +63,7 @@ Important topic in the context of Memory Manager operation is the management of
## Memory Manager configuration
-Other Managers should be first pre-configured (section [Pre-configuration](#pre-configuration)). Next, the Memory Manger feature should be enabled (section [Enable the Memory Manager feature](#enable-the-memory-manager-feature)) and be run with `static` policy (section [static policy](#static-policy)). Optionally, some amount of memory can be reserved for system or kubelet processes to increase node stability (section [Reserved memory flag](#reserved-memory-flag)).
+Other Managers should be first pre-configured (section [Pre-configuration](#pre-configuration)). Next, the Memory Manger feature should be enabled (section [Enable the Memory Manager feature](#enable-the-memory-manager-feature)) and be run with `Static` policy (section [Static policy](#static-policy)). Optionally, some amount of memory can be reserved for system or kubelet processes to increase node stability (section [Reserved memory flag](#reserved-memory-flag)).
### Policies
@@ -69,21 +71,21 @@ Memory Manager supports two policies. You can select a policy via a `kubelet` fl
Two policies can be selected:
-* `none` (default)
-* `static`
+* `None` (default)
+* `Static`
-#### none policy {#policy-none}
+#### None policy {#policy-none}
This is the default policy and does not affect the memory allocation in any way.
It acts the same as if the Memory Manager is not present at all.
-The `none` policy returns default topology hint. This special hint denotes that Hint Provider (Memory Manger in this case) has no preference for NUMA affinity with any resource.
+The `None` policy returns default topology hint. This special hint denotes that Hint Provider (Memory Manger in this case) has no preference for NUMA affinity with any resource.
-#### static policy {#policy-static}
+#### Static policy {#policy-static}
-In the case of the `Guaranteed` pod, the `static` Memory Manger policy returns topology hints relating to the set of NUMA nodes where the memory can be guaranteed, and reserves the memory through updating the internal [NodeMap][2] object.
+In the case of the `Guaranteed` pod, the `Static` Memory Manger policy returns topology hints relating to the set of NUMA nodes where the memory can be guaranteed, and reserves the memory through updating the internal [NodeMap][2] object.
-In the case of the `BestEffort` or `Burstable` pod, the `static` Memory Manager policy sends back the default topology hint as there is no request for the guaranteed memory, and does not reserve the memory in the internal [NodeMap][2] object.
+In the case of the `BestEffort` or `Burstable` pod, the `Static` Memory Manager policy sends back the default topology hint as there is no request for the guaranteed memory, and does not reserve the memory in the internal [NodeMap][2] object.
### Reserved memory flag
@@ -100,7 +102,7 @@ The Memory Manager will not use this reserved memory for the allocation of conta
For example, if you have a NUMA node "NUMA0" with `10Gi` of memory available, and the `--reserved-memory` was specified to reserve `1Gi` of memory at "NUMA0", the Memory Manager assumes that only `9Gi` is available for containers.
-You can omit this parameter, however, you should be aware that the quantity of reserved memory from all NUMA nodes should be equal to the quantity of memory specified by the [Node Allocatable feature](/docs/tasks/administer-cluster/reserve-compute-resources/). If at least one node allocatable parameter is non-zero, you will need to specify `--reserved-memory` for at least one NUMA node. In fact, `eviction-hard` threshold value is equal to `100Mi` by default, so if `static` policy is used, `--reserved-memory` is obligatory.
+You can omit this parameter, however, you should be aware that the quantity of reserved memory from all NUMA nodes should be equal to the quantity of memory specified by the [Node Allocatable feature](/docs/tasks/administer-cluster/reserve-compute-resources/). If at least one node allocatable parameter is non-zero, you will need to specify `--reserved-memory` for at least one NUMA node. In fact, `eviction-hard` threshold value is equal to `100Mi` by default, so if `Static` policy is used, `--reserved-memory` is obligatory.
Also, avoid the following configurations:
1. duplicates, i.e. the same NUMA node or memory type, but with a different value;
@@ -152,7 +154,7 @@ Here is an example of a correct configuration:
--feature-gates=MemoryManager=true
--kube-reserved=cpu=4,memory=4Gi
--system-reserved=cpu=1,memory=1Gi
---memory-manager-policy=static
+--memory-manager-policy=Static
--reserved-memory 0:memory=3Gi --reserved-memory 1:memory=2148Mi
```
Let us validate the configuration above:
@@ -163,7 +165,7 @@ Let us validate the configuration above:
## Placing a Pod in the Guaranteed QoS class
-If the selected policy is anything other than `none`, the Memory Manager identifies pods that are in the `Guaranteed` QoS class. The Memory Manager provides specific topology hints to the Topology Manager for each `Guaranteed` pod. For pods in a QoS class other than `Guaranteed`, the Memory Manager provides default topology hints to the Topology Manager.
+If the selected policy is anything other than `None`, the Memory Manager identifies pods that are in the `Guaranteed` QoS class. The Memory Manager provides specific topology hints to the Topology Manager for each `Guaranteed` pod. For pods in a QoS class other than `Guaranteed`, the Memory Manager provides default topology hints to the Topology Manager.
The following excerpts from pod manifests assign a pod to the `Guaranteed` QoS class.
@@ -211,6 +213,10 @@ The following means can be used to troubleshoot the reason why a pod could not b
- pod status - indicates topology affinity errors
- system logs - include valuable information for debugging, e.g., about generated hints
- state file - the dump of internal state of the Memory Manager (includes [Node Map and Memory Maps][2])
+- starting from v1.22, the [device plugin resource API](#device-plugin-resource-api) can be used
+ to retrieve information about the memory reserved for containers
+
+
### Pod status (TopologyAffinityError) {#TopologyAffinityError}
@@ -270,7 +276,7 @@ spec:
Next, let us log into the node where it was deployed and examine the state file in `/var/lib/kubelet/memory_manager_state`:
```json
{
- "policyName":"static",
+ "policyName":"Static",
"machineState":{
"0":{
"numberOfAssignments":1,
@@ -358,6 +364,10 @@ For example, the total amount of free "conventional" memory in the group can be
The line `"systemReserved":3221225472` indicates that the administrator of this node reserved `3221225472` bytes (i.e. `3Gi`) to serve kubelet and system processes at NUMA node `0`, by using `--reserved-memory` flag.
+### Device plugin resource API
+
+By employing the [API](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/), the information about reserved memory for each container can be retrieved, which is contained in protobuf `ContainerMemory` message. This information can be retrieved solely for pods in Guaranteed QoS class.
+
## {{% heading "whatsnext" %}}
- [Memory Manager KEP: Design Overview][4]
diff --git a/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/_index.md b/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents.md b/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents.md
index dd813754e4..ddfefb6f49 100644
--- a/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents.md
+++ b/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents.md
@@ -78,3 +78,4 @@ telemetry agents on the node, make sure to check with the vendor of the agent wh
We keep the work in progress version of migration instructions for various telemetry and security agent vendors
in [Google doc](https://docs.google.com/document/d/1ZFi4uKit63ga5sxEiZblfb-c23lFhvy6RXVPikS8wf0/edit#).
Please contact the vendor to get up to date instructions for migrating from dockershim.
+
diff --git a/content/en/docs/tasks/administer-cluster/namespaces.md b/content/en/docs/tasks/administer-cluster/namespaces.md
index 2934e1c0f7..231de37e26 100644
--- a/content/en/docs/tasks/administer-cluster/namespaces.md
+++ b/content/en/docs/tasks/administer-cluster/namespaces.md
@@ -78,7 +78,8 @@ A namespace can be in one of two phases:
* `Active` the namespace is in use
* `Terminating` the namespace is being deleted, and can not be used for new objects
-See the [design doc](https://git.k8s.io/community/contributors/design-proposals/architecture/namespaces.md#phases) for more details.
+For more details, see [Namespace](/docs/reference/kubernetes-api/cluster-resources/namespace-v1/)
+in the API reference.
## Creating a new namespace
@@ -313,7 +314,7 @@ across namespaces, you need to use the fully qualified domain name (FQDN).
* Learn more about [setting the namespace preference](/docs/concepts/overview/working-with-objects/namespaces/#setting-the-namespace-preference).
* Learn more about [setting the namespace for a request](/docs/concepts/overview/working-with-objects/namespaces/#setting-the-namespace-for-a-request)
-* See [namespaces design](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/design-proposals/architecture/namespaces.md).
+* See [namespaces design](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/namespaces.md).
diff --git a/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md b/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md
index 948893d3ea..74b8d2182e 100644
--- a/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md
+++ b/content/en/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md
@@ -24,45 +24,59 @@ For background on Cilium, read the [Introduction to Cilium](https://docs.cilium.
## Deploying Cilium on Minikube for Basic Testing
To get familiar with Cilium easily you can follow the
-[Cilium Kubernetes Getting Started Guide](https://docs.cilium.io/en/stable/gettingstarted/minikube/)
+[Cilium Kubernetes Getting Started Guide](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/)
to perform a basic DaemonSet installation of Cilium in minikube.
-To start minikube, minimal version required is >= v1.3.1, run the with the
+To start minikube, minimal version required is >= v1.5.2, run the with the
following arguments:
```shell
minikube version
```
```
-minikube version: v1.3.1
+minikube version: v1.5.2
```
```shell
-minikube start --network-plugin=cni --memory=4096
+minikube start --network-plugin=cni
```
-Mount the BPF filesystem:
+For minikube you can install Cilium using its CLI tool. Cilium will
+automatically detect the cluster configuration and will install the appropriate
+components for a successful installation:
```shell
-minikube ssh -- sudo mount bpffs -t bpf /sys/fs/bpf
-```
-
-For minikube you can deploy this simple ''all-in-one'' YAML file that includes
-DaemonSet configurations for Cilium as well as appropriate RBAC settings:
-
-```shell
-kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.8/install/kubernetes/quick-install.yaml
+curl -LO https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
+sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin
+rm cilium-linux-amd64.tar.gz
+cilium install
```
```
-configmap/cilium-config created
-serviceaccount/cilium created
-serviceaccount/cilium-operator created
-clusterrole.rbac.authorization.k8s.io/cilium created
-clusterrole.rbac.authorization.k8s.io/cilium-operator created
-clusterrolebinding.rbac.authorization.k8s.io/cilium created
-clusterrolebinding.rbac.authorization.k8s.io/cilium-operator created
-daemonset.apps/cilium create
-deployment.apps/cilium-operator created
+🔮 Auto-detected Kubernetes kind: minikube
+✨ Running "minikube" validation checks
+✅ Detected minikube version "1.20.0"
+ℹ️ Cilium version not set, using default version "v1.10.0"
+🔮 Auto-detected cluster name: minikube
+🔮 Auto-detected IPAM mode: cluster-pool
+🔮 Auto-detected datapath mode: tunnel
+🔑 Generating CA...
+2021/05/27 02:54:44 [INFO] generate received request
+2021/05/27 02:54:44 [INFO] received CSR
+2021/05/27 02:54:44 [INFO] generating key: ecdsa-256
+2021/05/27 02:54:44 [INFO] encoded CSR
+2021/05/27 02:54:44 [INFO] signed certificate with serial number 48713764918856674401136471229482703021230538642
+🔑 Generating certificates for Hubble...
+2021/05/27 02:54:44 [INFO] generate received request
+2021/05/27 02:54:44 [INFO] received CSR
+2021/05/27 02:54:44 [INFO] generating key: ecdsa-256
+2021/05/27 02:54:44 [INFO] encoded CSR
+2021/05/27 02:54:44 [INFO] signed certificate with serial number 3514109734025784310086389188421560613333279574
+🚀 Creating Service accounts...
+🚀 Creating Cluster roles...
+🚀 Creating ConfigMap...
+🚀 Creating Agent DaemonSet...
+🚀 Creating Operator Deployment...
+⌛ Waiting for Cilium to be installed...
```
The remainder of the Getting Started Guide explains how to enforce both L3/L4
@@ -85,14 +99,14 @@ Deploying a cluster with Cilium adds Pods to the `kube-system` namespace. To see
this list of Pods run:
```shell
-kubectl get pods --namespace=kube-system
+kubectl get pods --namespace=kube-system -l k8s-app=cilium
```
You'll see a list of Pods similar to this:
```console
-NAME READY STATUS RESTARTS AGE
-cilium-6rxbd 1/1 Running 0 1m
+NAME READY STATUS RESTARTS AGE
+cilium-kkdhz 1/1 Running 0 3m23s
...
```
diff --git a/content/en/docs/tasks/administer-cluster/reconfigure-kubelet.md b/content/en/docs/tasks/administer-cluster/reconfigure-kubelet.md
index 4ec3b428d0..466910f30f 100644
--- a/content/en/docs/tasks/administer-cluster/reconfigure-kubelet.md
+++ b/content/en/docs/tasks/administer-cluster/reconfigure-kubelet.md
@@ -8,7 +8,14 @@ min-kubernetes-server-version: v1.11
---
-{{< feature-state for_k8s_version="v1.11" state="beta" >}}
+{{< feature-state for_k8s_version="v1.22" state="deprecated" >}}
+
+{{< caution >}}
+[Dynamic Kubelet Configuration](https://github.com/kubernetes/enhancements/issues/281)
+feature is deprecated and should not be used.
+Please switch to alternative means distributing configuration to the Nodes of your cluster.
+{{< /caution >}}
+
[Dynamic Kubelet Configuration](https://github.com/kubernetes/enhancements/issues/281)
allows you to change the configuration of each
diff --git a/content/en/docs/tasks/administer-cluster/reserve-compute-resources.md b/content/en/docs/tasks/administer-cluster/reserve-compute-resources.md
index a5661263f2..d4cce14870 100644
--- a/content/en/docs/tasks/administer-cluster/reserve-compute-resources.md
+++ b/content/en/docs/tasks/administer-cluster/reserve-compute-resources.md
@@ -17,33 +17,27 @@ itself. Unless resources are set aside for these system daemons, pods and system
daemons compete for resources and lead to resource starvation issues on the
node.
-The `kubelet` exposes a feature named `Node Allocatable` that helps to reserve
+The `kubelet` exposes a feature named 'Node Allocatable' that helps to reserve
compute resources for system daemons. Kubernetes recommends cluster
-administrators to configure `Node Allocatable` based on their workload density
+administrators to configure 'Node Allocatable' based on their workload density
on each node.
-
-
-
## {{% heading "prerequisites" %}}
-
{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
Your Kubernetes server must be at or later than version 1.17 to use
the kubelet command line option `--reserved-cpus` to set an
[explicitly reserved CPU list](#explicitly-reserved-cpu-list).
-
-
## Node Allocatable
-`Allocatable` on a Kubernetes node is defined as the amount of compute resources
+'Allocatable' on a Kubernetes node is defined as the amount of compute resources
that are available for pods. The scheduler does not over-subscribe
-`Allocatable`. `CPU`, `memory` and `ephemeral-storage` are supported as of now.
+'Allocatable'. 'CPU', 'memory' and 'ephemeral-storage' are supported as of now.
Node Allocatable is exposed as part of `v1.Node` object in the API and as part
of `kubectl describe node` in the CLI.
@@ -97,8 +91,7 @@ flag.
It is recommended that the kubernetes system daemons are placed under a top
level control group (`runtime.slice` on systemd machines for example). Each
system daemon should ideally run within its own child control group. Refer to
-[this
-doc](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md#recommended-cgroups-setup)
+[the design proposal](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md#recommended-cgroups-setup)
for more details on recommended control group hierarchy.
Note that Kubelet **does not** create `--kube-reserved-cgroup` if it doesn't
@@ -109,7 +102,6 @@ exist. Kubelet will fail if an invalid cgroup is specified.
- **Kubelet Flag**: `--system-reserved=[cpu=100m][,][memory=100Mi][,][ephemeral-storage=1Gi][,][pid=1000]`
- **Kubelet Flag**: `--system-reserved-cgroup=`
-
`system-reserved` is meant to capture resource reservation for OS system daemons
like `sshd`, `udev`, etc. `system-reserved` should reserve `memory` for the
`kernel` too since `kernel` memory is not accounted to pods in Kubernetes at this time.
@@ -127,13 +119,14 @@ kubelet flag.
It is recommended that the OS system daemons are placed under a top level
control group (`system.slice` on systemd machines for example).
-Note that Kubelet **does not** create `--system-reserved-cgroup` if it doesn't
-exist. Kubelet will fail if an invalid cgroup is specified.
+Note that `kubelet` **does not** create `--system-reserved-cgroup` if it doesn't
+exist. `kubelet` will fail if an invalid cgroup is specified.
### Explicitly Reserved CPU List
+
{{< feature-state for_k8s_version="v1.17" state="stable" >}}
-- **Kubelet Flag**: `--reserved-cpus=0-3`
+**Kubelet Flag**: `--reserved-cpus=0-3`
`reserved-cpus` is meant to define an explicit CPU set for OS system daemons and
kubernetes system daemons. `reserved-cpus` is for systems that do not intend to
@@ -154,14 +147,15 @@ For example: in Centos, you can do this using the tuned toolset.
### Eviction Thresholds
-- **Kubelet Flag**: `--eviction-hard=[memory.available<500Mi]`
+**Kubelet Flag**: `--eviction-hard=[memory.available<500Mi]`
Memory pressure at the node level leads to System OOMs which affects the entire
node and all pods running on it. Nodes can go offline temporarily until memory
has been reclaimed. To avoid (or reduce the probability of) system OOMs kubelet
-provides [`Out of Resource`](/docs/tasks/administer-cluster/out-of-resource/) management. Evictions are
+provides [out of resource](/docs/concepts/scheduling-eviction/node-pressure-eviction/)
+management. Evictions are
supported for `memory` and `ephemeral-storage` only. By reserving some memory via
-`--eviction-hard` flag, the `kubelet` attempts to `evict` pods whenever memory
+`--eviction-hard` flag, the `kubelet` attempts to evict pods whenever memory
availability on the node drops below the reserved value. Hypothetically, if
system daemons did not exist on a node, pods cannot use more than `capacity -
eviction-hard`. For this reason, resources reserved for evictions are not
@@ -169,17 +163,17 @@ available for pods.
### Enforcing Node Allocatable
-- **Kubelet Flag**: `--enforce-node-allocatable=pods[,][system-reserved][,][kube-reserved]`
+**Kubelet Flag**: `--enforce-node-allocatable=pods[,][system-reserved][,][kube-reserved]`
-The scheduler treats `Allocatable` as the available `capacity` for pods.
+The scheduler treats 'Allocatable' as the available `capacity` for pods.
-`kubelet` enforce `Allocatable` across pods by default. Enforcement is performed
+`kubelet` enforce 'Allocatable' across pods by default. Enforcement is performed
by evicting pods whenever the overall usage across all pods exceeds
-`Allocatable`. More details on eviction policy can be found
-[here](/docs/tasks/administer-cluster/out-of-resource/#eviction-policy). This enforcement is controlled by
+'Allocatable'. More details on eviction policy can be found
+on the [node pressure eviction](/docs/concepts/scheduling-eviction/node-pressure-eviction/)
+page. This enforcement is controlled by
specifying `pods` value to the kubelet flag `--enforce-node-allocatable`.
-
Optionally, `kubelet` can be made to enforce `kube-reserved` and
`system-reserved` by specifying `kube-reserved` & `system-reserved` values in
the same flag. Note that to enforce `kube-reserved` or `system-reserved`,
@@ -188,10 +182,10 @@ respectively.
## General Guidelines
-System daemons are expected to be treated similar to `Guaranteed` pods. System
+System daemons are expected to be treated similar to 'Guaranteed' pods. System
daemons can burst within their bounding control groups and this behavior needs
to be managed as part of kubernetes deployments. For example, `kubelet` should
-have its own control group and share `Kube-reserved` resources with the
+have its own control group and share `kube-reserved` resources with the
container runtime. However, Kubelet cannot burst and use up all available Node
resources if `kube-reserved` is enforced.
@@ -200,9 +194,9 @@ to critical system services being CPU starved, OOM killed, or unable
to fork on the node. The
recommendation is to enforce `system-reserved` only if a user has profiled their
nodes exhaustively to come up with precise estimates and is confident in their
-ability to recover if any process in that group is oom_killed.
+ability to recover if any process in that group is oom-killed.
-* To begin with enforce `Allocatable` on `pods`.
+* To begin with enforce 'Allocatable' on `pods`.
* Once adequate monitoring and alerting is in place to track kube system
daemons, attempt to enforce `kube-reserved` based on usage heuristics.
* If absolutely necessary, enforce `system-reserved` over time.
@@ -212,8 +206,6 @@ more features are added. Over time, kubernetes project will attempt to bring
down utilization of node system daemons, but that is not a priority as of now.
So expect a drop in `Allocatable` capacity in future releases.
-
-
## Example Scenario
@@ -225,15 +217,15 @@ Here is an example to illustrate Node Allocatable computation:
* `--system-reserved` is set to `cpu=500m,memory=1Gi,ephemeral-storage=1Gi`
* `--eviction-hard` is set to `memory.available<500Mi,nodefs.available<10%`
-Under this scenario, `Allocatable` will be `14.5 CPUs`, `28.5Gi` of memory and
+Under this scenario, 'Allocatable' will be 14.5 CPUs, 28.5Gi of memory and
`88Gi` of local storage.
Scheduler ensures that the total memory `requests` across all pods on this node does
-not exceed `28.5Gi` and storage doesn't exceed `88Gi`.
-Kubelet evicts pods whenever the overall memory usage across pods exceeds `28.5Gi`,
-or if overall disk usage exceeds `88Gi` If all processes on the node consume as
-much CPU as they can, pods together cannot consume more than `14.5 CPUs`.
+not exceed 28.5Gi and storage doesn't exceed 88Gi.
+Kubelet evicts pods whenever the overall memory usage across pods exceeds 28.5Gi,
+or if overall disk usage exceeds 88Gi If all processes on the node consume as
+much CPU as they can, pods together cannot consume more than 14.5 CPUs.
If `kube-reserved` and/or `system-reserved` is not enforced and system daemons
exceed their reservation, `kubelet` evicts pods whenever the overall node memory
-usage is higher than `31.5Gi` or `storage` is greater than `90Gi`
+usage is higher than 31.5Gi or `storage` is greater than 90Gi.
diff --git a/content/en/docs/tasks/administer-cluster/safely-drain-node.md b/content/en/docs/tasks/administer-cluster/safely-drain-node.md
index 0fc0a97ffc..04c908c592 100644
--- a/content/en/docs/tasks/administer-cluster/safely-drain-node.md
+++ b/content/en/docs/tasks/administer-cluster/safely-drain-node.md
@@ -29,7 +29,7 @@ This task also assumes that you have met the following prerequisites:
## (Optional) Configure a disruption budget {#configure-poddisruptionbudget}
-To endure that your workloads remain available during maintenance, you can
+To ensure that your workloads remain available during maintenance, you can
configure a [PodDisruptionBudget](/docs/concepts/workloads/pods/disruptions/).
If availability is important for any applications that run or could run on the node(s)
@@ -109,6 +109,28 @@ Pod can be thought of as a kind of policy-controlled DELETE operation on the Pod
itself. To attempt an eviction (more precisely: to attempt to
*create* an Eviction), you POST an attempted operation. Here's an example:
+{{< tabs name="Eviction_example" >}}
+{{% tab name="policy/v1" %}}
+{{< note >}}
+`policy/v1` Eviction is available in v1.22+. Use `policy/v1beta1` with prior releases.
+{{< /note >}}
+
+```json
+{
+ "apiVersion": "policy/v1",
+ "kind": "Eviction",
+ "metadata": {
+ "name": "quux",
+ "namespace": "default"
+ }
+}
+```
+{{% /tab %}}
+{{% tab name="policy/v1beta1" %}}
+{{< note >}}
+Deprecated in v1.22 in favor of `policy/v1`
+{{< /note >}}
+
```json
{
"apiVersion": "policy/v1beta1",
@@ -119,6 +141,8 @@ itself. To attempt an eviction (more precisely: to attempt to
}
}
```
+{{% /tab %}}
+{{< /tabs >}}
You can attempt an eviction using `curl`:
diff --git a/content/en/docs/tasks/administer-cluster/securing-a-cluster.md b/content/en/docs/tasks/administer-cluster/securing-a-cluster.md
index 090e292966..ba820cbe0a 100644
--- a/content/en/docs/tasks/administer-cluster/securing-a-cluster.md
+++ b/content/en/docs/tasks/administer-cluster/securing-a-cluster.md
@@ -26,7 +26,7 @@ and provides recommendations on overall security.
## Controlling access to the Kubernetes API
-As Kubernetes is entirely API driven, controlling and limiting who can access the cluster and what actions
+As Kubernetes is entirely API-driven, controlling and limiting who can access the cluster and what actions
they are allowed to perform is the first line of defense.
### Use Transport Layer Security (TLS) for all API traffic
@@ -40,7 +40,7 @@ potentially unsecured traffic.
### API Authentication
Choose an authentication mechanism for the API servers to use that matches the common access patterns
-when you install a cluster. For instance, small single user clusters may wish to use a simple certificate
+when you install a cluster. For instance, small, single-user clusters may wish to use a simple certificate
or static Bearer token approach. Larger clusters may wish to integrate an existing OIDC or LDAP server that
allow users to be subdivided into groups.
@@ -54,7 +54,7 @@ Consult the [authentication reference document](/docs/reference/access-authn-aut
Once authenticated, every API call is also expected to pass an authorization check. Kubernetes ships
an integrated [Role-Based Access Control (RBAC)](/docs/reference/access-authn-authz/rbac/) component that matches an incoming user or group to a
set of permissions bundled into roles. These permissions combine verbs (get, create, delete) with
-resources (pods, services, nodes) and can be namespace or cluster scoped. A set of out of the box
+resources (pods, services, nodes) and can be namespace-scoped or cluster-scoped. A set of out-of-the-box
roles are provided that offer reasonable default separation of responsibility depending on what
actions a client might want to perform. It is recommended that you use the
[Node](/docs/reference/access-authn-authz/node/) and
@@ -69,8 +69,8 @@ With authorization, it is important to understand how updates on one object may
other places. For instance, a user may not be able to create pods directly, but allowing them to
create a deployment, which creates pods on their behalf, will let them create those pods
indirectly. Likewise, deleting a node from the API will result in the pods scheduled to that node
-being terminated and recreated on other nodes. The out of the box roles represent a balance
-between flexibility and the common use cases, but more limited roles should be carefully reviewed
+being terminated and recreated on other nodes. The out-of-the box roles represent a balance
+between flexibility and common use cases, but more limited roles should be carefully reviewed
to prevent accidental escalation. You can make roles specific to your use case if the out-of-box ones don't meet your needs.
Consult the [authorization reference section](/docs/reference/access-authn-authz/authorization/) for more information.
@@ -104,7 +104,7 @@ reserved resources like memory, or to provide default limits when none are speci
### Controlling what privileges containers run with
A pod definition contains a [security context](/docs/tasks/configure-pod-container/security-context/)
-that allows it to request access to running as a specific Linux user on a node (like root),
+that allows it to request access to run as a specific Linux user on a node (like root),
access to run privileged or access the host network, and other controls that would otherwise
allow it to run unfettered on a hosting node. [Pod security policies](/docs/concepts/policy/pod-security-policy/)
can limit which users or service accounts can provide dangerous security context settings. For example, pod security policies can limit volume mounts, especially `hostPath`, which are aspects of a pod that should be controlled.
@@ -155,10 +155,10 @@ within their namespaces. Many of the supported [Kubernetes networking providers]
now respect network policy.
Quota and limit ranges can also be used to control whether users may request node ports or
-load balanced services, which on many clusters can control whether those users applications
+load-balanced services, which on many clusters can control whether those users applications
are visible outside of the cluster.
-Additional protections may be available that control network rules on a per plugin or per
+Additional protections may be available that control network rules on a per-plugin or per-
environment basis, such as per-node firewalls, physically separating cluster nodes to
prevent cross talk, or advanced networking policy.
@@ -169,7 +169,7 @@ By default these APIs are accessible by pods running on an instance and can cont
credentials for that node, or provisioning data such as kubelet credentials. These credentials
can be used to escalate within the cluster or to other cloud services under the same account.
-When running Kubernetes on a cloud platform limit permissions given to instance credentials, use
+When running Kubernetes on a cloud platform, limit permissions given to instance credentials, use
[network policies](/docs/tasks/administer-cluster/declare-network-policy/) to restrict pod access
to the metadata API, and avoid using provisioning data to deliver secrets.
@@ -177,7 +177,7 @@ to the metadata API, and avoid using provisioning data to deliver secrets.
By default, there are no restrictions on which nodes may run a pod. Kubernetes offers a
[rich set of policies for controlling placement of pods onto nodes](/docs/concepts/scheduling-eviction/assign-pod-node/)
-and the [taint based pod placement and eviction](/docs/concepts/scheduling-eviction/taint-and-toleration/)
+and the [taint-based pod placement and eviction](/docs/concepts/scheduling-eviction/taint-and-toleration/)
that are available to end users. For many clusters use of these policies to separate workloads
can be a convention that authors adopt or enforce via tooling.
@@ -223,8 +223,9 @@ do not use.
The shorter the lifetime of a secret or credential the harder it is for an attacker to make
use of that credential. Set short lifetimes on certificates and automate their rotation. Use
an authentication provider that can control how long issued tokens are available and use short
-lifetimes where possible. If you use service account tokens in external integrations, plan to
-rotate those tokens frequently. For example, once the bootstrap phase is complete, a bootstrap token used for setting up nodes should be revoked or its authorization removed.
+lifetimes where possible. If you use service-account tokens in external integrations, plan to
+rotate those tokens frequently. For example, once the bootstrap phase is complete, a bootstrap
+token used for setting up nodes should be revoked or its authorization removed.
### Review third party integrations before enabling them
@@ -246,7 +247,8 @@ and may grant an attacker significant visibility into the state of your cluster.
your backups using a well reviewed backup and encryption solution, and consider using full disk
encryption where possible.
-Kubernetes supports [encryption at rest](/docs/tasks/administer-cluster/encrypt-data/), a feature introduced in 1.7, and beta since 1.13. This will encrypt `Secret` resources in etcd, preventing
+Kubernetes supports [encryption at rest](/docs/tasks/administer-cluster/encrypt-data/), a feature
+introduced in 1.7, and beta since 1.13. This will encrypt `Secret` resources in etcd, preventing
parties that gain access to your etcd backups from viewing the content of those secrets. While
this feature is currently beta, it offers an additional level of defense when backups
are not encrypted or an attacker gains read access to etcd.
diff --git a/content/en/docs/tasks/administer-cluster/use-cascading-deletion.md b/content/en/docs/tasks/administer-cluster/use-cascading-deletion.md
new file mode 100644
index 0000000000..eb72d68de0
--- /dev/null
+++ b/content/en/docs/tasks/administer-cluster/use-cascading-deletion.md
@@ -0,0 +1,352 @@
+---
+title: Use Cascading Deletion in a Cluster
+content_type: task
+---
+
+
+
+This page shows you how to specify the type of [cascading deletion](/docs/concepts/workloads/controllers/garbage-collection/#cascading-deletion)
+to use in your cluster during {{}}.
+
+## {{% heading "prerequisites" %}}
+
+{{< include "task-tutorial-prereqs.md" >}}
+
+You also need to [create a sample Deployment](/docs/tasks/run-application/run-stateless-application-deployment/#creating-and-exploring-an-nginx-deployment)
+to experiment with the different types of cascading deletion. You will need to
+recreate the Deployment for each type.
+
+## Check owner references on your pods
+
+Check that the `ownerReferences` field is present on your pods:
+
+```shell
+kubectl get pods -l app=nginx --output=yaml
+```
+
+The output has an `ownerReferences` field similar to this:
+
+```
+apiVersion: v1
+ ...
+ ownerReferences:
+ - apiVersion: apps/v1
+ blockOwnerDeletion: true
+ controller: true
+ kind: ReplicaSet
+ name: nginx-deployment-6b474476c4
+ uid: 4fdcd81c-bd5d-41f7-97af-3a3b759af9a7
+ ...
+```
+
+## Use foreground cascading deletion {#use-foreground-cascading-deletion}
+
+By default, Kubernetes uses [background cascading deletion](/docs/concepts/workloads/controllers/garbage-collection/#background-deletion)
+to delete dependents of an object. You can switch to foreground cascading deletion
+using either `kubectl` or the Kubernetes API, depending on the Kubernetes
+version your cluster runs. {{}}
+
+{{}}
+{{% tab name="Kubernetes 1.20.x and later" %}}
+You can delete objects using foreground cascading deletion using `kubectl` or the
+Kubernetes API.
+
+**Using kubectl**
+
+Run the following command:
+
+
+```shell
+kubectl delete deployment nginx-deployment --cascade=foreground
+```
+
+**Using the Kubernetes API**
+
+1. Start a local proxy session:
+
+ ```shell
+ kubectl proxy --port=8080
+ ```
+
+1. Use `curl` to trigger deletion:
+
+ ```shell
+ curl -X DELETE localhost:8080/apis/apps/v1/namespaces/default/deployments/nginx-deployment \
+ -d '{"kind":"DeleteOptions","apiVersion":"v1","propagationPolicy":"Foreground"}' \
+ -H "Content-Type: application/json"
+ ```
+
+ The output contains a `foregroundDeletion` {{}}
+ like this:
+
+ ```
+ "kind": "Deployment",
+ "apiVersion": "apps/v1",
+ "metadata": {
+ "name": "nginx-deployment",
+ "namespace": "default",
+ "uid": "d1ce1b02-cae8-4288-8a53-30e84d8fa505",
+ "resourceVersion": "1363097",
+ "creationTimestamp": "2021-07-08T20:24:37Z",
+ "deletionTimestamp": "2021-07-08T20:27:39Z",
+ "finalizers": [
+ "foregroundDeletion"
+ ]
+ ...
+ ```
+
+{{% /tab %}}
+{{% tab name="Versions prior to Kubernetes 1.20.x" %}}
+You can delete objects using foreground cascading deletion by calling the
+Kubernetes API.
+
+For details, read the [documentation for your Kubernetes version](/docs/home/supported-doc-versions/).
+
+1. Start a local proxy session:
+
+ ```shell
+ kubectl proxy --port=8080
+ ```
+
+1. Use `curl` to trigger deletion:
+
+ ```shell
+ curl -X DELETE localhost:8080/apis/apps/v1/namespaces/default/deployments/nginx-deployment \
+ -d '{"kind":"DeleteOptions","apiVersion":"v1","propagationPolicy":"Foreground"}' \
+ -H "Content-Type: application/json"
+ ```
+
+ The output contains a `foregroundDeletion` {{}}
+ like this:
+
+ ```
+ "kind": "Deployment",
+ "apiVersion": "apps/v1",
+ "metadata": {
+ "name": "nginx-deployment",
+ "namespace": "default",
+ "uid": "d1ce1b02-cae8-4288-8a53-30e84d8fa505",
+ "resourceVersion": "1363097",
+ "creationTimestamp": "2021-07-08T20:24:37Z",
+ "deletionTimestamp": "2021-07-08T20:27:39Z",
+ "finalizers": [
+ "foregroundDeletion"
+ ]
+ ...
+ ```
+{{% /tab %}}
+{{}}
+
+## Use background cascading deletion {#use-background-cascading-deletion}
+
+1. [Create a sample Deployment](/docs/tasks/run-application/run-stateless-application-deployment/#creating-and-exploring-an-nginx-deployment).
+1. Use either `kubectl` or the Kubernetes API to delete the Deployment,
+ depending on the Kubernetes version your cluster runs. {{}}
+
+{{}}
+{{% tab name="Kubernetes version 1.20.x and later" %}}
+
+You can delete objects using background cascading deletion using `kubectl`
+or the Kubernetes API.
+
+Kubernetes uses background cascading deletion by default, and does so
+even if you run the following commands without the `--cascade` flag or the
+`propagationPolicy` argument.
+
+**Using kubectl**
+
+Run the following command:
+
+```shell
+kubectl delete deployment nginx-deployment --cascade=background
+```
+
+**Using the Kubernetes API**
+
+1. Start a local proxy session:
+
+ ```shell
+ kubectl proxy --port=8080
+ ```
+
+1. Use `curl` to trigger deletion:
+
+ ```shell
+ curl -X DELETE localhost:8080/apis/apps/v1/namespaces/default/deployments/nginx-deployment \
+ -d '{"kind":"DeleteOptions","apiVersion":"v1","propagationPolicy":"Background"}' \
+ -H "Content-Type: application/json"
+ ```
+
+ The output is similar to this:
+
+ ```
+ "kind": "Status",
+ "apiVersion": "v1",
+ ...
+ "status": "Success",
+ "details": {
+ "name": "nginx-deployment",
+ "group": "apps",
+ "kind": "deployments",
+ "uid": "cc9eefb9-2d49-4445-b1c1-d261c9396456"
+ }
+ ```
+{{% /tab %}}
+{{% tab name="Versions prior to Kubernetes 1.20.x" %}}
+Kubernetes uses background cascading deletion by default, and does so
+even if you run the following commands without the `--cascade` flag or the
+`propagationPolicy: Background` argument.
+
+For details, read the [documentation for your Kubernetes version](/docs/home/supported-doc-versions/).
+
+**Using kubectl**
+
+Run the following command:
+
+```shell
+kubectl delete deployment nginx-deployment --cascade=true
+```
+
+**Using the Kubernetes API**
+
+1. Start a local proxy session:
+
+ ```shell
+ kubectl proxy --port=8080
+ ```
+
+1. Use `curl` to trigger deletion:
+
+ ```shell
+ curl -X DELETE localhost:8080/apis/apps/v1/namespaces/default/deployments/nginx-deployment \
+ -d '{"kind":"DeleteOptions","apiVersion":"v1","propagationPolicy":"Background"}' \
+ -H "Content-Type: application/json"
+ ```
+
+ The output is similar to this:
+
+ ```
+ "kind": "Status",
+ "apiVersion": "v1",
+ ...
+ "status": "Success",
+ "details": {
+ "name": "nginx-deployment",
+ "group": "apps",
+ "kind": "deployments",
+ "uid": "cc9eefb9-2d49-4445-b1c1-d261c9396456"
+ }
+ ```
+{{% /tab %}}
+{{}}
+
+
+## Delete owner objects and orphan dependents {#set-orphan-deletion-policy}
+
+By default, when you tell Kubernetes to delete an object, the
+{{}} also deletes
+dependent objects. You can make Kubernetes *orphan* these dependents using
+`kubectl` or the Kubernetes API, depending on the Kubernetes version your
+cluster runs. {{}}
+
+{{}}
+{{% tab name="Kubernetes version 1.20.x and later" %}}
+
+**Using kubectl**
+
+Run the following command:
+
+```shell
+kubectl delete deployment nginx-deployment --cascade=orphan
+```
+
+**Using the Kubernetes API**
+
+1. Start a local proxy session:
+
+ ```shell
+ kubectl proxy --port=8080
+ ```
+
+1. Use `curl` to trigger deletion:
+
+ ```shell
+ curl -X DELETE localhost:8080/apis/apps/v1/namespaces/default/deployments/nginx-deployment \
+ -d '{"kind":"DeleteOptions","apiVersion":"v1","propagationPolicy":"Orphan"}' \
+ -H "Content-Type: application/json"
+ ```
+
+ The output contains `orphan` in the `finalizers` field, similar to this:
+
+ ```
+ "kind": "Deployment",
+ "apiVersion": "apps/v1",
+ "namespace": "default",
+ "uid": "6f577034-42a0-479d-be21-78018c466f1f",
+ "creationTimestamp": "2021-07-09T16:46:37Z",
+ "deletionTimestamp": "2021-07-09T16:47:08Z",
+ "deletionGracePeriodSeconds": 0,
+ "finalizers": [
+ "orphan"
+ ],
+ ...
+ ```
+
+{{% /tab %}}
+{{% tab name="Versions prior to Kubernetes 1.20.x" %}}
+
+For details, read the [documentation for your Kubernetes version](/docs/home/supported-doc-versions/).
+
+**Using kubectl**
+
+Run the following command:
+
+```shell
+kubectl delete deployment nginx-deployment --cascade=false
+```
+
+**Using the Kubernetes API**
+
+1. Start a local proxy session:
+
+ ```shell
+ kubectl proxy --port=8080
+ ```
+
+1. Use `curl` to trigger deletion:
+
+ ```shell
+ curl -X DELETE localhost:8080/apis/apps/v1/namespaces/default/deployments/nginx-deployment \
+ -d '{"kind":"DeleteOptions","apiVersion":"v1","propagationPolicy":"Orphan"}' \
+ -H "Content-Type: application/json"
+ ```
+
+ The output contains `orphan` in the `finalizers` field, similar to this:
+
+ ```
+ "kind": "Deployment",
+ "apiVersion": "apps/v1",
+ "namespace": "default",
+ "uid": "6f577034-42a0-479d-be21-78018c466f1f",
+ "creationTimestamp": "2021-07-09T16:46:37Z",
+ "deletionTimestamp": "2021-07-09T16:47:08Z",
+ "deletionGracePeriodSeconds": 0,
+ "finalizers": [
+ "orphan"
+ ],
+ ...
+ ```
+{{% /tab %}}
+{{}}
+
+You can check that the Pods managed by the Deployment are still running:
+
+```shell
+kubectl get pods -l app=nginx
+```
+
+## {{% heading "whatsnext" %}}
+
+* Learn about [owners and dependents](/docs/concepts/overview/working-with-objects/owners-dependents/) in Kubernetes.
+* Learn about Kubernetes [finalizers](/docs/concepts/overview/working-with-objects/finalizers/).
+* Learn about [garbage collection](/docs/concepts/workloads/controllers/garbage-collection/).
\ No newline at end of file
diff --git a/content/en/docs/tasks/configmap-secret/_index.md b/content/en/docs/tasks/configmap-secret/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tasks/configmap-secret/managing-secret-using-config-file.md b/content/en/docs/tasks/configmap-secret/managing-secret-using-config-file.md
index b2aace7057..6fb5cdca3d 100644
--- a/content/en/docs/tasks/configmap-secret/managing-secret-using-config-file.md
+++ b/content/en/docs/tasks/configmap-secret/managing-secret-using-config-file.md
@@ -1,5 +1,5 @@
---
-title: Managing Secret using Configuration File
+title: Managing Secrets using Configuration File
content_type: task
weight: 20
description: Creating Secret objects using resource configuration file.
@@ -193,6 +193,6 @@ kubectl delete secret mysecret
## {{% heading "whatsnext" %}}
- Read more about the [Secret concept](/docs/concepts/configuration/secret/)
-- Learn how to [manage Secret with the `kubectl` command](/docs/tasks/configmap-secret/managing-secret-using-kubectl/)
-- Learn how to [manage Secret using kustomize](/docs/tasks/configmap-secret/managing-secret-using-kustomize/)
+- Learn how to [manage Secrets with the `kubectl` command](/docs/tasks/configmap-secret/managing-secret-using-kubectl/)
+- Learn how to [manage Secrets using kustomize](/docs/tasks/configmap-secret/managing-secret-using-kustomize/)
diff --git a/content/en/docs/tasks/configmap-secret/managing-secret-using-kubectl.md b/content/en/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
index fe63c2434d..dad86e36df 100644
--- a/content/en/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
+++ b/content/en/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
@@ -67,7 +67,7 @@ single quotes (`'`). For example, if your password is `S!B\*d$zDsb=`,
run the following command:
```shell
-kubectl create secret generic dev-db-secret \
+kubectl create secret generic db-user-pass \
--from-literal=username=devuser \
--from-literal=password='S!B\*d$zDsb='
```
diff --git a/content/en/docs/tasks/configmap-secret/managing-secret-using-kustomize.md b/content/en/docs/tasks/configmap-secret/managing-secret-using-kustomize.md
index 4e78a4c5f0..db9f5b40f3 100644
--- a/content/en/docs/tasks/configmap-secret/managing-secret-using-kustomize.md
+++ b/content/en/docs/tasks/configmap-secret/managing-secret-using-kustomize.md
@@ -1,5 +1,5 @@
---
-title: Managing Secret using Kustomize
+title: Managing Secrets using Kustomize
content_type: task
weight: 30
description: Creating Secret objects using kustomization.yaml file.
@@ -135,6 +135,6 @@ kubectl delete secret db-user-pass-96mffmfh4k
## {{% heading "whatsnext" %}}
- Read more about the [Secret concept](/docs/concepts/configuration/secret/)
-- Learn how to [manage Secret with the `kubectl` command](/docs/tasks/configmap-secret/managing-secret-using-kubectl/)
-- Learn how to [manage Secret using config file](/docs/tasks/configmap-secret/managing-secret-using-config-file/)
+- Learn how to [manage Secrets with the `kubectl` command](/docs/tasks/configmap-secret/managing-secret-using-kubectl/)
+- Learn how to [manage Secrets using config file](/docs/tasks/configmap-secret/managing-secret-using-config-file/)
diff --git a/content/en/docs/tasks/configure-pod-container/_index.md b/content/en/docs/tasks/configure-pod-container/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md b/content/en/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md
index 77a9ac7647..d9ab2056da 100644
--- a/content/en/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md
+++ b/content/en/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md
@@ -145,7 +145,7 @@ Any code greater than or equal to 200 and less than 400 indicates success. Any
other code indicates failure.
You can see the source code for the server in
-[server.go](https://github.com/kubernetes/kubernetes/blob/{{< param "githubbranch" >}}/test/images/agnhost/liveness/server.go).
+[server.go](https://github.com/kubernetes/kubernetes/blob/master/test/images/agnhost/liveness/server.go).
For the first 10 seconds that the container is alive, the `/healthz` handler
returns a status of 200. After that, the handler returns a status of 500.
@@ -429,7 +429,7 @@ to resolve it.
### Probe-level `terminationGracePeriodSeconds`
-{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+{{< feature-state for_k8s_version="v1.22" state="beta" >}}
Prior to release 1.21, the pod-level `terminationGracePeriodSeconds` was used
for terminating a container that failed its liveness or startup probe. This
@@ -437,11 +437,26 @@ coupling was unintended and may have resulted in failed containers taking an
unusually long time to restart when a pod-level `terminationGracePeriodSeconds`
was set.
-In 1.21, when the feature flag `ProbeTerminationGracePeriod` is enabled, users
-can specify a probe-level `terminationGracePeriodSeconds` as part of the probe
-specification. When the feature flag is enabled, and both a pod- and
-probe-level `terminationGracePeriodSeconds` are set, the kubelet will use the
-probe-level value.
+In 1.21 and beyond, when the feature gate `ProbeTerminationGracePeriod` is
+enabled, users can specify a probe-level `terminationGracePeriodSeconds` as
+part of the probe specification. When the feature gate is enabled, and both a
+pod- and probe-level `terminationGracePeriodSeconds` are set, the kubelet will
+use the probe-level value.
+
+{{< note >}}
+As of Kubernetes 1.22, the `ProbeTerminationGracePeriod` feature gate is only
+available on the API Server. The kubelet always honors the probe-level
+`terminationGracePeriodSeconds` field if it is present on a Pod.
+
+If you have existing Pods where the `terminationGracePeriodSeconds` field is set and
+you no longer wish to use per-probe termination grace periods, you must delete
+those existing Pods.
+
+When you (or the control plane, or some other component) create replacement
+Pods, and the feature gate `ProbeTerminationGracePeriod` is disabled, then the
+API server ignores the Pod-level `terminationGracePeriodSeconds` field, even if
+a Pod or pod template specifies it.
+{{< /note >}}
For example,
diff --git a/content/en/docs/tasks/configure-pod-container/configure-projected-volume-storage.md b/content/en/docs/tasks/configure-pod-container/configure-projected-volume-storage.md
index ad99a05c27..ca71e7a721 100644
--- a/content/en/docs/tasks/configure-pod-container/configure-projected-volume-storage.md
+++ b/content/en/docs/tasks/configure-pod-container/configure-projected-volume-storage.md
@@ -83,5 +83,5 @@ kubectl delete secret user pass
## {{% heading "whatsnext" %}}
* Learn more about [`projected`](/docs/concepts/storage/volumes/#projected) volumes.
-* Read the [all-in-one volume](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/design-proposals/node/all-in-one-volume.md) design document.
+* Read the [all-in-one volume](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/all-in-one-volume.md) design document.
diff --git a/content/en/docs/tasks/configure-pod-container/configure-runasusername.md b/content/en/docs/tasks/configure-pod-container/configure-runasusername.md
index 12c10a9ddf..9ddcac270f 100644
--- a/content/en/docs/tasks/configure-pod-container/configure-runasusername.md
+++ b/content/en/docs/tasks/configure-pod-container/configure-runasusername.md
@@ -23,7 +23,7 @@ You need to have a Kubernetes cluster and the kubectl command-line tool must be
## Set the Username for a Pod
-To specify the username with which to execute the Pod's container processes, include the `securityContext` field ([PodSecurityContext](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritycontext-v1-core) in the Pod specification, and within it, the `windowsOptions` ([WindowsSecurityContextOptions](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#windowssecuritycontextoptions-v1-core) field containing the `runAsUserName` field.
+To specify the username with which to execute the Pod's container processes, include the `securityContext` field ([PodSecurityContext](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritycontext-v1-core)) in the Pod specification, and within it, the `windowsOptions` ([WindowsSecurityContextOptions](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#windowssecuritycontextoptions-v1-core)) field containing the `runAsUserName` field.
The Windows security context options that you specify for a Pod apply to all Containers and init Containers in the Pod.
@@ -63,7 +63,7 @@ ContainerUser
## Set the Username for a Container
-To specify the username with which to execute a Container's processes, include the `securityContext` field ([SecurityContext](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#securitycontext-v1-core)) in the Container manifest, and within it, the `windowsOptions` ([WindowsSecurityContextOptions](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#windowssecuritycontextoptions-v1-core) field containing the `runAsUserName` field.
+To specify the username with which to execute a Container's processes, include the `securityContext` field ([SecurityContext](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#securitycontext-v1-core)) in the Container manifest, and within it, the `windowsOptions` ([WindowsSecurityContextOptions](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#windowssecuritycontextoptions-v1-core)) field containing the `runAsUserName` field.
The Windows security context options that you specify for a Container apply only to that individual Container, and they override the settings made at the Pod level.
diff --git a/content/en/docs/tasks/configure-pod-container/configure-service-account.md b/content/en/docs/tasks/configure-pod-container/configure-service-account.md
index 505ec7d755..e5a0e26ea0 100644
--- a/content/en/docs/tasks/configure-pod-container/configure-service-account.md
+++ b/content/en/docs/tasks/configure-pod-container/configure-service-account.md
@@ -349,8 +349,11 @@ JSON Web Key Set (JWKS) at `/openid/v1/jwks`. The OpenID Provider Configuration
is sometimes referred to as the _discovery document_.
Clusters include a default RBAC ClusterRole called
-`system:service-account-issuer-discovery`. No role bindings are provided
-by default. Administrators may, for example, choose whether to bind the role to
+`system:service-account-issuer-discovery`. A default RBAC ClusterRoleBinding
+assigns this role to the `system:serviceaccounts` group, which all service
+accounts implicitly belong to. This allows pods running on the cluster to access
+the service account discovery document via their mounted service account token.
+Administrators may, additionally, choose to bind the role to
`system:authenticated` or `system:unauthenticated` depending on their security
requirements and which external systems they intend to federate with.
@@ -380,5 +383,5 @@ JWKS URI is required to use the `https` scheme.
See also:
- [Cluster Admin Guide to Service Accounts](/docs/reference/access-authn-authz/service-accounts-admin/)
-- [Service Account Signing Key Retrieval KEP](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/20190730-oidc-discovery.md)
+- [Service Account Signing Key Retrieval KEP](https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/1393-oidc-discovery)
- [OIDC Discovery Spec](https://openid.net/specs/openid-connect-discovery-1_0.html)
diff --git a/content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md b/content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md
new file mode 100644
index 0000000000..2ab2bd3661
--- /dev/null
+++ b/content/en/docs/tasks/configure-pod-container/create-hostprocess-pod.md
@@ -0,0 +1,214 @@
+---
+title: Create a Windows HostProcess Pod
+content_type: task
+weight: 20
+min-kubernetes-server-version: 1.22
+---
+
+
+
+{{< feature-state for_k8s_version="v1.22" state="alpha" >}}
+
+Windows HostProcess containers enable you to run containerized
+workloads on a Windows host. These containers operate as
+normal processes but have access to the host network namespace,
+storage, and devices when given the appropriate user privileges.
+HostProcess containers can be used to deploy network plugins,
+storage configurations, device plugins, kube-proxy, and other
+components to Windows nodes without the need for dedicated proxies or
+the direct installation of host services.
+
+Administrative tasks such as installation of security patches, event
+log collection, and more can be performed without requiring cluster operators to
+log onto each Window node. HostProcess containers can run as any user that is
+available on the host or is in the domain of the host machine, allowing administrators
+to restrict resource access through user permissions. While neither filesystem or process
+isolation are supported, a new volume is created on the host upon starting the container
+to give it a clean and consolidated workspace. HostProcess containers can also be built on
+top of existing Windows base images and do not inherit the same
+[compatibility requirements](https://docs.microsoft.com/virtualization/windowscontainers/deploy-containers/version-compatibility)
+as Windows server containers, meaning that the version of the base images does not need
+to match that of the host. HostProcess containers also support
+[volume mounts](./create-hostprocess-pod#volume-mounts) within the container volume.
+
+### When should I use a Windows HostProcess container?
+
+- When you need to perform tasks which require the networking namespace of the host.
+HostProcess containers have access to the host's network interfaces and IP addresses.
+- You need access to resources on the host such as the filesystem, event logs, etc.
+- Installation of specific device drivers or Windows services.
+- Consolidation of administrative tasks and security policies. This reduces the degree of
+privileges needed by Windows nodes.
+
+
+## {{% heading "prerequisites" %}}
+
+{{% version-check %}}
+
+To enable HostProcess containers while in Alpha you need to pass the following feature gate flag to
+**kubelet** and **kube-apiserver**.
+See [Features Gates](/docs/reference/command-line-tools-reference/feature-gates/#overview)
+documentation for more details.
+
+```
+--feature-gates=WindowsHostProcessContainers=true
+```
+
+You can use the latest version of Containerd (v1.5.4+) with the following settings using the containerd
+v2 configuration. Add these annotations to any runtime configurations were you wish to enable the
+HostProcess container feature.
+
+
+```
+[plugins]
+ [plugins."io.containerd.grpc.v1.cri"]
+ [plugins."io.containerd.grpc.v1.cri".containerd]
+ [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
+ container_annotations = ["microsoft.com/hostprocess-container"]
+ pod_annotations = ["microsoft.com/hostprocess-container"]
+ [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
+ [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runhcs-wcow-process]
+ container_annotations = ["microsoft.com/hostprocess-container"]
+ pod_annotations = ["microsoft.com/hostprocess-container"]
+```
+
+The current versions of containerd ship with a version of hcsshim that does not have support.
+You will need to build a version of hcsshim from the main branch following the
+[instructions in hcsshim](https://github.com/Microsoft/hcsshim/#containerd-shim).
+Once the containerd shim is built you can replace the file in your contianerd installation.
+For example if you followed the instructions to
+[install containerd](/docs/setup/production-environment/container-runtimes/#containerd)
+replace the `containerd-shim-runhcs-v1.exe` is installed at `$Env:ProgramFiles\containerd` with the newly built shim.
+
+## Limitations
+
+- HostProcess containers require version 1.5.4 or higher of the containerd {{< glossary_tooltip text="container runtime" term_id="container-runtime" >}}.
+- As of v1.22 HostProcess pods can only contain HostProcess containers. This is a current limitation
+of the Windows OS; non-privileged Windows containers cannot share a vNIC with the host IP namespace.
+- HostProcess containers run as a process on the host and do not have any degree of
+isolation other than resource constraints imposed on the HostProcess user account. Neither
+filesystem or Hyper-V isolation are supported for HostProcess containers.
+- Volume mounts are supported and are mounted under the container volume.
+See [Volume Mounts](#volume-mounts)
+- A limited set of host user accounts are available for HostProcess containers by default.
+See [Choosing a User Account](#choosing-a-user-account).
+- Resource limits (disk, memory, cpu count) are supported in the same fashion as processes
+on the host.
+- Both Named pipe mounts and Unix domain sockets are **not** currently supported and should instead
+be accessed via their path on the host (e.g. \\\\.\\pipe\\\*)
+
+## HostProcess Pod configuration requirements
+
+Enabling a Windows HostProcess pod requires setting the right configurations in the pod security
+configuration. Of the policies defined in the [Pod Security Standards](/docs/concepts/security/pod-security-standards)
+HostProcess pods are disallowed by the baseline and restricted policies. It is therefore recommended
+that HostProcess pods run in alignment with the privileged profile.
+
+When running under the privileged policy, here are
+the configurations which need to be set to enable the creation of a HostProcess pod:
+
+
Because HostProcess containers have privileged access to the host, the runAsNonRoot field cannot be set to true.
+
Allowed Values
+
+
Undefined/Nil
+
false
+
+
+
+
+
+
+### Example Manifest (excerpt)
+
+```yaml
+spec:
+ securityContext:
+ windowsOptions:
+ hostProcess: true
+ runAsUserName: "NT AUTHORITY\\Local service"
+ hostNetwork: true
+ containers:
+ - name: test
+ image: image1:latest
+ command:
+ - ping
+ - -t
+ - 127.0.0.1
+ nodeSelector:
+ "kubernetes.io/os": windows
+```
+
+## Volume Mounts
+
+HostProcess containers support the ability to mount volumes within the container volume space.
+Applications running inside the container can access volume mounts directly via relative or
+absolute paths. An environment variable `$CONTAINER_SANDBOX_MOUNT_POINT` is set upon container
+creation and provides the absolute host path to the container volume. Relative paths are based
+upon the `Pod.containers.volumeMounts.mountPath` configuration.
+
+### Example {#volume-mount-example}
+
+To access service account tokens the following path structures are supported within the container:
+
+`.\var\run\secrets\kubernetes.io\serviceaccount\`
+
+`$CONTAINER_SANDBOX_MOUNT_POINT\var\run\secrets\kubernetes.io\serviceaccount\`
+
+## Choosing a User Account
+
+HostProcess containers support the ability to run as one of three supported Windows service accounts:
+
+- **[LocalSystem](https://docs.microsoft.com/en-us/windows/win32/services/localsystem-account)**
+- **[LocalService](https://docs.microsoft.com/en-us/windows/win32/services/localservice-account)**
+- **[NetworkService](https://docs.microsoft.com/en-us/windows/win32/services/networkservice-account)**
+
+You should select an appropriate Windows service account for each HostProcess
+container, aiming to limit the degree of privileges so as to avoid accidental (or even
+malicious) damage to the host. The LocalSystem service account has the highest level
+of privilege of the three and should be used only if absolutely necessary. Where possible,
+use the LocalService service account as it is the least privileged of the three options.
diff --git a/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md b/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md
new file mode 100644
index 0000000000..c3dcb0e995
--- /dev/null
+++ b/content/en/docs/tasks/configure-pod-container/enforce-standards-admission-controller.md
@@ -0,0 +1,54 @@
+---
+title: Enforce Pod Security Standards by Configuring the Built-in Admission Controller
+reviewers:
+- tallclair
+- liggitt
+content_type: task
+min-kubernetes-server-version: v1.22
+---
+
+As of v1.22, Kubernetes provides a built-in [admission controller](/docs/reference/access-authn-authz/admission-controllers/#podsecurity)
+to enforce the [Pod Security Standards](/docs/concepts/security/pod-security-standards).
+You can configure this admission controller to set cluster-wide defaults and [exemptions](#exemptions).
+
+## {{% heading "prerequisites" %}}
+
+{{% version-check %}}
+
+- Enable the `PodSecurity` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-alpha-or-beta-features).
+
+## Configure the Admission Controller
+
+```yaml
+apiVersion: apiserver.config.k8s.io/v1
+kind: AdmissionConfiguration
+plugins:
+- name: PodSecurity
+ configuration:
+ apiVersion: pod-security.admission.config.k8s.io/v1alpha1
+ kind: PodSecurityConfiguration
+ # Defaults applied when a mode label is not set.
+ #
+ # Level label values must be one of:
+ # - "privileged" (default)
+ # - "baseline"
+ # - "restricted"
+ #
+ # Version label values must be one of:
+ # - "latest" (default)
+ # - specific version like "v{{< skew latestVersion >}}"
+ defaults:
+ enforce: "privileged"
+ enforce-version: "latest"
+ audit: "privileged"
+ audit-version: "latest"
+ warn: "privileged"
+ warn-version: "latest"
+ exemptions:
+ # Array of authenticated usernames to exempt.
+ usernames: []
+ # Array of runtime class names to exempt.
+ runtimeClassNames: []
+ # Array of namespaces to exempt.
+ namespaces: []
+```
\ No newline at end of file
diff --git a/content/en/docs/tasks/configure-pod-container/enforce-standards-namespace-labels.md b/content/en/docs/tasks/configure-pod-container/enforce-standards-namespace-labels.md
new file mode 100644
index 0000000000..9a4c3a44ed
--- /dev/null
+++ b/content/en/docs/tasks/configure-pod-container/enforce-standards-namespace-labels.md
@@ -0,0 +1,87 @@
+---
+title: Enforce Pod Security Standards with Namespace Labels
+reviewers:
+- tallclair
+- liggitt
+content_type: task
+min-kubernetes-server-version: v1.22
+---
+
+Namespaces can be labeled to enforce the [Pod Security Standards](/docs/concepts/security/pod-security-standards).
+
+## {{% heading "prerequisites" %}}
+
+{{% version-check %}}
+
+- Enable the `PodSecurity` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-alpha-or-beta-features).
+
+## Requiring the `baseline` Pod Security Standard with namespace labels
+
+This manifest defines a Namespace `my-baseline-namespace` that:
+
+- _Blocks_ any pods that don't satisfy the `baseline` policy requirements.
+- Generates a user-facing warning and adds an audit annotation to any created pod that does not
+ meet the `restricted` policy requirements.
+- Pins the versions of the `baseline` and `restricted` policies to v{{< skew latestVersion >}}.
+
+```yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: my-baseline-namespace
+ labels:
+ pod-security.kubernetes.io/enforce: baseline
+ pod-security.kubernetes.io/enforce-version: v{{< skew latestVersion >}}
+
+ # We are setting these to our _desired_ `enforce` level.
+ pod-security.kubernetes.io/audit: restricted
+ pod-security.kubernetes.io/audit-version: v{{< skew latestVersion >}}
+ pod-security.kubernetes.io/warn: restricted
+ pod-security.kubernetes.io/warn-version: v{{< skew latestVersion >}}
+```
+
+## Add labels to existing namespaces with `kubectl label`
+
+{{< note >}}
+When an `enforce` policy (or version) label is added or changed, the admission plugin will test
+each pod in the namespace against the new policy. Violations are returned to the user as warnings.
+{{< /note >}}
+
+It is helpful to apply the `--dry-run` flag when initially evaluating security profile changes for
+namespaces. The Pod Security Standard checks will still be run in _dry run_ mode, giving you
+information about how the new policy would treat existing pods, without actually updating a policy.
+
+```shell
+kubectl label --dry-run=server --overwrite ns --all \
+ pod-security.kubernetes.io/enforce=baseline
+```
+
+### Applying to all namespaces
+
+If you're just getting started with the Pod Security Standards, a suitable first step would be to
+configure all namespaces with audit annotations for a stricter level such as `baseline`:
+
+```shell
+kubectl label --overwrite ns --all \
+ pod-security.kubernetes.io/audit=baseline \
+ pod-security.kubernetes.io/warn=baseline
+```
+
+Note that this is not setting an enforce level, so that namespaces that haven't been explicitly
+evaluated can be distinguished. You can list namespaces without an explicitly set enforce level
+using this command:
+
+```shell
+kubectl get namespaces --selector='!pod-security.kubernetes.io/enforce'
+```
+
+### Applying to a single namespace
+
+You can update a specific namespace as well. This command adds the `enforce=restricted`
+policy to `my-existing-namespace`, pinning the restricted policy version to v{{< skew latestVersion >}}.
+
+```shell
+kubectl label --overwrite ns my-existing-namespace \
+ pod-security.kubernetes.io/enforce=restricted \
+ pod-security.kubernetes.io/enforce-version=v{{< skew latestVersion >}}
+```
diff --git a/content/en/docs/tasks/configure-pod-container/migrate-from-psp.md b/content/en/docs/tasks/configure-pod-container/migrate-from-psp.md
new file mode 100644
index 0000000000..f0ea2d02df
--- /dev/null
+++ b/content/en/docs/tasks/configure-pod-container/migrate-from-psp.md
@@ -0,0 +1,48 @@
+---
+title: Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller
+reviewers:
+- tallclair
+- liggitt
+content_type: task
+min-kubernetes-server-version: v1.22
+---
+
+
+
+This page describes the process of migrating from PodSecurityPolicies to the built-in PodSecurity
+admission controller. This can be done effectively using a combination of dry-run and `audit` and
+`warn` modes, although this becomes harder if mutating PSPs are used.
+
+## {{% heading "prerequisites" %}}
+
+{{% version-check %}}
+
+- Enable the `PodSecurity` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-alpha-or-beta-features).
+
+
+
+## Steps
+
+- **Eliminate mutating PodSecurityPolicies, if your cluster has any set up.**
+ - Clone all mutating PSPs into a non-mutating version.
+ - Update all ClusterRoles authorizing use of those mutating PSPs to also authorize use of the
+ non-mutating variant.
+ - Watch for Pods using the mutating PSPs and work with code owners to migrate to valid,
+ non-mutating resources.
+ - Delete mutating PSPs.
+- **Select a compatible policy level for each namespace.** Analyze existing resources in the
+ namespace to drive this decision.
+ - Review the requirements of the different [Pod Security Standards](/docs/concepts/security/pod-security-standards).
+ - Evaluate the difference in privileges that would come from disabling the PSP controller.
+ - In the event that a PodSecurityPolicy falls between two levels, consider:
+ - Selecting a _less_ permissive PodSecurity level prioritizes security, and may require adjusting
+ workloads to fit within the stricter policy.
+ - Selecting a _more_ permissive PodSecurity level prioritizes avoiding disrupting or
+ changing workloads, but may allow workload authors in the namespace greater permissions
+ than desired.
+- **Apply the selected profiles in `warn` and `audit` mode.** This will give you an idea of how
+ your Pods will respond to the new policies, without breaking existing workloads. Iterate on your
+ [Pods' configuration](/docs/concepts/security/pod-security-admission#configuring-pods) until
+ they are in compliance with the selected profiles.
+- Apply the profiles in `enforce` mode.
+- Stop including `PodSecurityPolicy` in the `--enable-admission-plugins` flag.
\ No newline at end of file
diff --git a/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md b/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md
index 57c5329b7a..0886871f9c 100644
--- a/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md
+++ b/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md
@@ -102,7 +102,7 @@ kubectl create secret docker-registry regcred --docker-server=` is your Private Docker Registry FQDN.
- Use `https://index.docker.io/v2/` for DockerHub.
+ Use `https://index.docker.io/v1/` for DockerHub.
* `` is your Docker username.
* `` is your Docker password.
* `` is your Docker email.
diff --git a/content/en/docs/tasks/configure-pod-container/security-context.md b/content/en/docs/tasks/configure-pod-container/security-context.md
index 50a02b990e..56bcc0f3f9 100644
--- a/content/en/docs/tasks/configure-pod-container/security-context.md
+++ b/content/en/docs/tasks/configure-pod-container/security-context.md
@@ -24,7 +24,7 @@ a Pod or Container. Security context settings include, but are not limited to:
* [AppArmor](/docs/tutorials/clusters/apparmor/): Use program profiles to restrict the capabilities of individual programs.
-* [Seccomp](https://en.wikipedia.org/wiki/Seccomp): Filter a process's system calls.
+* [Seccomp](/docs/tutorials/clusters/seccomp/): Filter a process's system calls.
* AllowPrivilegeEscalation: Controls whether a process can gain more privileges than its parent process. This bool directly controls whether the [`no_new_privs`](https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt) flag gets set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged OR 2) has `CAP_SYS_ADMIN`.
@@ -184,6 +184,25 @@ This field has no effect on ephemeral volume types such as
and [`emptydir`](/docs/concepts/storage/volumes/#emptydir).
{{< /note >}}
+## Delegating volume permission and ownership change to CSI driver
+
+{{< feature-state for_k8s_version="v1.22" state="alpha" >}}
+
+If you deploy a [Container Storage Interface (CSI)](https://github.com/container-storage-interface/spec/blob/master/spec.md)
+driver which supports the `VOLUME_MOUNT_GROUP` `NodeServiceCapability`, the
+process of setting file ownership and permissions based on the
+`fsGroup` specified in the `securityContext` will be performed by the CSI driver
+instead of Kubernetes, provided that the `DelegateFSGroupToCSIDriver` Kubernetes
+feature gate is enabled. In this case, since Kubernetes doesn't perform any
+ownership and permission change, `fsGroupChangePolicy` does not take effect, and
+as specified by CSI, the driver is expected to mount the volume with the
+provided `fsGroup`, resulting in a volume that is readable/writable by the
+`fsGroup`.
+
+Please refer to the [KEP](https://github.com/gnufied/enhancements/blob/master/keps/sig-storage/2317-fsgroup-on-mount/README.md)
+and the description of the `VolumeCapability.MountVolume.volume_mount_group`
+field in the [CSI spec](https://github.com/container-storage-interface/spec/blob/master/spec.md#createvolume)
+for more information.
## Set the security context for a Container
diff --git a/content/en/docs/tasks/configure-pod-container/static-pod.md b/content/en/docs/tasks/configure-pod-container/static-pod.md
index 9126243462..c889570dc7 100644
--- a/content/en/docs/tasks/configure-pod-container/static-pod.md
+++ b/content/en/docs/tasks/configure-pod-container/static-pod.md
@@ -22,7 +22,7 @@ The kubelet automatically tries to create a {{< glossary_tooltip text="mirror Po
on the Kubernetes API server for each static Pod.
This means that the Pods running on a node are visible on the API server,
but cannot be controlled from there.
-The Pod names will suffixed with the node hostname with a leading hyphen
+The Pod names will be suffixed with the node hostname with a leading hyphen.
{{< note >}}
If you are running clustered Kubernetes and are using static
@@ -31,6 +31,13 @@ Pods to run a Pod on every node, you should probably be using a
instead.
{{< /note >}}
+{{< note >}}
+The `spec` of a static Pod cannot refer to other API objects
+(e.g., {{< glossary_tooltip text="ServiceAccount" term_id="service-account" >}},
+{{< glossary_tooltip text="ConfigMap" term_id="configmap" >}},
+{{< glossary_tooltip text="Secret" term_id="secret" >}}, etc).
+{{< /note >}}
+
## {{% heading "prerequisites" %}}
{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
diff --git a/content/en/docs/tasks/debug-application-cluster/_index.md b/content/en/docs/tasks/debug-application-cluster/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tasks/debug-application-cluster/audit.md b/content/en/docs/tasks/debug-application-cluster/audit.md
index c44caf66b5..6c4b433ca2 100644
--- a/content/en/docs/tasks/debug-application-cluster/audit.md
+++ b/content/en/docs/tasks/debug-application-cluster/audit.md
@@ -94,7 +94,7 @@ rules:
```
If you're crafting your own audit profile, you can use the audit profile for Google Container-Optimized OS as a starting point. You can check the
-[configure-helper.sh](https://github.com/kubernetes/kubernetes/blob/{{< param "githubbranch" >}}/cluster/gce/gci/configure-helper.sh)
+[configure-helper.sh](https://github.com/kubernetes/kubernetes/blob/master/cluster/gce/gci/configure-helper.sh)
script, which generates an audit policy file. You can see most of the audit policy file by looking directly at the script.
You can also refer to the [`Policy` configuration reference](/docs/reference/config-api/apiserver-audit.v1/#audit-k8s-io-v1-Policy)
diff --git a/content/en/docs/tasks/debug-application-cluster/debug-running-pod.md b/content/en/docs/tasks/debug-application-cluster/debug-running-pod.md
index 59a83e87c7..6009a76341 100644
--- a/content/en/docs/tasks/debug-application-cluster/debug-running-pod.md
+++ b/content/en/docs/tasks/debug-application-cluster/debug-running-pod.md
@@ -73,22 +73,20 @@ For more details, see [Get a Shell to a Running Container](
## Debugging with an ephemeral debug container {#ephemeral-container}
-{{< feature-state state="alpha" for_k8s_version="v1.18" >}}
+{{< feature-state state="alpha" for_k8s_version="v1.22" >}}
{{< glossary_tooltip text="Ephemeral containers" term_id="ephemeral-container" >}}
are useful for interactive troubleshooting when `kubectl exec` is insufficient
because a container has crashed or a container image doesn't include debugging
utilities, such as with [distroless images](
-https://github.com/GoogleContainerTools/distroless). `kubectl` has an alpha
-command that can create ephemeral containers for debugging beginning with version
-`v1.18`.
+https://github.com/GoogleContainerTools/distroless).
### Example debugging using ephemeral containers {#ephemeral-container-example}
{{< note >}}
The examples in this section require the `EphemeralContainers` [feature gate](
/docs/reference/command-line-tools-reference/feature-gates/) enabled in your
-cluster and `kubectl` version v1.18 or later.
+cluster and `kubectl` version v1.22 or later.
{{< /note >}}
You can use the `kubectl debug` command to add ephemeral containers to a
@@ -137,7 +135,8 @@ creates.
The `--target` parameter must be supported by the {{< glossary_tooltip
text="Container Runtime" term_id="container-runtime" >}}. When not supported,
the Ephemeral Container may not be started, or it may be started with an
-isolated process namespace.
+isolated process namespace so that `ps` does not reveal processes in other
+containers.
{{< /note >}}
You can view the state of the newly created ephemeral container using `kubectl describe`:
diff --git a/content/en/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md b/content/en/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
index 543573781b..f1ddd96389 100644
--- a/content/en/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
+++ b/content/en/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
@@ -41,7 +41,7 @@ the container starts.
kubectl apply -f https://k8s.io/examples/debug/termination.yaml
- In the YAML file, in the `cmd` and `args` fields, you can see that the
+ In the YAML file, in the `command` and `args` fields, you can see that the
container sleeps for 10 seconds and then writes "Sleep expired" to
the `/dev/termination-log` file. After the container writes
the "Sleep expired" message, it terminates.
diff --git a/content/en/docs/tasks/extend-kubernetes/configure-aggregation-layer.md b/content/en/docs/tasks/extend-kubernetes/configure-aggregation-layer.md
index 739a69d45a..3b65d6abc6 100644
--- a/content/en/docs/tasks/extend-kubernetes/configure-aggregation-layer.md
+++ b/content/en/docs/tasks/extend-kubernetes/configure-aggregation-layer.md
@@ -17,7 +17,7 @@ Configuring the [aggregation layer](/docs/concepts/extend-kubernetes/api-extensi
{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
{{< note >}}
-There are a few setup requirements for getting the aggregation layer working in your environment to support mutual TLS auth between the proxy and extension apiservers. Kubernetes and the kube-apiserver have multiple CAs, so make sure that the proxy is signed by the aggregation layer CA and not by something else, like the master CA.
+There are a few setup requirements for getting the aggregation layer working in your environment to support mutual TLS auth between the proxy and extension apiservers. Kubernetes and the kube-apiserver have multiple CAs, so make sure that the proxy is signed by the aggregation layer CA and not by something else, like the Kubernetes general CA.
{{< /note >}}
{{< caution >}}
diff --git a/content/en/docs/tasks/extend-kubernetes/configure-multiple-schedulers.md b/content/en/docs/tasks/extend-kubernetes/configure-multiple-schedulers.md
index 7ad7072fd7..d44e6897b0 100644
--- a/content/en/docs/tasks/extend-kubernetes/configure-multiple-schedulers.md
+++ b/content/en/docs/tasks/extend-kubernetes/configure-multiple-schedulers.md
@@ -18,7 +18,7 @@ learn how to run multiple schedulers in Kubernetes with an example.
A detailed description of how to implement a scheduler is outside the scope of this
document. Please refer to the kube-scheduler implementation in
-[pkg/scheduler](https://github.com/kubernetes/kubernetes/tree/{{< param "githubbranch" >}}/pkg/scheduler)
+[pkg/scheduler](https://github.com/kubernetes/kubernetes/tree/master/pkg/scheduler)
in the Kubernetes source directory for a canonical example.
## {{% heading "prerequisites" %}}
diff --git a/content/en/docs/tasks/extend-kubernetes/custom-resources/_index.md b/content/en/docs/tasks/extend-kubernetes/custom-resources/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md b/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md
index 1e21306e5f..45f589e9d7 100644
--- a/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md
+++ b/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning.md
@@ -80,7 +80,7 @@ Removing an old version:
If this occurs, switch back to using `served:true` on the old version, migrate the
remaining clients to the new version and repeat this step.
1. Ensure the [upgrade of existing objects to the new stored version](#upgrade-existing-objects-to-a-new-stored-version) step has been completed.
- 1. Verify that the `stored` is set to `true` for the new version in the `spec.versions` list in the CustomResourceDefinition.
+ 1. Verify that the `storage` is set to `true` for the new version in the `spec.versions` list in the CustomResourceDefinition.
1. Verify that the old version is no longer listed in the CustomResourceDefinition `status.storedVersions`.
1. Remove the old version from the CustomResourceDefinition `spec.versions` list.
1. Drop conversion support for the old version in conversion webhooks.
@@ -202,7 +202,7 @@ spec:
plural: crontabs
# singular name to be used as an alias on the CLI and for display
singular: crontab
- # kind is normally the CamelCased singular type. Your resource manifests use this.
+ # kind is normally the PascalCased singular type. Your resource manifests use this.
kind: CronTab
# shortNames allow shorter string to match your resource on the CLI
shortNames:
diff --git a/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md b/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md
index 3230b7b73a..cd2d0fb103 100644
--- a/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md
+++ b/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md
@@ -154,22 +154,26 @@ from the YAML you used to create it:
```yaml
apiVersion: v1
-kind: List
items:
- apiVersion: stable.example.com/v1
kind: CronTab
metadata:
- creationTimestamp: 2017-05-31T12:56:35Z
+ annotations:
+ kubectl.kubernetes.io/last-applied-configuration: |
+ {"apiVersion":"stable.example.com/v1","kind":"CronTab","metadata":{"annotations":{},"name":"my-new-cron-object","namespace":"default"},"spec":{"cronSpec":"* * * * */5","image":"my-awesome-cron-image"}}
+ creationTimestamp: "2021-06-20T07:35:27Z"
generation: 1
name: my-new-cron-object
namespace: default
- resourceVersion: "285"
- uid: 9423255b-4600-11e7-af6a-28d2447dc82b
+ resourceVersion: "1326"
+ uid: 9aab1d66-628e-41bb-a422-57b8b3b1f5a9
spec:
cronSpec: '* * * * */5'
image: my-awesome-cron-image
+kind: List
metadata:
resourceVersion: ""
+ selfLink: ""
```
## Delete a CustomResourceDefinition
diff --git a/content/en/docs/tasks/inject-data-application/_index.md b/content/en/docs/tasks/inject-data-application/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tasks/job/indexed-parallel-processing-static.md b/content/en/docs/tasks/job/indexed-parallel-processing-static.md
index b5492eed6e..da5e6d4e08 100644
--- a/content/en/docs/tasks/job/indexed-parallel-processing-static.md
+++ b/content/en/docs/tasks/job/indexed-parallel-processing-static.md
@@ -5,7 +5,7 @@ min-kubernetes-server-version: v1.21
weight: 30
---
-{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+{{< feature-state for_k8s_version="v1.22" state="beta" >}}
@@ -38,11 +38,6 @@ non-parallel, use of [Job](/docs/concepts/workloads/controllers/job/).
{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
-To be able to create Indexed Jobs, make sure to enable the `IndexedJob`
-[feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
-on the [API server](/docs/reference/command-line-tools-reference/kube-apiserver/)
-and the [controller manager](/docs/reference/command-line-tools-reference/kube-controller-manager/).
-
## Choose an approach
diff --git a/content/en/docs/tasks/manage-daemon/_index.md b/content/en/docs/tasks/manage-daemon/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tasks/manage-daemon/update-daemon-set.md b/content/en/docs/tasks/manage-daemon/update-daemon-set.md
index 2f3001da0f..a74864fed5 100644
--- a/content/en/docs/tasks/manage-daemon/update-daemon-set.md
+++ b/content/en/docs/tasks/manage-daemon/update-daemon-set.md
@@ -7,12 +7,11 @@ weight: 10
---
-
This page shows how to perform a rolling update on a DaemonSet.
## {{% heading "prerequisites" %}}
-* The DaemonSet rolling update feature is only supported in Kubernetes version 1.6 or later.
+{{< include "task-tutorial-prereqs.md" >}}
@@ -20,22 +19,28 @@ This page shows how to perform a rolling update on a DaemonSet.
DaemonSet has two update strategy types:
-* OnDelete: With `OnDelete` update strategy, after you update a DaemonSet template, new
+* `OnDelete`: With `OnDelete` update strategy, after you update a DaemonSet template, new
DaemonSet pods will *only* be created when you manually delete old DaemonSet
pods. This is the same behavior of DaemonSet in Kubernetes version 1.5 or
before.
-* RollingUpdate: This is the default update strategy.
+* `RollingUpdate`: This is the default update strategy.
With `RollingUpdate` update strategy, after you update a
DaemonSet template, old DaemonSet pods will be killed, and new DaemonSet pods
- will be created automatically, in a controlled fashion. At most one pod of the DaemonSet will be running on each node during the whole update process.
+ will be created automatically, in a controlled fashion. At most one pod of
+ the DaemonSet will be running on each node during the whole update process.
## Performing a Rolling Update
To enable the rolling update feature of a DaemonSet, you must set its
`.spec.updateStrategy.type` to `RollingUpdate`.
-You may want to set [`.spec.updateStrategy.rollingUpdate.maxUnavailable`](/docs/concepts/workloads/controllers/deployment/#max-unavailable) (default
-to 1) and [`.spec.minReadySeconds`](/docs/concepts/workloads/controllers/deployment/#min-ready-seconds) (default to 0) as well.
+You may want to set
+[`.spec.updateStrategy.rollingUpdate.maxUnavailable`](/docs/concepts/workloads/controllers/deployment/#max-unavailable)
+(default to 1),
+[`.spec.minReadySeconds`](/docs/concepts/workloads/controllers/deployment/#min-ready-seconds)
+(default to 0) and
+[`.spec.maxSurge`](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#max-surge)
+(a beta feature and defaults to 25%) as well.
### Creating a DaemonSet with `RollingUpdate` update strategy
@@ -143,7 +148,7 @@ causes:
The rollout is stuck because new DaemonSet pods can't be scheduled on at least one
node. This is possible when the node is
-[running out of resources](/docs/tasks/administer-cluster/out-of-resource/).
+[running out of resources](/docs/concepts/scheduling-eviction/node-pressure-eviction/).
When this happens, find the nodes that don't have the DaemonSet pods scheduled on
by comparing the output of `kubectl get nodes` and the output of:
@@ -184,14 +189,7 @@ Delete DaemonSet from a namespace :
kubectl delete ds fluentd-elasticsearch -n kube-system
```
-
-
-
## {{% heading "whatsnext" %}}
-
-* See [Task: Performing a rollback on a
- DaemonSet](/docs/tasks/manage-daemon/rollback-daemon-set/)
-* See [Concepts: Creating a DaemonSet to adopt existing DaemonSet pods](/docs/concepts/workloads/controllers/daemonset/)
-
-
+* See [Performing a rollback on a DaemonSet](/docs/tasks/manage-daemon/rollback-daemon-set/)
+* See [Creating a DaemonSet to adopt existing DaemonSet pods](/docs/concepts/workloads/controllers/daemonset/)
diff --git a/content/en/docs/tasks/manage-hugepages/scheduling-hugepages.md b/content/en/docs/tasks/manage-hugepages/scheduling-hugepages.md
index 8d4cd4afe6..dd78446381 100644
--- a/content/en/docs/tasks/manage-hugepages/scheduling-hugepages.md
+++ b/content/en/docs/tasks/manage-hugepages/scheduling-hugepages.md
@@ -113,10 +113,4 @@ spec:
- Huge page usage in a namespace is controllable via ResourceQuota similar
to other compute resources like `cpu` or `memory` using the `hugepages-`
token.
-- Support of multiple sizes huge pages is feature gated. It can be
- disabled with the `HugePageStorageMediumSize`
- [feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
- on the {{< glossary_tooltip text="kubelet" term_id="kubelet" >}} and
- {{< glossary_tooltip text="kube-apiserver" term_id="kube-apiserver" >}}
- (`--feature-gates=HugePageStorageMediumSize=false`).
diff --git a/content/en/docs/tasks/manage-kubernetes-objects/kustomization.md b/content/en/docs/tasks/manage-kubernetes-objects/kustomization.md
index 27f3762988..9b16c25167 100644
--- a/content/en/docs/tasks/manage-kubernetes-objects/kustomization.md
+++ b/content/en/docs/tasks/manage-kubernetes-objects/kustomization.md
@@ -180,7 +180,7 @@ spec:
containers:
- name: app
image: my-app
- volumeMount:
+ volumeMounts:
- name: config
mountPath: /config
volumes:
@@ -234,7 +234,7 @@ spec:
containers:
- image: my-app
name: app
- volumeMount:
+ volumeMounts:
- mountPath: /config
name: config
volumes:
@@ -327,7 +327,7 @@ spec:
containers:
- name: app
image: my-app
- volumeMount:
+ volumeMounts:
- name: password
mountPath: /secrets
volumes:
diff --git a/content/en/docs/tasks/network/_index.md b/content/en/docs/tasks/network/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases.md b/content/en/docs/tasks/network/customize-hosts-file-for-pods.md
similarity index 98%
rename from content/en/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases.md
rename to content/en/docs/tasks/network/customize-hosts-file-for-pods.md
index 8eee03bf9b..e396db5d2d 100644
--- a/content/en/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases.md
+++ b/content/en/docs/tasks/network/customize-hosts-file-for-pods.md
@@ -3,7 +3,7 @@ reviewers:
- rickypai
- thockin
title: Adding entries to Pod /etc/hosts with HostAliases
-content_type: concept
+content_type: task
weight: 60
min-kubernetes-server-version: 1.7
---
@@ -16,7 +16,7 @@ Adding entries to a Pod's `/etc/hosts` file provides Pod-level override of hostn
Modification not using HostAliases is not suggested because the file is managed by the kubelet and can be overwritten on during Pod creation/restart.
-
+
## Default hosts file content
diff --git a/content/en/docs/tasks/network/validate-dual-stack.md b/content/en/docs/tasks/network/validate-dual-stack.md
index bc90dea4ea..717bac27ad 100644
--- a/content/en/docs/tasks/network/validate-dual-stack.md
+++ b/content/en/docs/tasks/network/validate-dual-stack.md
@@ -16,7 +16,7 @@ This document shares how to validate IPv4/IPv6 dual-stack enabled Kubernetes clu
* Provider support for dual-stack networking (Cloud provider or otherwise must be able to provide Kubernetes nodes with routable IPv4/IPv6 network interfaces)
-* A [network plugin](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports dual-stack (such as Kubenet or Calico)
+* A [network plugin](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) that supports dual-stack (such as Calico, Cilium or Kubenet)
* [Dual-stack enabled](/docs/concepts/services-networking/dual-stack/) cluster
{{< version-check >}}
diff --git a/content/en/docs/tasks/run-application/_index.md b/content/en/docs/tasks/run-application/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md b/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md
index 84ae1addd2..6328d458fb 100644
--- a/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md
+++ b/content/en/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md
@@ -189,7 +189,7 @@ by making use of the `autoscaling/v2beta2` API version.
First, get the YAML of your HorizontalPodAutoscaler in the `autoscaling/v2beta2` form:
```shell
-kubectl get hpa.v2beta2.autoscaling -o yaml > /tmp/hpa-v2.yaml
+kubectl get hpa php-apache -o yaml > /tmp/hpa-v2.yaml
```
Open the `/tmp/hpa-v2.yaml` file in an editor, and you should see YAML which looks like this:
@@ -397,7 +397,9 @@ section to your HorizontalPodAutoscaler manifest to specify that you need one wo
external:
metric:
name: queue_messages_ready
- selector: "queue=worker_tasks"
+ selector:
+ matchLabels:
+ queue: "worker_tasks"
target:
type: AverageValue
averageValue: 30
diff --git a/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md b/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md
index 5e94027423..27165d0ca7 100644
--- a/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md
+++ b/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md
@@ -68,14 +68,7 @@ or the custom metrics API (for all other metrics).
The HorizontalPodAutoscaler normally fetches metrics from a series of aggregated APIs (`metrics.k8s.io`,
`custom.metrics.k8s.io`, and `external.metrics.k8s.io`). The `metrics.k8s.io` API is usually provided by
-metrics-server, which needs to be launched separately. See
-[metrics-server](/docs/tasks/debug-application-cluster/resource-metrics-pipeline/#metrics-server)
-for instructions. The HorizontalPodAutoscaler can also fetch metrics directly from Heapster.
-
-{{< note >}}
-{{< feature-state state="deprecated" for_k8s_version="v1.11" >}}
-Fetching metrics from Heapster is deprecated as of Kubernetes 1.11.
-{{< /note >}}
+metrics-server, which needs to be launched separately. For more information about resource metrics, see [Metrics Server](/docs/tasks/debug-application-cluster/resource-metrics-pipeline/#metrics-server).
See [Support for metrics APIs](#support-for-metrics-apis) for more details.
@@ -198,14 +191,17 @@ The detailed documentation of `kubectl autoscale` can be found [here](/docs/refe
## Autoscaling during rolling update
-Currently in Kubernetes, it is possible to perform a rolling update by using the deployment object, which manages the underlying replica sets for you.
-Horizontal Pod Autoscaler only supports the latter approach: the Horizontal Pod Autoscaler is bound to the deployment object,
-it sets the size for the deployment object, and the deployment is responsible for setting sizes of underlying replica sets.
+Kubernetes lets you perform a rolling update on a Deployment. In that
+case, the Deployment manages the underlying ReplicaSets for you.
+When you configure autoscaling for a Deployment, you bind a
+HorizontalPodAutoscaler to a single Deployment. The HorizontalPodAutoscaler
+manages the `replicas` field of the Deployment. The deployment controller is responsible
+for setting the `replicas` of the underlying ReplicaSets so that they add up to a suitable
+number during the rollout and also afterwards.
-Horizontal Pod Autoscaler does not work with rolling update using direct manipulation of replication controllers,
-i.e. you cannot bind a Horizontal Pod Autoscaler to a replication controller and do rolling update.
-The reason this doesn't work is that when rolling update creates a new replication controller,
-the Horizontal Pod Autoscaler will not be bound to the new replication controller.
+If you perform a rolling update of a StatefulSet that has an autoscaled number of
+replicas, the StatefulSet directly manages its set of Pods (there is no intermediate resource
+similar to ReplicaSet).
## Support for cooldown/delay
@@ -341,8 +337,6 @@ APIs, cluster administrators must ensure that:
* For external metrics, this is the `external.metrics.k8s.io` API. It may be provided by the custom metrics adapters provided above.
-* The `--horizontal-pod-autoscaler-use-rest-clients` is `true` or unset. Setting this to false switches to Heapster-based autoscaling, which is deprecated.
-
For more information on these different metrics paths and how they differ please see the relevant design proposals for
[the HPA V2](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/autoscaling/hpa-v2.md),
[custom.metrics.k8s.io](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/instrumentation/custom-metrics-api.md)
diff --git a/content/en/docs/tasks/run-application/run-replicated-stateful-application.md b/content/en/docs/tasks/run-application/run-replicated-stateful-application.md
index 22f929c06f..e98830b9e3 100644
--- a/content/en/docs/tasks/run-application/run-replicated-stateful-application.md
+++ b/content/en/docs/tasks/run-application/run-replicated-stateful-application.md
@@ -379,7 +379,7 @@ This might impact other applications on the Node, so it's best to
**only do this in a test cluster**.
```shell
-kubectl drain --force --delete-local-data --ignore-daemonsets
+kubectl drain --force --delete-emptydir-data --ignore-daemonsets
```
Now you can watch as the Pod reschedules on a different Node:
diff --git a/content/en/docs/tasks/service-catalog/_index.md b/content/en/docs/tasks/service-catalog/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tasks/tls/_index.md b/content/en/docs/tasks/tls/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tasks/tls/certificate-rotation.md b/content/en/docs/tasks/tls/certificate-rotation.md
index 5dd9b85714..2db0c1255d 100644
--- a/content/en/docs/tasks/tls/certificate-rotation.md
+++ b/content/en/docs/tasks/tls/certificate-rotation.md
@@ -27,8 +27,8 @@ The kubelet uses certificates for authenticating to the Kubernetes API. By
default, these certificates are issued with one year expiration so that they do
not need to be renewed too frequently.
-Kubernetes 1.8 contains [kubelet certificate
-rotation](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/), a beta feature
+Kubernetes contains [kubelet certificate
+rotation](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/),
that will automatically generate a new key and request a new certificate from
the Kubernetes API as the current certificate approaches expiration. Once the
new certificate is available, it will be used for authenticating connections to
@@ -62,7 +62,7 @@ criteria, it will be auto approved by the controller manager, then it will have
a status of `Approved`. Next, the controller manager will sign a certificate,
issued for the duration specified by the
`--cluster-signing-duration` parameter, and the signed certificate
-will be attached to the certificate signing requests.
+will be attached to the certificate signing request.
The kubelet will retrieve the signed certificate from the Kubernetes API and
write that to disk, in the location specified by `--cert-dir`. Then the kubelet
diff --git a/content/en/docs/tasks/tools/_index.md b/content/en/docs/tasks/tools/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tasks/tools/included/install-kubectl-gcloud.md b/content/en/docs/tasks/tools/included/install-kubectl-gcloud.md
deleted file mode 100644
index dcf8572618..0000000000
--- a/content/en/docs/tasks/tools/included/install-kubectl-gcloud.md
+++ /dev/null
@@ -1,21 +0,0 @@
----
-title: "gcloud kubectl install"
-description: "How to install kubectl with gcloud snippet for inclusion in each OS-specific tab."
-headless: true
----
-
-You can install kubectl as part of the Google Cloud SDK.
-
-1. Install the [Google Cloud SDK](https://cloud.google.com/sdk/).
-
-1. Run the `kubectl` installation command:
-
- ```shell
- gcloud components install kubectl
- ```
-
-1. Test to ensure the version you installed is up-to-date:
-
- ```shell
- kubectl version --client
- ```
\ No newline at end of file
diff --git a/content/en/docs/tasks/tools/included/kubectl-convert-overview.md b/content/en/docs/tasks/tools/included/kubectl-convert-overview.md
new file mode 100644
index 0000000000..b1799d52ea
--- /dev/null
+++ b/content/en/docs/tasks/tools/included/kubectl-convert-overview.md
@@ -0,0 +1,11 @@
+---
+title: "kubectl-convert overview"
+description: >-
+ A kubectl plugin that allows you to convert manifests from one version
+ of a Kubernetes API to a different version.
+headless: true
+---
+
+A plugin for Kubernetes command-line tool `kubectl`, which allows you to convert manifests between different API
+versions. This can be particularly helpful to migrate manifests to a non-deprecated api version with newer Kubernetes release.
+For more info, visit [migrate to non deprecated apis](/docs/reference/using-api/deprecation-guide/#migrate-to-non-deprecated-apis)
\ No newline at end of file
diff --git a/content/en/docs/tasks/tools/install-kubectl-linux.md b/content/en/docs/tasks/tools/install-kubectl-linux.md
index d64ef99b13..efb203f8b9 100644
--- a/content/en/docs/tasks/tools/install-kubectl-linux.md
+++ b/content/en/docs/tasks/tools/install-kubectl-linux.md
@@ -22,7 +22,6 @@ The following methods exist for installing kubectl on Linux:
- [Install kubectl binary with curl on Linux](#install-kubectl-binary-with-curl-on-linux)
- [Install using native package management](#install-using-native-package-management)
- [Install using other package management](#install-using-other-package-management)
-- [Install on Linux as part of the Google Cloud SDK](#install-on-linux-as-part-of-the-google-cloud-sdk)
### Install kubectl binary with curl on Linux
@@ -83,6 +82,7 @@ For example, to download version {{< param "fullversion" >}} on Linux, type:
If you do not have root access on the target system, you can still install kubectl to the `~/.local/bin` directory:
```bash
+ chmod +x kubectl
mkdir -p ~/.local/bin/kubectl
mv ./kubectl ~/.local/bin/kubectl
# and then add ~/.local/bin/kubectl to $PATH
@@ -168,15 +168,11 @@ kubectl version --client
{{< /tabs >}}
-### Install on Linux as part of the Google Cloud SDK
-
-{{< include "included/install-kubectl-gcloud.md" >}}
-
## Verify kubectl configuration
{{< include "included/verify-kubectl.md" >}}
-## Optional kubectl configurations
+## Optional kubectl configurations and plugins
### Enable shell autocompletion
@@ -189,6 +185,61 @@ Below are the procedures to set up autocompletion for Bash and Zsh.
{{< tab name="Zsh" include="included/optional-kubectl-configs-zsh.md" />}}
{{< /tabs >}}
+### Install `kubectl convert` plugin
+
+{{< include "included/kubectl-convert-overview.md" >}}
+
+1. Download the latest release with the command:
+
+ ```bash
+ curl -LO https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl-convert
+ ```
+
+1. Validate the binary (optional)
+
+ Download the kubectl-convert checksum file:
+
+ ```bash
+ curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl-convert.sha256"
+ ```
+
+ Validate the kubectl-convert binary against the checksum file:
+
+ ```bash
+ echo "$(}}
+ Download the same version of the binary and checksum.
+ {{< /note >}}
+
+1. Install kubectl-convert
+
+ ```bash
+ sudo install -o root -g root -m 0755 kubectl-convert /usr/local/bin/kubectl-convert
+ ```
+
+1. Verify plugin is successfully installed
+
+ ```shell
+ kubectl convert --help
+ ```
+
+ If you do not see an error, it means the plugin is successfully installed.
+
## {{% heading "whatsnext" %}}
{{< include "included/kubectl-whats-next.md" >}}
diff --git a/content/en/docs/tasks/tools/install-kubectl-macos.md b/content/en/docs/tasks/tools/install-kubectl-macos.md
index d952359407..b46ab03640 100644
--- a/content/en/docs/tasks/tools/install-kubectl-macos.md
+++ b/content/en/docs/tasks/tools/install-kubectl-macos.md
@@ -22,7 +22,6 @@ The following methods exist for installing kubectl on macOS:
- [Install kubectl binary with curl on macOS](#install-kubectl-binary-with-curl-on-macos)
- [Install with Homebrew on macOS](#install-with-homebrew-on-macos)
- [Install with Macports on macOS](#install-with-macports-on-macos)
-- [Install on macOS as part of the Google Cloud SDK](#install-on-macos-as-part-of-the-google-cloud-sdk)
### Install kubectl binary with curl on macOS
@@ -31,7 +30,6 @@ The following methods exist for installing kubectl on macOS:
{{< tabs name="download_binary_macos" >}}
{{< tab name="Intel" codelang="bash" >}}
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl"
- chmod +x kubectl
{{< /tab >}}
{{< tab name="Apple Silicon" codelang="bash" >}}
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/arm64/kubectl"
@@ -104,6 +102,10 @@ The following methods exist for installing kubectl on macOS:
sudo chown root: /usr/local/bin/kubectl
```
+ {{< note >}}
+ Make sure `/usr/local/bin` is in your PATH environment variable.
+ {{< /note >}}
+
1. Test to ensure the version you installed is up-to-date:
```bash
@@ -149,16 +151,11 @@ If you are on macOS and using [Macports](https://macports.org/) package manager,
kubectl version --client
```
-
-### Install on macOS as part of the Google Cloud SDK
-
-{{< include "included/install-kubectl-gcloud.md" >}}
-
## Verify kubectl configuration
{{< include "included/verify-kubectl.md" >}}
-## Optional kubectl configurations
+## Optional kubectl configurations and plugins
### Enable shell autocompletion
@@ -171,6 +168,82 @@ Below are the procedures to set up autocompletion for Bash and Zsh.
{{< tab name="Zsh" include="included/optional-kubectl-configs-zsh.md" />}}
{{< /tabs >}}
+### Install `kubectl convert` plugin
+
+{{< include "included/kubectl-convert-overview.md" >}}
+
+1. Download the latest release with the command:
+
+ {{< tabs name="download_convert_binary_macos" >}}
+ {{< tab name="Intel" codelang="bash" >}}
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl-convert"
+ {{< /tab >}}
+ {{< tab name="Apple Silicon" codelang="bash" >}}
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/arm64/kubectl-convert"
+ {{< /tab >}}
+ {{< /tabs >}}
+
+1. Validate the binary (optional)
+
+ Download the kubectl-convert checksum file:
+
+ {{< tabs name="download_convert_checksum_macos" >}}
+ {{< tab name="Intel" codelang="bash" >}}
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl-convert.sha256"
+ {{< /tab >}}
+ {{< tab name="Apple Silicon" codelang="bash" >}}
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/arm64/kubectl-convert.sha256"
+ {{< /tab >}}
+ {{< /tabs >}}
+
+ Validate the kubectl-convert binary against the checksum file:
+
+ ```bash
+ echo "$(}}
+ Download the same version of the binary and checksum.
+ {{< /note >}}
+
+1. Make kubectl-convert binary executable
+
+ ```bash
+ chmod +x ./kubectl-convert
+ ```
+
+1. Move the kubectl-convert binary to a file location on your system `PATH`.
+
+ ```bash
+ sudo mv ./kubectl-convert /usr/local/bin/kubectl-convert
+ sudo chown root: /usr/local/bin/kubectl-convert
+ ```
+
+ {{< note >}}
+ Make sure `/usr/local/bin` is in your PATH environment variable.
+ {{< /note >}}
+
+1. Verify plugin is successfully installed
+
+ ```shell
+ kubectl convert --help
+ ```
+
+ If you do not see an error, it means the plugin is successfully installed.
+
## {{% heading "whatsnext" %}}
{{< include "included/kubectl-whats-next.md" >}}
diff --git a/content/en/docs/tasks/tools/install-kubectl-windows.md b/content/en/docs/tasks/tools/install-kubectl-windows.md
index 11f79b6d94..8059fa7a3a 100644
--- a/content/en/docs/tasks/tools/install-kubectl-windows.md
+++ b/content/en/docs/tasks/tools/install-kubectl-windows.md
@@ -21,7 +21,6 @@ The following methods exist for installing kubectl on Windows:
- [Install kubectl binary with curl on Windows](#install-kubectl-binary-with-curl-on-windows)
- [Install on Windows using Chocolatey or Scoop](#install-on-windows-using-chocolatey-or-scoop)
-- [Install on Windows as part of the Google Cloud SDK](#install-on-windows-as-part-of-the-google-cloud-sdk)
### Install kubectl binary with curl on Windows
@@ -31,7 +30,7 @@ The following methods exist for installing kubectl on Windows:
Or if you have `curl` installed, use this command:
```powershell
- curl -LO https://dl.k8s.io/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe
+ curl -LO "https://dl.k8s.io/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe"
```
{{< note >}}
@@ -43,7 +42,7 @@ The following methods exist for installing kubectl on Windows:
Download the kubectl checksum file:
```powershell
- curl -LO https://dl.k8s.io/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe.sha256
+ curl -LO "https://dl.k8s.io/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe.sha256"
```
Validate the kubectl binary against the checksum file:
@@ -127,15 +126,11 @@ If you have installed Docker Desktop before, you may need to place your `PATH` e
Edit the config file with a text editor of your choice, such as Notepad.
{{< /note >}}
-### Install on Windows as part of the Google Cloud SDK
-
-{{< include "included/install-kubectl-gcloud.md" >}}
-
## Verify kubectl configuration
{{< include "included/verify-kubectl.md" >}}
-## Optional kubectl configurations
+## Optional kubectl configurations and plugins
### Enable shell autocompletion
@@ -145,6 +140,49 @@ Below are the procedures to set up autocompletion for Zsh, if you are running th
{{< include "included/optional-kubectl-configs-zsh.md" >}}
+### Install `kubectl convert` plugin
+
+{{< include "included/kubectl-convert-overview.md" >}}
+
+1. Download the latest release with the command:
+
+ ```powershell
+ curl -LO "https://dl.k8s.io/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl-convert.exe"
+ ```
+
+1. Validate the binary (optional)
+
+ Download the kubectl-convert checksum file:
+
+ ```powershell
+ curl -LO "https://dl.k8s.io/{{< param "fullversion" >}}/bin/windows/amd64/kubectl-convert.exe.sha256"
+ ```
+
+ Validate the kubectl-convert binary against the checksum file:
+
+ - Using Command Prompt to manually compare `CertUtil`'s output to the checksum file downloaded:
+
+ ```cmd
+ CertUtil -hashfile kubectl-convert.exe SHA256
+ type kubectl-convert.exe.sha256
+ ```
+
+ - Using PowerShell to automate the verification using the `-eq` operator to get a `True` or `False` result:
+
+ ```powershell
+ $($(CertUtil -hashfile .\kubectl-convert.exe SHA256)[1] -replace " ", "") -eq $(type .\kubectl-convert.exe.sha256)
+ ```
+
+1. Add the binary in to your `PATH`.
+
+1. Verify plugin is successfully installed
+
+ ```shell
+ kubectl convert --help
+ ```
+
+ If you do not see an error, it means the plugin is successfully installed.
+
## {{% heading "whatsnext" %}}
-{{< include "included/kubectl-whats-next.md" >}}
\ No newline at end of file
+{{< include "included/kubectl-whats-next.md" >}}
diff --git a/content/en/docs/test.md b/content/en/docs/test.md
index ae5bb447f1..b9998635e2 100644
--- a/content/en/docs/test.md
+++ b/content/en/docs/test.md
@@ -287,7 +287,7 @@ tables, use HTML instead.
## Visualizations with Mermaid
You can use [Mermaid JS](https://mermaidjs.github.io) visualizations.
-The Mermaid JS version is specified in [/layouts/partials/head.html](https://github.com/kubernetes/website/blob/master/layouts/partials/head.html)
+The Mermaid JS version is specified in [/layouts/partials/head.html](https://github.com/kubernetes/website/blob/main/layouts/partials/head.html)
```
{{}}
diff --git a/content/en/docs/tutorials/_index.md b/content/en/docs/tutorials/_index.md
index acd2a4363f..fdc62e11fb 100644
--- a/content/en/docs/tutorials/_index.md
+++ b/content/en/docs/tutorials/_index.md
@@ -35,7 +35,7 @@ Before walking through each tutorial, you may want to bookmark the
* [Exposing an External IP Address to Access an Application in a Cluster](/docs/tutorials/stateless-application/expose-external-ip-address/)
-* [Example: Deploying PHP Guestbook application with MongoDB](/docs/tutorials/stateless-application/guestbook/)
+* [Example: Deploying PHP Guestbook application with Redis](/docs/tutorials/stateless-application/guestbook/)
## Stateful Applications
@@ -51,6 +51,8 @@ Before walking through each tutorial, you may want to bookmark the
* [AppArmor](/docs/tutorials/clusters/apparmor/)
+* [seccomp](/docs/tutorials/clusters/seccomp/)
+
## Services
* [Using Source IP](/docs/tutorials/services/source-ip/)
diff --git a/content/en/docs/tutorials/clusters/_index.md b/content/en/docs/tutorials/clusters/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tutorials/clusters/apparmor.md b/content/en/docs/tutorials/clusters/apparmor.md
index 32f25ba483..8907768089 100644
--- a/content/en/docs/tutorials/clusters/apparmor.md
+++ b/content/en/docs/tutorials/clusters/apparmor.md
@@ -348,6 +348,11 @@ node with the required profile.
### Restricting profiles with the PodSecurityPolicy
+{{< note >}}
+PodSecurityPolicy is deprecated in Kubernetes v1.21, and will be removed in v1.25.
+See [PodSecurityPolicy documentation](/docs/concepts/policy/pod-security-policy/) for more information.
+{{< /note >}}
+
If the PodSecurityPolicy extension is enabled, cluster-wide AppArmor restrictions can be applied. To
enable the PodSecurityPolicy, the following flag must be set on the `apiserver`:
diff --git a/content/en/docs/tutorials/clusters/seccomp.md b/content/en/docs/tutorials/clusters/seccomp.md
index 971618cf55..029ea97a7d 100644
--- a/content/en/docs/tutorials/clusters/seccomp.md
+++ b/content/en/docs/tutorials/clusters/seccomp.md
@@ -3,9 +3,10 @@ reviewers:
- hasheddan
- pjbgf
- saschagrunert
-title: Restrict a Container's Syscalls with Seccomp
+title: Restrict a Container's Syscalls with seccomp
content_type: tutorial
weight: 20
+min-kubernetes-server-version: v1.22
---
@@ -13,7 +14,7 @@ weight: 20
{{< feature-state for_k8s_version="v1.19" state="stable" >}}
Seccomp stands for secure computing mode and has been a feature of the Linux
-kernel since version 2.6.12. It can be used to sandbox the privileges of a
+kernel since version 2.6.12. It can be used to sandbox the privileges of a
process, restricting the calls it is able to make from userspace into the
kernel. Kubernetes lets you automatically apply seccomp profiles loaded onto a
Node to your Pods and containers.
@@ -35,16 +36,72 @@ profiles that give only the necessary privileges to your container processes.
## {{% heading "prerequisites" %}}
+{{< version-check >}}
+
In order to complete all steps in this tutorial, you must install
[kind](https://kind.sigs.k8s.io/docs/user/quick-start/) and
[kubectl](/docs/tasks/tools/). This tutorial will show examples
-with both alpha (pre-v1.19) and generally available seccomp functionality, so
+both alpha (new in v1.22) and generally available seccomp functionality. You should
make sure that your cluster is [configured
correctly](https://kind.sigs.k8s.io/docs/user/quick-start/#setting-kubernetes-version)
for the version you are using.
+{{< note >}}
+It is not possible to apply a seccomp profile to a container running with
+`privileged: true` set in the container's `securityContext`. Privileged containers always
+run as `Unconfined`.
+{{< /note >}}
+
+## Enable the use of `RuntimeDefault` as the default seccomp profile for all workloads
+
+{{< feature-state state="alpha" for_k8s_version="v1.22" >}}
+
+`SeccompDefault` is an optional kubelet
+[feature gate](/docs/reference/command-line-tools-reference/feature-gates) as
+well as corresponding `--seccomp-default`
+[command line flag](/docs/reference/command-line-tools-reference/kubelet).
+Both have to be enabled simultaneously to use the feature.
+
+If enabled, the kubelet will use the `RuntimeDefault` seccomp profile by default, which is
+defined by the container runtime, instead of using the `Unconfined` (seccomp disabled) mode.
+The default profiles aim to provide a strong set
+of security defaults while preserving the functionality of the workload. It is
+possible that the default profiles differ between container runtimes and their
+release versions, for example when comparing those from CRI-O and containerd.
+
+Some workloads may require a lower amount of syscall restrictions than others.
+This means that they can fail during runtime even with the `RuntimeDefault`
+profile. To mitigate such a failure, you can:
+
+- Run the workload explicitly as `Unconfined`.
+- Disable the `SeccompDefault` feature for the nodes. Also making sure that
+ workloads get scheduled on nodes where the feature is disabled.
+- Create a custom seccomp profile for the workload.
+
+If you were introducing this feature into production-like cluster, the Kubernetes project
+recommends that you enable this feature gate on a subset of your nodes and then
+test workload execution before rolling the change out cluster-wide.
+
+More detailed information about a possible upgrade and downgrade strategy can be
+found in the [related Kubernetes Enhancement Proposal (KEP)](https://github.com/kubernetes/enhancements/tree/a70cc18/keps/sig-node/2413-seccomp-by-default#upgrade--downgrade-strategy).
+
+Since the feature is in alpha state it is disabled per default. To enable it,
+pass the flags `--feature-gates=SeccompDefault=true --seccomp-default` to the
+`kubelet` CLI or enable it via the [kubelet configuration
+file](/docs/tasks/administer-cluster/kubelet-config-file/). To enable the
+feature gate in [kind](https://kind.sigs.k8s.io), ensure that `kind` provides
+the minimum required Kubernetes version and enables the `SeccompDefault` feature
+[in the kind configuration](https://kind.sigs.k8s.io/docs/user/quick-start/#enable-feature-gates-in-your-cluster):
+
+```yaml
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+featureGates:
+ SeccompDefault: true
+```
+
## Create Seccomp Profiles
The contents of these profiles will be explored later on, but for now go ahead
@@ -108,7 +165,7 @@ docker exec -it 6a96207fed4b ls /var/lib/kubelet/seccomp/profiles
audit.json fine-grained.json violation.json
```
-## Create a Pod with a Seccomp profile for syscall auditing
+## Create a Pod with a seccomp profile for syscall auditing
To start off, apply the `audit.json` profile, which will log all syscalls of the
process, to a new Pod.
@@ -208,7 +265,7 @@ kubectl delete pod/audit-pod
kubectl delete svc/audit-pod
```
-## Create Pod with Seccomp Profile that Causes Violation
+## Create Pod with seccomp Profile that Causes Violation
For demonstration, apply a profile to the Pod that does not allow for any
syscalls.
@@ -255,7 +312,7 @@ kubectl delete pod/violation-pod
kubectl delete svc/violation-pod
```
-## Create Pod with Seccomp Profile that Only Allows Necessary Syscalls
+## Create Pod with seccomp Profile that Only Allows Necessary Syscalls
If you take a look at the `fine-pod.json`, you will notice some of the syscalls
seen in the first example where the profile set `"defaultAction":
@@ -339,7 +396,7 @@ kubectl delete pod/fine-pod
kubectl delete svc/fine-pod
```
-## Create Pod that uses the Container Runtime Default Seccomp Profile
+## Create Pod that uses the Container Runtime Default seccomp Profile
Most container runtimes provide a sane set of default syscalls that are allowed
or not. The defaults can easily be applied in Kubernetes by using the
@@ -364,5 +421,5 @@ The default seccomp profile should provide adequate access for most workloads.
Additional resources:
-* [A Seccomp Overview](https://lwn.net/Articles/656307/)
+* [A seccomp Overview](https://lwn.net/Articles/656307/)
* [Seccomp Security Profiles for Docker](https://docs.docker.com/engine/security/seccomp/)
diff --git a/content/en/docs/tutorials/configuration/_index.md b/content/en/docs/tutorials/configuration/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tutorials/configuration/configure-java-microservice/_index.md b/content/en/docs/tutorials/configuration/configure-java-microservice/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tutorials/configuration/configure-redis-using-configmap.md b/content/en/docs/tutorials/configuration/configure-redis-using-configmap.md
index b29b352aca..ec6edb9cc7 100644
--- a/content/en/docs/tutorials/configuration/configure-redis-using-configmap.md
+++ b/content/en/docs/tutorials/configuration/configure-redis-using-configmap.md
@@ -55,7 +55,7 @@ Apply the ConfigMap created above, along with a Redis pod manifest:
```shell
kubectl apply -f example-redis-config.yaml
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/pods/config/redis-pod.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/pods/config/redis-pod.yaml
```
Examine the contents of the Redis pod manifest and note the following:
@@ -206,7 +206,7 @@ values from associated ConfigMaps. Let's delete and recreate the Pod:
```shell
kubectl delete pod redis
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/pods/config/redis-pod.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/pods/config/redis-pod.yaml
```
Now re-check the configuration values one last time:
diff --git a/content/en/docs/tutorials/hello-minikube.md b/content/en/docs/tutorials/hello-minikube.md
index d8ad753958..3911ff2de6 100644
--- a/content/en/docs/tutorials/hello-minikube.md
+++ b/content/en/docs/tutorials/hello-minikube.md
@@ -60,11 +60,17 @@ If you installed minikube locally, run `minikube start`. Before you run `minikub
4. Katacoda environment only: Type `30000`, and then click **Display Port**.
{{< note >}}
-The `dashboard` command enables the dashboard add-on and opens the proxy in the default web browser. You can create Kubernetes resources on the dashboard such as Deployment and Service.
+The `dashboard` command enables the dashboard add-on and opens the proxy in the default web browser.
+You can create Kubernetes resources on the dashboard such as Deployment and Service.
If you are running in an environment as root, see [Open Dashboard with URL](#open-dashboard-with-url).
-To stop the proxy, run `Ctrl+C` to exit the process. The dashboard remains running.
+By default, the dashboard is only accessible from within the internal Kubernetes virtual network.
+The `dashboard` command creates a temporary proxy to make the dashboard accessible from outside the Kubernetes virtual network.
+
+To stop the proxy, run `Ctrl+C` to exit the process.
+After the command exits, the dashboard remains running in Kubernetes cluster.
+You can run the `dashboard` command again to create another proxy to access the dashboard.
{{< /note >}}
## Open Dashboard with URL
@@ -224,7 +230,7 @@ The minikube tool includes a set of built-in {{< glossary_tooltip text="addons"
The output is similar to:
```
- metrics-server was successfully enabled
+ The 'metrics-server' addon is enabled
```
3. View the Pod and Service you created:
diff --git a/content/en/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html b/content/en/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
index ad7b856223..5301c6b7a1 100644
--- a/content/en/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
+++ b/content/en/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
@@ -25,7 +25,8 @@ weight: 20
A Pod always runs on a Node. A Node is a worker machine in Kubernetes and may be either a virtual or a physical machine, depending on the cluster. Each Node is managed by the Master. A Node can have multiple pods, and the Kubernetes master automatically handles scheduling the pods across the Nodes in the cluster. The Master's automatic scheduling takes into account the available resources on each Node.
+
A Pod always runs on a Node. A Node is a worker machine in Kubernetes and may be either a virtual or a physical machine, depending on the cluster. Each Node is managed by the control plane. A Node can have multiple pods, and the Kubernetes control plane automatically handles scheduling the pods across the Nodes in the cluster. The control plane's automatic scheduling takes into account the available resources on each Node.
Every Kubernetes Node runs at least:
-
Kubelet, a process responsible for communication between the Kubernetes Master and the Node; it manages the Pods and the containers running on a machine.
+
Kubelet, a process responsible for communication between the Kubernetes control plane and the Node; it manages the Pods and the containers running on a machine.
A container runtime (like Docker) responsible for pulling the container image from a registry, unpacking the container, and running the application.
ClusterIP (default) - Exposes the Service on an internal IP in the cluster. This type makes the Service only reachable from within the cluster.
NodePort - Exposes the Service on the same port of each selected Node in the cluster using NAT. Makes a Service accessible from outside the cluster using <NodeIP>:<NodePort>. Superset of ClusterIP.
LoadBalancer - Creates an external load balancer in the current cloud (if supported) and assigns a fixed, external IP to the Service. Superset of NodePort.
-
ExternalName - Maps the Service to the contents of the externalName field (e.g. `foo.bar.example.com`), by returning a CNAME record with its value. No proxying of any kind is set up. This type requires v1.7 or higher of kube-dns, or CoreDNS version 0.0.8 or higher.
+
ExternalName - Maps the Service to the contents of the externalName field (e.g. foo.bar.example.com), by returning a CNAME record with its value. No proxying of any kind is set up. This type requires v1.7 or higher of kube-dns, or CoreDNS version 0.0.8 or higher.
Additionally, note that there are some use cases with Services that involve not defining selector in the spec. A Service created without selector will also not create the corresponding Endpoints object. This allows users to manually map a Service to specific endpoints. Another possibility why there may be no selector is you are strictly using type: ExternalName.
@@ -35,3 +36,7 @@ weight: 20
+
+
+
+
diff --git a/content/en/docs/tutorials/services/_index.md b/content/en/docs/tutorials/services/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tutorials/stateful-application/_index.md b/content/en/docs/tutorials/stateful-application/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tutorials/stateful-application/basic-stateful-set.md b/content/en/docs/tutorials/stateful-application/basic-stateful-set.md
index a44c4392ca..760d3df013 100644
--- a/content/en/docs/tutorials/stateful-application/basic-stateful-set.md
+++ b/content/en/docs/tutorials/stateful-application/basic-stateful-set.md
@@ -26,7 +26,7 @@ following Kubernetes concepts:
* [Cluster DNS](/docs/concepts/services-networking/dns-pod-service/)
* [Headless Services](/docs/concepts/services-networking/service/#headless-services)
* [PersistentVolumes](/docs/concepts/storage/persistent-volumes/)
-* [PersistentVolume Provisioning](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/persistent-volume-provisioning/)
+* [PersistentVolume Provisioning](https://github.com/kubernetes/examples/tree/master/staging/persistent-volume-provisioning/)
* [StatefulSets](/docs/concepts/workloads/controllers/statefulset/)
* The [kubectl](/docs/reference/kubectl/kubectl/) command line tool
@@ -845,12 +845,12 @@ kubectl get pods -w -l app=nginx
```
Use [`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands/#delete) to delete the
-StatefulSet. Make sure to supply the `--cascade=false` parameter to the
+StatefulSet. Make sure to supply the `--cascade=orphan` parameter to the
command. This parameter tells Kubernetes to only delete the StatefulSet, and to
not delete any of its Pods.
```shell
-kubectl delete statefulset web --cascade=false
+kubectl delete statefulset web --cascade=orphan
```
```
statefulset.apps "web" deleted
@@ -966,7 +966,7 @@ kubectl get pods -w -l app=nginx
```
In another terminal, delete the StatefulSet again. This time, omit the
-`--cascade=false` parameter.
+`--cascade=orphan` parameter.
```shell
kubectl delete statefulset web
diff --git a/content/en/docs/tutorials/stateful-application/cassandra.md b/content/en/docs/tutorials/stateful-application/cassandra.md
index 5b453f6594..ffbf65286b 100644
--- a/content/en/docs/tutorials/stateful-application/cassandra.md
+++ b/content/en/docs/tutorials/stateful-application/cassandra.md
@@ -50,7 +50,7 @@ To complete this tutorial, you should already have a basic familiarity with
### Additional Minikube setup instructions
{{< caution >}}
-[Minikube](https://minikube.sigs.k8s.io/docs/) defaults to 1024MiB of memory and 1 CPU.
+[Minikube](https://minikube.sigs.k8s.io/docs/) defaults to 2048MB of memory and 2 CPU.
Running Minikube with the default resource configuration results in insufficient resource
errors during this tutorial. To avoid these errors, start Minikube with the following settings:
@@ -266,7 +266,7 @@ to also be deleted. Never assume you'll be able to access data if its volume cla
The Pods in this tutorial use the [`gcr.io/google-samples/cassandra:v13`](https://github.com/kubernetes/examples/blob/master/cassandra/image/Dockerfile)
image from Google's [container registry](https://cloud.google.com/container-registry/docs/).
-The Docker image above is based on [debian-base](https://github.com/kubernetes/kubernetes/tree/master/build/debian-base)
+The Docker image above is based on [debian-base](https://github.com/kubernetes/release/tree/master/images/build/debian-base)
and includes OpenJDK 8.
This image includes a standard Cassandra installation from the Apache Debian repo.
diff --git a/content/en/docs/tutorials/stateful-application/zookeeper.md b/content/en/docs/tutorials/stateful-application/zookeeper.md
index 6d517ef229..3ed1cd454b 100644
--- a/content/en/docs/tutorials/stateful-application/zookeeper.md
+++ b/content/en/docs/tutorials/stateful-application/zookeeper.md
@@ -27,7 +27,7 @@ Kubernetes concepts:
- [Cluster DNS](/docs/concepts/services-networking/dns-pod-service/)
- [Headless Services](/docs/concepts/services-networking/service/#headless-services)
- [PersistentVolumes](/docs/concepts/storage/volumes/)
-- [PersistentVolume Provisioning](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/staging/persistent-volume-provisioning/)
+- [PersistentVolume Provisioning](https://github.com/kubernetes/examples/tree/master/staging/persistent-volume-provisioning/)
- [StatefulSets](/docs/concepts/workloads/controllers/statefulset/)
- [PodDisruptionBudgets](/docs/concepts/workloads/pods/disruptions/#pod-disruption-budget)
- [PodAntiAffinity](/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
@@ -937,7 +937,7 @@ Use [`kubectl drain`](/docs/reference/generated/kubectl/kubectl-commands/#drain)
drain the node on which the `zk-0` Pod is scheduled.
```shell
-kubectl drain $(kubectl get pod zk-0 --template {{.spec.nodeName}}) --ignore-daemonsets --force --delete-local-data
+kubectl drain $(kubectl get pod zk-0 --template {{.spec.nodeName}}) --ignore-daemonsets --force --delete-emptydir-data
```
```
@@ -972,7 +972,7 @@ Keep watching the `StatefulSet`'s Pods in the first terminal and drain the node
`zk-1` is scheduled.
```shell
-kubectl drain $(kubectl get pod zk-1 --template {{.spec.nodeName}}) --ignore-daemonsets --force --delete-local-data "kubernetes-node-ixsl" cordoned
+kubectl drain $(kubectl get pod zk-1 --template {{.spec.nodeName}}) --ignore-daemonsets --force --delete-emptydir-data "kubernetes-node-ixsl" cordoned
```
```
@@ -1015,7 +1015,7 @@ Continue to watch the Pods of the stateful set, and drain the node on which
`zk-2` is scheduled.
```shell
-kubectl drain $(kubectl get pod zk-2 --template {{.spec.nodeName}}) --ignore-daemonsets --force --delete-local-data
+kubectl drain $(kubectl get pod zk-2 --template {{.spec.nodeName}}) --ignore-daemonsets --force --delete-emptydir-data
```
```
@@ -1101,7 +1101,7 @@ zk-1 1/1 Running 0 13m
Attempt to drain the node on which `zk-2` is scheduled.
```shell
-kubectl drain $(kubectl get pod zk-2 --template {{.spec.nodeName}}) --ignore-daemonsets --force --delete-local-data
+kubectl drain $(kubectl get pod zk-2 --template {{.spec.nodeName}}) --ignore-daemonsets --force --delete-emptydir-data
```
The output:
diff --git a/content/en/docs/tutorials/stateless-application/_index.md b/content/en/docs/tutorials/stateless-application/_index.md
old mode 100755
new mode 100644
diff --git a/content/en/docs/tutorials/stateless-application/guestbook.md b/content/en/docs/tutorials/stateless-application/guestbook.md
index d21e60dde8..c31bcbc49e 100644
--- a/content/en/docs/tutorials/stateless-application/guestbook.md
+++ b/content/en/docs/tutorials/stateless-application/guestbook.md
@@ -1,121 +1,207 @@
---
-title: "Example: Deploying PHP Guestbook application with MongoDB"
+title: "Example: Deploying PHP Guestbook application with Redis"
reviewers:
- ahmetb
+- jimangel
content_type: tutorial
weight: 20
card:
name: tutorials
weight: 30
- title: "Stateless Example: PHP Guestbook with MongoDB"
+ title: "Stateless Example: PHP Guestbook with Redis"
min-kubernetes-server-version: v1.14
+source: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
---
-This tutorial shows you how to build and deploy a simple _(not production ready)_, multi-tier web application using Kubernetes and [Docker](https://www.docker.com/). This example consists of the following components:
+This tutorial shows you how to build and deploy a simple _(not production
+ready)_, multi-tier web application using Kubernetes and
+[Docker](https://www.docker.com/). This example consists of the following
+components:
-* A single-instance [MongoDB](https://www.mongodb.com/) to store guestbook entries
+* A single-instance [Redis](https://www.redis.io/) to store guestbook entries
* Multiple web frontend instances
## {{% heading "objectives" %}}
-* Start up a Mongo database.
+* Start up a Redis leader.
+* Start up two Redis followers.
* Start up the guestbook frontend.
* Expose and view the Frontend Service.
* Clean up.
-
## {{% heading "prerequisites" %}}
-
{{< include "task-tutorial-prereqs.md" >}}
{{< version-check >}}
-
-
-## Start up the Mongo Database
+## Start up the Redis Database
-The guestbook application uses MongoDB to store its data.
+The guestbook application uses Redis to store its data.
-### Creating the Mongo Deployment
+### Creating the Redis Deployment
-The manifest file, included below, specifies a Deployment controller that runs a single replica MongoDB Pod.
+The manifest file, included below, specifies a Deployment controller that runs a single replica Redis Pod.
-{{< codenew file="application/guestbook/mongo-deployment.yaml" >}}
+{{< codenew file="application/guestbook/redis-leader-deployment.yaml" >}}
1. Launch a terminal window in the directory you downloaded the manifest files.
-1. Apply the MongoDB Deployment from the `mongo-deployment.yaml` file:
+1. Apply the Redis Deployment from the `redis-leader-deployment.yaml` file:
-
+
- ```shell
- kubectl apply -f https://k8s.io/examples/application/guestbook/mongo-deployment.yaml
- ```
+ ```shell
+ kubectl apply -f https://k8s.io/examples/application/guestbook/redis-leader-deployment.yaml
+ ```
-1. Query the list of Pods to verify that the MongoDB Pod is running:
+1. Query the list of Pods to verify that the Redis Pod is running:
- ```shell
- kubectl get pods
- ```
+ ```shell
+ kubectl get pods
+ ```
- The response should be similar to this:
+ The response should be similar to this:
- ```shell
- NAME READY STATUS RESTARTS AGE
- mongo-5cfd459dd4-lrcjb 1/1 Running 0 28s
- ```
+ ```
+ NAME READY STATUS RESTARTS AGE
+ redis-leader-fb76b4755-xjr2n 1/1 Running 0 13s
+ ```
-1. Run the following command to view the logs from the MongoDB Deployment:
+1. Run the following command to view the logs from the Redis leader Pod:
- ```shell
- kubectl logs -f deployment/mongo
- ```
+ ```shell
+ kubectl logs -f deployment/redis-leader
+ ```
-### Creating the MongoDB Service
+### Creating the Redis leader Service
-The guestbook application needs to communicate to the MongoDB to write its data. You need to apply a [Service](/docs/concepts/services-networking/service/) to proxy the traffic to the MongoDB Pod. A Service defines a policy to access the Pods.
+The guestbook application needs to communicate to the Redis to write its data.
+You need to apply a [Service](/docs/concepts/services-networking/service/) to
+proxy the traffic to the Redis Pod. A Service defines a policy to access the
+Pods.
-{{< codenew file="application/guestbook/mongo-service.yaml" >}}
+{{< codenew file="application/guestbook/redis-leader-service.yaml" >}}
-1. Apply the MongoDB Service from the following `mongo-service.yaml` file:
+1. Apply the Redis Service from the following `redis-leader-service.yaml` file:
-
+
- ```shell
- kubectl apply -f https://k8s.io/examples/application/guestbook/mongo-service.yaml
- ```
+ ```shell
+ kubectl apply -f https://k8s.io/examples/application/guestbook/redis-leader-service.yaml
+ ```
-1. Query the list of Services to verify that the MongoDB Service is running:
+1. Query the list of Services to verify that the Redis Service is running:
- ```shell
- kubectl get service
- ```
+ ```shell
+ kubectl get service
+ ```
- The response should be similar to this:
+ The response should be similar to this:
- ```shell
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- kubernetes ClusterIP 10.0.0.1 443/TCP 1m
- mongo ClusterIP 10.0.0.151 27017/TCP 8s
- ```
+ ```
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ kubernetes ClusterIP 10.0.0.1 443/TCP 1m
+ redis-leader ClusterIP 10.103.78.24 6379/TCP 16s
+ ```
{{< note >}}
-This manifest file creates a Service named `mongo` with a set of labels that match the labels previously defined, so the Service routes network traffic to the MongoDB Pod.
+This manifest file creates a Service named `redis-leader` with a set of labels
+that match the labels previously defined, so the Service routes network
+traffic to the Redis Pod.
{{< /note >}}
+### Set up Redis followers
+
+Although the Redis leader is a single Pod, you can make it highly available
+and meet traffic demands by adding a few Redis followers, or replicas.
+
+{{< codenew file="application/guestbook/redis-follower-deployment.yaml" >}}
+
+1. Apply the Redis Deployment from the following `redis-follower-deployment.yaml` file:
+
+
+
+ ```shell
+ kubectl apply -f https://k8s.io/examples/application/guestbook/redis-follower-deployment.yaml
+ ```
+
+1. Verify that the two Redis follower replicas are running by querying the list of Pods:
+
+ ```shell
+ kubectl get pods
+ ```
+
+ The response should be similar to this:
+
+ ```
+ NAME READY STATUS RESTARTS AGE
+ redis-follower-dddfbdcc9-82sfr 1/1 Running 0 37s
+ redis-follower-dddfbdcc9-qrt5k 1/1 Running 0 38s
+ redis-leader-fb76b4755-xjr2n 1/1 Running 0 11m
+ ```
+
+### Creating the Redis follower service
+
+The guestbook application needs to communicate with the Redis followers to
+read data. To make the Redis followers discoverable, you must set up another
+[Service](/docs/concepts/services-networking/service/).
+
+{{< codenew file="application/guestbook/redis-follower-service.yaml" >}}
+
+1. Apply the Redis Service from the following `redis-follower-service.yaml` file:
+
+
+
+ ```shell
+ kubectl apply -f https://k8s.io/examples/application/guestbook/redis-follower-service.yaml
+ ```
+
+1. Query the list of Services to verify that the Redis Service is running:
+
+ ```shell
+ kubectl get service
+ ```
+
+ The response should be similar to this:
+
+ ```
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ kubernetes ClusterIP 10.96.0.1 443/TCP 3d19h
+ redis-follower ClusterIP 10.110.162.42 6379/TCP 9s
+ redis-leader ClusterIP 10.103.78.24 6379/TCP 6m10s
+ ```
+
+{{< note >}}
+This manifest file creates a Service named `redis-follower` with a set of
+labels that match the labels previously defined, so the Service routes network
+traffic to the Redis Pod.
+{{< /note >}}
## Set up and Expose the Guestbook Frontend
-The guestbook application has a web frontend serving the HTTP requests written in PHP. It is configured to connect to the `mongo` Service to store Guestbook entries.
+Now that you have the Redis storage of your guestbook up and running, start
+the guestbook web servers. Like the Redis followers, the frontend is deployed
+using a Kubernetes Deployment.
+
+The guestbook app uses a PHP frontend. It is configured to communicate with
+either the Redis follower or leader Services, depending on whether the request
+is a read or a write. The frontend exposes a JSON interface, and serves a
+jQuery-Ajax-based UX.
### Creating the Guestbook Frontend Deployment
@@ -123,190 +209,210 @@ The guestbook application has a web frontend serving the HTTP requests written i
1. Apply the frontend Deployment from the `frontend-deployment.yaml` file:
-
+
- ```shell
- kubectl apply -f https://k8s.io/examples/application/guestbook/frontend-deployment.yaml
- ```
+ ```shell
+ kubectl apply -f https://k8s.io/examples/application/guestbook/frontend-deployment.yaml
+ ```
1. Query the list of Pods to verify that the three frontend replicas are running:
- ```shell
- kubectl get pods -l app.kubernetes.io/name=guestbook -l app.kubernetes.io/component=frontend
- ```
+ ```shell
+ kubectl get pods -l app=guestbook -l tier=frontend
+ ```
- The response should be similar to this:
+ The response should be similar to this:
- ```
- NAME READY STATUS RESTARTS AGE
- frontend-3823415956-dsvc5 1/1 Running 0 54s
- frontend-3823415956-k22zn 1/1 Running 0 54s
- frontend-3823415956-w9gbt 1/1 Running 0 54s
- ```
+ ```
+ NAME READY STATUS RESTARTS AGE
+ frontend-85595f5bf9-5tqhb 1/1 Running 0 47s
+ frontend-85595f5bf9-qbzwm 1/1 Running 0 47s
+ frontend-85595f5bf9-zchwc 1/1 Running 0 47s
+ ```
### Creating the Frontend Service
-The `mongo` Services you applied is only accessible within the Kubernetes cluster because the default type for a Service is [ClusterIP](/docs/concepts/services-networking/service/#publishing-services-service-types). `ClusterIP` provides a single IP address for the set of Pods the Service is pointing to. This IP address is accessible only within the cluster.
+The `Redis` Services you applied is only accessible within the Kubernetes
+cluster because the default type for a Service is
+[ClusterIP](/docs/concepts/services-networking/service/#publishing-services-service-types).
+`ClusterIP` provides a single IP address for the set of Pods the Service is
+pointing to. This IP address is accessible only within the cluster.
-If you want guests to be able to access your guestbook, you must configure the frontend Service to be externally visible, so a client can request the Service from outside the Kubernetes cluster. However a Kubernetes user you can use `kubectl port-forward` to access the service even though it uses a `ClusterIP`.
+If you want guests to be able to access your guestbook, you must configure the
+frontend Service to be externally visible, so a client can request the Service
+from outside the Kubernetes cluster. However a Kubernetes user you can use
+`kubectl port-forward` to access the service even though it uses a
+`ClusterIP`.
{{< note >}}
-Some cloud providers, like Google Compute Engine or Google Kubernetes Engine, support external load balancers. If your cloud provider supports load balancers and you want to use it, uncomment `type: LoadBalancer`.
+Some cloud providers, like Google Compute Engine or Google Kubernetes Engine,
+support external load balancers. If your cloud provider supports load
+balancers and you want to use it, uncomment `type: LoadBalancer`.
{{< /note >}}
{{< codenew file="application/guestbook/frontend-service.yaml" >}}
1. Apply the frontend Service from the `frontend-service.yaml` file:
-
+
- ```shell
- kubectl apply -f https://k8s.io/examples/application/guestbook/frontend-service.yaml
- ```
+ ```shell
+ kubectl apply -f https://k8s.io/examples/application/guestbook/frontend-service.yaml
+ ```
1. Query the list of Services to verify that the frontend Service is running:
- ```shell
- kubectl get services
- ```
+ ```shell
+ kubectl get services
+ ```
- The response should be similar to this:
+ The response should be similar to this:
- ```
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- frontend ClusterIP 10.0.0.112 80/TCP 6s
- kubernetes ClusterIP 10.0.0.1 443/TCP 4m
- mongo ClusterIP 10.0.0.151 6379/TCP 2m
- ```
+ ```
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ frontend ClusterIP 10.97.28.230 80/TCP 19s
+ kubernetes ClusterIP 10.96.0.1 443/TCP 3d19h
+ redis-follower ClusterIP 10.110.162.42 6379/TCP 5m48s
+ redis-leader ClusterIP 10.103.78.24 6379/TCP 11m
+ ```
### Viewing the Frontend Service via `kubectl port-forward`
1. Run the following command to forward port `8080` on your local machine to port `80` on the service.
- ```shell
- kubectl port-forward svc/frontend 8080:80
- ```
+ ```shell
+ kubectl port-forward svc/frontend 8080:80
+ ```
- The response should be similar to this:
+ The response should be similar to this:
- ```
- Forwarding from 127.0.0.1:8080 -> 80
- Forwarding from [::1]:8080 -> 80
- ```
+ ```
+ Forwarding from 127.0.0.1:8080 -> 80
+ Forwarding from [::1]:8080 -> 80
+ ```
1. load the page [http://localhost:8080](http://localhost:8080) in your browser to view your guestbook.
### Viewing the Frontend Service via `LoadBalancer`
-If you deployed the `frontend-service.yaml` manifest with type: `LoadBalancer` you need to find the IP address to view your Guestbook.
+If you deployed the `frontend-service.yaml` manifest with type: `LoadBalancer`
+you need to find the IP address to view your Guestbook.
1. Run the following command to get the IP address for the frontend Service.
- ```shell
- kubectl get service frontend
- ```
+ ```shell
+ kubectl get service frontend
+ ```
- The response should be similar to this:
+ The response should be similar to this:
- ```
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- frontend LoadBalancer 10.51.242.136 109.197.92.229 80:32372/TCP 1m
- ```
+ ```
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ frontend LoadBalancer 10.51.242.136 109.197.92.229 80:32372/TCP 1m
+ ```
1. Copy the external IP address, and load the page in your browser to view your guestbook.
+{{< note >}}
+Try adding some guestbook entries by typing in a message, and clicking Submit.
+The message you typed appears in the frontend. This message indicates that
+data is successfully added to Redis through the Services you created earlier.
+{{< /note >}}
+
## Scale the Web Frontend
-You can scale up or down as needed because your servers are defined as a Service that uses a Deployment controller.
+You can scale up or down as needed because your servers are defined as a
+Service that uses a Deployment controller.
1. Run the following command to scale up the number of frontend Pods:
- ```shell
- kubectl scale deployment frontend --replicas=5
- ```
+ ```shell
+ kubectl scale deployment frontend --replicas=5
+ ```
1. Query the list of Pods to verify the number of frontend Pods running:
- ```shell
- kubectl get pods
- ```
+ ```shell
+ kubectl get pods
+ ```
- The response should look similar to this:
+ The response should look similar to this:
- ```
- NAME READY STATUS RESTARTS AGE
- frontend-3823415956-70qj5 1/1 Running 0 5s
- frontend-3823415956-dsvc5 1/1 Running 0 54m
- frontend-3823415956-k22zn 1/1 Running 0 54m
- frontend-3823415956-w9gbt 1/1 Running 0 54m
- frontend-3823415956-x2pld 1/1 Running 0 5s
- mongo-1068406935-3lswp 1/1 Running 0 56m
- ```
+ ```
+ NAME READY STATUS RESTARTS AGE
+ frontend-85595f5bf9-5df5m 1/1 Running 0 83s
+ frontend-85595f5bf9-7zmg5 1/1 Running 0 83s
+ frontend-85595f5bf9-cpskg 1/1 Running 0 15m
+ frontend-85595f5bf9-l2l54 1/1 Running 0 14m
+ frontend-85595f5bf9-l9c8z 1/1 Running 0 14m
+ redis-follower-dddfbdcc9-82sfr 1/1 Running 0 97m
+ redis-follower-dddfbdcc9-qrt5k 1/1 Running 0 97m
+ redis-leader-fb76b4755-xjr2n 1/1 Running 0 108m
+ ```
1. Run the following command to scale down the number of frontend Pods:
- ```shell
- kubectl scale deployment frontend --replicas=2
- ```
+ ```shell
+ kubectl scale deployment frontend --replicas=2
+ ```
1. Query the list of Pods to verify the number of frontend Pods running:
- ```shell
- kubectl get pods
- ```
-
- The response should look similar to this:
-
- ```
- NAME READY STATUS RESTARTS AGE
- frontend-3823415956-k22zn 1/1 Running 0 1h
- frontend-3823415956-w9gbt 1/1 Running 0 1h
- mongo-1068406935-3lswp 1/1 Running 0 1h
- ```
+ ```shell
+ kubectl get pods
+ ```
+ The response should look similar to this:
+ ```
+ NAME READY STATUS RESTARTS AGE
+ frontend-85595f5bf9-cpskg 1/1 Running 0 16m
+ frontend-85595f5bf9-l9c8z 1/1 Running 0 15m
+ redis-follower-dddfbdcc9-82sfr 1/1 Running 0 98m
+ redis-follower-dddfbdcc9-qrt5k 1/1 Running 0 98m
+ redis-leader-fb76b4755-xjr2n 1/1 Running 0 109m
+ ```
## {{% heading "cleanup" %}}
-Deleting the Deployments and Services also deletes any running Pods. Use labels to delete multiple resources with one command.
+Deleting the Deployments and Services also deletes any running Pods. Use
+labels to delete multiple resources with one command.
1. Run the following commands to delete all Pods, Deployments, and Services.
- ```shell
- kubectl delete deployment -l app.kubernetes.io/name=mongo
- kubectl delete service -l app.kubernetes.io/name=mongo
- kubectl delete deployment -l app.kubernetes.io/name=guestbook
- kubectl delete service -l app.kubernetes.io/name=guestbook
- ```
+ ```shell
+ kubectl delete deployment -l app=redis
+ kubectl delete service -l app=redis
+ kubectl delete deployment frontend
+ kubectl delete service frontend
+ ```
- The responses should be:
+ The response should look similar to this:
- ```
- deployment.apps "mongo" deleted
- service "mongo" deleted
- deployment.apps "frontend" deleted
- service "frontend" deleted
- ```
+ ```
+ deployment.apps "redis-follower" deleted
+ deployment.apps "redis-leader" deleted
+ deployment.apps "frontend" deleted
+ service "frontend" deleted
+ ```
1. Query the list of Pods to verify that no Pods are running:
- ```shell
- kubectl get pods
- ```
-
- The response should be this:
-
- ```
- No resources found.
- ```
+ ```shell
+ kubectl get pods
+ ```
+ The response should look similar to this:
+ ```
+ No resources found in default namespace.
+ ```
## {{% heading "whatsnext" %}}
diff --git a/content/en/examples/access/endpoints-aggregated.yaml b/content/en/examples/access/endpoints-aggregated.yaml
new file mode 100644
index 0000000000..41cd12164a
--- /dev/null
+++ b/content/en/examples/access/endpoints-aggregated.yaml
@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ annotations:
+ kubernetes.io/description: |-
+ Add endpoints write permissions to the edit and admin roles. This was
+ removed by default in 1.22 because of CVE-2021-25740. See
+ https://issue.k8s.io/103675. This can allow writers to direct LoadBalancer
+ or Ingress implementations to expose backend IPs that would not otherwise
+ be accessible, and can circumvent network policies or security controls
+ intended to prevent/isolate access to those backends.
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ name: custom:aggregate-to-edit:endpoints # you can change this if you wish
+rules:
+ - apiGroups: [""]
+ resources: ["endpoints"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
diff --git a/content/en/examples/application/guestbook/frontend-deployment.yaml b/content/en/examples/application/guestbook/frontend-deployment.yaml
index 613c654aa9..f97f20dab6 100644
--- a/content/en/examples/application/guestbook/frontend-deployment.yaml
+++ b/content/en/examples/application/guestbook/frontend-deployment.yaml
@@ -1,32 +1,29 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
- labels:
- app.kubernetes.io/name: guestbook
- app.kubernetes.io/component: frontend
spec:
+ replicas: 3
selector:
matchLabels:
- app.kubernetes.io/name: guestbook
- app.kubernetes.io/component: frontend
- replicas: 3
+ app: guestbook
+ tier: frontend
template:
metadata:
labels:
- app.kubernetes.io/name: guestbook
- app.kubernetes.io/component: frontend
+ app: guestbook
+ tier: frontend
spec:
containers:
- - name: guestbook
- image: paulczar/gb-frontend:v5
- # image: gcr.io/google-samples/gb-frontend:v4
+ - name: php-redis
+ image: gcr.io/google_samples/gb-frontend:v5
+ env:
+ - name: GET_HOSTS_FROM
+ value: "dns"
resources:
requests:
cpu: 100m
memory: 100Mi
- env:
- - name: GET_HOSTS_FROM
- value: dns
ports:
- - containerPort: 80
+ - containerPort: 80
\ No newline at end of file
diff --git a/content/en/examples/application/guestbook/frontend-service.yaml b/content/en/examples/application/guestbook/frontend-service.yaml
index 34ad3771d7..410c6bbaf2 100644
--- a/content/en/examples/application/guestbook/frontend-service.yaml
+++ b/content/en/examples/application/guestbook/frontend-service.yaml
@@ -1,16 +1,19 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
apiVersion: v1
kind: Service
metadata:
name: frontend
labels:
- app.kubernetes.io/name: guestbook
- app.kubernetes.io/component: frontend
+ app: guestbook
+ tier: frontend
spec:
# if your cluster supports it, uncomment the following to automatically create
# an external load-balanced IP for the frontend service.
# type: LoadBalancer
+ #type: LoadBalancer
ports:
+ # the port that this service should serve on
- port: 80
selector:
- app.kubernetes.io/name: guestbook
- app.kubernetes.io/component: frontend
+ app: guestbook
+ tier: frontend
\ No newline at end of file
diff --git a/content/en/examples/application/guestbook/redis-follower-deployment.yaml b/content/en/examples/application/guestbook/redis-follower-deployment.yaml
new file mode 100644
index 0000000000..c418cf7364
--- /dev/null
+++ b/content/en/examples/application/guestbook/redis-follower-deployment.yaml
@@ -0,0 +1,30 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: redis-follower
+ labels:
+ app: redis
+ role: follower
+ tier: backend
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app: redis
+ template:
+ metadata:
+ labels:
+ app: redis
+ role: follower
+ tier: backend
+ spec:
+ containers:
+ - name: follower
+ image: gcr.io/google_samples/gb-redis-follower:v2
+ resources:
+ requests:
+ cpu: 100m
+ memory: 100Mi
+ ports:
+ - containerPort: 6379
\ No newline at end of file
diff --git a/content/en/examples/application/guestbook/redis-follower-service.yaml b/content/en/examples/application/guestbook/redis-follower-service.yaml
new file mode 100644
index 0000000000..53283d35c4
--- /dev/null
+++ b/content/en/examples/application/guestbook/redis-follower-service.yaml
@@ -0,0 +1,17 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: v1
+kind: Service
+metadata:
+ name: redis-follower
+ labels:
+ app: redis
+ role: follower
+ tier: backend
+spec:
+ ports:
+ # the port that this service should serve on
+ - port: 6379
+ selector:
+ app: redis
+ role: follower
+ tier: backend
\ No newline at end of file
diff --git a/content/en/examples/application/guestbook/redis-leader-deployment.yaml b/content/en/examples/application/guestbook/redis-leader-deployment.yaml
new file mode 100644
index 0000000000..9c7547291c
--- /dev/null
+++ b/content/en/examples/application/guestbook/redis-leader-deployment.yaml
@@ -0,0 +1,30 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: redis-leader
+ labels:
+ app: redis
+ role: leader
+ tier: backend
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: redis
+ template:
+ metadata:
+ labels:
+ app: redis
+ role: leader
+ tier: backend
+ spec:
+ containers:
+ - name: leader
+ image: "docker.io/redis:6.0.5"
+ resources:
+ requests:
+ cpu: 100m
+ memory: 100Mi
+ ports:
+ - containerPort: 6379
\ No newline at end of file
diff --git a/content/en/examples/application/guestbook/redis-leader-service.yaml b/content/en/examples/application/guestbook/redis-leader-service.yaml
new file mode 100644
index 0000000000..e04cc183d0
--- /dev/null
+++ b/content/en/examples/application/guestbook/redis-leader-service.yaml
@@ -0,0 +1,17 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: v1
+kind: Service
+metadata:
+ name: redis-leader
+ labels:
+ app: redis
+ role: leader
+ tier: backend
+spec:
+ ports:
+ - port: 6379
+ targetPort: 6379
+ selector:
+ app: redis
+ role: leader
+ tier: backend
\ No newline at end of file
diff --git a/content/en/examples/application/guestbook/mongo-deployment.yaml b/content/en/examples/application/mongodb/mongo-deployment.yaml
similarity index 100%
rename from content/en/examples/application/guestbook/mongo-deployment.yaml
rename to content/en/examples/application/mongodb/mongo-deployment.yaml
diff --git a/content/en/examples/application/guestbook/mongo-service.yaml b/content/en/examples/application/mongodb/mongo-service.yaml
similarity index 100%
rename from content/en/examples/application/guestbook/mongo-service.yaml
rename to content/en/examples/application/mongodb/mongo-service.yaml
diff --git a/content/en/examples/examples_test.go b/content/en/examples/examples_test.go
index 982ddbd693..a31d01b130 100644
--- a/content/en/examples/examples_test.go
+++ b/content/en/examples/examples_test.go
@@ -149,8 +149,19 @@ func getCodecForObject(obj runtime.Object) (runtime.Codec, error) {
func validateObject(obj runtime.Object) (errors field.ErrorList) {
podValidationOptions := validation.PodValidationOptions{
- AllowMultipleHugePageResources: true,
- AllowDownwardAPIHugePages: true,
+ AllowDownwardAPIHugePages: true,
+ AllowInvalidPodDeletionCost: false,
+ AllowIndivisibleHugePagesValues: true,
+ AllowWindowsHostProcessField: true,
+ AllowExpandedDNSConfig: true,
+ }
+
+ quotaValidationOptions := validation.ResourceQuotaValidationOptions{
+ AllowPodAffinityNamespaceSelector: true,
+ }
+
+ pspValidationOptions := policy_validation.PodSecurityPolicyValidationOptions{
+ AllowEphemeralVolumeType: true,
}
// Enable CustomPodDNS for testing
@@ -174,20 +185,23 @@ func validateObject(obj runtime.Object) (errors field.ErrorList) {
case *api.Namespace:
errors = validation.ValidateNamespace(t)
case *api.PersistentVolume:
- errors = validation.ValidatePersistentVolume(t)
+ opts := validation.PersistentVolumeSpecValidationOptions{
+ AllowReadWriteOncePod: true,
+ }
+ errors = validation.ValidatePersistentVolume(t, opts)
case *api.PersistentVolumeClaim:
if t.Namespace == "" {
t.Namespace = api.NamespaceDefault
}
- errors = validation.ValidatePersistentVolumeClaim(t)
+ opts := validation.PersistentVolumeClaimSpecValidationOptions{
+ AllowReadWriteOncePod: true,
+ }
+ errors = validation.ValidatePersistentVolumeClaim(t, opts)
case *api.Pod:
if t.Namespace == "" {
t.Namespace = api.NamespaceDefault
}
- opts := validation.PodValidationOptions{
- AllowMultipleHugePageResources: true,
- }
- errors = validation.ValidatePodCreate(t, opts)
+ errors = validation.ValidatePodCreate(t, podValidationOptions)
case *api.PodList:
for i := range t.Items {
errors = append(errors, validateObject(&t.Items[i])...)
@@ -210,7 +224,7 @@ func validateObject(obj runtime.Object) (errors field.ErrorList) {
if t.Namespace == "" {
t.Namespace = api.NamespaceDefault
}
- errors = validation.ValidateResourceQuota(t)
+ errors = validation.ValidateResourceQuota(t, quotaValidationOptions)
case *api.Secret:
if t.Namespace == "" {
t.Namespace = api.NamespaceDefault
@@ -238,7 +252,7 @@ func validateObject(obj runtime.Object) (errors field.ErrorList) {
if t.Namespace == "" {
t.Namespace = api.NamespaceDefault
}
- errors = apps_validation.ValidateStatefulSet(t)
+ errors = apps_validation.ValidateStatefulSet(t, podValidationOptions)
case *autoscaling.HorizontalPodAutoscaler:
if t.Namespace == "" {
t.Namespace = api.NamespaceDefault
@@ -287,7 +301,7 @@ func validateObject(obj runtime.Object) (errors field.ErrorList) {
errors = networking_validation.ValidateIngressClass(t)
case *policy.PodSecurityPolicy:
- errors = policy_validation.ValidatePodSecurityPolicy(t)
+ errors = policy_validation.ValidatePodSecurityPolicy(t, pspValidationOptions)
case *apps.ReplicaSet:
if t.Namespace == "" {
t.Namespace = api.NamespaceDefault
@@ -462,12 +476,12 @@ func TestExampleObjectSchemas(t *testing.T) {
"cassandra-statefulset": {&apps.StatefulSet{}, &storage.StorageClass{}},
},
"application/guestbook": {
- "frontend-deployment": {&apps.Deployment{}},
- "frontend-service": {&api.Service{}},
- "redis-master-deployment": {&apps.Deployment{}},
- "redis-master-service": {&api.Service{}},
- "redis-slave-deployment": {&apps.Deployment{}},
- "redis-slave-service": {&api.Service{}},
+ "frontend-deployment": {&apps.Deployment{}},
+ "frontend-service": {&api.Service{}},
+ "redis-follower-deployment": {&apps.Deployment{}},
+ "redis-follower-service": {&api.Service{}},
+ "redis-leader-deployment": {&apps.Deployment{}},
+ "redis-leader-service": {&api.Service{}},
},
"application/hpa": {
"php-apache": {&autoscaling.HorizontalPodAutoscaler{}},
@@ -477,8 +491,10 @@ func TestExampleObjectSchemas(t *testing.T) {
"nginx-svc": {&api.Service{}},
},
"application/job": {
- "cronjob": {&batch.CronJob{}},
- "job-tmpl": {&batch.Job{}},
+ "cronjob": {&batch.CronJob{}},
+ "job-tmpl": {&batch.Job{}},
+ "indexed-job": {&batch.Job{}},
+ "indexed-job-vol": {&batch.Job{}},
},
"application/job/rabbitmq": {
"job": {&batch.Job{}},
@@ -557,7 +573,8 @@ func TestExampleObjectSchemas(t *testing.T) {
"two-container-pod": {&api.Pod{}},
},
"pods/config": {
- "redis-pod": {&api.Pod{}},
+ "redis-pod": {&api.Pod{}},
+ "example-redis-config": {&api.ConfigMap{}},
},
"pods/inject": {
"dapi-envars-container": {&api.Pod{}},
@@ -610,10 +627,11 @@ func TestExampleObjectSchemas(t *testing.T) {
"redis": {&api.Pod{}},
},
"policy": {
- "baseline-psp": {&policy.PodSecurityPolicy{}},
- "example-psp": {&policy.PodSecurityPolicy{}},
- "privileged-psp": {&policy.PodSecurityPolicy{}},
- "restricted-psp": {&policy.PodSecurityPolicy{}},
+ "baseline-psp": {&policy.PodSecurityPolicy{}},
+ "example-psp": {&policy.PodSecurityPolicy{}},
+ "priority-class-resourcequota": {&api.ResourceQuota{}},
+ "privileged-psp": {&policy.PodSecurityPolicy{}},
+ "restricted-psp": {&policy.PodSecurityPolicy{}},
"zookeeper-pod-disruption-budget-maxunavailable": {&policy.PodDisruptionBudget{}},
"zookeeper-pod-disruption-budget-minavailable": {&policy.PodDisruptionBudget{}},
},
@@ -645,6 +663,7 @@ func TestExampleObjectSchemas(t *testing.T) {
"minimal-ingress": {&networking.Ingress{}},
"name-virtual-host-ingress": {&networking.Ingress{}},
"name-virtual-host-ingress-no-third-host": {&networking.Ingress{}},
+ "namespaced-params": {&networking.IngressClass{}},
"network-policy-allow-all-egress": {&networking.NetworkPolicy{}},
"network-policy-allow-all-ingress": {&networking.NetworkPolicy{}},
"network-policy-default-deny-egress": {&networking.NetworkPolicy{}},
diff --git a/content/en/examples/policy/baseline-psp.yaml b/content/en/examples/policy/baseline-psp.yaml
index 36e440588b..57258bf313 100644
--- a/content/en/examples/policy/baseline-psp.yaml
+++ b/content/en/examples/policy/baseline-psp.yaml
@@ -6,20 +6,16 @@ metadata:
# Optional: Allow the default AppArmor profile, requires setting the default.
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
- # Optional: Allow the default seccomp profile, requires setting the default.
- seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default,unconfined'
- seccomp.security.alpha.kubernetes.io/defaultProfileName: 'unconfined'
+ seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
spec:
privileged: false
- # The moby default capability set, defined here:
- # https://github.com/moby/moby/blob/0a5cec2833f82a6ad797d70acbf9cbbaf8956017/oci/caps/defaults.go#L6-L19
+ # The moby default capability set, minus NET_RAW
allowedCapabilities:
- 'CHOWN'
- 'DAC_OVERRIDE'
- 'FSETID'
- 'FOWNER'
- 'MKNOD'
- - 'NET_RAW'
- 'SETGID'
- 'SETUID'
- 'SETFCAP'
@@ -36,15 +32,16 @@ spec:
- 'projected'
- 'secret'
- 'downwardAPI'
- # Assume that persistentVolumes set up by the cluster admin are safe to use.
+ # Assume that ephemeral CSI drivers & persistentVolumes set up by the cluster admin are safe to use.
+ - 'csi'
- 'persistentVolumeClaim'
+ - 'ephemeral'
# Allow all other non-hostpath volume types.
- 'awsElasticBlockStore'
- 'azureDisk'
- 'azureFile'
- 'cephFS'
- 'cinder'
- - 'csi'
- 'fc'
- 'flexVolume'
- 'flocker'
@@ -67,6 +64,9 @@ spec:
runAsUser:
rule: 'RunAsAny'
seLinux:
+ # This policy assumes the nodes are using AppArmor rather than SELinux.
+ # The PSP SELinux API cannot express the SELinux Pod Security Standards,
+ # so if using SELinux, you must choose a more restrictive default.
rule: 'RunAsAny'
supplementalGroups:
rule: 'RunAsAny'
diff --git a/content/en/examples/policy/restricted-psp.yaml b/content/en/examples/policy/restricted-psp.yaml
index 4db57688b1..0837c5a3ce 100644
--- a/content/en/examples/policy/restricted-psp.yaml
+++ b/content/en/examples/policy/restricted-psp.yaml
@@ -5,14 +5,11 @@ metadata:
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
- seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
spec:
privileged: false
# Required to prevent escalations to root.
allowPrivilegeEscalation: false
- # This is redundant with non-root + disallow privilege escalation,
- # but we can provide it for defense in depth.
requiredDropCapabilities:
- ALL
# Allow core volume types.
@@ -22,8 +19,10 @@ spec:
- 'projected'
- 'secret'
- 'downwardAPI'
- # Assume that persistentVolumes set up by the cluster admin are safe to use.
+ # Assume that ephemeral CSI drivers & persistentVolumes set up by the cluster admin are safe to use.
+ - 'csi'
- 'persistentVolumeClaim'
+ - 'ephemeral'
hostNetwork: false
hostIPC: false
hostPID: false
diff --git a/content/en/examples/security/podsecurity-baseline.yaml b/content/en/examples/security/podsecurity-baseline.yaml
new file mode 100644
index 0000000000..6251af5d2f
--- /dev/null
+++ b/content/en/examples/security/podsecurity-baseline.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: my-baseline-namespace
+ labels:
+ pod-security.kubernetes.io/enforce: baseline
+ pod-security.kubernetes.io/enforce-version: latest
+ pod-security.kubernetes.io/warn: baseline
+ pod-security.kubernetes.io/warn-version: latest
\ No newline at end of file
diff --git a/content/en/examples/security/podsecurity-privileged.yaml b/content/en/examples/security/podsecurity-privileged.yaml
new file mode 100644
index 0000000000..12471cce28
--- /dev/null
+++ b/content/en/examples/security/podsecurity-privileged.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: my-privileged-namespace
+ labels:
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/enforce-version: latest
\ No newline at end of file
diff --git a/content/en/examples/security/podsecurity-restricted.yaml b/content/en/examples/security/podsecurity-restricted.yaml
new file mode 100644
index 0000000000..8b9c30886d
--- /dev/null
+++ b/content/en/examples/security/podsecurity-restricted.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: my-restricted-namespace
+ labels:
+ pod-security.kubernetes.io/enforce: restricted
+ pod-security.kubernetes.io/enforce-version: latest
+ pod-security.kubernetes.io/warn: restricted
+ pod-security.kubernetes.io/warn-version: latest
\ No newline at end of file
diff --git a/content/en/releases/patch-releases.md b/content/en/releases/patch-releases.md
index adc51c5ac2..c7597e332f 100644
--- a/content/en/releases/patch-releases.md
+++ b/content/en/releases/patch-releases.md
@@ -59,7 +59,7 @@ Towards the end of the twelve month, the following will happen:
During the two-month maintenance mode period, Release Managers may cut
additional maintenance releases to resolve:
-- CVEs (under the advisement of the Product Security Committee)
+- CVEs (under the advisement of the Security Response Committee)
- dependency issues (including base image updates)
- critical core component issues
@@ -76,25 +76,39 @@ Timelines may vary with the severity of bug fixes, but for easier planning we
will target the following monthly release points. Unplanned, critical
releases may also occur in between these.
-| Monthly Patch Release | Target date |
-| --------------------- | ----------- |
-| June 2021 | 2021-06-16 |
-| July 2021 | 2021-07-14 |
-| August 2021 | 2021-08-11 |
-| September 2021 | 2021-09-15 |
+| Monthly Patch Release | Cherry Pick Deadline | Target date |
+| --------------------- | -------------------- | ----------- |
+| September 2021 | 2021-09-10 | 2021-09-15 |
+| October 2021 | 2021-10-15 | 2021-10-20 |
+| November 2021 | 2021-11-12 | 2021-11-17 |
+| December 2021 | 2021-12-10 | 2021-12-15 |
## Detailed Release History for Active Branches
+### 1.22
+
+**1.22** enters maintenance mode on **2022-08-28**
+
+End of Life for **1.22** is **2022-10-28**
+
+| PATCH RELEASE | CHERRY PICK DEADLINE | TARGET DATE | NOTE |
+|---------------|----------------------|-------------|------|
+| 1.22.2 | 2021-09-10 | 2021-09-15 | |
+| 1.22.1 | 2021-08-16 | 2021-08-19 | |
+
### 1.21
**1.21** enters maintenance mode on **2022-04-28**
End of Life for **1.21** is **2022-06-28**
-| PATCH RELEASE | CHERRY PICK DEADLINE | TARGET DATE |
-| ------------- | -------------------- | ----------- |
-| 1.21.2 | 2021-06-12 | 2021-06-16 |
-| 1.21.1 | 2021-05-07 | 2021-05-12 |
+| PATCH RELEASE | CHERRY PICK DEADLINE | TARGET DATE | NOTE |
+| ------------- | -------------------- | ----------- | ---------------------------------------------------------------------- |
+| 1.21.5 | 2021-09-10 | 2021-09-15 | |
+| 1.21.4 | 2021-08-07 | 2021-08-11 | |
+| 1.21.3 | 2021-07-10 | 2021-07-14 | |
+| 1.21.2 | 2021-06-12 | 2021-06-16 | |
+| 1.21.1 | 2021-05-07 | 2021-05-12 | [Regression](https://groups.google.com/g/kubernetes-dev/c/KuF8s2zueFs) |
### 1.20
@@ -102,16 +116,19 @@ End of Life for **1.21** is **2022-06-28**
End of Life for **1.20** is **2022-02-28**
-| PATCH RELEASE | CHERRY PICK DEADLINE | TARGET DATE |
-| ------------- | ----------------------------------------------------------------------------------- | ----------- |
-| 1.20.8 | 2021-06-12 | 2021-06-16 |
-| 1.20.7 | 2021-05-07 | 2021-05-12 |
-| 1.20.6 | 2021-04-09 | 2021-04-14 |
-| 1.20.5 | 2021-03-12 | 2021-03-17 |
-| 1.20.4 | 2021-02-12 | 2021-02-18 |
-| 1.20.3 | [Conformance Tests Issue](https://groups.google.com/g/kubernetes-dev/c/oUpY9vWgzJo) | 2021-02-17 |
-| 1.20.2 | 2021-01-08 | 2021-01-13 |
-| 1.20.1 | [Tagging Issue](https://groups.google.com/g/kubernetes-dev/c/dNH2yknlCBA) | 2020-12-18 |
+| PATCH RELEASE | CHERRY PICK DEADLINE | TARGET DATE | NOTE |
+| ------------- | -------------------- | ----------- | ----------------------------------------------------------------------------------- |
+| 1.20.11 | 2021-09-10 | 2021-09-15 | |
+| 1.20.10 | 2021-08-07 | 2021-08-11 | |
+| 1.20.9 | 2021-07-10 | 2021-07-14 | |
+| 1.20.8 | 2021-06-12 | 2021-06-16 | |
+| 1.20.7 | 2021-05-07 | 2021-05-12 | [Regression](https://groups.google.com/g/kubernetes-dev/c/KuF8s2zueFs) |
+| 1.20.6 | 2021-04-09 | 2021-04-14 | |
+| 1.20.5 | 2021-03-12 | 2021-03-17 | |
+| 1.20.4 | 2021-02-12 | 2021-02-18 | |
+| 1.20.3 | 2021-02-12 | 2021-02-17 | [Conformance Tests Issue](https://groups.google.com/g/kubernetes-dev/c/oUpY9vWgzJo) |
+| 1.20.2 | 2021-01-08 | 2021-01-13 | |
+| 1.20.1 | 2020-12-11 | 2020-12-18 | [Tagging Issue](https://groups.google.com/g/kubernetes-dev/c/dNH2yknlCBA) |
### 1.19
@@ -119,46 +136,50 @@ End of Life for **1.20** is **2022-02-28**
End of Life for **1.19** is **2021-10-28**
-| PATCH RELEASE | CHERRY PICK DEADLINE | TARGET DATE |
-| ------------- | ------------------------------------------------------------------------- | ----------- |
-| 1.19.12 | 2021-06-12 | 2021-06-16 |
-| 1.19.11 | 2021-05-07 | 2021-05-12 |
-| 1.19.10 | 2021-04-09 | 2021-04-14 |
-| 1.19.9 | 2021-03-12 | 2021-03-17 |
-| 1.19.8 | 2021-02-12 | 2021-02-17 |
-| 1.19.7 | 2021-01-08 | 2021-01-13 |
-| 1.19.6 | [Tagging Issue](https://groups.google.com/g/kubernetes-dev/c/dNH2yknlCBA) | 2020-12-18 |
-| 1.19.5 | 2020-12-04 | 2020-12-09 |
-| 1.19.4 | 2020-11-06 | 2020-11-11 |
-| 1.19.3 | 2020-10-09 | 2020-10-14 |
-| 1.19.2 | 2020-09-11 | 2020-09-16 |
-| 1.19.1 | 2020-09-04 | 2020-09-09 |
+| PATCH RELEASE | CHERRY PICK DEADLINE | TARGET DATE | NOTE |
+| ------------- | -------------------- | ----------- | ------------------------------------------------------------------------- |
+| 1.19.15 | 2021-09-10 | 2021-09-15 | |
+| 1.19.14 | 2021-08-07 | 2021-08-11 | |
+| 1.19.13 | 2021-07-10 | 2021-07-14 | |
+| 1.19.12 | 2021-06-12 | 2021-06-16 | |
+| 1.19.11 | 2021-05-07 | 2021-05-12 | [Regression](https://groups.google.com/g/kubernetes-dev/c/KuF8s2zueFs) |
+| 1.19.10 | 2021-04-09 | 2021-04-14 | |
+| 1.19.9 | 2021-03-12 | 2021-03-17 | |
+| 1.19.8 | 2021-02-12 | 2021-02-17 | |
+| 1.19.7 | 2021-01-08 | 2021-01-13 | |
+| 1.19.6 | 2020-12-11 | 2020-12-18 | [Tagging Issue](https://groups.google.com/g/kubernetes-dev/c/dNH2yknlCBA) |
+| 1.19.5 | 2020-12-04 | 2020-12-09 | |
+| 1.19.4 | 2020-11-06 | 2020-11-11 | |
+| 1.19.3 | 2020-10-09 | 2020-10-14 | |
+| 1.19.2 | 2020-09-11 | 2020-09-16 | |
+| 1.19.1 | 2020-09-04 | 2020-09-09 | |
## Non-Active Branch History
These releases are no longer supported.
-| Minor Version | Final Patch Release | EOL date |
-| ------------- | ------------------- | ---------- |
-| 1.18 | 1.18.19 | 2021-05-12 |
-| 1.17 | 1.17.17 | 2021-01-13 |
-| 1.16 | 1.16.15 | 2020-09-02 |
-| 1.15 | 1.15.12 | 2020-05-06 |
-| 1.14 | 1.14.10 | 2019-12-11 |
-| 1.13 | 1.13.12 | 2019-10-15 |
-| 1.12 | 1.12.10 | 2019-07-08 |
-| 1.11 | 1.11.10 | 2019-05-01 |
-| 1.10 | 1.10.13 | 2019-02-13 |
-| 1.9 | 1.9.11 | 2018-09-29 |
-| 1.8 | 1.8.15 | 2018-07-12 |
-| 1.7 | 1.7.16 | 2018-04-04 |
-| 1.6 | 1.6.13 | 2017-11-23 |
-| 1.5 | 1.5.8 | 2017-10-01 |
-| 1.4 | 1.4.12 | 2017-04-21 |
-| 1.3 | 1.3.10 | 2016-11-01 |
-| 1.2 | 1.2.7 | 2016-10-23 |
+| MINOR VERSION | FINAL PATCH RELEASE | EOL DATE | NOTE |
+| ------------- | ------------------- | ---------- | ---------------------------------------------------------------------- |
+| 1.18 | 1.18.20 | 2021-06-18 | Created to resolve regression introduced in 1.18.19 |
+| 1.18 | 1.18.19 | 2021-05-12 | [Regression](https://groups.google.com/g/kubernetes-dev/c/KuF8s2zueFs) |
+| 1.17 | 1.17.17 | 2021-01-13 | |
+| 1.16 | 1.16.15 | 2020-09-02 | |
+| 1.15 | 1.15.12 | 2020-05-06 | |
+| 1.14 | 1.14.10 | 2019-12-11 | |
+| 1.13 | 1.13.12 | 2019-10-15 | |
+| 1.12 | 1.12.10 | 2019-07-08 | |
+| 1.11 | 1.11.10 | 2019-05-01 | |
+| 1.10 | 1.10.13 | 2019-02-13 | |
+| 1.9 | 1.9.11 | 2018-09-29 | |
+| 1.8 | 1.8.15 | 2018-07-12 | |
+| 1.7 | 1.7.16 | 2018-04-04 | |
+| 1.6 | 1.6.13 | 2017-11-23 | |
+| 1.5 | 1.5.8 | 2017-10-01 | |
+| 1.4 | 1.4.12 | 2017-04-21 | |
+| 1.3 | 1.3.10 | 2016-11-01 | |
+| 1.2 | 1.2.7 | 2016-10-23 | |
[cherry-picks]: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-release/cherry-picks.md
-[release-managers]: /release-managers.md
-[release process description]: /release.md
+[release-managers]: /releases/release-managers
+[release process description]: /releases/release
[yearly-support]: https://git.k8s.io/enhancements/keps/sig-release/1498-kubernetes-yearly-support-period/README.md
diff --git a/content/en/releases/release-managers.md b/content/en/releases/release-managers.md
index e8b895def6..0b68ca0b87 100644
--- a/content/en/releases/release-managers.md
+++ b/content/en/releases/release-managers.md
@@ -10,6 +10,7 @@ and building/packaging Kubernetes.
The responsibilities of each role are described below.
- [Contact](#contact)
+ - [Security Embargo Policy](#security-embargo-policy)
- [Handbooks](#handbooks)
- [Release Managers](#release-managers)
- [Becoming a Release Manager](#becoming-a-release-manager)
@@ -26,7 +27,11 @@ The responsibilities of each role are described below.
| --- | --- | --- | --- | --- |
| [release-managers@kubernetes.io](mailto:release-managers@kubernetes.io) | [#release-management](https://kubernetes.slack.com/messages/CJH2GBF7Y) (channel) / @release-managers (user group) | Public | Public discussion for Release Managers | All Release Managers (including Associates, Build Admins, and SIG Chairs) |
| [release-managers-private@kubernetes.io](mailto:release-managers-private@kubernetes.io) | N/A | Private | Private discussion for privileged Release Managers | Release Managers, SIG Release leadership |
-| [security-release-team@kubernetes.io](mailto:security-release-team@kubernetes.io) | [#security-release-team](https://kubernetes.slack.com/archives/G0162T1RYHG) (channel) / @security-rel-team (user group) | Private | Security release coordination with the Product Security Committee | [security-discuss-private@kubernetes.io](mailto:security-discuss-private@kubernetes.io), [release-managers-private@kubernetes.io](mailto:release-managers-private@kubernetes.io) |
+| [security-release-team@kubernetes.io](mailto:security-release-team@kubernetes.io) | [#security-release-team](https://kubernetes.slack.com/archives/G0162T1RYHG) (channel) / @security-rel-team (user group) | Private | Security release coordination with the Security Response Committee | [security-discuss-private@kubernetes.io](mailto:security-discuss-private@kubernetes.io), [release-managers-private@kubernetes.io](mailto:release-managers-private@kubernetes.io) |
+
+### Security Embargo Policy
+
+Some information about releases is subject to embargo and we have defined policy about how those embargos are set. Please refer [Security Embargo Policy](https://github.com/kubernetes/security/blob/master/private-distributors-list.md#embargo-policy) here for more information.
## Handbooks
@@ -74,7 +79,7 @@ Release Managers are responsible for:
answering questions and suggesting appropriate work for them to do
This team at times works in close conjunction with the
-[Product Security Committee][psc] and therefore should abide by the guidelines
+[Security Response Committee][src] and therefore should abide by the guidelines
set forth in the [Security Release Process][security-release-process].
GitHub Access Controls: [@kubernetes/release-managers](https://github.com/orgs/kubernetes/teams/release-managers)
@@ -192,6 +197,8 @@ GitHub team: [@kubernetes/sig-release-leads](https://github.com/orgs/kubernetes/
### Technical Leads
+- Adolfo García Veytia ([@puerco](https://github.com/puerco))
+- Carlos Panato ([@cpanato](https://github.com/cpanato))
- Daniel Mangum ([@hasheddan](https://github.com/hasheddan))
- Jeremy Rickard ([@jeremyrickard](https://github.com/jeremyrickard))
@@ -208,6 +215,6 @@ Example: [1.15 Release Team](https://git.k8s.io/sig-release/releases/release-1.1
[handbook-patch-release]: https://git.k8s.io/sig-release/release-engineering/role-handbooks/patch-release-team.md
[k-sig-release-releases]: https://git.k8s.io/sig-release/releases
[patches]: /patch-releases.md
-[psc]: https://git.k8s.io/community/committee-product-security/README.md
+[src]: https://git.k8s.io/community/committee-product-security/README.md
[release-team]: https://git.k8s.io/sig-release/release-team/README.md
[security-release-process]: https://git.k8s.io/security/security-release-process.md
diff --git a/content/es/docs/concepts/architecture/_index.md b/content/es/docs/concepts/architecture/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/concepts/cluster-administration/_index.md b/content/es/docs/concepts/cluster-administration/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/concepts/configuration/_index.md b/content/es/docs/concepts/configuration/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/concepts/containers/_index.md b/content/es/docs/concepts/containers/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/concepts/overview/_index.md b/content/es/docs/concepts/overview/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/concepts/overview/object-management-kubectl/_index.md b/content/es/docs/concepts/overview/object-management-kubectl/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/concepts/overview/working-with-objects/_index.md b/content/es/docs/concepts/overview/working-with-objects/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/concepts/policy/_index.md b/content/es/docs/concepts/policy/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/concepts/services-networking/_index.md b/content/es/docs/concepts/services-networking/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/concepts/storage/_index.md b/content/es/docs/concepts/storage/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/concepts/storage/volume-snapshot-classes.md b/content/es/docs/concepts/storage/volume-snapshot-classes.md
new file mode 100644
index 0000000000..497b256e67
--- /dev/null
+++ b/content/es/docs/concepts/storage/volume-snapshot-classes.md
@@ -0,0 +1,69 @@
+---
+reviewers:
+- edithturn
+- raelga
+title: Volume Snapshot Classes
+content_type: concept
+weight: 30
+---
+
+
+
+Este documento describe el concepto de VolumeSnapshotClass en Kubernetes. Se sugiere estar familiarizado
+con [Volume Snapshots](/docs/concepts/storage/volume-snapshots/) y
+[Storage Classes](/docs/concepts/storage/storage-classes).
+
+
+
+
+## Introducción
+
+Al igual que StorageClass proporciona a los administradores una forma de describir las “clases”
+de almacenamiento que ofrecen al aprovisionar un volumen, VolumeSnapshotClass proporciona una
+forma de describir las “clases” de almacenamiento al aprovisionar un Snapshot de volumen.
+
+## El Recurso VolumeSnapshotClass
+
+Cada VolumeSnapshotClass contiene los campos `driver`, `deletionPolicy`, y `parameters`,
+que se utilizan cuando un VolumeSnapshot que pertenece a la clase, necesita aprovisionarse dinámicamente.
+
+El nombre de un objeto VolumeSnapshotClass es significativo y es la forma en que los usuarios pueden solicitar una clase en particular. Los administradores establecen el nombre y parámetros de una clase cuando crean por primera vez objetos VolumeSnapshotClass; una vez creados los objetos no pueden ser actualizados.
+
+```yaml
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+ name: csi-hostpath-snapclass
+driver: hostpath.csi.k8s.io
+deletionPolicy: Delete
+parameters:
+```
+
+Los administradores pueden especificar un VolumeSnapshotClass predeterminado para VolumeSnapshots que no solicitan ninguna clase en particular. Para definir la clase predeterminada agregue la anotación: `snapshot.storage.kubernetes.io/is-default-class: "true"`.
+
+```yaml
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+ name: csi-hostpath-snapclass
+ annotations:
+ snapshot.storage.kubernetes.io/is-default-class: "true"
+driver: hostpath.csi.k8s.io
+deletionPolicy: Delete
+parameters:
+```
+
+### Driver
+
+Las clases de Snapshot de volumen tienen un controlador que determina que complemento de volumen CSI se utiliza para aprovisionar VolumeSnapshots. Este campo debe especificarse.
+
+### DeletionPolicy
+
+Las clases de Snapshot de volumen tienen un deletionPolicy. Permite configurar lo que sucede con un VolumeSnapshotContent cuando se va a eliminar el objeto VolumeSnapshot al que está vinculado. La deletionPolicy de una clase de Snapshot de volumen puede `Retain` o `Delete`. Este campo debe ser especificado.
+
+Si la deletionPolicy es `Delete`, el Snapshot de almacenamiento subyacente se eliminará junto con el objeto VolumeSnapshotContent. Si deletionPolicy es `Retain`, tanto el Snapshot subyacente como VolumeSnapshotContent permanecerán.
+
+### Parameters
+
+Las clases de Snapshot de volumen tienen parámetros que describen los Snapshots de volumen que pertenecen a la clase de Snapshot de volumen. Se pueden aceptar diferentes parámetros dependiendo del `driver`.
+
diff --git a/content/es/docs/concepts/workloads/controllers/_index.md b/content/es/docs/concepts/workloads/controllers/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/concepts/workloads/controllers/deployment.md b/content/es/docs/concepts/workloads/controllers/deployment.md
index 17a42882a0..9fc506ae01 100644
--- a/content/es/docs/concepts/workloads/controllers/deployment.md
+++ b/content/es/docs/concepts/workloads/controllers/deployment.md
@@ -84,16 +84,14 @@ Esto es útil para futuras introspecciones, por ejemplo para comprobar qué coma
A continuación, ejecuta el comando `kubectl get deployments`. La salida debe ser parecida a la siguiente:
```shell
-NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
-nginx-deployment 3 0 0 0 1s
+NAME READY UP-TO-DATE AVAILABLE AGE
+nginx-deployment 3/3 3 3 1s
```
Cuando inspeccionas los Deployments de tu clúster, se muestran los siguientes campos:
* `NAME` enumera los nombre de los Deployments del clúster.
-* `DESIRED` muestra el número deseado de _réplicas_ de la aplicación, que se define
- cuando se crea el Deployment. Esto se conoce como el _estado deseado_.
-* `CURRENT` muestra cuántas réplicas se están ejecutando actualment.
+* `READY` muestra cuántas réplicas de la aplicación están disponibles para sus usuarios. Sigue el patrón número de réplicas `listas/deseadas`.
* `UP-TO-DATE` muestra el número de réplicas que se ha actualizado para alcanzar el estado deseado.
* `AVAILABLE` muestra cuántas réplicas de la aplicación están disponibles para los usuarios.
* `AGE` muestra la cantidad de tiempo que la aplicación lleva ejecutándose.
@@ -105,6 +103,20 @@ Nótese cómo los valores de cada campo corresponden a los valores de la especif
* El número de réplicas actualizadas es 0 de acuerdo con el campo `.status.updatedReplicas`.
* El número de réplicas disponibles es 0 de acuerdo con el campo `.status.availableReplicas`.
+Si deseamos obtener más información del Deployment utilice el parámetro '-o wide', ejecutando el comando 'kubectl get deployments -o wide'. La salida será parecida a la siguiente:
+
+```shell
+NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
+nginx-deployment 3/3 3 3 10s nginx nginx:1.7.9 app=nginx
+```
+
+Ejecutando el comando anterior se muestran los siguientes campos adicionales:
+
+* `CONTAINERS` muestra los nombres de los contenedores declarados en `.spec.template.spec.containers.[name]`.
+* `IMAGES` muestra los nombres de las imágenes declaradas en `.spec.template.spec.containers.[image]`.
+* 'SELECTOR' muestra el Label selector que se declaró en matchLabels o matchExpressions.
+
+
Para ver el estado del Deployment, ejecuta el comando `kubectl rollout status deployment.v1.apps/nginx-deployment`. Este comando devuelve el siguiente resultado:
```shell
@@ -115,8 +127,8 @@ deployment "nginx-deployment" successfully rolled out
Ejecuta de nuevo el comando `kubectl get deployments` unos segundos más tarde:
```shell
-NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
-nginx-deployment 3 3 3 3 18s
+NAME READY UP-TO-DATE AVAILABLE AGE
+nginx-deployment 3/3 3 3 18s
```
Fíjate que el Deployment ha creado todas las tres réplicas, y que todas las réplicas están actualizadas (contienen
@@ -204,8 +216,8 @@ Cuando el despliegue funciona, puede que quieras `obtener` el Deployment:
kubectl get deployments
```
```
-NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
-nginx-deployment 3 3 3 3 36s
+NAME READY UP-TO-DATE AVAILABLE AGE
+nginx-deployment 3/3 3 3 36s
```
El número de réplicas actualizadas indica que el Deployment ha actualizado las réplicas según la última configuración.
@@ -241,7 +253,7 @@ La próxima vez que quieras actualizar estos Pods, sólo necesitas actualizar la
El Deployment permite garantizar que sólo un número determinado de Pods puede eliminarse mientras se están actualizando.
Por defecto, garantiza que al menos el 25% menos del número deseado de Pods se está ejecutando (máx. 25% no disponible).
-El Deployment tmabién permite garantizar que sólo un número determinado de Pods puede crearse por encima del número deseado de
+El Deployment también permite garantizar que sólo un número determinado de Pods puede crearse por encima del número deseado de
Pods. Por defecto, garantiza que al menos el 25% más del número deseado de Pods se está ejecutando (máx. 25% de aumento).
Por ejemplo, si miras detenidamente el Deployment de arriba, verás que primero creó un Pod,
@@ -515,8 +527,8 @@ al retroceder a la revisión 2.
kubectl get deployment nginx-deployment
```
```
-NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
-nginx-deployment 3 3 3 3 30m
+NAME READY UP-TO-DATE AVAILABLE AGE
+nginx-deployment 3/3 3 3 30m
```
```shell
@@ -601,8 +613,8 @@ Por ejemplo, imagina que estás ejecutando un Deployment con 10 réplicas, donde
kubectl get deploy
```
```
-NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
-nginx-deployment 10 10 10 10 50s
+NAME READY UP-TO-DATE AVAILABLE AGE
+nginx-deployment 10/10 10 10 50s
```
Si actualizas a una nueva imagen que no puede descargarse desde el clúster:
@@ -641,8 +653,8 @@ réplicas arranquen positivamente.
kubectl get deploy
```
```
-NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
-nginx-deployment 15 18 7 8 7m
+NAME READY UP-TO-DATE AVAILABLE AGE
+nginx-deployment 18/15 7 8 7m
```
```shell
@@ -665,8 +677,8 @@ Por ejemplo, con un Deployment que acaba de crearse:
kubectl get deploy
```
```
-NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
-nginx 3 3 3 3 1m
+NAME READY UP-TO-DATE AVAILABLE AGE
+nginx-deployment 3/3 3 3 1m
```
```shell
kubectl get rs
@@ -1106,5 +1118,3 @@ no generará nuevos despliegues mientras esté pausado. Un Deployment se pausa d
[`kubectl rolling update`](/docs/reference/generated/kubectl/kubectl-commands#rolling-update) actualiza los Pods y los ReplicationControllers
de forma similar. Pero se recomienda el uso de Deployments porque se declaran del lado del servidor, y proporcionan características adicionales
como la posibilidad de retroceder a revisiones anteriores incluso después de haber terminado una actualización continua.
-
-
diff --git a/content/es/docs/concepts/workloads/pods/_index.md b/content/es/docs/concepts/workloads/pods/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/getting-started-guides/_index.md b/content/es/docs/getting-started-guides/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/getting-started-guides/fedora/_index.md b/content/es/docs/getting-started-guides/fedora/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/application-architect.md b/content/es/docs/reference/glossary/application-architect.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/application-developer.md b/content/es/docs/reference/glossary/application-developer.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/certificate.md b/content/es/docs/reference/glossary/certificate.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/cluster.md b/content/es/docs/reference/glossary/cluster.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/container-runtime.md b/content/es/docs/reference/glossary/container-runtime.md
index 597ceaf25c..fd3328e799 100644
--- a/content/es/docs/reference/glossary/container-runtime.md
+++ b/content/es/docs/reference/glossary/container-runtime.md
@@ -2,7 +2,7 @@
title: Container Runtime
id: container-runtime
date: 2019-06-05
-full_link: /es/docs/reference/generated/container-runtime
+full_link: /docs/setup/production-environment/container-runtimes
short_description: >
El _Container Runtime_, entorno de ejecución de un contenedor, es el software responsable de ejecutar contenedores.
diff --git a/content/es/docs/reference/glossary/controller.md b/content/es/docs/reference/glossary/controller.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/docker.md b/content/es/docs/reference/glossary/docker.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/etcd.md b/content/es/docs/reference/glossary/etcd.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/image.md b/content/es/docs/reference/glossary/image.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/index.md b/content/es/docs/reference/glossary/index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/job.md b/content/es/docs/reference/glossary/job.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/kops.md b/content/es/docs/reference/glossary/kops.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/kube-apiserver.md b/content/es/docs/reference/glossary/kube-apiserver.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/kube-controller-manager.md b/content/es/docs/reference/glossary/kube-controller-manager.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/kube-proxy.md b/content/es/docs/reference/glossary/kube-proxy.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/kube-scheduler.md b/content/es/docs/reference/glossary/kube-scheduler.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/kubeadm.md b/content/es/docs/reference/glossary/kubeadm.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/kubectl.md b/content/es/docs/reference/glossary/kubectl.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/kubelet.md b/content/es/docs/reference/glossary/kubelet.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/label.md b/content/es/docs/reference/glossary/label.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/limitrange.md b/content/es/docs/reference/glossary/limitrange.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/minikube.md b/content/es/docs/reference/glossary/minikube.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/namespace.md b/content/es/docs/reference/glossary/namespace.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/node.md b/content/es/docs/reference/glossary/node.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/persistent-volume-claim.md b/content/es/docs/reference/glossary/persistent-volume-claim.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/pod.md b/content/es/docs/reference/glossary/pod.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/replica-set.md b/content/es/docs/reference/glossary/replica-set.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/secret.md b/content/es/docs/reference/glossary/secret.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/selector.md b/content/es/docs/reference/glossary/selector.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/sysctl.md b/content/es/docs/reference/glossary/sysctl.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/glossary/volume.md b/content/es/docs/reference/glossary/volume.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/kubectl/_index.md b/content/es/docs/reference/kubectl/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/reference/setup-tools/kubeadm/_index.md b/content/es/docs/reference/setup-tools/kubeadm/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/setup/independent/_index.md b/content/es/docs/setup/independent/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/setup/release/_index.md b/content/es/docs/setup/release/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tasks/access-application-cluster/_index.md b/content/es/docs/tasks/access-application-cluster/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tasks/access-kubernetes-api/_index.md b/content/es/docs/tasks/access-kubernetes-api/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tasks/access-kubernetes-api/custom-resources/_index.md b/content/es/docs/tasks/access-kubernetes-api/custom-resources/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tasks/administer-cluster/_index.md b/content/es/docs/tasks/administer-cluster/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tasks/administer-cluster/kubeadm/_index.md b/content/es/docs/tasks/administer-cluster/kubeadm/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tasks/configure-pod-container/_index.md b/content/es/docs/tasks/configure-pod-container/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tasks/debug-application-cluster/logging-stackdriver.md b/content/es/docs/tasks/debug-application-cluster/logging-stackdriver.md
deleted file mode 100644
index 3a247b5e88..0000000000
--- a/content/es/docs/tasks/debug-application-cluster/logging-stackdriver.md
+++ /dev/null
@@ -1,366 +0,0 @@
----
-title: Escribiendo Logs con Stackdriver
-content_type: concept
----
-
-
-
-Antes de seguir leyendo esta página, deberías familiarizarte con el
-[resumen de escritura de logs en Kubernetes](/docs/concepts/cluster-administration/logging).
-
-{{< note >}}
-Por defecto, Stackdriver recolecta toda la salida estándar de tus contenedores, así
-como el flujo de la salida de error. Para recolectar cualquier log tu aplicación escribe en un archivo (por ejemplo),
-ver la [estrategia de sidecar](/docs/concepts/cluster-administration/logging#sidecar-container-with-a-logging-agent)
-en el resumen de escritura de logs en Kubernetes.
-{{< /note >}}
-
-
-
-
-
-
-## Despliegue
-
-Para ingerir logs, debes desplegar el agente de Stackdriver Logging en cada uno de los nodos de tu clúster.
-Dicho agente configura una instancia de `fluentd`, donde la configuración se guarda en un `ConfigMap`
-y las instancias se gestionan a través de un `DaemonSet` de Kubernetes. El despliegue actual del
-`ConfigMap` y el `DaemonSet` dentro de tu clúster depende de tu configuración individual del clúster.
-
-### Desplegar en un nuevo clúster
-
-#### Google Kubernetes Engine
-
-Stackdriver es la solución por defecto de escritura de logs para aquellos clústeres desplegados en Google Kubernetes Engine.
-Stackdriver Logging se despliega por defecto en cada clúster a no ser que se le indique de forma explícita no hacerlo.
-
-#### Otras plataformas
-
-Para desplegar Stackdriver Logging en un *nuevo* clúster que estés creando con
-`kube-up.sh`, haz lo siguiente:
-
-1. Configura la variable de entorno `KUBE_LOGGING_DESTINATION` con el valor `gcp`.
-1. **Si no estás trabajando en GCE**, incluye `beta.kubernetes.io/fluentd-ds-ready=true`
-en la variable `KUBE_NODE_LABELS`.
-
-Una vez que tu clúster ha arrancado, cada nodo debería ejecutar un agente de Stackdriver Logging.
-Los `DaemonSet` y `ConfigMap` se configuran como extras. Si no estás usando `kube-up.sh`,
-considera la posibilidad de arrancar un clúster sin una solución pre-determinada de escritura de logs
-y entonces desplegar los agentes de Stackdriver Logging una vez el clúster esté ejecutándose.
-
-{{< warning >}}
-El proceso de Stackdriver Logging reporta problemas conocidos en plataformas distintas
-a Google Kubernetes Engine. Úsalo bajo tu propio riesgo.
-{{< /warning >}}
-
-### Desplegar a un clúster existente
-
-1. Aplica una etiqueta en cada nodo, si no estaba presente ya.
-
- El despliegue del agente de Stackdriver Logging utiliza etiquetas de nodo para
- determinar en qué nodos debería desplegarse. Estas etiquetas fueron introducidas
- para distinguir entre nodos de Kubernetes de la versión 1.6 o superior.
- Si el clúster se creó con Stackdriver Logging configurado y el nodo tiene la
- versión 1.5.X o inferior, ejecutará fluentd como un pod estático. Puesto que un nodo
- no puede tener más de una instancia de fluentd, aplica únicamente las etiquetas
- a los nodos que no tienen un pod de fluentd ya desplegado. Puedes confirmar si tu nodo
- ha sido etiquetado correctamente ejecutando `kubectl describe` de la siguiente manera:
-
- ```
- kubectl describe node $NODE_NAME
- ```
-
- La salida debería ser similar a la siguiente:
-
- ```
- Name: NODE_NAME
- Role:
- Labels: beta.kubernetes.io/fluentd-ds-ready=true
- ...
- ```
-
- Asegúrate que la salida contiene la etiqueta `beta.kubernetes.io/fluentd-ds-ready=true`.
- Si no está presente, puedes añadirla usando el comando `kubectl label` como se indica:
-
- ```
- kubectl label node $NODE_NAME beta.kubernetes.io/fluentd-ds-ready=true
- ```
-
- {{< note >}}
- Si un nodo falla y tiene que volver a crearse, deberás volver a definir
- la etiqueta al nuevo nodo. Para facilitar esta tarea, puedes utilizar el
- parámetro de línea de comandos del Kubelet para aplicar dichas etiquetas
- cada vez que se arranque un nodo.
- {{< /note >}}
-
-1. Despliega un `ConfigMap` con la configuración del agente de escritura de logs ejecutando el siguiente comando:
-
- ```
- kubectl apply -f https://k8s.io/examples/debug/fluentd-gcp-configmap.yaml
- ```
-
- Este comando crea el `ConfigMap` en el espacio de nombres `default`. Puedes descargar el archivo
- manualmente y cambiarlo antes de crear el objeto `ConfigMap`.
-
-1. Despliega el agente `DaemonSet` de escritura de logs ejecutando el siguiente comando:
-
- ```
- kubectl apply -f https://k8s.io/examples/debug/fluentd-gcp-ds.yaml
- ```
-
- Puedes descargar y editar este archivo antes de usarlo igualmente.
-
-## Verificar el despliegue de tu agente de escritura de logs
-
-Tras el despliegue del `DaemonSet` de StackDriver, puedes comprobar el estado de
-cada uno de los despliegues de los agentes ejecutando el siguiente comando:
-
-```shell
-kubectl get ds --all-namespaces
-```
-
-Si tienes 3 nodos en el clúster, la salida debería ser similar a esta:
-
-```
-NAMESPACE NAME DESIRED CURRENT READY NODE-SELECTOR AGE
-...
-default fluentd-gcp-v2.0 3 3 3 beta.kubernetes.io/fluentd-ds-ready=true 5m
-...
-```
-Para comprender cómo funciona Stackdriver, considera la siguiente especificación
-de un generador de logs sintéticos [counter-pod.yaml](/examples/debug/counter-pod.yaml):
-
-{{< codenew file="debug/counter-pod.yaml" >}}
-
-Esta especificación de pod tiene un contenedor que ejecuta una secuencia de comandos bash
-que escribe el valor de un contador y la fecha y hora cada segundo, de forma indefinida.
-Vamos a crear este pod en el espacio de nombres por defecto.
-
-```shell
-kubectl apply -f https://k8s.io/examples/debug/counter-pod.yaml
-```
-
-Puedes observar el pod corriendo:
-
-```shell
-kubectl get pods
-```
-```
-NAME READY STATUS RESTARTS AGE
-counter 1/1 Running 0 5m
-```
-
-Durante un período de tiempo corto puedes observar que el estado del pod es 'Pending', debido a que el kubelet
-tiene primero que descargar la imagen del contenedor. Cuando el estado del pod cambia a `Running`
-puedes usar el comando `kubectl logs` para ver la salida de este pod contador.
-
-```shell
-kubectl logs counter
-```
-```
-0: Mon Jan 1 00:00:00 UTC 2001
-1: Mon Jan 1 00:00:01 UTC 2001
-2: Mon Jan 1 00:00:02 UTC 2001
-...
-```
-
-Como se describe en el resumen de escritura de logs, este comando visualiza las entradas de logs
-del archivo de logs del contenedor. Si se termina el contenedor y Kubernetes lo reinicia,
-todavía puedes acceder a los logs de la ejecución previa del contenedor. Sin embargo,
-si el pod se desaloja del nodo, los archivos de log se pierden. Vamos a demostrar este
-comportamiento mediante el borrado del contenedor que ejecuta nuestro contador:
-
-```shell
-kubectl delete pod counter
-```
-```
-pod "counter" deleted
-```
-
-y su posterior re-creación:
-
-```shell
-kubectl create -f https://k8s.io/examples/debug/counter-pod.yaml
-```
-```
-pod/counter created
-```
-
-Tras un tiempo, puedes acceder a los logs del pod contador otra vez:
-
-```shell
-kubectl logs counter
-```
-```
-0: Mon Jan 1 00:01:00 UTC 2001
-1: Mon Jan 1 00:01:01 UTC 2001
-2: Mon Jan 1 00:01:02 UTC 2001
-...
-```
-
-Como era de esperar, únicamente se visualizan las líneas de log recientes. Sin embargo,
-para una aplicación real seguramente prefieras acceder a los logs de todos los contenedores,
-especialmente cuando te haga falta depurar problemas. Aquí es donde haber habilitado
-Stackdriver Logging puede ayudarte.
-
-## Ver logs
-
-El agente de Stackdriver Logging asocia metadatos a cada entrada de log, para que puedas usarlos posteriormente
-en consultas para seleccionar sólo los mensajes que te interesan: por ejemplo,
-los mensajes de un pod en particular.
-
-Los metadatos más importantes son el tipo de recurso y el nombre del log.
-El tipo de recurso de un log de contenedor tiene el valor `container`, que se muestra como
-`GKE Containers` en la UI (incluso si el clúster de Kubernetes no está en Google Kubernetes Engine).
-El nombre de log es el nombre del contenedor, de forma que si tienes un pod con
-dos contenedores, denominados `container_1` y `container_2` en la especificación, sus logs
-tendrán los nombres `container_1` y `container_2` respectivamente.
-
-Los componentes del sistema tienen el valor `compute` como tipo de recursos, que se muestra como
-`GCE VM Instance` en la UI. Los nombres de log para los componentes del sistema son fijos.
-Para un nodo de Google Kubernetes Engine, cada entrada de log de cada componente de sistema tiene uno de los siguientes nombres:
-
-* docker
-* kubelet
-* kube-proxy
-
-Puedes aprender más acerca de cómo visualizar los logs en la [página dedicada a Stackdriver](https://cloud.google.com/logging/docs/view/logs_viewer).
-
-Uno de los posibles modos de ver los logs es usando el comando de línea de interfaz
-[`gcloud logging`](https://cloud.google.com/logging/docs/api/gcloud-logging)
-del [SDK de Google Cloud](https://cloud.google.com/sdk/).
-Este comando usa la [sintaxis de filtrado](https://cloud.google.com/logging/docs/view/advanced_filters) de StackDriver Logging
-para consultar logs específicos. Por ejemplo, puedes ejecutar el siguiente comando:
-
-```none
-gcloud beta logging read 'logName="projects/$YOUR_PROJECT_ID/logs/count"' --format json | jq '.[].textPayload'
-```
-```
-...
-"2: Mon Jan 1 00:01:02 UTC 2001\n"
-"1: Mon Jan 1 00:01:01 UTC 2001\n"
-"0: Mon Jan 1 00:01:00 UTC 2001\n"
-...
-"2: Mon Jan 1 00:00:02 UTC 2001\n"
-"1: Mon Jan 1 00:00:01 UTC 2001\n"
-"0: Mon Jan 1 00:00:00 UTC 2001\n"
-```
-
-Como puedes observar, muestra los mensajes del contenedor contador tanto de la
-primera como de la segunda ejecución, a pesar de que el kubelet ya había eliminado los logs del primer contenedor.
-
-### Exportar logs
-
-Puedes exportar los logs al [Google Cloud Storage](https://cloud.google.com/storage/)
-o a [BigQuery](https://cloud.google.com/bigquery/) para llevar a cabo un análisis más profundo.
-Stackdriver Logging ofrece el concepto de destinos, donde puedes especificar el destino de
-las entradas de logs. Más información disponible en la [página de exportación de logs](https://cloud.google.com/logging/docs/export/configure_export_v2) de StackDriver.
-
-## Configurar los agentes de Stackdriver Logging
-
-En ocasiones la instalación por defecto de Stackdriver Logging puede que no se ajuste a tus necesidades, por ejemplo:
-
-* Puede que quieras añadir más recursos porque el rendimiento por defecto no encaja con tus necesidades.
-* Puede que quieras añadir un parseo adicional para extraer más metadatos de tus mensajes de log,
-como la severidad o referencias al código fuente.
-* Puede que quieras enviar los logs no sólo a Stackdriver o sólo enviarlos a Stackdriver parcialmente.
-
-En cualquiera de estos casos, necesitas poder cambiar los parámetros del `DaemonSet` y el `ConfigMap`.
-
-### Prerequisitos
-
-Si estás usando GKE y Stackdriver Logging está habilitado en tu clúster, no puedes
-cambiar su configuración, porque ya está gestionada por GKE.
-Sin embargo, puedes deshabilitar la integración por defecto y desplegar la tuya propia.
-
-{{< note >}}
-Tendrás que mantener y dar soporte tú mismo a la nueva configuración desplegada:
-actualizar la imagen y la configuración, ajustar los recuros y todo eso.
-{{< /note >}}
-
-Para deshabilitar la integración por defecto, usa el siguiente comando:
-
-```
-gcloud beta container clusters update --logging-service=none CLUSTER
-```
-
-Puedes encontrar notas acerca de cómo instalar los agentes de Stackdriver Logging
- en un clúster ya ejecutándose en la [sección de despliegue](#deploying).
-
-### Cambiar los parámetros del `DaemonSet`
-
-Cuando tienes un `DaemonSet` de Stackdriver Logging en tu clúster, puedes simplemente
-modificar el campo `template` en su especificación, y el controlador del daemonset actualizará los pods por ti. Por ejemplo,
-asumamos que acabas de instalar el Stackdriver Logging como se describe arriba. Ahora quieres cambiar
-el límite de memoria que se le asigna a fluentd para poder procesar más logs de forma segura.
-
-Obtén la especificación del `DaemonSet` que corre en tu clúster:
-
-```shell
-kubectl get ds fluentd-gcp-v2.0 --namespace kube-system -o yaml > fluentd-gcp-ds.yaml
-```
-
-A continuación, edita los requisitos del recurso en el `spec` y actualiza el objeto `DaemonSet`
-en el apiserver usando el siguiente comando:
-
-```shell
-kubectl replace -f fluentd-gcp-ds.yaml
-```
-
-Tras un tiempo, los pods de agente de Stackdriver Logging se reiniciarán con la nueva configuración.
-
-### Cambiar los parámetros de fluentd
-
-La configuración de Fluentd se almacena en un objeto `ConfigMap`. Realmente se trata de un conjunto
-de archivos de configuración que se combinan conjuntamente. Puedes aprender acerca de
-la configuración de fluentd en el [sitio oficial](http://docs.fluentd.org).
-
-Imagina que quieres añadir una nueva lógica de parseo a la configuración actual, de forma que fluentd pueda entender
-el formato de logs por defecto de Python. Un filtro apropiado de fluentd para conseguirlo sería:
-
-```
-
- type parser
- format /^(?\w):(?\w):(?.*)/
- reserve_data true
- suppress_parse_error_log true
- key_name log
-
-```
-
-Ahora tienes que añadirlo a la configuración actual y que los agentes de Stackdriver Logging la usen.
-Para ello, obtén la versión actual del `ConfigMap` de Stackdriver Logging de tu clúster
-ejecutando el siguiente comando:
-
-```shell
-kubectl get cm fluentd-gcp-config --namespace kube-system -o yaml > fluentd-gcp-configmap.yaml
-```
-
-Luego, como valor de la clave `containers.input.conf`, inserta un nuevo filtro justo después
-de la sección `source`.
-
-{{< note >}}
-El orden es importante.
-{{< /note >}}
-
-Actualizar el `ConfigMap` en el apiserver es más complicado que actualizar el `DaemonSet`.
-Es mejor considerar que un `ConfigMap` es inmutable. Así, para poder actualizar la configuración, deberías
-crear un nuevo `ConfigMap` con otro nombre y cambiar el `DaemonSet` para que apunte al nuevo
-siguiendo la [guía de arriba](#changing-daemonset-parameters).
-
-### Añadir plugins de fluentd
-
-Fluentd está desarrollado en Ruby y permite extender sus capacidades mediante el uso de
-[plugins](http://www.fluentd.org/plugins). Si quieres usar un plugin que no está incluido en
-la imagen por defecto del contenedor de Stackdriver Logging, debes construir tu propia imagen.
-Imagina que quieres añadir un destino Kafka para aquellos mensajes de un contenedor en particular
-para poder procesarlos posteriormente. Puedes reusar los [fuentes de imagen de contenedor](https://git.k8s.io/contrib/fluentd/fluentd-gcp-image)
-con algunos pequeños cambios:
-
-* Cambia el archivo Makefile para que apunte a tu repositorio de contenedores, ej. `PREFIX=gcr.io/`.
-* Añade tu dependencia al archivo Gemfile, por ejemplo `gem 'fluent-plugin-kafka'`.
-
-Luego, ejecuta `make build push` desde ese directorio. Cuando el `DaemonSet` haya tomado los cambios de la nueva imagen,
-podrás usar el plugin que has indicado en la configuración de fluentd.
-
-
diff --git a/content/es/docs/tasks/federation/_index.md b/content/es/docs/tasks/federation/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tasks/federation/administer-federation/_index.md b/content/es/docs/tasks/federation/administer-federation/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tasks/inject-data-application/_index.md b/content/es/docs/tasks/inject-data-application/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tasks/manage-daemon/_index.md b/content/es/docs/tasks/manage-daemon/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tasks/run-application/_index.md b/content/es/docs/tasks/run-application/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tasks/service-catalog/_index.md b/content/es/docs/tasks/service-catalog/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tasks/tls/_index.md b/content/es/docs/tasks/tls/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tutorials/clusters/_index.md b/content/es/docs/tutorials/clusters/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tutorials/configuration/_index.md b/content/es/docs/tutorials/configuration/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tutorials/kubernetes-basics/_index.md b/content/es/docs/tutorials/kubernetes-basics/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html b/content/es/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
index a91e00f679..6743729d49 100644
--- a/content/es/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
+++ b/content/es/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
@@ -5,7 +5,7 @@ weight: 20
-
+
diff --git a/content/es/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html b/content/es/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html
index 28a2f35a0e..2ec6de59e9 100644
--- a/content/es/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html
+++ b/content/es/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html
@@ -5,7 +5,7 @@ weight: 20
-
+
diff --git a/content/es/docs/tutorials/online-training/_index.md b/content/es/docs/tutorials/online-training/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tutorials/services/_index.md b/content/es/docs/tutorials/services/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tutorials/stateful-application/_index.md b/content/es/docs/tutorials/stateful-application/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/docs/tutorials/stateless-application/_index.md b/content/es/docs/tutorials/stateless-application/_index.md
old mode 100755
new mode 100644
diff --git a/content/es/examples/controllers/daemonset.yaml b/content/es/examples/controllers/daemonset.yaml
index f6c598c9bf..e41e0a6b6f 100644
--- a/content/es/examples/controllers/daemonset.yaml
+++ b/content/es/examples/controllers/daemonset.yaml
@@ -16,6 +16,7 @@ spec:
spec:
tolerations:
- key: node-role.kubernetes.io/master
+ operator: Exists
effect: NoSchedule
containers:
- name: fluentd-elasticsearch
diff --git a/content/fr/_index.html b/content/fr/_index.html
index 53c11593db..836e5b7504 100644
--- a/content/fr/_index.html
+++ b/content/fr/_index.html
@@ -43,12 +43,12 @@ Kubernetes est une solution open-source qui vous permet de tirer parti de vos in
diff --git a/content/fr/docs/concepts/architecture/_index.md b/content/fr/docs/concepts/architecture/_index.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/concepts/cluster-administration/_index.md b/content/fr/docs/concepts/cluster-administration/_index.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/concepts/services-networking/_index.md b/content/fr/docs/concepts/services-networking/_index.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/concepts/workloads/_index.md b/content/fr/docs/concepts/workloads/_index.md
index 1d81794f7b..4561edb155 100644
--- a/content/fr/docs/concepts/workloads/_index.md
+++ b/content/fr/docs/concepts/workloads/_index.md
@@ -1,4 +1,51 @@
---
title: Workloads
weight: 50
+description: >
+ Comprendre les Pods, le plus petit objet déployable sur Kubernetes, et les abstractions de haut niveaux vous permettant de les lancer.
+no_list: true
---
+
+
+
+
+Un workload (charge de travail) est une application fonctionnant sur Kubernetes. Que votre workload soit un composant unique ou un agrégat de composants, sur Kubernetes celui-ci fonctionnera dans une série de pods. Dans Kubernetes, un Pod represente un ensemble de conteneur (containers) en fonctionnement sur votre cluster.
+
+Les pods Kubernetes ont un cycle de vie définit (defined lifecycle). Par exemple, quand un pod est en fonction sur votre cluster et qu’une panne critique survient sur le noeud (node) où se situe ce pod, tous les pods du noeud seront en échec. Kubernetes traite ce niveau d’échec comme un état final :
+Vous devez créer un nouveau Pod pour retrouver l’état initial même si le noeud redevient sain.
+
+Cependant, pour vous simplifier la vie, vous n’avez pas a gérer chaque Pod directement. Vous pouvez utiliser une ressource workload qui gère votre groupe de pods à votre place. Ces ressources configurent des controleurs (controllers) qui s’assurent que le bon nombre et le bon type de pod soit en fonction pour égaler l’état que vous avez spécifié.
+
+Kubernetes fournit plusieurs ressources workload pré-faites :
+
+* [`Deployment`](/docs/concepts/workloads/controllers/deployment/) et [`ReplicaSet`](/docs/concepts/workloads/controllers/replicaset/)
+(qui remplacent l’ancienne ressource {{< glossary_tooltip text="ReplicationController" term_id="replication-controller" >}})).
+Le `Deployment` (déploiement) est une bonne approche pour manager une application stateless sur votre cluster, tous les `Pods` d’un `Deployment` sont interchangeables et peuvent être remplacés si besoin.
+* Le [`StatefulSet`](/docs/concepts/workloads/controllers/statefulset/) vous permet de lancer un ou plusieurs Pods en relation qui garde plus ou moins la trace de leurs état.
+Par exemple si votre workload enregistre des données de façon persistente, vous pouvez lancer un `StatefulSet` qui fera le lien entre les `Pods` et un volume persistent ([`PersistentVolume`](/docs/concepts/storage/persistent-volumes/)).
+Votre code, présent dans les `Pods` du `StatefulSet`, peut répliquer des données dans les autres `Pods` qui sont dans le même `StatefulSet`,
+pour améliorer la résilience global.
+* Le [`DaemonSet`](/docs/concepts/workloads/controllers/daemonset/) permet de définir les `Pods` qui effectuent des actions sur le noeud local.
+Ceux-ci peuvent être fondamental aux opérations de votre cluster, comme un outil d’aide réseau, ou peuvent faire part d’un module complémentaire (add-on).
+Pour chaque nouveau noeud ajouté au cluster, le controle plane organise l'ajout d'un `Pod` pour ce `DaemonSet` sur le nouveau noeud.
+* Les [`Job`](/docs/concepts/workloads/controllers/job/) et [`CronJob`](/docs/concepts/workloads/controllers/cron-jobs/) sont des taches lancées jusqu’à accomplissement puis s’arrêtent. Les `Jobs` réprésentent une tâche ponctuelle, les `CronJob` sont des tâches récurrentes planifiés.
+
+Dans l’écosystème étendu de Kubernetes, vous pouvez trouver des ressources workload de fournisseurs tiers qui offrent des fonctionnalités supplémentaires.
+L’utilisation d’un [`CustomResourceDefinition`](/docs/concepts/extend-kubernetes/api-extension/custom-resources/) permet d’ajouter une ressource workload d’un fournisseur tiers si vous souhaitez rajouter une fonctionnalité ou un comportement spécifique qui ne fait pas partie du noyau de Kubernetes.
+Par exemple, si vous voulez lancer un groupe de `Pods` pour votre application mais que vous devez arrêter leurs fonctionnement tant qu’ils ne sont pas tous disponibles, alors vous pouvez implémenter ou installer une extension qui permet cette fonctionnalité.
+
+## {{% heading "whatsnext" %}}
+Vous pouvez continuer la lecture des ressources, vous pouvez aussi apprendre à connaitre les taches qui leurs sont liées :
+* Lancer une [application stateless en utilisant un `Deployment`](/docs/tasks/run-application/run-stateless-application-deployment/).
+* Lancer une application statefull, soit comme [instance unique](/docs/tasks/run-application/run-single-instance-stateful-application/)
+ ou alors comme un [ensemble répliqué](/docs/tasks/run-application/run-replicated-stateful-application/).
+* Lancer une [tâche automatisée avec un `CronJob`](/docs/tasks/job/automated-tasks-with-cron-jobs/).
+
+Pour en apprendre plus sur les méchanismes de Kubernetes, de séparation du code et de la configuration,
+allez voir [Configuration](/docs/concepts/configuration/).
+
+Il y a deux concepts supportés qui fournissent un contexte sur le sujet : comment Kubernetes gère les pods pour les applications :
+* Le [ramasse-miettes](/docs/concepts/workloads/controllers/garbage-collection/), fait le ménage dans votre cluster après qu’une de _vos ressource_ soit supprimé.
+* Le [temps de vie d’un controlleur éteint](/docs/concepts/workloads/controllers/ttlafterfinished/) supprime les Jobs une fois qu’un temps définit soit passé après son accomplissement.
+
+Une fois que votre application est lancée, vous souhaitez peut etre la rendre disponible sur internet comme un [Service](/docs/concepts/services-networking/service/) ou comme une application web uniquement en utilsant un [Ingress](/docs/concepts/services-networking/ingress).
diff --git a/content/fr/docs/concepts/workloads/controllers/statefulset.md b/content/fr/docs/concepts/workloads/controllers/statefulset.md
index 87286aeaa4..f223a8432f 100644
--- a/content/fr/docs/concepts/workloads/controllers/statefulset.md
+++ b/content/fr/docs/concepts/workloads/controllers/statefulset.md
@@ -178,7 +178,7 @@ Lorsque le StatefulSet {{< glossary_tooltip term_id="controller" >}} crée un Po
il ajoute une étiquette, `statefulset.kubernetes.io/pod-name`, renseignée avec le nom du Pod.
Cette étiquette vous permet d'attacher un Service à un Pod spécifique du StatefulSet.
-## Garanties de déploiment et de mise à l'échelle
+## Garanties de déploiement et de mise à l'échelle
* Pour un StatefulSet avec N réplicas, lorsque les Pods sont déployés, ils sont créés de manière séquentielle, dans l'ordre {0..N-1}.
* Lorsque les Pods sont supprimés, ils sont terminés dans l'ordre inverse, {N-1..0}.
diff --git a/content/fr/docs/contribute/generate-ref-docs/kubernetes-api.md b/content/fr/docs/contribute/generate-ref-docs/kubernetes-api.md
index 9e00fb57b0..cdb91bb27a 100644
--- a/content/fr/docs/contribute/generate-ref-docs/kubernetes-api.md
+++ b/content/fr/docs/contribute/generate-ref-docs/kubernetes-api.md
@@ -135,7 +135,6 @@ hack/update-generated-swagger-docs.sh
hack/update-swagger-spec.sh
hack/update-openapi-spec.sh
hack/update-generated-protobuf.sh
-hack/update-api-reference-docs.sh
```
Exécutez `git status` pour voir ce qui a été généré.
@@ -144,8 +143,6 @@ Exécutez `git status` pour voir ce qui a été généré.
On branch master
...
modified: api/openapi-spec/swagger.json
- modified: api/swagger-spec/apps_v1.json
- modified: docs/api-reference/apps/v1/definitions.html
modified: staging/src/k8s.io/api/apps/v1/generated.proto
modified: staging/src/k8s.io/api/apps/v1/types.go
modified: staging/src/k8s.io/api/apps/v1/types_swagger_doc_generated.go
diff --git a/content/fr/docs/reference/glossary/annotation.md b/content/fr/docs/reference/glossary/annotation.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/approver.md b/content/fr/docs/reference/glossary/approver.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/certificate.md b/content/fr/docs/reference/glossary/certificate.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/cla.md b/content/fr/docs/reference/glossary/cla.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/cloud-controller-manager.md b/content/fr/docs/reference/glossary/cloud-controller-manager.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/cloud-provider.md b/content/fr/docs/reference/glossary/cloud-provider.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/cluster-architect.md b/content/fr/docs/reference/glossary/cluster-architect.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/cluster-operator.md b/content/fr/docs/reference/glossary/cluster-operator.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/code-contributor.md b/content/fr/docs/reference/glossary/code-contributor.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/configmap.md b/content/fr/docs/reference/glossary/configmap.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/container-env-variables.md b/content/fr/docs/reference/glossary/container-env-variables.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/contributor.md b/content/fr/docs/reference/glossary/contributor.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/controller.md b/content/fr/docs/reference/glossary/controller.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/cronjob.md b/content/fr/docs/reference/glossary/cronjob.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/customresourcedefinition.md b/content/fr/docs/reference/glossary/customresourcedefinition.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/daemonset.md b/content/fr/docs/reference/glossary/daemonset.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/deployment.md b/content/fr/docs/reference/glossary/deployment.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/developer.md b/content/fr/docs/reference/glossary/developer.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/downstream.md b/content/fr/docs/reference/glossary/downstream.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/dynamic-volume-provisioning.md b/content/fr/docs/reference/glossary/dynamic-volume-provisioning.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/etcd.md b/content/fr/docs/reference/glossary/etcd.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/helm-chart.md b/content/fr/docs/reference/glossary/helm-chart.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/ingress.md b/content/fr/docs/reference/glossary/ingress.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/init-container.md b/content/fr/docs/reference/glossary/init-container.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/istio.md b/content/fr/docs/reference/glossary/istio.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/kube-apiserver.md b/content/fr/docs/reference/glossary/kube-apiserver.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/kube-controller-manager.md b/content/fr/docs/reference/glossary/kube-controller-manager.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/kube-proxy.md b/content/fr/docs/reference/glossary/kube-proxy.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/kube-scheduler.md b/content/fr/docs/reference/glossary/kube-scheduler.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/service.md b/content/fr/docs/reference/glossary/service.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/glossary/statefulset.md b/content/fr/docs/reference/glossary/statefulset.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/kubectl/_index.md b/content/fr/docs/reference/kubectl/_index.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/kubectl/kubectl.md b/content/fr/docs/reference/kubectl/kubectl.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/reference/setup-tools/kubeadm/kubeadm-init.md b/content/fr/docs/reference/setup-tools/kubeadm/kubeadm-init.md
index edf5c7e4c9..0df7c1a65b 100644
--- a/content/fr/docs/reference/setup-tools/kubeadm/kubeadm-init.md
+++ b/content/fr/docs/reference/setup-tools/kubeadm/kubeadm-init.md
@@ -131,7 +131,7 @@ Pour de l'information sur comment passer des options aux composants du control p
### Utiliser des images personnalisées {#custom-images}
-Par défaut, kubeadm télécharge les images depuis `k8s.gcr.io`, à moins que la version demandée de Kubernetes soit une version Intégration Continue (CI). Dans ce cas, `gcr.io/kubernetes-ci-images` est utilisé.
+Par défaut, kubeadm télécharge les images depuis `k8s.gcr.io`, à moins que la version demandée de Kubernetes soit une version Intégration Continue (CI). Dans ce cas, `gcr.io/k8s-staging-ci-images` est utilisé.
Vous pouvez outrepasser ce comportement en utilisant [kubeadm avec un fichier de configuration](#config-file).
Les personnalisations permises sont :
diff --git a/content/fr/docs/setup/custom-cloud/kubespray.md b/content/fr/docs/setup/custom-cloud/kubespray.md
index 2e10c21f46..cde3cbb3f9 100644
--- a/content/fr/docs/setup/custom-cloud/kubespray.md
+++ b/content/fr/docs/setup/custom-cloud/kubespray.md
@@ -8,7 +8,7 @@ content_type: concept
Cette documentation permet d'installer rapidement un cluster Kubernetes hébergé sur GCE, Azure, Openstack, AWS, vSphere, Oracle Cloud Infrastructure (expérimental) ou sur des serveurs physiques (bare metal) grâce à [Kubespray](https://github.com/kubernetes-incubator/kubespray).
-Kubespray se base sur des outils de provisioning, des [paramètres](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/ansible.md) et playbooks [Ansible](http://docs.ansible.com/) ainsi que sur des connaissances spécifiques à Kubernetes et l'installation de systèmes d'exploitation afin de fournir:
+Kubespray se base sur des outils de provisioning, des [paramètres](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/ansible.md) et playbooks [Ansible](https://docs.ansible.com/) ainsi que sur des connaissances spécifiques à Kubernetes et l'installation de systèmes d'exploitation afin de fournir:
* Un cluster en haute disponibilité
* des composants modulables
@@ -49,7 +49,7 @@ Afin de vous aider à préparer votre de votre environnement, Kubespray fournit
### (2/5) Construire un fichier d'inventaire Ansible
-Lorsque vos serveurs sont disponibles, créez un fichier d'inventaire Ansible ([inventory](http://docs.ansible.com/ansible/intro_inventory.html)).
+Lorsque vos serveurs sont disponibles, créez un fichier d'inventaire Ansible ([inventory](https://docs.ansible.com/ansible/latest/network/getting_started/first_inventory.html)).
Vous pouvez le créer manuellement ou en utilisant un script d'inventaire dynamique. Pour plus d'informations se référer à [Building your own inventory](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/getting-started.md#building-your-own-inventory).
### (3/5) Préparation au déploiement de votre cluster
diff --git a/content/fr/docs/setup/pick-right-solution.md b/content/fr/docs/setup/pick-right-solution.md
deleted file mode 100644
index a730ce8eb1..0000000000
--- a/content/fr/docs/setup/pick-right-solution.md
+++ /dev/null
@@ -1,303 +0,0 @@
----
-reviewers:
-- yastij
-title: Choisir la bonne solution
-description: Panorama de solutions Kubernetes
-weight: 10
-content_type: concept
----
-
-
-
-Kubernetes peut fonctionner sur des plateformes variées: sur votre PC portable, sur des VMs d'un fournisseur de cloud, ou un rack
-de serveurs bare-metal. L'effort demandé pour configurer un cluster varie de l'éxécution d'une simple commande à la création
-de votre propre cluster personnalisé. Utilisez ce guide pour choisir la solution qui correspond le mieux à vos besoins.
-
-Si vous voulez simplement jeter un coup d'oeil rapide, utilisez alors de préférence les [solutions locales basées sur Docker](#solutions-locales).
-
-Lorsque vous êtes prêts à augmenter le nombre de machines et souhaitez bénéficier de la haute disponibilité, une
-[solution hébergée](#solutions-hebergées) est la plus simple à déployer et à maintenir.
-
-[Les solutions cloud clés en main](#solutions-clés-en-main) ne demandent que peu de commande pour déployer et couvrent un large panel de
- fournisseurs de cloud. [Les solutions clés en main pour cloud privé](#solutions-on-premises-clés-en-main) possèdent la simplicité des solutions cloud clés en main combinées avec la sécurité de votre propre réseau privé.
-
-Si vous avez déjà un moyen de configurer vos resources, utilisez [kubeadm](/fr/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/) pour facilement
-déployer un cluster grâce à une seule ligne de commande par machine.
-
-[Les solutions personnalisées](#solutions-personnalisées) varient d'instructions pas à pas, à des conseils relativement généraux pour déployer un
-
-cluster Kubernetes en partant du début.
-
-
-
-
-
-## Solutions locales
-
-* [Minikube](/fr/docs/setup/learning-environment/minikube/) est une méthode pour créer un cluster Kubernetes local à noeud unique pour le développement et le test. L'installation est entièrement automatisée et ne nécessite pas de compte de fournisseur de cloud.
-
-* [Docker Desktop](https://www.docker.com/products/docker-desktop) est une
-application facile à installer pour votre environnement Mac ou Windows qui vous permet de
-commencer à coder et déployer votre code dans des conteneurs en quelques minutes sur un nœud unique Kubernetes.
-
-* [Minishift](https://docs.okd.io/latest/minishift/) installe la version communautaire de la plate-forme d'entreprise OpenShift
-de Kubernetes pour le développement local et les tests. Il offre une VM tout-en-un (`minishift start`) pour Windows, macOS et Linux,
- le `oc cluster up` containerisé (Linux uniquement) et [est livré avec quelques Add Ons faciles à installer](https://github.com/minishift/minishift-addons/tree/master/add-ons).
-
-* [MicroK8s](https://microk8s.io/) fournit une commande unique d'installation de la dernière version de Kubernetes sur une machine locale
-pour le développement et les tests. L'installation est rapide (~30 sec) et supporte de nombreux plugins dont Istio avec une seule commande.
-
-* [IBM Cloud Private-CE (Community Edition)](https://github.com/IBM/deploy-ibm-cloud-private) peut utiliser VirtualBox sur votre machine
-pour déployer Kubernetes sur une ou plusieurs machines virtuelles afin de développer et réaliser des scénarios de test. Cette solution
-peut créer un cluster multi-nœuds complet.
-
-* [IBM Cloud Private-CE (Community Edition) sur Linux Containers](https://github.com/HSBawa/icp-ce-on-linux-containers) est un script IaC (Infrastructure as Code) basé sur Terraform/Packer/BASH pour créer un cluster LXD à sept nœuds (1 Boot, 1 Master, 1 Management, 1 Proxy et 3 Workers) sur une machine Linux.
-
-* [Kubeadm-dind](https://github.com/kubernetes-sigs/kubeadm-dind-cluster) est un cluster Kubernetes multi-nœuds (tandis que minikube est
-un nœud unique) qui ne nécessite qu'un docker-engine. Il utilise la technique du docker-in-docker pour déployer le cluster Kubernetes.
-
-* [Ubuntu sur LXD](/docs/getting-start-guides/ubuntu/local/) supporte un déploiement de 9 instances sur votre machine locale.
-
-## Solutions hebergées
-
-* [AppsCode.com](https://appscode.com/products/cloud-deployment/) fournit des clusters Kubernetes managés pour divers clouds publics, dont AWS et Google Cloud Platform.
-
-* [APPUiO](https://appuio.ch) propose une plate-forme de cloud public OpenShift, supportant n'importe quel workload Kubernetes. De plus, APPUiO propose des Clusters OpenShift privés et managés, fonctionnant sur n'importe quel cloud public ou privé.
-
-* [Amazon Elastic Container Service for Kubernetes](https://aws.amazon.com/eks/) offre un service managé de Kubernetes.
-
-* [Azure Kubernetes Service](https://azure.microsoft.com/services/container-service/) offre des clusters Kubernetes managés.
-
-* [Containership Kubernetes Engine (CKE)](https://containership.io/containership-platform) Approvisionnement et gestion intuitive de clusters
- Kubernetes sur GCP, Azure, AWS, Packet, et DigitalOcean. Mises à niveau transparentes, auto-scaling, métriques, création de
-workloads, et plus encore.
-
-* [DigitalOcean Kubernetes](https://www.digitalocean.com/products/kubernetes/) offre un service managé de Kubernetes.
-
-* [Giant Swarm](https://giantswarm.io/product/) offre des clusters Kubernetes managés dans leur propre centre de données, on-premises ou sur des clouds public.
-
-* [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) offre des clusters Kubernetes managés.
-
-* [IBM Cloud Kubernetes Service](https://cloud.ibm.com/docs/containers?topic=containers-getting-started) offre des clusters Kubernetes managés avec choix d'isolation, des outils opérationnels, une vision intégrée de la sécurité des images et des conteneurs et une intégration avec Watson, IoT et les données.
-
-* [Kubermatic](https://www.loodse.com) fournit des clusters Kubernetes managés pour divers clouds publics, y compris AWS et Digital Ocean, ainsi que sur site avec intégration OpenStack.
-
-* [Kublr](https://kublr.com) offre des clusters Kubernetes sécurisés, évolutifs et hautement fiables sur AWS, Azure, GCP et on-premises,
- de qualité professionnelle. Il inclut la sauvegarde et la reprise après sinistre prêtes à l'emploi, la journalisation et la surveillance centralisées multi-clusters, ainsi qu'une fonction d'alerte intégrée.
-
-* [Madcore.Ai](https://madcore.ai) est un outil CLI orienté développement pour déployer l'infrastructure Kubernetes dans AWS. Les masters, un groupe d'autoscaling pour les workers sur des spot instances, les ingress-ssl-lego, Heapster, et Grafana.
-
-* [Nutanix Karbon](https://www.nutanix.com/products/karbon/) est une plateforme de gestion et d'exploitation Kubernetes multi-clusters hautement disponibles qui simplifie l'approvisionnement, les opérations et la gestion du cycle de vie de Kubernetes.
-
-* [OpenShift Dedicated](https://www.openshift.com/dedicated/) offre des clusters Kubernetes gérés et optimisés par OpenShift.
-
-* [OpenShift Online](https://www.openshift.com/features/) fournit un accès hébergé gratuit aux applications Kubernetes.
-
-* [Oracle Container Engine for Kubernetes](https://docs.us-phoenix-1.oraclecloud.com/Content/ContEng/Concepts/contengoverview.htm) est un service entièrement géré, évolutif et hautement disponible que vous pouvez utiliser pour déployer vos applications conteneurisées dans le cloud.
-
-* [Platform9](https://platform9.com/products/kubernetes/) offre des Kubernetes gérés on-premises ou sur n'importe quel cloud public, et fournit une surveillance et des alertes de santé 24h/24 et 7j/7. (Kube2go, une plate-forme de service de déploiement de cluster Kubernetes pour le déploiement de l'interface utilisateur Web9, a été intégrée à Platform9 Sandbox.)
-
-* [Stackpoint.io](https://stackpoint.io) fournit l'automatisation et la gestion de l'infrastructure Kubernetes pour plusieurs clouds publics.
-
-* [SysEleven MetaKube](https://www.syseleven.io/products-services/managed-kubernetes/) offre un Kubernetes-as-a-Service sur un cloud public OpenStack. Il inclut la gestion du cycle de vie, les tableaux de bord d'administration, la surveillance, la mise à l'échelle automatique et bien plus encore.
-
-* [VMware Cloud PKS](https://cloud.vmware.com/vmware-cloud-pks) est une offre d'entreprise Kubernetes-as-a-Service faisant partie du catalogue de services Cloud VMware qui fournit des clusters Kubernetes faciles à utiliser, sécurisés par défaut, rentables et basés sur du SaaS.
-
-## Solutions clés en main
-
-Ces solutions vous permettent de créer des clusters Kubernetes sur une gamme de fournisseurs de Cloud IaaaS avec seulement
-quelques commandes. Ces solutions sont activement développées et bénéficient du soutien actif de la communauté.
-
-* [Agile Stacks](https://www.agilestacks.com/products/kubernetes)
-* [Alibaba Cloud](/docs/setup/turnkey/alibaba-cloud/)
-* [APPUiO](https://appuio.ch)
-* [AWS](/docs/setup/turnkey/aws/)
-* [Azure](/docs/setup/turnkey/azure/)
-* [CenturyLink Cloud](/docs/setup/turnkey/clc/)
-* [Conjure-up Kubernetes with Ubuntu on AWS, Azure, Google Cloud, Oracle Cloud](/docs/getting-started-guides/ubuntu/)
-* [Containership](https://containership.io/containership-platform)
-* [Docker Enterprise](https://www.docker.com/products/docker-enterprise)
-* [Gardener](https://gardener.cloud/)
-* [Giant Swarm](https://giantswarm.io)
-* [Google Compute Engine (GCE)](/docs/setup/turnkey/gce/)
-* [IBM Cloud](https://github.com/patrocinio/kubernetes-softlayer)
-* [Kontena Pharos](https://kontena.io/pharos/)
-* [Kubermatic](https://cloud.kubermatic.io)
-* [Kublr](https://kublr.com/)
-* [Madcore.Ai](https://madcore.ai/)
-* [Nirmata](https://nirmata.com/)
-* [Nutanix Karbon](https://www.nutanix.com/products/karbon/)
-* [Oracle Container Engine for K8s](https://docs.us-phoenix-1.oraclecloud.com/Content/ContEng/Concepts/contengprerequisites.htm)
-* [Pivotal Container Service](https://pivotal.io/platform/pivotal-container-service)
-* [Rancher 2.0](https://rancher.com/docs/rancher/v2.x/en/)
-* [Stackpoint.io](/docs/setup/turnkey/stackpoint/)
-* [Tectonic by CoreOS](https://coreos.com/tectonic)
-* [VMware Cloud PKS](https://cloud.vmware.com/vmware-cloud-pks)
-
-## Solutions On-Premises clés en main
-
-Ces solutions vous permettent de créer des clusters Kubernetes sur votre cloud privé sécurisé avec seulement quelques commandes.
-
-* [Agile Stacks](https://www.agilestacks.com/products/kubernetes)
-* [APPUiO](https://appuio.ch)
-* [Docker Enterprise](https://www.docker.com/products/docker-enterprise)
-* [Giant Swarm](https://giantswarm.io)
-* [GKE On-Prem | Google Cloud](https://cloud.google.com/gke-on-prem/)
-* [IBM Cloud Private](https://www.ibm.com/cloud-computing/products/ibm-cloud-private/)
-* [Kontena Pharos](https://kontena.io/pharos/)
-* [Kubermatic](https://www.loodse.com)
-* [Kublr](https://kublr.com/)
-* [Mirantis Cloud Platform](https://www.mirantis.com/software/kubernetes/)
-* [Nirmata](https://nirmata.com/)
-* [OpenShift Container Platform](https://www.openshift.com/products/container-platform/) (OCP) by [Red Hat](https://www.redhat.com)
-* [Pivotal Container Service](https://pivotal.io/platform/pivotal-container-service)
-* [Rancher 2.0](https://rancher.com/docs/rancher/v2.x/en/)
-* [SUSE CaaS Platform](https://www.suse.com/products/caas-platform)
-* [SUSE Cloud Application Platform](https://www.suse.com/products/cloud-application-platform/)
-
-## Solutions personnalisées
-
-Kubernetes peut fonctionner sur une large gamme de fournisseurs de Cloud et d'environnements bare-metal, ainsi qu'avec de nombreux
-systèmes d'exploitation.
-
-Si vous pouvez trouver un guide ci-dessous qui correspond à vos besoins, utilisez-le. C'est peut-être un peu dépassé, mais...
-ce sera plus facile que de partir de zéro. Si vous voulez repartir de zéro, soit parce que vous avez des exigences particulières,
-ou simplement parce que vous voulez comprendre ce qu'il y a à l'interieur de Kubernetes
-essayez le guide [Getting Started from Scratch](/docs/setup/release/building-from-source/).
-
-### Universel
-
-Si vous avez déjà un moyen de configurer les ressources d'hébergement, utilisez
-[kubeadm](/fr/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/) pour déployer facilement un cluster
-avec une seule commande par machine.
-
-### Cloud
-
-Ces solutions sont des combinaisons de fournisseurs de cloud computing et de systèmes d'exploitation qui ne sont pas couverts par les solutions ci-dessus.
-
-* [Cloud Foundry Container Runtime (CFCR)](https://docs-cfcr.cfapps.io/)
-* [CoreOS on AWS or GCE](/docs/setup/custom-cloud/coreos/)
-* [Gardener](https://gardener.cloud/)
-* [Kublr](https://kublr.com/)
-* [Kubernetes on Ubuntu](/docs/getting-started-guides/ubuntu/)
-* [Kubespray](/docs/setup/custom-cloud/kubespray/)
-* [Rancher Kubernetes Engine (RKE)](https://github.com/rancher/rke)
-
-### VMs On-Premises
-
-* [Cloud Foundry Container Runtime (CFCR)](https://docs-cfcr.cfapps.io/)
-* [CloudStack](/docs/setup/on-premises-vm/cloudstack/) (uses Ansible, CoreOS and flannel)
-* [Fedora (Multi Node)](/docs/getting-started-guides/fedora/flannel_multi_node_cluster/) (uses Fedora and flannel)
-* [Nutanix AHV](https://www.nutanix.com/products/acropolis/virtualization/)
-* [OpenShift Container Platform](https://www.openshift.com/products/container-platform/) (OCP) Kubernetes platform by [Red Hat](https://www.redhat.com)
-* [oVirt](/docs/setup/on-premises-vm/ovirt/)
-* [Vagrant](/docs/setup/custom-cloud/coreos/) (uses CoreOS and flannel)
-* [VMware](/docs/setup/custom-cloud/coreos/) (uses CoreOS and flannel)
-* [VMware vSphere](https://vmware.github.io/vsphere-storage-for-kubernetes/documentation/)
-* [VMware vSphere, OpenStack, or Bare Metal](/docs/getting-started-guides/ubuntu/) (uses Juju, Ubuntu and flannel)
-
-### Bare Metal
-
-* [CoreOS](/docs/setup/custom-cloud/coreos/)
-* [Digital Rebar](/docs/setup/on-premises-metal/krib/)
-* [Docker Enterprise](https://www.docker.com/products/docker-enterprise)
-* [Fedora (Single Node)](/docs/getting-started-guides/fedora/fedora_manual_config/)
-* [Fedora (Multi Node)](/docs/getting-started-guides/fedora/flannel_multi_node_cluster/)
-* [Kubernetes on Ubuntu](/docs/getting-started-guides/ubuntu/)
-* [OpenShift Container Platform](https://www.openshift.com/products/container-platform/) (OCP) Kubernetes platform by [Red Hat](https://www.redhat.com)
-
-### Integrations
-
-Ces solutions fournissent une intégration avec des orchestrateurs, des resources managers ou des plateformes tierces.
-
-* [DCOS](/docs/setup/on-premises-vm/dcos/)
- * Community Edition DCOS utilise AWS
- * Enterprise Edition DCOS supporte l'hébergement cloud, les VMs on-premises, et le bare-metal
-
-## Tableau des Solutions
-
-Ci-dessous vous trouverez un tableau récapitulatif de toutes les solutions listées précédemment.
-
-| Fournisseur de IaaS | Config. Mgmt. | OS | Réseau | Docs | Niveau de support |
-|------------------------------------------------|------------------------------------------------------------------------------|--------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| tous | tous | multi-support | tout les CNI | [docs](/fr/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/) | Project ([SIG-cluster-lifecycle](https://git.k8s.io/community/sig-cluster-lifecycle)) |
-| Google Kubernetes Engine | | | GCE | [docs](https://cloud.google.com/kubernetes-engine/docs/) | Commercial |
-| Docker Enterprise | personnalisé | [multi-support](https://success.docker.com/article/compatibility-matrix) | [multi-support](https://docs.docker.com/ee/ucp/kubernetes/install-cni-plugin/) | [docs](https://docs.docker.com/ee/) | Commercial |
-| IBM Cloud Private | Ansible | multi-support | multi-support | [docs](https://www.ibm.com/support/knowledgecenter/SSBS6K/product_welcome_cloud_private.html) | [Commercial](https://www.ibm.com/mysupport/s/topic/0TO500000001o0fGAA/ibm-cloud-private?language=en_US&productId=01t50000004X1PWAA0) and [Community](https://www.ibm.com/support/knowledgecenter/SSBS6K_3.1.2/troubleshoot/support_types.html) |
-| Red Hat OpenShift | Ansible & CoreOS | RHEL & CoreOS | [multi-support](https://docs.openshift.com/container-platform/3.11/architecture/networking/network_plugins.html) | [docs](https://docs.openshift.com/container-platform/3.11/welcome/index.html) | Commercial |
-| Stackpoint.io | | multi-support | multi-support | [docs](https://stackpoint.io/) | Commercial |
-| AppsCode.com | Saltstack | Debian | multi-support | [docs](https://appscode.com/products/cloud-deployment/) | Commercial |
-| Madcore.Ai | Jenkins DSL | Ubuntu | flannel | [docs](https://madcore.ai) | Community ([@madcore-ai](https://github.com/madcore-ai)) |
-| Platform9 | | multi-support | multi-support | [docs](https://platform9.com/managed-kubernetes/) | Commercial |
-| Kublr | personnalisé | multi-support | multi-support | [docs](http://docs.kublr.com/) | Commercial |
-| Kubermatic | | multi-support | multi-support | [docs](http://docs.kubermatic.io/) | Commercial |
-| IBM Cloud Kubernetes Service | | Ubuntu | IBM Cloud Networking + Calico | [docs](https://cloud.ibm.com/docs/containers?topic=containers-getting-started) | Commercial |
-| Giant Swarm | | CoreOS | flannel and/or Calico | [docs](https://docs.giantswarm.io/) | Commercial |
-| GCE | Saltstack | Debian | GCE | [docs](/docs/setup/turnkey/gce/) | Project |
-| Azure Kubernetes Service | | Ubuntu | Azure | [docs](https://docs.microsoft.com/en-us/azure/aks/) | Commercial |
-| Azure (IaaS) | | Ubuntu | Azure | [docs](/docs/setup/turnkey/azure/) | [Community (Microsoft)](https://github.com/Azure/acs-engine) |
-| Bare-metal | personnalisé | Fedora | _none_ | [docs](/docs/getting-started-guides/fedora/fedora_manual_config/) | Project |
-| Bare-metal | personnalisé | Fedora | flannel | [docs](/docs/getting-started-guides/fedora/flannel_multi_node_cluster/) | Community ([@aveshagarwal](https://github.com/aveshagarwal)) |
-| libvirt | personnalisé | Fedora | flannel | [docs](/docs/getting-started-guides/fedora/flannel_multi_node_cluster/) | Community ([@aveshagarwal](https://github.com/aveshagarwal)) |
-| KVM | personnalisé | Fedora | flannel | [docs](/docs/getting-started-guides/fedora/flannel_multi_node_cluster/) | Community ([@aveshagarwal](https://github.com/aveshagarwal)) |
-| DCOS | Marathon | CoreOS/Alpine | personnalisé | [docs](/docs/getting-started-guides/dcos/) | Community ([Kubernetes-Mesos Authors](https://github.com/mesosphere/kubernetes-mesos/blob/master/AUTHORS.md)) |
-| AWS | CoreOS | CoreOS | flannel | [docs](/docs/setup/turnkey/aws/) | Community |
-| GCE | CoreOS | CoreOS | flannel | [docs](/docs/getting-started-guides/coreos/) | Community ([@pires](https://github.com/pires)) |
-| Vagrant | CoreOS | CoreOS | flannel | [docs](/docs/getting-started-guides/coreos/) | Community ([@pires](https://github.com/pires), [@AntonioMeireles](https://github.com/AntonioMeireles)) |
-| CloudStack | Ansible | CoreOS | flannel | [docs](/docs/getting-started-guides/cloudstack/) | Community ([@sebgoa](https://github.com/sebgoa)) |
-| VMware vSphere | tous | multi-support | multi-support | [docs](https://vmware.github.io/vsphere-storage-for-kubernetes/documentation/) | [Community](https://vmware.github.io/vsphere-storage-for-kubernetes/documentation/contactus.html) |
-| Bare-metal | personnalisé | CentOS | flannel | [docs](/docs/getting-started-guides/centos/centos_manual_config/) | Community ([@coolsvap](https://github.com/coolsvap)) |
-| lxd | Juju | Ubuntu | flannel/canal | [docs](/docs/getting-started-guides/ubuntu/local/) | [Commercial](https://www.ubuntu.com/kubernetes) and [Community](https://jujucharms.com/kubernetes) |
-| AWS | Juju | Ubuntu | flannel/calico/canal | [docs](/docs/getting-started-guides/ubuntu/) | [Commercial](https://www.ubuntu.com/kubernetes) and [Community](https://jujucharms.com/kubernetes) |
-| Azure | Juju | Ubuntu | flannel/calico/canal | [docs](/docs/getting-started-guides/ubuntu/) | [Commercial](https://www.ubuntu.com/kubernetes) and [Community](https://jujucharms.com/kubernetes) |
-| GCE | Juju | Ubuntu | flannel/calico/canal | [docs](/docs/getting-started-guides/ubuntu/) | [Commercial](https://www.ubuntu.com/kubernetes) and [Community](https://jujucharms.com/kubernetes) |
-| Oracle Cloud | Juju | Ubuntu | flannel/calico/canal | [docs](/docs/getting-started-guides/ubuntu/) | [Commercial](https://www.ubuntu.com/kubernetes) and [Community](https://jujucharms.com/kubernetes) |
-| Rackspace | personnalisé | CoreOS | flannel/calico/canal | [docs](https://developer.rackspace.com/docs/rkaas/latest/) | [Commercial](https://www.rackspace.com/managed-kubernetes) |
-| VMware vSphere | Juju | Ubuntu | flannel/calico/canal | [docs](/docs/getting-started-guides/ubuntu/) | [Commercial](https://www.ubuntu.com/kubernetes) and [Community](https://jujucharms.com/kubernetes) |
-| Bare Metal | Juju | Ubuntu | flannel/calico/canal | [docs](/docs/getting-started-guides/ubuntu/) | [Commercial](https://www.ubuntu.com/kubernetes) and [Community](https://jujucharms.com/kubernetes) |
-| AWS | Saltstack | Debian | AWS | [docs](/docs/setup/turnkey/aws/) | Community ([@justinsb](https://github.com/justinsb)) |
-| AWS | kops | Debian | AWS | [docs](https://github.com/kubernetes/kops/) | Community ([@justinsb](https://github.com/justinsb)) |
-| Bare-metal | personnalisé | Ubuntu | flannel | [docs](/docs/getting-started-guides/ubuntu/) | Community ([@resouer](https://github.com/resouer), [@WIZARD-CXY](https://github.com/WIZARD-CXY)) |
-| oVirt | | | | [docs](/docs/setup/on-premises-vm/ovirt/) | Community ([@simon3z](https://github.com/simon3z)) |
-| tous | tous | tous | tous | [docs](/docs/setup/release/building-from-source/) | Community ([@erictune](https://github.com/erictune)) |
-| tous | tous | tous | tous | [docs](http://docs.projectcalico.org/v2.2/getting-started/kubernetes/installation/) | Commercial and Community |
-| tous | RKE | multi-support | flannel or canal | [docs](https://rancher.com/docs/rancher/v2.x/en/quick-start-guide/) | [Commercial](https://rancher.com/what-is-rancher/overview/) and [Community](https://github.com/rancher/rancher) |
-| tous | [Gardener Cluster-Operator](https://kubernetes.io/blog/2018/05/17/gardener/) | multi-support | multi-support | [docs](https://gardener.cloud) | [Project/Community](https://github.com/gardener) and [Commercial]( https://cloudplatform.sap.com/) |
-| Alibaba Cloud Container Service For Kubernetes | ROS | CentOS | flannel/Terway | [docs](https://www.aliyun.com/product/containerservice) | Commercial |
-| Agile Stacks | Terraform | CoreOS | multi-support | [docs](https://www.agilestacks.com/products/kubernetes) | Commercial |
-| IBM Cloud Kubernetes Service | | Ubuntu | calico | [docs](https://cloud.ibm.com/docs/containers?topic=containers-container_index#container_index) | Commercial |
-| Digital Rebar | kubeadm | tous | metal | [docs](/docs/setup/on-premises-metal/krib/) | Community ([@digitalrebar](https://github.com/digitalrebar)) |
-| VMware Cloud PKS | | Photon OS | Canal | [docs](https://docs.vmware.com/en/VMware-Kubernetes-Engine/index.html) | Commercial |
-| Mirantis Cloud Platform | Salt | Ubuntu | multi-support | [docs](https://docs.mirantis.com/mcp/) | Commercial |
-
-{{< note >}}
-Le tableau ci-dessus est ordonné par versions testées et utilisées dans les noeuds, suivis par leur niveau de support.
-{{< /note >}}
-
-### Définition des colonnes
-
-* **IaaS Provider** est le produit ou l'organisation qui fournit les machines virtuelles ou physiques (nœuds) sur lesquelles Kubernetes fonctionne.
-* **OS** est le système d'exploitation de base des nœuds.
-* **Config. Mgmt.** est le système de gestion de configuration qui permet d'installer et de maintenir Kubernetes sur les
- nœuds.
-* **Le réseau** est ce qui implémente le [modèle de réseau](/docs/concepts/cluster-administration/networking/). Ceux qui ont le type de réseautage
- Aucun_ ne peut pas prendre en charge plus d'un nœud unique, ou peut prendre en charge plusieurs nœuds VM dans un nœud physique unique.
-* **Conformité** indique si un cluster créé avec cette configuration a passé la conformité du projet.
- pour le support de l'API et des fonctionnalités de base de Kubernetes v1.0.0.
-* **Niveaux de soutien**
- * **Projet** : Les contributeurs de Kubernetes utilisent régulièrement cette configuration, donc elle fonctionne généralement avec la dernière version.
- de Kubernetes.
- * **Commercial** : Une offre commerciale avec son propre dispositif d'accompagnement.
- * **Communauté** : Soutenu activement par les contributions de la communauté. Peut ne pas fonctionner avec les versions récentes de Kubernetes.
- * **Inactif** : Pas de maintenance active. Déconseillé aux nouveaux utilisateurs de Kubernetes et peut être retiré.
-* **Note** contient d'autres informations pertinentes, telles que la version de Kubernetes utilisée.
-
-
-
-[1]: https://gist.github.com/erictune/4cabc010906afbcc5061
-
-[2]: https://gist.github.com/derekwaynecarr/505e56036cdf010bf6b6
-
-[3]: https://gist.github.com/erictune/2f39b22f72565365e59b
-
-
diff --git a/content/fr/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/fr/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
index 06c6d2f53c..fdfd36b7eb 100644
--- a/content/fr/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
+++ b/content/fr/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
@@ -225,8 +225,9 @@ Installez les plugins CNI (requis pour la plupart des réseaux de pods) :
```bash
CNI_VERSION="v0.8.2"
+ARCH="amd64"
sudo mkdir -p /opt/cni/bin
-curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-amd64-${CNI_VERSION}.tgz" | sudo tar -C /opt/cni/bin -xz
+curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz" | sudo tar -C /opt/cni/bin -xz
```
Définissez le répertoire pour télécharger les fichiers de commande
@@ -245,7 +246,8 @@ Installez crictl (requis pour Kubeadm / Kubelet Container Runtime Interface (CRI
```bash
CRICTL_VERSION="v1.17.0"
-curl -L "https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-amd64.tar.gz" | sudo tar -C $DOWNLOAD_DIR -xz
+ARCH="amd64"
+curl -L "https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-${ARCH}.tar.gz" | sudo tar -C $DOWNLOAD_DIR -xz
```
Installez `kubeadm`,` kubelet`, `kubectl` et ajoutez un service systemd` kubelet`:
@@ -254,8 +256,9 @@ RELEASE_VERSION="v0.6.0"
```bash
RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)"
+ARCH="amd64"
cd $DOWNLOAD_DIR
-sudo curl -L --remote-name-all https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/{kubeadm,kubelet,kubectl}
+sudo curl -L --remote-name-all https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/${ARCH}/{kubeadm,kubelet,kubectl}
sudo chmod +x {kubeadm,kubelet,kubectl}
curl -sSL "https://raw.githubusercontent.com/kubernetes/release/${RELEASE_VERSION}/cmd/kubepkg/templates/latest/deb/kubelet/lib/systemd/system/kubelet.service" | sed "s:/usr/bin:${DOWNLOAD_DIR}:g" | sudo tee /etc/systemd/system/kubelet.service
diff --git a/content/fr/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md b/content/fr/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md
index c8966b56fa..b13b6ff7d9 100644
--- a/content/fr/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md
+++ b/content/fr/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md
@@ -230,8 +230,8 @@ kubeadm contient tout ce qui est nécessaire pour générer les certificats déc
```sh
root@HOST0 $ kubeadm init phase etcd local --config=/tmp/${HOST0}/kubeadmcfg.yaml
- root@HOST1 $ kubeadm init phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml
- root@HOST2 $ kubeadm init phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml
+ root@HOST1 $ kubeadm init phase etcd local --config=/tmp/${HOST1}/kubeadmcfg.yaml
+ root@HOST2 $ kubeadm init phase etcd local --config=/tmp/${HOST2}/kubeadmcfg.yaml
```
1. Facultatif: Vérifiez la santé du cluster
diff --git a/content/fr/docs/setup/release/_index.md b/content/fr/docs/setup/release/_index.md
old mode 100755
new mode 100644
diff --git a/content/fr/docs/tasks/access-application-cluster/list-all-running-container-images.md b/content/fr/docs/tasks/access-application-cluster/list-all-running-container-images.md
index eea6e5cd3d..114bcc784b 100644
--- a/content/fr/docs/tasks/access-application-cluster/list-all-running-container-images.md
+++ b/content/fr/docs/tasks/access-application-cluster/list-all-running-container-images.md
@@ -19,7 +19,7 @@ Dans cet exercice, vous allez utiliser kubectl pour récupérer tous les pods ex
## Répertorier toutes les images de conteneurs dans tous les namespaces
- Récupérez tous les pods dans tous les namespace à l'aide de `kubectl get pods --all-namespaces`
-- Formatez la sortie pour inclure uniquement la liste des noms d'image de conteneur à l'aide de `-o jsonpath={..image}`.
+- Formatez la sortie pour inclure uniquement la liste des noms d'image de conteneur à l'aide de `-o jsonpath={.items[*].spec.containers[*].image}`.
Cela analysera récursivement le champ `image` du json retourné.
- Voir la [reference jsonpath](/docs/reference/kubectl/jsonpath/) pour plus d'informations sur l'utilisation de jsonpath.
- Formatez la sortie à l'aide des outils standard: `tr`, `sort`, `uniq`
@@ -28,7 +28,7 @@ Dans cet exercice, vous allez utiliser kubectl pour récupérer tous les pods ex
- Utilisez `uniq` pour agréger le nombre d'images
```shell
-kubectl get pods --all-namespaces -o jsonpath="{..image}" |\
+kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].image}" |\
tr -s '[[:space:]]' '\n' |\
sort |\
uniq -c
@@ -69,7 +69,7 @@ Pour cibler uniquement les pods correspondant à un label spécifique, utilisez
Les éléments suivants correspondent uniquement aux pods avec les labels `app=nginx`.
```shell
-kubectl get pods --all-namespaces -o=jsonpath="{..image}" -l app=nginx
+kubectl get pods --all-namespaces -o=jsonpath="{.items[*].spec.containers[*].image}" -l app=nginx
```
## Filtrage des images de conteneur de liste par namespace de pod
@@ -78,7 +78,7 @@ Pour cibler uniquement les pods dans un namespace spécifique, utilisez l'indica
Ce qui suit correspond uniquement aux pods du namespace `kube-system`.
```shell
-kubectl get pods --namespace kube-system -o jsonpath="{..image}"
+kubectl get pods --namespace kube-system -o jsonpath="{.items[*].spec.containers[*].image}"
```
## Répertorier les images de conteneurs en utilisant un go-template au lieu de jsonpath
diff --git a/content/fr/docs/tasks/configure-pod-container/configure-service-account.md b/content/fr/docs/tasks/configure-pod-container/configure-service-account.md
index 1147f2234e..4f38f3a397 100644
--- a/content/fr/docs/tasks/configure-pod-container/configure-service-account.md
+++ b/content/fr/docs/tasks/configure-pod-container/configure-service-account.md
@@ -155,8 +155,8 @@ La sortie est comme la suivante :
Name: build-robot-secret
Namespace: default
Labels:
-Annotations: kubernetes.io/service-account.name=build-robot
- kubernetes.io/service-account.uid=da68f9c6-9d26-11e7-b84e-002dc52800da
+Annotations: kubernetes.io/service-account: name=build-robot
+ kubernetes.io/service-account: uid=da68f9c6-9d26-11e7-b84e-002dc52800da
Type: kubernetes.io/service-account-token
diff --git a/content/hi/docs/_index.md b/content/hi/docs/_index.md
new file mode 100644
index 0000000000..2244c2f26b
--- /dev/null
+++ b/content/hi/docs/_index.md
@@ -0,0 +1,6 @@
+---
+linktitle: कुबेरनेट्स प्रलेखन
+title: प्रलेखन
+sitemap:
+ priority: 1.0
+---
diff --git a/content/id/community/static/cncf-code-of-conduct.md b/content/id/community/static/cncf-code-of-conduct.md
index 7ee127a6b3..9ec35edc3d 100644
--- a/content/id/community/static/cncf-code-of-conduct.md
+++ b/content/id/community/static/cncf-code-of-conduct.md
@@ -24,7 +24,7 @@ Contoh perilaku kasar, melecehkan, atau tidak dapat diterima di Kubernetes dapat
Kode Etik ini diadaptasi dari Covenant Contributor
, versi 1.2.0, tersedia di
-
+
### Pedoman Perilaku Acara CNCF
diff --git a/content/id/docs/concepts/_index.md b/content/id/docs/concepts/_index.md
index 33f4ada445..623b3fac3a 100644
--- a/content/id/docs/concepts/_index.md
+++ b/content/id/docs/concepts/_index.md
@@ -61,7 +61,7 @@ Kontroler merupakan objek mendasar dengan fungsi tambahan, contoh dari kontroler
* [Deployment](/id/docs/concepts/workloads/controllers/deployment/)
* [StatefulSet](/id/docs/concepts/workloads/controllers/statefulset/)
* [DaemonSet](/id/docs/concepts/workloads/controllers/daemonset/)
-* [Job](/id/docs/concepts/workloads/controllers/jobs-run-to-completion/)
+* [Job](/id/docs/concepts/workloads/controllers/job/)
## *Control Plane* Kubernetes
diff --git a/content/id/docs/concepts/cluster-administration/addons.md b/content/id/docs/concepts/cluster-administration/addons.md
index ca50347492..e8a52a4910 100644
--- a/content/id/docs/concepts/cluster-administration/addons.md
+++ b/content/id/docs/concepts/cluster-administration/addons.md
@@ -27,7 +27,7 @@ Laman ini akan menjabarkan beberapa *add-ons* yang tersedia serta tautan instruk
* [CNI-Genie](https://github.com/Huawei-PaaS/CNI-Genie) memungkinkan Kubernetes agar dapat terkoneksi dengan beragam *plugin* CNI, seperti Calico, Canal, Flannel, Romana, atau Weave dengan mulus.
* [Contiv](http://contiv.github.io) menyediakan jaringan yang dapat dikonfigurasi (*native* L3 menggunakan BGP, *overlay* menggunakan vxlan, klasik L2, dan Cisco-SDN/ACI) untuk berbagai penggunaan serta *policy framework* yang kaya dan beragam. Proyek Contiv merupakan proyek [open source](http://github.com/contiv). Laman [instalasi](http://github.com/contiv/install) ini akan menjabarkan cara instalasi, baik untuk klaster dengan kubeadm maupun non-kubeadm.
* [Contrail](http://www.juniper.net/us/en/products-services/sdn/contrail/contrail-networking/), yang berbasis dari [Tungsten Fabric](https://tungsten.io), merupakan sebuah proyek *open source* yang menyediakan virtualisasi jaringan *multi-cloud* serta platform manajemen *policy*. Contrail dan Tungsten Fabric terintegrasi dengan sistem orkestrasi lainnya seperti Kubernetes, OpenShift, OpenStack dan Mesos, serta menyediakan mode isolasi untuk mesin virtual (VM), kontainer/pod dan *bare metal*.
-* [Flannel](https://github.com/coreos/flannel/blob/master/Documentation/kubernetes.md) merupakan penyedia jaringan *overlay* yang dapat digunakan pada Kubernetes.
+* [Flannel](https://github.com/flannel-io/flannel#deploying-flannel-manually) merupakan penyedia jaringan *overlay* yang dapat digunakan pada Kubernetes.
* [Knitter](https://github.com/ZTE/Knitter/) merupakan solusi jaringan yang mendukung multipel jaringan pada Kubernetes.
* [Multus](https://github.com/Intel-Corp/multus-cni) merupakan sebuah multi *plugin* agar Kubernetes mendukung multipel jaringan secara bersamaan sehingga dapat menggunakan semua *plugin* CNI (contoh: Calico, Cilium, Contiv, Flannel), ditambah pula dengan SRIOV, DPDK, OVS-DPDK dan VPP pada *workload* Kubernetes.
* [NSX-T](https://docs.vmware.com/en/VMware-NSX-T/2.0/nsxt_20_ncp_kubernetes.pdf) Container Plug-in (NCP) menyediakan integrasi antara VMware NSX-T dan orkestrator kontainer seperti Kubernetes, termasuk juga integrasi antara NSX-T dan platform CaaS/PaaS berbasis kontainer seperti *Pivotal Container Service* (PKS) dan OpenShift.
diff --git a/content/id/docs/concepts/cluster-administration/flow-control.md b/content/id/docs/concepts/cluster-administration/flow-control.md
index b8d8f9acf7..4f6036c0ca 100644
--- a/content/id/docs/concepts/cluster-administration/flow-control.md
+++ b/content/id/docs/concepts/cluster-administration/flow-control.md
@@ -368,7 +368,7 @@ beban kerja yang berperilaku buruk yang dapat membahayakan kesehatan dari sistem
Untuk latar belakang informasi mengenai detail desain dari prioritas dan kesetaraan API, silahkan lihat
-[proposal pembaharuan](https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/20190228-priority-and-fairness.md).
+[proposal pembaharuan](https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/1040-priority-and-fairness).
Kamu juga dapat membuat saran dan permintaan akan fitur melalui [SIG API
Machinery](https://github.com/kubernetes/community/tree/master/sig-api-machinery).
diff --git a/content/id/docs/concepts/configuration/overview.md b/content/id/docs/concepts/configuration/overview.md
index 67fb2061fe..51fb10f5ef 100644
--- a/content/id/docs/concepts/configuration/overview.md
+++ b/content/id/docs/concepts/configuration/overview.md
@@ -34,7 +34,7 @@ Dokumentasi ini terbuka. Jika Anda menemukan sesuatu yang tidak ada dalam daftar
- Jangan gunakan Pods naked (artinya, Pods tidak terikat dengan a [ReplicaSet](/id/docs/concepts/workloads/controllers/replicaset/) a [Deployment](/id/docs/concepts/workloads/controllers/deployment/)) jika kamu bisa menghindarinya. Pod naked tidak akan dijadwal ulang jika terjadi kegagalan pada node.
- Deployment, yang keduanya menciptakan ReplicaSet untuk memastikan bahwa jumlah Pod yang diinginkan selalu tersedia, dan menentukan strategi untuk mengganti Pods (seperti [RollingUpdate](/id/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment)), hampir selalu lebih disukai daripada membuat Pods secara langsung, kecuali untuk beberapa yang eksplisit [`restartPolicy: Never`](/id/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy) banyak skenario . A [Job](/id/docs/concepts/workloads/controllers/jobs-run-to-completion/) mungkin juga sesuai.
+ Deployment, yang keduanya menciptakan ReplicaSet untuk memastikan bahwa jumlah Pod yang diinginkan selalu tersedia, dan menentukan strategi untuk mengganti Pods (seperti [RollingUpdate](/id/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment)), hampir selalu lebih disukai daripada membuat Pods secara langsung, kecuali untuk beberapa yang eksplisit [`restartPolicy: Never`](/id/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy) banyak skenario . A [Job](/id/docs/concepts/workloads/controllers/job/) mungkin juga sesuai.
## Services
diff --git a/content/id/docs/concepts/extend-kubernetes/operator.md b/content/id/docs/concepts/extend-kubernetes/operator.md
index 315ae35e3d..b9a8bf5a06 100644
--- a/content/id/docs/concepts/extend-kubernetes/operator.md
+++ b/content/id/docs/concepts/extend-kubernetes/operator.md
@@ -132,7 +132,7 @@ menggunakan bahasa / _runtime_ yang dapat bertindak sebagai
* Menggunakan perangkat yang ada untuk menulis Operator kamu sendiri, misalnya:
* menggunakan [KUDO](https://kudo.dev/) (Kubernetes Universal Declarative Operator)
* menggunakan [kubebuilder](https://book.kubebuilder.io/)
- * menggunakan [Metacontroller](https://metacontroller.app/) bersama dengan
+ * menggunakan [Metacontroller](https://metacontroller.github.io/metacontroller/intro.html) bersama dengan
`WebHooks` yang kamu implementasikan sendiri
* menggunakan the [Operator _Framework_](https://github.com/operator-framework/getting-started)
* [Terbitkan](https://operatorhub.io/) Operator kamu agar dapat digunakan oleh
diff --git a/content/id/docs/concepts/policy/_index.md b/content/id/docs/concepts/policy/_index.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/concepts/storage/_index.md b/content/id/docs/concepts/storage/_index.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/concepts/storage/storage-classes.md b/content/id/docs/concepts/storage/storage-classes.md
index c5fc71a8de..083620d937 100644
--- a/content/id/docs/concepts/storage/storage-classes.md
+++ b/content/id/docs/concepts/storage/storage-classes.md
@@ -595,11 +595,11 @@ metadata:
provisioner: kubernetes.io/azure-disk
parameters:
storageaccounttype: Standard_LRS
- kind: Shared
+ kind: managed
```
* `storageaccounttype`: Akun penyimpanan Azure yang ada pada tingkatan Sku. Nilai _default_-nya adalah kosong.
-* `kind`: Nilai yang mungkin adalah `shared` (default), `dedicated`, dan `managed`.
+* `kind`: Nilai yang mungkin adalah `shared`, `dedicated`, dan `managed` (default).
Ketika `kind` yang digunakan adalah `shared`, semua disk yang tidak di-_manage_ akan
dibuat pada beberapa akun penyimpanan yang ada pada grup sumber daya yang sama dengan klaster.
Ketika `kind` yang digunakan adalah `dedicated`, sebuah akun penyimpanan
diff --git a/content/id/docs/concepts/workloads/controllers/jobs-run-to-completion.md b/content/id/docs/concepts/workloads/controllers/job.md
similarity index 99%
rename from content/id/docs/concepts/workloads/controllers/jobs-run-to-completion.md
rename to content/id/docs/concepts/workloads/controllers/job.md
index 5f4720646b..4a7cce3f2a 100644
--- a/content/id/docs/concepts/workloads/controllers/jobs-run-to-completion.md
+++ b/content/id/docs/concepts/workloads/controllers/job.md
@@ -1,5 +1,5 @@
---
-title: Job - Dijalankan Hingga Selesai
+title: Jobs
content_type: concept
feature:
title: Eksekusi batch
diff --git a/content/id/docs/concepts/workloads/controllers/ttlafterfinished.md b/content/id/docs/concepts/workloads/controllers/ttlafterfinished.md
index 97aa5a47f3..0f462008ee 100644
--- a/content/id/docs/concepts/workloads/controllers/ttlafterfinished.md
+++ b/content/id/docs/concepts/workloads/controllers/ttlafterfinished.md
@@ -10,7 +10,7 @@ weight: 65
Pengendali TTL menyediakan mekanisme TTL yang membatasi umur dari suatu
objek sumber daya yang telah selesai digunakan. Pengendali TTL untuk saat ini hanya menangani
-[Jobs](/id/docs/concepts/workloads/controllers/jobs-run-to-completion/),
+{{< glossary_tooltip text="Jobs" term_id="job" >}},
dan nantinya bisa saja digunakan untuk sumber daya lain yang telah selesai digunakan
misalnya saja Pod atau sumber daya khusus (_custom resource_) lainnya.
@@ -32,7 +32,7 @@ Pengendali TTL untuk saat ini hanya mendukung Job. Sebuah operator klaster
dapat menggunakan fitur ini untuk membersihkan Job yang telah dieksekusi (baik
`Complete` atau `Failed`) secara otomatis dengan menentukan _field_
`.spec.ttlSecondsAfterFinished` pada Job, seperti yang tertera di
-[contoh](/id/docs/concepts/workloads/controllers/jobs-run-to-completion/#clean-up-finished-jobs-automatically).
+[contoh](/id/docs/concepts/workloads/controllers/job/#clean-up-finished-jobs-automatically).
Pengendali TTL akan berasumsi bahwa sebuah sumber daya dapat dihapus apabila
TTL dari sumber daya tersebut telah habis. Proses dihapusnya sumber daya ini
dilakukan secara berantai, dimana sumber daya lain yang
diff --git a/content/id/docs/contribute/localization_id.md b/content/id/docs/contribute/localization_id.md
index 5a9c491297..beffa5be6c 100644
--- a/content/id/docs/contribute/localization_id.md
+++ b/content/id/docs/contribute/localization_id.md
@@ -107,7 +107,7 @@ dapat menemukan kata-kata tersebut dalam bahasa Indonesia.
### Panduan untuk kata-kata API Objek Kubernetes
Gunakan gaya "CamelCase" untuk menulis objek API Kubernetes, lihat daftar
-lengkapnya [di sini](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/).
+lengkapnya [di sini](/docs/reference/kubernetes-api/).
Sebagai contoh:
* *Benar*: PersistentVolume. *Salah*: volume persisten, `PersistentVolume`,
@@ -130,7 +130,7 @@ ditulis dalam huruf kapital pada halaman asli bahasa Inggris.
### Panduan untuk "Feature Gate" Kubernetes
-Istilah [_functional gate_](https://kubernetes.io/ko/docs/reference/command-line-tools-reference/feature-gates/)
+Istilah [_feature gate_](/docs/reference/command-line-tools-reference/feature-gates/)
Kubernetes tidak perlu diterjemahkan ke dalam bahasa Indonesia dan tetap
dipertahankan dalam bentuk aslinya.
@@ -175,4 +175,4 @@ scale | | skala | |
process | kata kerja | memproses | https://kbbi.web.id/proses |
replica | kata benda | replika | https://kbbi.web.id/replika |
flag | | tanda, parameter, argumen | |
-event | | _event_ | |
\ No newline at end of file
+event | | _event_ | |
diff --git a/content/id/docs/reference/glossary/controller.md b/content/id/docs/reference/glossary/controller.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/reference/glossary/managed-service.md b/content/id/docs/reference/glossary/managed-service.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/reference/glossary/name.md b/content/id/docs/reference/glossary/name.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/reference/glossary/service-broker.md b/content/id/docs/reference/glossary/service-broker.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/reference/glossary/service-catalog.md b/content/id/docs/reference/glossary/service-catalog.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/reference/glossary/service.md b/content/id/docs/reference/glossary/service.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/reference/glossary/uid.md b/content/id/docs/reference/glossary/uid.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/setup/best-practices/_index.md b/content/id/docs/setup/best-practices/_index.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/id/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
index fa0b0ce7f0..7e4a77f3de 100644
--- a/content/id/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
+++ b/content/id/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
@@ -225,16 +225,18 @@ Menginstal _plugin_ CNI (dibutuhkan untuk kebanyakan jaringan Pod):
```bash
CNI_VERSION="v0.8.2"
+ARCH="amd64"
mkdir -p /opt/cni/bin
-curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-amd64-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
+curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
```
Menginstal crictl (dibutuhkan untuk kubeadm / Kubelet Container Runtime Interface (CRI))
```bash
CRICTL_VERSION="v1.17.0"
+ARCH="amd64"
mkdir -p /opt/bin
-curl -L "https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-amd64.tar.gz" | tar -C /opt/bin -xz
+curl -L "https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-${ARCH}.tar.gz" | sudo tar -C $DOWNLOAD_DIR -xz
```
Menginstal `kubeadm`, `kubelet`, `kubectl` dan menambahkan _systemd service_ `kubelet`:
@@ -243,8 +245,9 @@ Menginstal `kubeadm`, `kubelet`, `kubectl` dan menambahkan _systemd service_ `ku
RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)"
mkdir -p /opt/bin
+ARCH="amd64"
cd /opt/bin
-curl -L --remote-name-all https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/{kubeadm,kubelet,kubectl}
+curl -L --remote-name-all https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/${ARCH}/{kubeadm,kubelet,kubectl}
chmod +x {kubeadm,kubelet,kubectl}
RELEASE_VERSION="v0.2.7"
diff --git a/content/id/docs/tasks/access-application-cluster/_index.md b/content/id/docs/tasks/access-application-cluster/_index.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/tasks/access-application-cluster/list-all-running-container-images.md b/content/id/docs/tasks/access-application-cluster/list-all-running-container-images.md
index f2140e5276..86a6b267e2 100644
--- a/content/id/docs/tasks/access-application-cluster/list-all-running-container-images.md
+++ b/content/id/docs/tasks/access-application-cluster/list-all-running-container-images.md
@@ -28,7 +28,7 @@ Container untuk masing-masing Pod.
- Silakan ambil semua Pod dalam Namespace dengan menggunakan perintah `kubectl get pods --all-namespaces`
- Silakan format keluarannya agar hanya menyertakan daftar nama _image_ dari Container
- dengan menggunakan perintah `-o jsonpath={..image}`. Perintah ini akan mem-_parsing field_
+ dengan menggunakan perintah `-o jsonpath={.items[*].spec.containers[*].image}`. Perintah ini akan mem-_parsing field_
`image` dari keluaran json yang dihasilkan.
- Silakan lihat [referensi jsonpath](/docs/user-guide/jsonpath/)
untuk informasi lebih lanjut tentang cara menggunakan `jsonpath`.
@@ -38,7 +38,7 @@ Container untuk masing-masing Pod.
- Gunakan `uniq` untuk mengumpulkan jumlah _image_
```sh
-kubectl get pods --all-namespaces -o jsonpath="{..image}" |\
+kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].image}" |\
tr -s '[[:space:]]' '\n' |\
sort |\
uniq -c
@@ -86,7 +86,7 @@ Untuk menargetkan hanya Pod yang cocok dengan label tertentu saja, gunakan tanda
dibawah ini akan menghasilkan Pod dengan label yang cocok dengan `app=nginx`.
```sh
-kubectl get pods --all-namespaces -o=jsonpath="{..image}" -l app=nginx
+kubectl get pods --all-namespaces -o=jsonpath="{.items[*].spec.containers[*].image}" -l app=nginx
```
## Membuat daftar _image_ Container yang difilter berdasarkan Namespace Pod
@@ -95,7 +95,7 @@ Untuk hanya menargetkan Pod pada Namespace tertentu, gunakankan tanda Namespace.
dibawah ini hanya menyaring Pod pada Namespace `kube-system`.
```sh
-kubectl get pods --namespace kube-system -o jsonpath="{..image}"
+kubectl get pods --namespace kube-system -o jsonpath="{.items[*].spec.containers[*].image}"
```
## Membuat daftar _image_ Container dengan menggunakan go-template sebagai alternatif dari jsonpath
diff --git a/content/id/docs/tasks/administer-cluster/_index.md b/content/id/docs/tasks/administer-cluster/_index.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/tasks/configure-pod-container/_index.md b/content/id/docs/tasks/configure-pod-container/_index.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/tasks/configure-pod-container/configure-service-account.md b/content/id/docs/tasks/configure-pod-container/configure-service-account.md
index 4a4d5999db..e53812d65a 100644
--- a/content/id/docs/tasks/configure-pod-container/configure-service-account.md
+++ b/content/id/docs/tasks/configure-pod-container/configure-service-account.md
@@ -151,8 +151,8 @@ Keluarannya akan serupa dengan:
Name: build-robot-secret
Namespace: default
Labels:
-Annotations: kubernetes.io/service-account.name=build-robot
- kubernetes.io/service-account.uid=da68f9c6-9d26-11e7-b84e-002dc52800da
+Annotations: kubernetes.io/service-account.name: build-robot
+ kubernetes.io/service-account.uid: da68f9c6-9d26-11e7-b84e-002dc52800da
Type: kubernetes.io/service-account-token
diff --git a/content/id/docs/tasks/debug-application-cluster/_index.md b/content/id/docs/tasks/debug-application-cluster/_index.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/tasks/inject-data-application/_index.md b/content/id/docs/tasks/inject-data-application/_index.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/tasks/job/automated-tasks-with-cron-jobs.md b/content/id/docs/tasks/job/automated-tasks-with-cron-jobs.md
index c2c4b9399f..5a850cb739 100644
--- a/content/id/docs/tasks/job/automated-tasks-with-cron-jobs.md
+++ b/content/id/docs/tasks/job/automated-tasks-with-cron-jobs.md
@@ -146,7 +146,7 @@ Semua modifikasi pada sebuah CronJob, terutama `.spec`, akan diterapkan pada pro
`.spec.schedule` adalah _field_ yang wajib diisi dari sebuah `.spec`
Dibutuhkan sebuah format string [Cron](https://en.wikipedia.org/wiki/Cron), misalnya `0 * * * *` atau `@hourly`, sebagai jadwal Job untuk dibuat dan dieksekusi.
-Format ini juga mencakup nilai langkah `Vixie cron`. Seperti penjelasan di [FreeBSD manual](https://www.freebsd.org/cgi/man.cgi?crontab%285%29):
+Format ini juga mencakup nilai langkah "Vixie cron". Seperti penjelasan di [FreeBSD manual](https://www.freebsd.org/cgi/man.cgi?crontab%285%29):
> Nilai langkah dapat digunakan bersama dengan rentang. Sebuah rentang diikuti dengan
> `/` menentukan lompatan angka melalui rentang.
@@ -162,8 +162,8 @@ Sebuah tanda tanya (`?`) dalam penjadwalan memiliki makna yang sama dengan tanda
### Templat Job
`.spec.JobTemplate` adalah templat untuk sebuah Job, dan itu wajib.
-Templat Job memiliki skema yang sama dengan [Job](/id/docs/concepts/workloads/controllers/jobs-run-to-completion/), kecuali jika bersarang dan tidak memiliki sebuah `apiVersion` atau `kind`.
-Untuk informasi lebih lanjut tentang menulis sebuah Job `.spec` lihat [Menulis spesifikasi Job](/id/docs/concepts/workloads/controllers/jobs-run-to-completion/#writing-a-job-spec).
+Templat Job memiliki skema yang sama dengan [Job](/id/docs/concepts/workloads/controllers/job/), kecuali jika bersarang dan tidak memiliki sebuah `apiVersion` atau `kind`.
+Untuk informasi lebih lanjut tentang menulis sebuah Job `.spec` lihat [Menulis spesifikasi Job](/id/docs/concepts/workloads/controllers/job/#writing-a-job-spec).
### _Starting Deadline_
diff --git a/content/id/docs/tasks/tls/_index.md b/content/id/docs/tasks/tls/_index.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/tasks/tools/_index.md b/content/id/docs/tasks/tools/_index.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/tutorials/stateful-application/_index.md b/content/id/docs/tutorials/stateful-application/_index.md
old mode 100755
new mode 100644
diff --git a/content/id/docs/tutorials/stateful-application/basic-stateful-set.md b/content/id/docs/tutorials/stateful-application/basic-stateful-set.md
index 35c27666b4..0e15eceddb 100644
--- a/content/id/docs/tutorials/stateful-application/basic-stateful-set.md
+++ b/content/id/docs/tutorials/stateful-application/basic-stateful-set.md
@@ -845,12 +845,12 @@ kubectl get pods -w -l app=nginx
```
Gunakan perintah [`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands/#delete)
-untuk menghapus StatefulSet. Pastikan kamu menambahkan parameter `--cascade=false` ke
+untuk menghapus StatefulSet. Pastikan kamu menambahkan parameter `--cascade=orphan` ke
perintah tersebut. Parameter ini memberitahukan Kubernetes untuk hanya menghapus StatefulSet
dan agar tidak menghapus Pod yang ada padanya.
```shell
-kubectl delete statefulset web --cascade=false
+kubectl delete statefulset web --cascade=orphan
```
```
statefulset.apps "web" deleted
@@ -965,7 +965,7 @@ kubectl get pods -w -l app=nginx
```
Pada terminal yang lain, hapus StatefulSet lagi. Kali ini, hilangkan parameter
-`--cascade=false`.
+`--cascade=orphan`.
```shell
kubectl delete statefulset web
diff --git a/content/id/examples/controllers/daemonset.yaml b/content/id/examples/controllers/daemonset.yaml
index 1bfa082833..375391826d 100644
--- a/content/id/examples/controllers/daemonset.yaml
+++ b/content/id/examples/controllers/daemonset.yaml
@@ -16,6 +16,7 @@ spec:
spec:
tolerations:
- key: node-role.kubernetes.io/master
+ operator: Exists
effect: NoSchedule
containers:
- name: fluentd-elasticsearch
diff --git a/content/it/docs/concepts/architecture/_index.md b/content/it/docs/concepts/architecture/_index.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/concepts/architecture/nodes.md b/content/it/docs/concepts/architecture/nodes.md
index 0494050420..c3c58be9d4 100644
--- a/content/it/docs/concepts/architecture/nodes.md
+++ b/content/it/docs/concepts/architecture/nodes.md
@@ -156,8 +156,9 @@ Condizione Notata quando un nodo diventa irraggiungibile (ad esempio, il control
ricevere heartbeat per qualche motivo, ad es. a causa del fatto che il nodo si trova in basso), e poi in seguito sfratto
tutti i pod dal nodo (usando una terminazione elegante) se il nodo continua
essere irraggiungibile. (I timeout predefiniti sono 40 secondi per iniziare la segnalazione
-ConditionUnknown e 5m dopo di ciò per iniziare a sfrattare i pod.) Il controller del nodo
-controlla lo stato di ogni nodo ogni `--node-monitor-period` secondi.
+ConditionUnknown e 5m dopo di ciò per iniziare a sfrattare i pod.)
+
+Il controller del nodo controlla lo stato di ogni nodo ogni `--node-monitor-period` secondi.
Nelle versioni di Kubernetes precedenti alla 1.13, NodeStatus è l'heartbeat di
nodo. A partire da Kubernetes 1.13, la funzionalità di lease del nodo viene introdotta come un
@@ -191,8 +192,9 @@ lo stesso tempo. Se la frazione di nodi malsani è almeno
se il cluster è piccolo (cioè ha meno o uguale a
`--large-cluster-size-threshold` nodes - default 50) quindi gli sfratti sono
fermato, altrimenti il tasso di sfratto è ridotto a
-`--secondary-node-eviction-rate` (default 0.01) al secondo. La ragione per cui
-le politiche sono implementate per zona di disponibilità è perché una zona di disponibilità
+`--secondary-node-eviction-rate` (default 0.01) al secondo.
+
+La ragione per cui le politiche sono implementate per zona di disponibilità è perché una zona di disponibilità
potrebbe divenire partizionato dal master mentre gli altri rimangono connessi. Se
il tuo cluster non si estende su più zone di disponibilità del provider cloud, quindi
c'è solo una zona di disponibilità (l'intero cluster).
diff --git a/content/it/docs/concepts/cluster-administration/_index.md b/content/it/docs/concepts/cluster-administration/_index.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/concepts/cluster-administration/addons.md b/content/it/docs/concepts/cluster-administration/addons.md
index 3a91ff7b93..8bd3c154af 100644
--- a/content/it/docs/concepts/cluster-administration/addons.md
+++ b/content/it/docs/concepts/cluster-administration/addons.md
@@ -26,7 +26,7 @@ I componenti aggiuntivi in ogni sezione sono ordinati alfabeticamente - l'ordine
* [Cilium](https://github.com/cilium/cilium) è un plug-in di criteri di rete e di rete L3 in grado di applicare in modo trasparente le politiche HTTP / API / L7. Sono supportate entrambe le modalità di routing e overlay / incapsulamento.
* [CNI-Genie](https://github.com/Huawei-PaaS/CNI-Genie) consente a Kubernetes di connettersi senza problemi a una scelta di plugin CNI, come Calico, Canal, Flannel, Romana o Weave.
* [Contiv](http://contiv.github.io) offre networking configurabile (L3 nativo con BGP, overlay con vxlan, L2 classico e Cisco-SDN / ACI) per vari casi d'uso e un ricco framework di policy. Il progetto Contiv è completamente [open source](http://github.com/contiv). Il [programma di installazione](http://github.com/contiv/install) fornisce sia opzioni di installazione basate su kubeadm che non su Kubeadm.
-* [Flanella](https://github.com/coreos/flannel/blob/master/Documentation/kubernetes.md) è un provider di reti sovrapposte che può essere utilizzato con Kubernetes.
+* [Flannel](https://github.com/flannel-io/flannel#deploying-flannel-manually) è un provider di reti sovrapposte che può essere utilizzato con Kubernetes.
* [Knitter](https://github.com/ZTE/Knitter/) è una soluzione di rete che supporta più reti in Kubernetes.
* [Multus](https://github.com/Intel-Corp/multus-cni) è un multi-plugin per il supporto di più reti in Kubernetes per supportare tutti i plugin CNI (es. Calico, Cilium, Contiv, Flannel), oltre a SRIOV, DPDK, OVS-DPDK e carichi di lavoro basati su VPP in Kubernetes.
* [NSX-T](https://docs.vmware.com/en/VMware-NSX-T/2.0/nsxt_20_ncp_kubernetes.pdf) Container Plug-in (NCP) fornisce l'integrazione tra VMware NSX-T e orchestratori di contenitori come Kubernetes, oltre all'integrazione tra NSX-T e piattaforme CaaS / PaaS basate su container come Pivotal Container Service (PKS) e OpenShift.
diff --git a/content/it/docs/concepts/containers/_index.md b/content/it/docs/concepts/containers/_index.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/concepts/overview/_index.md b/content/it/docs/concepts/overview/_index.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/cloud-controller-manager.md b/content/it/docs/reference/glossary/cloud-controller-manager.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/cluster.md b/content/it/docs/reference/glossary/cluster.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/container-runtime.md b/content/it/docs/reference/glossary/container-runtime.md
index 640b3eaa17..4b6b5d1e53 100644
--- a/content/it/docs/reference/glossary/container-runtime.md
+++ b/content/it/docs/reference/glossary/container-runtime.md
@@ -2,7 +2,7 @@
title: Container Runtime
id: container-runtime
date: 2019-06-05
-full_link: /docs/reference/generated/container-runtime
+full_link: /docs/setup/production-environment/container-runtimes
short_description: >
Il container runtime è il software che è responsabile per l'esecuzione dei container.
diff --git a/content/it/docs/reference/glossary/container.md b/content/it/docs/reference/glossary/container.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/controller.md b/content/it/docs/reference/glossary/controller.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/daemonset.md b/content/it/docs/reference/glossary/daemonset.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/deployment.md b/content/it/docs/reference/glossary/deployment.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/docker.md b/content/it/docs/reference/glossary/docker.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/etcd.md b/content/it/docs/reference/glossary/etcd.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/job.md b/content/it/docs/reference/glossary/job.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/kube-apiserver.md b/content/it/docs/reference/glossary/kube-apiserver.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/kube-controller-manager.md b/content/it/docs/reference/glossary/kube-controller-manager.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/kube-proxy.md b/content/it/docs/reference/glossary/kube-proxy.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/kube-scheduler.md b/content/it/docs/reference/glossary/kube-scheduler.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/kubeadm.md b/content/it/docs/reference/glossary/kubeadm.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/kubelet.md b/content/it/docs/reference/glossary/kubelet.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/label.md b/content/it/docs/reference/glossary/label.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/node.md b/content/it/docs/reference/glossary/node.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/pod.md b/content/it/docs/reference/glossary/pod.md
old mode 100755
new mode 100644
diff --git a/content/it/docs/reference/glossary/statefulset.md b/content/it/docs/reference/glossary/statefulset.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/concepts/cluster-administration/_index.md b/content/ja/docs/concepts/cluster-administration/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/concepts/cluster-administration/addons.md b/content/ja/docs/concepts/cluster-administration/addons.md
index b50beb85f5..c07cfce07c 100644
--- a/content/ja/docs/concepts/cluster-administration/addons.md
+++ b/content/ja/docs/concepts/cluster-administration/addons.md
@@ -23,7 +23,7 @@ content_type: concept
* [CNI-Genie](https://github.com/Huawei-PaaS/CNI-Genie)は、KubernetesをCalico、Canal、Flannel、Romana、Weaveなど選択したCNIプラグインをシームレスに接続できるようにするプラグインです。
* [Contiv](https://contiv.github.io)は、さまざまなユースケースと豊富なポリシーフレームワーク向けに設定可能なネットワーク(BGPを使用したネイティブのL3、vxlanを使用したオーバーレイ、古典的なL2、Cisco-SDN/ACI)を提供します。Contivプロジェクトは完全に[オープンソース](https://github.com/contiv)です。[インストーラ](https://github.com/contiv/install)はkubeadmとkubeadm以外の両方をベースとしたインストールオプションがあります。
* [Contrail](https://www.juniper.net/us/en/products-services/sdn/contrail/contrail-networking/)は、[Tungsten Fabric](https://tungsten.io)をベースにしている、オープンソースでマルチクラウドに対応したネットワーク仮想化およびポリシー管理プラットフォームです。ContrailおよびTungsten Fabricは、Kubernetes、OpenShift、OpenStack、Mesosなどのオーケストレーションシステムと統合されており、仮想マシン、コンテナ/Pod、ベアメタルのワークロードに隔離モードを提供します。
-* [Flannel](https://github.com/coreos/flannel/blob/master/Documentation/kubernetes.md)は、Kubernetesで使用できるオーバーレイネットワークプロバイダーです。
+* [Flannel](https://github.com/flannel-io/flannel#deploying-flannel-manually)は、Kubernetesで使用できるオーバーレイネットワークプロバイダーです。
* [Knitter](https://github.com/ZTE/Knitter/)は、1つのKubernetes Podで複数のネットワークインターフェイスをサポートするためのプラグインです。
* [Multus](https://github.com/Intel-Corp/multus-cni)は、すべてのCNIプラグイン(たとえば、Calico、Cilium、Contiv、Flannel)に加えて、SRIOV、DPDK、OVS-DPDK、VPPをベースとするKubernetes上のワークロードをサポートする、複数のネットワークサポートのためのマルチプラグインです。
* [OVN-Kubernetes](https://github.com/ovn-org/ovn-kubernetes/)は、Open vSwitch(OVS)プロジェクトから生まれた仮想ネットワーク実装である[OVN(Open Virtual Network)](https://github.com/ovn-org/ovn/)をベースとする、Kubernetesのためのネットワークプロバイダです。OVN-Kubernetesは、OVSベースのロードバランサーおよびネットワークポリシーの実装を含む、Kubernetes向けのオーバーレイベースのネットワーク実装を提供します。
diff --git a/content/ja/docs/concepts/configuration/_index.md b/content/ja/docs/concepts/configuration/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/concepts/configuration/secret.md b/content/ja/docs/concepts/configuration/secret.md
index f7586e5205..f2a71e1860 100644
--- a/content/ja/docs/concepts/configuration/secret.md
+++ b/content/ja/docs/concepts/configuration/secret.md
@@ -194,7 +194,7 @@ Basic認証Secret型は、ユーザーの便宜のためにのみ提供されて
### SSH authentication secrets
-組み込みのタイプ`kubernetes.io/ssh-auth`は、SSH認証で使用されるデータを保存するために提供されています。このSecret型を使用する場合、使用するSSH認証として`data`(または`stringData`)フィールドに`ssh-privatekey`キーと値のペアを指定する必要があります。
+組み込みのタイプ`kubernetes.io/ssh-auth`は、SSH認証で使用されるデータを保存するために提供されています。このSecret型を使用する場合、使用するSSH認証として`data`(または`stringData`)フィールドに`ssh-privatekey`キーと値のペアを指定する必要があります。
次のYAMLはSSH authentication Secretの設定例です:
@@ -284,7 +284,7 @@ Bootstrap type Secretには、`data`で指定された次のキーがありま
- `usage-bootstrap-`:Bootstrap tokenの追加の使用法を示すブールフラグ。
- `auth-extra-groups`:`system:bootstrappers`グループに加えて認証されるグループ名のコンマ区切りのリスト。
-上記のYAMLは、値がすべてbase64でエンコードされた文字列であるため、混乱しているように見える場合があります。実際、次のYAMLを使用して同一のSecretを作成できます。
+上記のYAMLは、値がすべてbase64でエンコードされた文字列であるため、分かりづらく見えるかもしれません。実際には、次のYAMLを使用して同一のSecretを作成できます。
```yaml
apiVersion: v1
diff --git a/content/ja/docs/concepts/containers/_index.md b/content/ja/docs/concepts/containers/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/concepts/extend-kubernetes/operator.md b/content/ja/docs/concepts/extend-kubernetes/operator.md
index c3857598f2..116ebbb434 100644
--- a/content/ja/docs/concepts/extend-kubernetes/operator.md
+++ b/content/ja/docs/concepts/extend-kubernetes/operator.md
@@ -87,10 +87,12 @@ kubectl edit SampleDB/example-database # 手動でいくつかの設定を変更
* [Custom Resources](/ja/docs/concepts/extend-kubernetes/api-extension/custom-resources/)をより深く学びます
* ユースケースに合わせた、既製のオペレーターを[OperatorHub.io](https://operatorhub.io/)から見つけます
* 自前のオペレーターを書くために既存のツールを使います、例:
+ * [Charmed Operator Framework](https://juju.is/)
* [KUDO](https://kudo.dev/)(Kubernetes Universal Declarative Operator)を使います
* [kubebuilder](https://book.kubebuilder.io/)を使います
- * [Metacontroller](https://metacontroller.app/)を自分で実装したWebHooksと一緒に使います
+ * [Metacontroller](https://metacontroller.github.io/metacontroller/intro.html)を自分で実装したWebHooksと一緒に使います
* [Operator Framework](https://operatorframework.io)を使います
+ * [shell-operator](https://github.com/flant/shell-operator)
* 自前のオペレーターを他のユーザーのために[公開](https://operatorhub.io/)します
* オペレーターパターンを紹介している[CoreOSオリジナル記事](https://coreos.com/blog/introducing-operators.html)を読みます
* Google Cloudが出したオペレーター作成のベストプラクティス[記事](https://cloud.google.com/blog/products/containers-kubernetes/best-practices-for-building-kubernetes-operators-and-stateful-apps)を読みます
diff --git a/content/ja/docs/concepts/overview/_index.md b/content/ja/docs/concepts/overview/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/concepts/overview/working-with-objects/_index.md b/content/ja/docs/concepts/overview/working-with-objects/_index.md
old mode 100755
new mode 100644
index d4a9f2e6b6..10da27655c
--- a/content/ja/docs/concepts/overview/working-with-objects/_index.md
+++ b/content/ja/docs/concepts/overview/working-with-objects/_index.md
@@ -1,5 +1,8 @@
---
-title: "Kubernetesのオブジェクトについて"
+title: "Kubernetesオブジェクトを利用する"
weight: 40
+description: >
+ Kubernetesオブジェクトは、Kubernetes上で永続的なエンティティです。Kubernetesはこれらのエンティティを使い、クラスターの状態を表現します。
+ Kubernetesオブジェクトモデルと、これらのオブジェクトの利用方法について学びます。
---
diff --git a/content/ja/docs/concepts/overview/working-with-objects/object-management.md b/content/ja/docs/concepts/overview/working-with-objects/object-management.md
index 49092c6dea..591a978360 100644
--- a/content/ja/docs/concepts/overview/working-with-objects/object-management.md
+++ b/content/ja/docs/concepts/overview/working-with-objects/object-management.md
@@ -120,7 +120,7 @@ kubectl replace -f nginx.yaml
## 宣言型オブジェクト設定
宣言型オブジェクト設定を利用する場合、ユーザーはローカルに置かれている設定ファイルを操作します。
-しかし、ユーザーは操作内容をファイルに記載しません。作成、更新、そして削除といった操作はオブジェクトごとに`kubectl`が検出します。
+しかし、ユーザーはファイルに対する操作内容を指定しません。作成、更新、そして削除といった操作はオブジェクトごとに`kubectl`が検出します。
この仕組みが、異なるオブジェクトごとに異なる操作をディレクトリに対して行うことを可能にしています。
{{< note >}}
diff --git a/content/ja/docs/concepts/policy/_index.md b/content/ja/docs/concepts/policy/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/concepts/services-networking/_index.md b/content/ja/docs/concepts/services-networking/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/concepts/services-networking/dual-stack.md b/content/ja/docs/concepts/services-networking/dual-stack.md
index 3c320e446a..3bad029501 100644
--- a/content/ja/docs/concepts/services-networking/dual-stack.md
+++ b/content/ja/docs/concepts/services-networking/dual-stack.md
@@ -40,7 +40,7 @@ IPv4/IPv6デュアルスタックを有効にするには、クラスターの
* kube-apiserver:
* `--feature-gates="IPv6DualStack=true"`
- * `--service-cluster-ip-range=,
+ * `--service-cluster-ip-range=,`
* kube-controller-manager:
* `--feature-gates="IPv6DualStack=true"`
* `--cluster-cidr=,`
diff --git a/content/ja/docs/concepts/services-networking/network-policies.md b/content/ja/docs/concepts/services-networking/network-policies.md
index b11bcead2b..441063aeae 100644
--- a/content/ja/docs/concepts/services-networking/network-policies.md
+++ b/content/ja/docs/concepts/services-networking/network-policies.md
@@ -207,7 +207,7 @@ SCTPプロトコルのネットワークポリシーをサポートする{{< glo
Kubernetes1.20現在、ネットワークポリシーAPIに以下の機能は存在しません。
しかし、オペレーティングシステムのコンポーネント(SELinux、OpenVSwitch、IPTablesなど)、レイヤ7の技術(Ingressコントローラー、サービスメッシュ実装)、もしくはアドミッションコントローラーを使用して回避策を実装できる場合があります。
-Kubernetesのネットワークセキュリティを初めて使用する場合は、ネットワークポリシーAPIを使用して以下ののユーザーストーリーを(まだ)実装できないことに注意してください。これらのユーザーストーリーの一部(全てではありません)は、ネットワークポリシーAPIの将来のリリースで活発に議論されています。
+Kubernetesのネットワークセキュリティを初めて使用する場合は、ネットワークポリシーAPIを使用して以下のユーザーストーリーを(まだ)実装できないことに注意してください。これらのユーザーストーリーの一部(全てではありません)は、ネットワークポリシーAPIの将来のリリースで活発に議論されています。
- クラスター内トラフィックを強制的に共通ゲートウェイを通過させる(これは、サービスメッシュもしくは他のプロキシで提供するのが最適な場合があります)。
- TLS関連のもの(これにはサービスメッシュまたはIngressコントローラを使用します)。
diff --git a/content/ja/docs/concepts/storage/_index.md b/content/ja/docs/concepts/storage/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/concepts/storage/persistent-volumes.md b/content/ja/docs/concepts/storage/persistent-volumes.md
index 1940b72cab..b22ed7d8eb 100644
--- a/content/ja/docs/concepts/storage/persistent-volumes.md
+++ b/content/ja/docs/concepts/storage/persistent-volumes.md
@@ -431,7 +431,7 @@ PVはクラスを持つことができます。これは`storageClassName`属性
### マウントオプション
-Kubernets管理者は永続ボリュームがNodeにマウントされるときの追加マウントオプションを指定できます。
+Kubernetes管理者は永続ボリュームがNodeにマウントされるときの追加マウントオプションを指定できます。
{{< note >}}
すべての永続ボリュームタイプがすべてのマウントオプションをサポートするわけではありません。
diff --git a/content/ja/docs/concepts/workloads/pods/_index.md b/content/ja/docs/concepts/workloads/pods/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/concepts/workloads/pods/pod-overview.md b/content/ja/docs/concepts/workloads/pods/pod-overview.md
index 4d286fdbcf..6e053f9ab1 100644
--- a/content/ja/docs/concepts/workloads/pods/pod-overview.md
+++ b/content/ja/docs/concepts/workloads/pods/pod-overview.md
@@ -61,7 +61,7 @@ Podは、Podによって構成されたコンテナ群のために2種類の共
## Podを利用する
-ユーザーはまれに、Kubenetes内で独立したPodを直接作成する場合があります(シングルトンPodなど)。
+ユーザーはまれに、Kubernetes内で独立したPodを直接作成する場合があります(シングルトンPodなど)。
これはPodが比較的、一時的な使い捨てエンティティとしてデザインされているためです。Podが作成された時(ユーザーによって直接的、またはコントローラーによって間接的に作成された場合)、ユーザーのクラスター内の単一の{{< glossary_tooltip term_id="node" >}}上で稼働するようにスケジューリングされます。そのPodはプロセスが停止されたり、Podオブジェクトが削除されたり、Podがリソースの欠如のために*追い出され* たり、ノードが故障するまでノード上に残り続けます。
{{< note >}}
diff --git a/content/ja/docs/contribute/review/for-approvers.md b/content/ja/docs/contribute/review/for-approvers.md
new file mode 100644
index 0000000000..3a96595ea8
--- /dev/null
+++ b/content/ja/docs/contribute/review/for-approvers.md
@@ -0,0 +1,195 @@
+---
+title: approverとreviewer向けのレビュー
+linktitle: approverとreviewer向け
+slug: for-approvers
+content_type: concept
+weight: 20
+---
+
+
+
+SIG Docsの[Reviewer(レビュアー)](/docs/contribute/participate/#reviewers)と[Approver(承認者)](/docs/contribute/participate/#approvers)は、変更をレビューする時にいくつか追加の作業を行います。
+
+毎週、docsのメンバーの特定のapproverのボランティアは、pull requestのトリアージとレビューを担当します。この担当者は、その週の「PR Wrangler(PRの世話人)」と呼ばれます。詳しい情報は、[PR Wrangler scheduler](https://github.com/kubernetes/website/wiki/PR-Wranglers)を参照してください。PR Wranglerになるには、週次のSIG Docsミーティングに参加し、ボランティアをします。もしその週にスケジュールされていなくても、活発なレビューが行われていないpull request(PR)をレビューすることは問題ありません。
+
+このローテーションに加えて、変更されたファイルのオーナーに基づいて、botがPRにreviewerとapproverを割り当てます。
+
+
+
+## PRをレビューする
+
+Kubernetesのドキュメントは[Kubernetesコードレビュープロセス](https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md#the-code-review-process)に従います。
+
+[pull requestのレビュー](/ja/docs/contribute/review/reviewing-prs/)に書かれているすべてのことが適用されますが、ReviewerとApproverはそれに加えて次のことも行います。
+
+- 必要に応じて、`/assign`Prowコマンドを使用して、特定のreviewerにPRを割り当てる。これは、コードのコントリビューターからの技術的なレビューが必要な場合には特に重要です。
+
+ {{< note >}}
+ 技術的なレビューを行える人物を知るには、Markdownファイル上部にあるfront-matterの`reviewers`フィールドを確認してください。
+ {{< /note >}}
+
+- PRが[コンテンツ](/ja/docs/contribute/style/content-guide/)および[スタイル](/docs/contribute/style/style-guide/)のガイドに従っていることを確認してください。ガイドに従っていない場合は、ガイドの関連する部分にリンクを作者に示してください。
+- PRの作者に変更を提案できるときは、GitHubの**Request Changes**(変更をリクエスト)オプションを利用してください。
+- 提案したことが反映されたら、`/approve`や`/lgtm`コマンドを使用して、GitHubのレビューステータスを変更してください。
+
+## 他の作者のPRにコミットを追加する
+
+PRにコメントを残すのは助けになりますが、まれに他の作者のPRに代わりにコミットを追加する必要がある場合があります。
+
+あなたが明示的に作者から頼まれたり、長い間放置されたPRを蘇らせるような場合でない限り、他の作者のPRを「乗っ取る」ようなことはしないでください。短期的に見ればそのほうが短時間で終わるかもしれませんが、そのようなことをするとその人が貢献するチャンスを奪ってしまうことになります。
+
+あなたが取る方法は、編集する必要のあるファイルがすでにPRのスコープに入っているか、あるいはPRがまだ触れていないファイルであるかによって変わります。
+
+以下のいずれかが当てはまる場合、他の作者のPRにあなたがコミットを追加することはできません。
+
+- PRの作者が自分のブランチを直接[https://github.com/kubernetes/website/](https://github.com/kubernetes/website/)リポジトリにpushした場合。この場合、pushアクセス権限を持つreviewerしか他のユーザーのPRにコミットを追加することはできません。
+
+ {{< note >}}
+ 次回PRを作成するとき、自分のブランチを自分のforkに対してpushするように作者に促してください。
+ {{< /note >}}
+
+- PRの作者が明示的にapproverからの編集を禁止している場合。
+
+## レビュー向けのProwコマンド
+
+[Prow](https://github.com/kubernetes/test-infra/blob/master/prow/README.md)は、pull request(PR)に対してジョブを実行するKubernetesベースのCI/CDシステムです。Prowは、Kubernetes organization全体でchatbotスタイルのコマンドを利用してGitHub actionsを扱えるようにします。たとえば、[ラベルの追加と削除](#adding-and-removing-issue-labels)、issueのclose、approverの割り当てなどが行なえます。Prowコマンドは、GitHubのコメントに`/`という形式で入力します。
+
+reviewerとapproverが最もよく使うprowコマンドには、以下のようなものがあります。
+
+{{< table caption="Prow commands for reviewing" >}}
+Prowコマンド | Roleの制限 | 説明
+:------------|:------------------|:-----------
+`/lgtm` | 誰でも。ただし、オートメーションがトリガされるのはReviewerまたはApproverが使用したときのみ。 | PRのレビューが完了し、変更に納得したことを知らせる。
+`/approve` | Approver | PRをマージすることを承認する。
+`/assign` | ReviewerまたはApprover | PRのレビューまたは承認するひとを割り当てる。
+`/close` | ReviewerまたはApprover | issueまたはPRをcloseする。
+`/hold` | 誰でも | `do-not-merge/hold`ラベルを追加して、自動的にマージできないPRであることを示す。
+`/hold cancel` | 誰でも | `do-not-merge/hold`ラベルを削除する。
+{{< /table >}}
+
+PRで利用できるすべてのコマンド一覧を確認するには、[Prowコマンドリファレンス](https://prow.k8s.io/command-help)を参照してください。
+
+## issueのトリアージとカテゴリー分類
+
+一般に、SIG Docsは[Kubernetes issue triage](https://github.com/kubernetes/community/blob/master/contributors/guide/issue-triage.md)のプロセスに従い、同じラベルを使用しています。
+
+このGitHub issueの[フィルター](https://github.com/kubernetes/website/issues?q=is%3Aissue+is%3Aopen+-label%3Apriority%2Fbacklog+-label%3Apriority%2Fimportant-longterm+-label%3Apriority%2Fimportant-soon+-label%3Atriage%2Fneeds-information+-label%3Atriage%2Fsupport+sort%3Acreated-asc)は、トリアージが必要な可能性があるissueを表示します。
+
+### issueをトリアージする
+
+1. issueを検証する
+ - issueがドキュメントのウェブサイトに関係するものであることを確かめる。質問に答えたりリソースの場所を報告者に教えることですぐに閉じられるissueもあります。詳しくは、[サポートリクエストまたはコードのバグレポート](#support-requests-or-code-bug-reports)のセクションを読んでください。
+ - issueにメリットがあるかどうか評価する。
+ - issueに行動を取るのに十分な詳細情報がない場合や、テンプレートが十分埋められていない場合は、`triage/needs-information`ラベルを追加する。
+ - `lifecycle/stale`と`triage/needs-information`の両方のラベルがあるときは、issueをcloseする。
+
+2. 優先度(priority)ラベルを追加する([issueトリアージガイドライン](https://github.com/kubernetes/community/blob/master/contributors/guide/issue-triage.md#define-priority)は、priorityラベルについて詳しく定義しています。)
+
+ {{< table caption="issueのラベル" >}}
+ ラベル | 説明
+ :------------|:------------------
+ `priority/critical-urgent` | 今すぐに作業する。
+ `priority/important-soon` | 3ヶ月以内に取り組む。
+ `priority/important-longterm` | 6ヶ月以内に取り組む。
+ `priority/backlog` | 無期限に延期可能。リソースに余裕がある時に取り組む。
+ `priority/awaiting-more-evidence` | よいissueの可能性があるissueを見失わないようにするためのプレースホルダー。
+ `help`または`good first issue` | KubernetesまたはSIG Docsでほとんど経験がない人に適したissue。より詳しい情報は、[Help WantedとGood First Issueラベル](https://github.com/kubernetes/community/blob/master/contributors/guide/help-wanted.md)を読んでください。
+ {{< /table >}}
+
+ あなたの裁量で、issueのオーナーシップを取り、issueに対するPRを提出してください(簡単なissueや、自分がすでに行った作業に関連するissueである場合は特に)。
+
+issueのトリアージについて質問があるときは、Slackの`#sig-docs`か[kubernetes-sig-docs mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-docs)で質問してください。
+
+## issueラベルの追加と削除 {#adding-and-removing-issue-labels}
+
+ラベルを追加するには、以下のいずれかの形式でコメントします。
+
+- `/`(たとえば、`/good-first-issue`)
+- `/`(たとえば、`/triage needs-information`や`/language ja`)
+
+ラベルを削除するには、以下のいずれかの形式でコメントします。
+
+- `/remove-`(たとえば、`/remove-help`)
+- `/remove-`(たとえば、`/remove-triage needs-information`)
+
+いずれの場合でも、ラベルは既存のものでなければなりません。存在しないラベルを追加しようとした場合、コマンドは無視されます。
+
+すべてのラベル一覧は、[websiteリポジトリーのラベルセクション](https://github.com/kubernetes/website/labels)で確認できます。SIG Docsですべてのラベルが使われているわけではありません。
+
+### issueのライフサイクルに関するラベル
+
+issueは一般にopen後に短期間でcloseされます。しかし、issueがopenされた後にアクティブでなくなったり、issueが90日以上openのままである場合もあります。
+
+{{< table caption="issueのライブラリに関するラベル" >}}
+ラベル | 説明
+:------------|:------------------
+`lifecycle/stale` | 90日間活動がない場合、issueは自動的にstaleとラベル付けされます。`/remove-lifecycle stale`コマンドを使って手動でlifecycleをリバートしない限り、issueは自動的にcloseされます。
+`lifecycle/frozen` | このラベルが付けられたissueは、90日間活動がなくてもstaleになりません。`priority/important-longterm`ラベルを付けたissueなど、90日以上openにしておく必要があるissueには、このラベルを手動で追加します。
+{{< /table >}}
+
+## 特別な種類のissueに対処する
+
+SIG Docsでは、対処方法をドキュメントに書いても良いくらい頻繁に、以下のような種類のissueに出会います。
+
+### 重服したissue
+
+1つの問題に対して1つ以上のissueがopenしている場合、1つのissueに統合します。あなたはどちらのissueをopenにしておくか(あるいは新しいissueを作成するか)を決断して、すべての関連する情報を移動し、関連するすべてのissueにリンクしなければなりません。最後に、同じ問題について書かれたすべての他のissueに`triage/duplicate`ラベルを付けて、それらをcloseします。作業対象のissueを1つだけにすることで、混乱を減らし、同じ問題に対して作業が重複することを避けられます。
+
+### リンク切れに関するissue
+
+リンク切れのissueがAPIまたは`kubectl`のドキュメントにあるものは、問題が完全に理解されるまでは`/priority critical-urgent`を割り当ててください。その他のすべてのリンク切れに関するissueには、手動で修正が必要であるため、`/priority important-longterm`を付けます。
+
+### Blogに関するissue
+
+[Kubernetes Blog](https://kubernetes.io/blog/)のエントリーは時間が経つと情報が古くなるものだと考えています。そのため、ブログのエントリーは1年以内のものだけをメンテナンスします。1年以上前のブログエントリーに関するissueは修正せずにcloseします。
+
+### サポートリクエストまたはコードのバグレポート {#support-requests-or-code-bug-reports}
+
+一部のドキュメントのissueは、実際には元になっているコードの問題や、何か(たとえば、チュートリアル)がうまく動かないときにサポートをリクエストするものです。ドキュメントに関係のない問題は、`kind/support`ラベルを付け、サポートチャンネル(SlackやStack Overflowなど)へ報告者を導くコメントをして、もし関連があれば機能のバグに対するissueを報告するリポジトリ(`kubernetes/kubernetes`は始めるのに最適な場所です)を教えて、closeします。
+
+サポートリクエストに対する返答の例を示します。(リクエストを行う際は英語で行うことが想定されるため、英文とその日本語訳を記載しています)
+
+```none
+This issue sounds more like a request for support and less
+like an issue specifically for docs. I encourage you to bring
+your question to the `#kubernetes-users` channel in
+[Kubernetes slack](https://slack.k8s.io/). You can also search
+resources like
+[Stack Overflow](https://stackoverflow.com/questions/tagged/kubernetes)
+for answers to similar questions.
+
+You can also open issues for Kubernetes functionality in
+https://github.com/kubernetes/kubernetes.
+
+If this is a documentation issue, please re-open this issue.
+```
+
+```none
+このissueは特定のドキュメントに関するissueではなく、サポートリクエストのようです。
+Kubernetesに関する質問については、[Kubernetes slack](https://slack.k8s.io/)の
+`#kubernetes-users`チャンネルに投稿することをおすすめします。同様の質問に対する回答を
+[Stack Overflow](https://stackoverflow.com/questions/tagged/kubernetes)などの
+リソースで検索することもできます。
+
+Kubernetesの機能に関するissueについては、https://github.com/kubernetes/kubernetes
+でissueを作成できます。
+
+もしこれがドキュメントに関するissueの場合、このissueを再びopenしてください。
+```
+
+コードのバグに対する返答の例を示します。
+
+```none
+This sounds more like an issue with the code than an issue with
+the documentation. Please open an issue at
+https://github.com/kubernetes/kubernetes/issues.
+
+If this is a documentation issue, please re-open this issue.
+```
+
+```none
+こちらのissueは、ドキュメントではなくコードに関係するissueのようです。
+https://github.com/kubernetes/kubernetes/issues でissueを作成してください。
+
+もしこれがドキュメントに関するissueの場合、このissueを再びopenしてください。
+```
diff --git a/content/ja/docs/reference/command-line-tools-reference/feature-gates.md b/content/ja/docs/reference/command-line-tools-reference/feature-gates.md
index 01a2c289e9..caab3b8c11 100644
--- a/content/ja/docs/reference/command-line-tools-reference/feature-gates.md
+++ b/content/ja/docs/reference/command-line-tools-reference/feature-gates.md
@@ -136,7 +136,8 @@ content_type: concept
| `TokenRequest` | `true` | Beta | 1.12 | |
| `TokenRequestProjection` | `false` | Alpha | 1.11 | 1.11 |
| `TokenRequestProjection` | `true` | Beta | 1.12 | |
-| `TTLAfterFinished` | `false` | Alpha | 1.12 | |
+| `TTLAfterFinished` | `false` | Alpha | 1.12 | 1.20 |
+| `TTLAfterFinished` | `true` | Beta | 1.21 | |
| `TopologyManager` | `false` | Alpha | 1.16 | 1.17 |
| `TopologyManager` | `true` | Beta | 1.18 | |
| `ValidateProxyRedirects` | `false` | Alpha | 1.12 | 1.13 |
diff --git a/content/ja/docs/reference/glossary/cloud-controller-manager.md b/content/ja/docs/reference/glossary/cloud-controller-manager.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/cluster-operator.md b/content/ja/docs/reference/glossary/cluster-operator.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/cncf.md b/content/ja/docs/reference/glossary/cncf.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/configmap.md b/content/ja/docs/reference/glossary/configmap.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/contributor.md b/content/ja/docs/reference/glossary/contributor.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/controller.md b/content/ja/docs/reference/glossary/controller.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/daemonset.md b/content/ja/docs/reference/glossary/daemonset.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/deployment.md b/content/ja/docs/reference/glossary/deployment.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/docker.md b/content/ja/docs/reference/glossary/docker.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/etcd.md b/content/ja/docs/reference/glossary/etcd.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/image.md b/content/ja/docs/reference/glossary/image.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/index.md b/content/ja/docs/reference/glossary/index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/ingress.md b/content/ja/docs/reference/glossary/ingress.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/kube-apiserver.md b/content/ja/docs/reference/glossary/kube-apiserver.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/kube-controller-manager.md b/content/ja/docs/reference/glossary/kube-controller-manager.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/kube-proxy.md b/content/ja/docs/reference/glossary/kube-proxy.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/kube-scheduler.md b/content/ja/docs/reference/glossary/kube-scheduler.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/kubelet.md b/content/ja/docs/reference/glossary/kubelet.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/label.md b/content/ja/docs/reference/glossary/label.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/member.md b/content/ja/docs/reference/glossary/member.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/mirror-pod.md b/content/ja/docs/reference/glossary/mirror-pod.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/name.md b/content/ja/docs/reference/glossary/name.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/namespace.md b/content/ja/docs/reference/glossary/namespace.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/node.md b/content/ja/docs/reference/glossary/node.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/platform-developer.md b/content/ja/docs/reference/glossary/platform-developer.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/pod.md b/content/ja/docs/reference/glossary/pod.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/secret.md b/content/ja/docs/reference/glossary/secret.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/selector.md b/content/ja/docs/reference/glossary/selector.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/service-catalog.md b/content/ja/docs/reference/glossary/service-catalog.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/service.md b/content/ja/docs/reference/glossary/service.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/sig.md b/content/ja/docs/reference/glossary/sig.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/statefulset.md b/content/ja/docs/reference/glossary/statefulset.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/glossary/uid.md b/content/ja/docs/reference/glossary/uid.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/kubectl/_index.md b/content/ja/docs/reference/kubectl/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/kubectl/overview.md b/content/ja/docs/reference/kubectl/overview.md
index 2ddd60b62e..c5855ce4af 100644
--- a/content/ja/docs/reference/kubectl/overview.md
+++ b/content/ja/docs/reference/kubectl/overview.md
@@ -457,8 +457,6 @@ error: one plugin warning was found
cat ./kubectl-whoami
```
次の例では、下記の内容を含んだ`kubectl-whoami`が既に作成済であることを前提としています。
-The next few examples assume that you already made `kubectl-whoami` have
-the following contents:
```shell
#!/bin/bash
diff --git a/content/ja/docs/reference/setup-tools/kubeadm/_index.md b/content/ja/docs/reference/setup-tools/kubeadm/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/reference/tools.md b/content/ja/docs/reference/tools.md
index 0fedb1cf9d..c64b1e74f7 100644
--- a/content/ja/docs/reference/tools.md
+++ b/content/ja/docs/reference/tools.md
@@ -11,7 +11,7 @@ Kubernetesには、Kubernetesシステムの操作に役立ついくつかの組
[`kubectl`](/docs/tasks/tools/install-kubectl/)は、Kubernetesのためのコマンドラインツールです。このコマンドはKubernetes cluster managerを操作します。
## Kubeadm
-[`kubeadm`](docs/setup/production-environment/tools/kubeadm/install-kubeadm/)は、物理サーバやクラウドサーバ、仮想マシン上にKubenetesクラスタを容易にプロビジョニングするためのコマンドラインツールです(現在はアルファ版です)。
+[`kubeadm`](docs/setup/production-environment/tools/kubeadm/install-kubeadm/)は、物理サーバやクラウドサーバ、仮想マシン上にKubernetesクラスタを容易にプロビジョニングするためのコマンドラインツールです(現在はアルファ版です)。
## Minikube
[`minikube`](https://minikube.sigs.k8s.io/docs/)は、開発やテストのためにワークステーション上でシングルノードのKubernetesクラスタをローカルで実行するツールです。
diff --git a/content/ja/docs/setup/best-practices/cluster-large.md b/content/ja/docs/setup/best-practices/cluster-large.md
index bc59b1b8ee..5a1f45b662 100644
--- a/content/ja/docs/setup/best-practices/cluster-large.md
+++ b/content/ja/docs/setup/best-practices/cluster-large.md
@@ -7,10 +7,10 @@ weight: 20
At {{< param "version" >}}, Kubernetes supports clusters with up to 5000 nodes. More specifically, we support configurations that meet *all* of the following criteria:
+* No more than 110 pods per node
* No more than 5000 nodes
* No more than 150000 total pods
* No more than 300000 total containers
-* No more than 100 pods per node
## 構築
diff --git a/content/ja/docs/setup/learning-environment/minikube.md b/content/ja/docs/setup/learning-environment/minikube.md
index c197a03081..171d2b1b1e 100644
--- a/content/ja/docs/setup/learning-environment/minikube.md
+++ b/content/ja/docs/setup/learning-environment/minikube.md
@@ -342,7 +342,7 @@ Could not read CA certificate "/etc/docker/ca.pem": open /etc/docker/ca.pem: no
### Kubernetesの設定
-Minikubeにはユーザーが任意の値でKubenetesコンポーネントを設定することを可能にする "configurator" 機能があります。
+Minikubeにはユーザーが任意の値でKubernetesコンポーネントを設定することを可能にする "configurator" 機能があります。
この機能を使うには、`minikube start` コマンドに `--extra-config` フラグを使うことができます。
このフラグは繰り返されるので、複数のオプションを設定するためにいくつかの異なる値を使って何度も渡すことができます。
diff --git a/content/ja/docs/setup/production-environment/tools/kops.md b/content/ja/docs/setup/production-environment/tools/kops.md
index dfd2eec406..0b40a6540b 100644
--- a/content/ja/docs/setup/production-environment/tools/kops.md
+++ b/content/ja/docs/setup/production-environment/tools/kops.md
@@ -56,10 +56,10 @@ To download a specific version, replace the following portion of the command wit
$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)
```
-For example, to download kops version v1.15.0 type:
+For example, to download kops version v1.20.0 type:
```shell
-curl -LO https://github.com/kubernetes/kops/releases/download/1.15.0/kops-darwin-amd64
+curl -LO https://github.com/kubernetes/kops/releases/download/v1.20.0/kops-darwin-amd64
```
Make the kops binary executable.
@@ -94,10 +94,10 @@ To download a specific version of kops, replace the following portion of the com
$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)
```
-For example, to download kops version v1.15.0 type:
+For example, to download kops version v1.20.0 type:
```shell
-curl -LO https://github.com/kubernetes/kops/releases/download/1.15.0/kops-linux-amd64
+curl -LO https://github.com/kubernetes/kops/releases/download/v1.20.0/kops-linux-amd64
```
Make the kops binary executable
diff --git a/content/ja/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md b/content/ja/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md
index 356101574d..319be36bbd 100644
--- a/content/ja/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md
+++ b/content/ja/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm.md
@@ -242,8 +242,8 @@ this example.
```sh
root@HOST0 $ kubeadm init phase etcd local --config=/tmp/${HOST0}/kubeadmcfg.yaml
- root@HOST1 $ kubeadm init phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml
- root@HOST2 $ kubeadm init phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml
+ root@HOST1 $ kubeadm init phase etcd local --config=/tmp/${HOST1}/kubeadmcfg.yaml
+ root@HOST2 $ kubeadm init phase etcd local --config=/tmp/${HOST2}/kubeadmcfg.yaml
```
1. Optional: Check the cluster health
diff --git a/content/ja/docs/setup/production-environment/tools/kubespray.md b/content/ja/docs/setup/production-environment/tools/kubespray.md
index e8c49078fd..b254e63c60 100644
--- a/content/ja/docs/setup/production-environment/tools/kubespray.md
+++ b/content/ja/docs/setup/production-environment/tools/kubespray.md
@@ -51,7 +51,7 @@ Kubespray provides the following utilities to help provision your environment:
### (2/5) インベントリファイルの用意
-After you provision your servers, create an [inventory file for Ansible](https://docs.ansible.com/ansible/intro_inventory.html). You can do this manually or via a dynamic inventory script. For more information, see "[Building your own inventory](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/getting-started.md#building-your-own-inventory)".
+After you provision your servers, create an [inventory file for Ansible](https://docs.ansible.com/ansible/latest/network/getting_started/first_inventory.html). You can do this manually or via a dynamic inventory script. For more information, see "[Building your own inventory](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/getting-started.md#building-your-own-inventory)".
### (3/5) クラスタ作成の計画
diff --git a/content/ja/docs/setup/production-environment/windows/user-guide-windows-containers.md b/content/ja/docs/setup/production-environment/windows/user-guide-windows-containers.md
index 6f1ed4558e..2868afb182 100644
--- a/content/ja/docs/setup/production-environment/windows/user-guide-windows-containers.md
+++ b/content/ja/docs/setup/production-environment/windows/user-guide-windows-containers.md
@@ -134,7 +134,7 @@ Kubernetes v1.14以降、Windowsコンテナワークロードは、Group Manage
Podの仕様で`"kubernetes.io/os": windows`のようなnodeSelectorが指定されていない場合、PodをWindowsまたはLinuxの任意のホストでスケジュールすることができます。WindowsコンテナはWindowsでのみ実行でき、LinuxコンテナはLinuxでのみ実行できるため、これは問題になる可能性があります。ベストプラクティスは、nodeSelectorを使用することです。
-ただし、多くの場合、ユーザーには既存の多数のLinuxコンテナのdepolyment、およびコミュニティHelmチャートのような既成構成のエコシステムやOperatorのようなプログラム的にPodを生成するケースがあることを理解しています。このような状況では、nodeSelectorsを追加するための構成変更をためらう可能性があります。代替策は、Taintsを使用することです。kubeletは登録中にTaintsを設定できるため、Windowsだけで実行する時に自動的にTaintを追加するように簡単に変更できます。
+ただし、多くの場合、ユーザーには既存の多数のLinuxコンテナのdeployment、およびコミュニティHelmチャートのような既成構成のエコシステムやOperatorのようなプログラム的にPodを生成するケースがあることを理解しています。このような状況では、nodeSelectorsを追加するための構成変更をためらう可能性があります。代替策は、Taintsを使用することです。kubeletは登録中にTaintsを設定できるため、Windowsだけで実行する時に自動的にTaintを追加するように簡単に変更できます。
例:`--register-with-taints='os=windows:NoSchedule'`
diff --git a/content/ja/docs/setup/release/_index.md b/content/ja/docs/setup/release/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/tasks/access-application-cluster/_index.md b/content/ja/docs/tasks/access-application-cluster/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/tasks/administer-cluster/_index.md b/content/ja/docs/tasks/administer-cluster/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/tasks/administer-cluster/topology-manager.md b/content/ja/docs/tasks/administer-cluster/topology-manager.md
new file mode 100644
index 0000000000..6478323e1a
--- /dev/null
+++ b/content/ja/docs/tasks/administer-cluster/topology-manager.md
@@ -0,0 +1,248 @@
+---
+title: ノードのトポロジー管理ポリシーを制御する
+content_type: task
+min-kubernetes-server-version: v1.18
+---
+
+
+
+{{< feature-state state="beta" for_k8s_version="v1.18" >}}
+
+近年、CPUやハードウェア・アクセラレーターの組み合わせによって、レイテンシーが致命的となる実行や高いスループットを求められる並列計算をサポートするシステムが増えています。このようなシステムには、通信、科学技術計算、機械学習、金融サービス、データ分析などの分野のワークロードが含まれます。このようなハイブリッドシステムは、高い性能の環境で構成されます。
+
+最高のパフォーマンスを引き出すために、CPUの分離やメモリーおよびデバイスの位置に関する最適化が求められます。しかしながら、Kubernetesでは、これらの最適化は分断されたコンポーネントによって処理されます。
+
+_トポロジーマネージャー_ はKubeletコンポーネントの1つで最適化の役割を担い、コンポーネント群を調和して機能させます。
+
+
+## {{% heading "prerequisites" %}}
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+
+
+## トポロジーマネージャーはどのように機能するか
+
+トポロジーマネージャー導入前は、KubernetesにおいてCPUマネージャーやデバイスマネージャーはそれぞれ独立してリソースの割り当てを決定します。
+これは、マルチソケットのシステムでは望ましくない割り当てとなり、パフォーマンスやレイテンシーが求められるアプリケーションは、この望ましくない割り当てに悩まされます。
+この場合の望ましくない例として、CPUやデバイスが異なるNUMAノードに割り当てられ、それによりレイテンシー悪化を招くことが挙げられます。
+
+トポロジーマネージャーはKubeletコンポーネントであり、信頼できる情報源として振舞います。それによって、他のKubeletコンポーネントはトポロジーに沿ったリソース割り当ての選択を行うことができます。
+
+トポロジーマネージャーは *Hint Providers* と呼ばれるコンポーネントのインターフェースを提供し、トポロジー情報を送受信します。トポロジーマネージャーは、ノード単位のポリシー群を保持します。ポリシーについて以下で説明します。
+
+トポロジーマネージャーは *Hint Providers* からトポロジー情報を受け取ります。トポロジー情報は、利用可能なNUMAノードと優先割り当て表示を示すビットマスクです。トポロジーマネージャーのポリシーは、提供されたヒントに対して一連の操作を行い、ポリシーに沿ってヒントをまとめて最適な結果を得ます。もし、望ましくないヒントが保存された場合、ヒントの優先フィールドがfalseに設定されます。現在のポリシーでは、最も狭い優先マスクが優先されます。
+
+選択されたヒントはトポロジーマネージャーの一部として保存されます。設定されたポリシーにしたがい、選択されたヒントに基づいてノードがPodを許可したり、拒否することができます。
+トポロジーマネージャーに保存されたヒントは、*Hint Providers* が使用しリソース割り当てを決定します。
+
+### トポロジーマネージャーの機能を有効にする
+
+トポロジーマネージャーをサポートするには、`TopologyManager` [フィーチャーゲート](/ja/docs/reference/command-line-tools-reference/feature-gates/)を有効にする必要があります。Kubernetes 1.18ではデフォルトで有効です。
+
+## トポロジーマネージャーのスコープとポリシー
+
+トポロジーマネージャは現在:
+
+ - 全てのQoAクラスのPodを調整する
+ - Hint Providerによって提供されたトポロジーヒントから、要求されたリソースを調整する
+
+これらの条件が合致した場合、トポロジーマネージャーは要求されたリソースを調整します。
+
+この調整をどのように実行するかカスタマイズするために、トポロジーマネージャーは2つのノブを提供します: `スコープ` と`ポリシー`です。
+
+`スコープ`はリソースの配置を行う粒度を定義します(例:`pod`や`container`)。そして、`ポリシー`は調整を実行するための実戦略を定義します(`best-effort`, `restricted`, `single-numa-node`等)。
+
+現在利用可能な`スコープ`と`ポリシー`の値について詳細は以下の通りです。
+
+{{< note >}}
+PodのSpecにある他の要求リソースとCPUリソースを調整するために、CPUマネージャーを有効にし、適切なCPUマネージャーのポリシーがノードに設定されるべきです。[CPU管理ポリシー](/docs/tasks/administer-cluster/cpu-management-policies/)を参照してください。
+{{< /note >}}
+
+{{< note >}}
+PodのSpecにある他の要求リソースとメモリー(およびhugepage)リソースを調整するために、メモリーマネージャーを有効にし、適切なメモリーマネージャーポリシーがノードに設定されるべきです。[メモリーマネージャー](/docs/tasks/administer-cluster/memory-manager/) のドキュメントを確認してください。
+{{< /note >}}
+
+### トポロジーマネージャーのスコープ
+
+トポロジーマネージャーは、以下の複数の異なるスコープでリソースの調整を行う事が可能です:
+
+* `container` (デフォルト)
+* `pod`
+
+いずれのオプションも、`--topology-manager-scope`フラグによって、kubelet起動時に選択できます。
+
+### containerスコープ
+
+`container`スコープはデフォルトで使用されます。
+
+このスコープでは、トポロジーマネージャーは連続した複数のリソース調整を実行します。つまり、Pod内の各コンテナは、分離された配置計算がされます。言い換えると、このスコープでは、コンテナを特定のNUMAノードのセットにグループ化するという概念はありません。実際には、トポロジーマネージャーは各コンテナのNUMAノードへの配置を任意に実行します。
+
+コンテナをグループ化するという概念は、以下のスコープで設定・実行されます。例えば、`pod`スコープが挙げられます。
+
+### podスコープ
+
+`pod`スコープを選択するには、コマンドラインで`--topology-manager-scope=pod`オプションを指定してkubeletを起動します。
+
+このスコープでは、Pod内全てのコンテナを共通のNUMAノードのセットにグループ化することができます。トポロジーマネージャーはPodをまとめて1つとして扱い、ポッド全体(全てのコンテナ)を単一のNUMAノードまたはNUMAノードの共通セットのいずれかに割り当てようとします。以下の例は、さまざまな場面でトポロジーマネージャーが実行する調整を示します:
+
+* 全てのコンテナは、単一のNUMAノードに割り当てられます。
+* 全てのコンテナは、共有されたNUMAノードのセットに割り当てられます。
+
+Pod全体に要求される特定のリソースの総量は[有効なリクエスト/リミット](/ja/docs/concepts/workloads/pods/init-containers/#resources)の式に従って計算されるため、この総量の値は以下の最大値となります。
+* 全てのアプリケーションコンテナのリクエストの合計。
+* リソースに対するinitコンテナのリクエストの最大値。
+
+`pod`スコープと`single-numa-node`トポロジーマネージャーポリシーを併用することは、レイテンシーが重要なワークロードやIPCを行う高スループットのアプリケーションに対して特に有効です。両方のオプションを組み合わせることで、Pod内の全てのコンテナを単一のNUMAノードに配置できます。そのため、PodのNUMA間通信によるオーバーヘッドを排除することができます。
+
+`single-numa-node`ポリシーの場合、可能な割り当ての中に適切なNUMAノードのセットが存在する場合にのみ、Podが許可されます。上の例をもう一度考えてみましょう:
+
+* 1つのNUMAノードのみを含むセット - Podが許可されます。
+* 2つ以上のNUMAノードを含むセット - Podが拒否されます(1つのNUMAノードの代わりに、割り当てを満たすために2つ以上のNUMAノードが必要となるため)。
+
+
+要約すると、トポロジーマネージャーはまずNUMAノードのセットを計算し、それをトポロジーマネージャーのポリシーと照合し、Podの拒否または許可を検証します。
+
+### トポロジーマネージャーのポリシー
+
+トポロジーマネージャーは4つの調整ポリシーをサポートします。`--topology-manager-policy`というKubeletフラグを通してポリシーを設定できます。
+4つのサポートされるポリシーがあります:
+
+* `none` (デフォルト)
+* `best-effort`
+* `restricted`
+* `single-numa-node`
+
+{{< note >}}
+トポロジーマネージャーが **pod** スコープで設定された場合、コンテナはポリシーによって、Pod全体の要求として反映します。
+したがって、Podの各コンテナは **同じ** トポロジー調整と同じ結果となります。
+{{< /note >}}
+
+### none ポリシー {#policy-none}
+
+これはデフォルトのポリシーで、トポロジーの調整を実行しません。
+
+### best-effort ポリシー {#policy-best-effort}
+
+Pod内の各コンテナに対して、`best-effort` トポロジー管理ポリシーが設定されたkubeletは、各Hint Providerを呼び出してそれらのリソースの可用性を検出します。
+トポロジーマネージャーはこの情報を使用し、そのコンテナの推奨されるNUMAノードのアフィニティーを保存します。アフィニティーが優先されない場合、トポロジーマネージャーはこれを保存し、Podをノードに許可します。
+
+*Hint Providers* はこの情報を使ってリソースの割り当てを決定します。
+
+### restricted ポリシー {#policy-restricted}
+
+Pod内の各コンテナに対して、`restricted` トポロジー管理ポリシーが設定されたkubeletは各Hint Providerを呼び出してそれらのリソースの可用性を検出します。
+トポロジーマネージャーはこの情報を使用し、そのコンテナの推奨されるNUMAノードのアフィニティーを保存します。アフィニティーが優先されない場合、トポロジーマネージャーはPodをそのノードに割り当てることを拒否します。この結果、PodはPodの受付失敗となり`Terminated` 状態になります。
+
+Podが一度`Terminated`状態になると、KubernetesスケジューラーはPodの再スケジューリングを試み **ません** 。Podの再デプロイをするためには、ReplicasetかDeploymenを使用してください。`Topology Affinity`エラーとなったpodを再デプロイするために、外部のコントロールループを実行することも可能です。
+
+Podが許可されれば、 *Hint Providers* はこの情報を使ってリソースの割り当てを決定します。
+
+### single-numa-node ポリシー {#policy-single-numa-node}
+
+Pod内の各コンテナに対して、`single-numa-node`トポロジー管理ポリシーが設定されたkubeletは各Hint Prociderを呼び出してそれらのリソースの可用性を検出します。
+トポロジーマネージャーはこの情報を使用し、単一のNUMAノードアフィニティが可能かどうか決定します。
+可能な場合、トポロジーマネージャーは、この情報を保存し、*Hint Providers* はこの情報を使ってリソースの割り当てを決定します。
+不可能な場合、トポロジーマネージャーは、Podをそのノードに割り当てることを拒否します。この結果、Pod は Pod の受付失敗となり`Terminated`状態になります。
+
+Podが一度`Terminated`状態になると、KubernetesスケジューラーはPodの再スケジューリングを試み**ません**。Podの再デプロイをするためには、ReplicasetかDeploymentを使用してください。`Topology Affinity`エラーとなったpodを再デプロイするために、外部のコントロールループを実行することも可能です。
+
+### Podとトポロジー管理ポリシーの関係
+
+以下のようなpodのSpecで定義されるコンテナを考えます:
+
+```yaml
+spec:
+ containers:
+ - name: nginx
+ image: nginx
+```
+
+`requests`も`limits`も定義されていないため、このPodは`BestEffort`QoSクラスで実行します。
+
+```yaml
+spec:
+ containers:
+ - name: nginx
+ image: nginx
+ resources:
+ limits:
+ memory: "200Mi"
+ requests:
+ memory: "100Mi"
+```
+
+requestsがlimitsより小さい値のため、このPodは`Burstable`QoSクラスで実行します。
+
+選択されたポリシーが`none`以外の場合、トポロジーマネージャーは、これらのPodのSpecを考慮します。トポロジーマネージャーは、Hint Providersからトポロジーヒントを取得します。CPUマネージャーポリシーが`static`の場合、デフォルトのトポロジーヒントを返却します。これらのPodは明示的にCPUリソースを要求していないからです。
+
+
+```yaml
+spec:
+ containers:
+ - name: nginx
+ image: nginx
+ resources:
+ limits:
+ memory: "200Mi"
+ cpu: "2"
+ example.com/device: "1"
+ requests:
+ memory: "200Mi"
+ cpu: "2"
+ example.com/device: "1"
+```
+
+整数値でCPUリクエストを指定されたこのPodは、`requests`が`limits`が同じ値のため、`Guaranteed`QoSクラスで実行します。
+
+
+```yaml
+spec:
+ containers:
+ - name: nginx
+ image: nginx
+ resources:
+ limits:
+ memory: "200Mi"
+ cpu: "300m"
+ example.com/device: "1"
+ requests:
+ memory: "200Mi"
+ cpu: "300m"
+ example.com/device: "1"
+```
+
+CPUの一部をリクエストで指定されたこのPodは、`requests`が`limits`が同じ値のため、`Guaranteed`QoSクラスで実行します。
+
+
+```yaml
+spec:
+ containers:
+ - name: nginx
+ image: nginx
+ resources:
+ limits:
+ example.com/deviceA: "1"
+ example.com/deviceB: "1"
+ requests:
+ example.com/deviceA: "1"
+ example.com/deviceB: "1"
+```
+CPUもメモリもリクエスト値がないため、このPodは `BestEffort` QoSクラスで実行します。
+
+トポロジーマネージャーは、上記Podを考慮します。トポロジーマネージャーは、Hint ProvidersとなるCPUマネージャーとデバイスマネージャーに問い合わせ、トポロジーヒントを取得します。
+
+整数値でCPU要求を指定された`Guaranteed`QoSクラスのPodの場合、`static`が設定されたCPUマネージャーポリシーは、排他的なCPUに関するトポロジーヒントを返却し、デバイスマネージャーは要求されたデバイスのヒントを返します。
+
+CPUの一部を要求を指定された`Guaranteed`QoSクラスのPodの場合、排他的ではないCPU要求のため`static`が設定されたCPUマネージャーポリシーはデフォルトのトポロジーヒントを返却します。デバイスマネージャーは要求されたデバイスのヒントを返します。
+
+上記の`Guaranteed`QoSクラスのPodに関する2ケースでは、`none`で設定されたCPUマネージャーポリシーは、デフォルトのトポロジーヒントを返却します。
+
+`BestEffort`QoSクラスのPodの場合、`static`が設定されたCPUマネージャーポリシーは、CPUの要求がないためデフォルトのトポロジーヒントを返却します。デバイスマネージャーは要求されたデバイスごとのヒントを返します。
+
+トポロジーマネージャーはこの情報を使用してPodに最適なヒントを計算し保存します。保存されたヒントは Hint Providersが使用しリソースを割り当てます。
+
+### 既知の制限
+1. トポロジーマネージャーが許容するNUMAノードの最大値は8です。8より多いNUMAノードでは、可能なNUMAアフィニティを列挙しヒントを生成する際に、生成する状態数が爆発的に増加します。
+
+2. スケジューラーはトポロジーを意識しません。そのため、ノードにスケジュールされた後に実行に失敗する可能性があります。
diff --git a/content/ja/docs/tasks/configmap-secret/_index.md b/content/ja/docs/tasks/configmap-secret/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/tasks/configmap-secret/managing-secret-using-config-file.md b/content/ja/docs/tasks/configmap-secret/managing-secret-using-config-file.md
index f9572ca1f4..e4c19098fe 100644
--- a/content/ja/docs/tasks/configmap-secret/managing-secret-using-config-file.md
+++ b/content/ja/docs/tasks/configmap-secret/managing-secret-using-config-file.md
@@ -119,6 +119,8 @@ kubectl get secret mysecret -o yaml
```yaml
apiVersion: v1
+data:
+ config.yaml: YXBpVXJsOiAiaHR0cHM6Ly9teS5hcGkuY29tL2FwaS92MSIKdXNlcm5hbWU6IHt7dXNlcm5hbWV9fQpwYXNzd29yZDoge3twYXNzd29yZH19
kind: Secret
metadata:
creationTimestamp: 2018-11-15T20:40:59Z
@@ -127,8 +129,6 @@ metadata:
resourceVersion: "7225"
uid: c280ad2e-e916-11e8-98f2-025000000001
type: Opaque
-data:
- config.yaml: YXBpVXJsOiAiaHR0cHM6Ly9teS5hcGkuY29tL2FwaS92MSIKdXNlcm5hbWU6IHt7dXNlcm5hbWV9fQpwYXNzd29yZDoge3twYXNzd29yZH19
```
`kubectl get`と`kubectl describe`コマンドはデフォルトではSecretの内容を表示しません。
@@ -154,6 +154,8 @@ stringData:
```yaml
apiVersion: v1
+data:
+ username: YWRtaW5pc3RyYXRvcg==
kind: Secret
metadata:
creationTimestamp: 2018-11-15T20:46:46Z
@@ -162,8 +164,6 @@ metadata:
resourceVersion: "7579"
uid: 91460ecb-e917-11e8-98f2-025000000001
type: Opaque
-data:
- username: YWRtaW5pc3RyYXRvcg==
```
`YWRtaW5pc3RyYXRvcg==`をデコードすると`administrator`となります。
diff --git a/content/ja/docs/tasks/configmap-secret/managing-secret-using-kubectl.md b/content/ja/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
index fbc427469e..7be8c0b890 100644
--- a/content/ja/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
+++ b/content/ja/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
@@ -58,7 +58,7 @@ kubectl create secret generic db-user-pass \
たとえば、実際のパスワードが`S!B\*d$zDsb=`の場合、次のようにコマンドを実行します:
```shell
-kubectl create secret generic dev-db-secret \
+kubectl create secret generic db-user-pass \
--from-literal=username=devuser \
--from-literal=password='S!B\*d$zDsb='
```
diff --git a/content/ja/docs/tasks/configmap-secret/managing-secret-using-kustomize.md b/content/ja/docs/tasks/configmap-secret/managing-secret-using-kustomize.md
new file mode 100644
index 0000000000..9d4df475f3
--- /dev/null
+++ b/content/ja/docs/tasks/configmap-secret/managing-secret-using-kustomize.md
@@ -0,0 +1,129 @@
+---
+title: Kustomizeを使用してSecretを管理する
+content_type: task
+weight: 30
+description: kustomization.yamlを使用してSecretを作成する
+---
+
+
+
+Kubernetes v1.14以降、`kubectl`は[Kustomizeを使ったオブジェクト管理](/docs/tasks/manage-kubernetes-objects/kustomization/)をサポートしています。
+KustomizeはSecretやConfigMapを作成するためのリソースジェネレーターを提供します。
+Kustomizeジェネレーターは、ディレクトリ内の`kustomization.yaml`ファイルで指定します。
+Secretを生成したら、`kubectl apply`でAPIサーバー上にSecretを作成します。
+
+## {{% heading "prerequisites" %}}
+
+{{< include "task-tutorial-prereqs.md" >}}
+
+
+
+## Kustomizationファイルを作成する
+
+`kustomization.yaml`ファイルの中で`secretGenerator`を定義し、他の既存のファイルを参照することで、Secretを生成することができます。
+たとえば、以下のkustomizationファイルは`./username.txt`と`./password.txt`を参照しています。
+
+```yaml
+secretGenerator:
+- name: db-user-pass
+ files:
+ - username.txt
+ - password.txt
+```
+
+また、`kustomization.yaml`ファイルの中でリテラルを指定して`secretGenerator`を定義することもできます。
+たとえば、以下の`kustomization.yaml`ファイルには`username`と`password`の2つのリテラルが含まれています。
+
+```yaml
+secretGenerator:
+- name: db-user-pass
+ literals:
+ - username=admin
+ - password=1f2d1e2e67df
+```
+
+また、`kustomization.yaml`ファイルに`.env`ファイルを用意して`secretGenerator`を定義することもできます。
+たとえば、以下の`kustomization.yaml`ファイルは、`.env.secret`ファイルからデータを取り込みます。
+
+```yaml
+secretGenerator:
+- name: db-user-pass
+ envs:
+ - .env.secret
+```
+
+なお、いずれの場合も、値をbase64エンコードする必要はありません。
+
+## Secretを作成する
+
+`kustomization.yaml`を含むディレクトリを適用して、Secretを作成します。
+
+```shell
+kubectl apply -k .
+```
+
+出力は次のようになります:
+
+```
+secret/db-user-pass-96mffmfh4k created
+```
+
+なお、Secretを生成する際には、データをハッシュ化し、そのハッシュ値を付加することでSecret名を生成します。
+これにより、データが変更されるたびに、新しいSecretが生成されます。
+
+## 作成したSecretを確認する
+
+Secretが作成されたことを確認できます:
+
+```shell
+kubectl get secrets
+```
+
+出力は次のようになります:
+
+```
+NAME TYPE DATA AGE
+db-user-pass-96mffmfh4k Opaque 2 51s
+```
+
+Secretの説明を参照できます:
+
+```shell
+kubectl describe secrets/db-user-pass-96mffmfh4k
+```
+
+出力は次のようになります:
+
+```
+Name: db-user-pass-96mffmfh4k
+Namespace: default
+Labels:
+Annotations:
+
+Type: Opaque
+
+Data
+====
+password.txt: 12 bytes
+username.txt: 5 bytes
+```
+
+`kubectl get`と`kubectl describe`コマンドはデフォルトではSecretの内容を表示しません。
+これは、Secretが不用意に他人にさらされたり、ターミナルログに保存されたりしないようにするためです。
+エンコードされたデータの実際の内容を確認するには、[Secretのデコード](/ja/docs/tasks/configmap-secret/managing-secret-using-kubectl/#decoding-secret)を参照してください。
+
+## クリーンアップ
+
+作成したSecretを削除するには次のコマンドを実行します:
+
+```shell
+kubectl delete secret db-user-pass-96mffmfh4k
+```
+
+
+## {{% heading "whatsnext" %}}
+
+- [Secretのコンセプト](/ja/docs/concepts/configuration/secret/)を読む
+- [kubectlを使用してSecretを管理する](/ja/docs/tasks/configmap-secret/managing-secret-using-kubectl/)方法を知る
+- [設定ファイルを使用してSecretを管理する](/ja/docs/tasks/configmap-secret/managing-secret-using-config-file/)方法を知る
+
diff --git a/content/ja/docs/tasks/configure-pod-container/_index.md b/content/ja/docs/tasks/configure-pod-container/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/tasks/debug-application-cluster/_index.md b/content/ja/docs/tasks/debug-application-cluster/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/tasks/debug-application-cluster/debug-pod-replication-controller.md b/content/ja/docs/tasks/debug-application-cluster/debug-pod-replication-controller.md
index 570134b84d..89e927aff9 100644
--- a/content/ja/docs/tasks/debug-application-cluster/debug-pod-replication-controller.md
+++ b/content/ja/docs/tasks/debug-application-cluster/debug-pod-replication-controller.md
@@ -47,7 +47,7 @@ Podをスケジュールできない理由に関するスケジューラーか
クラスター内のCPUまたはメモリーの供給を使い果たした可能性があります。
この場合、いくつかのことを試すことができます。
-* クラスターに[ノードを追加します](/docs/tasks/administer-cluster/cluster-management/#resizing-a-cluster)。
+* クラスターにノードを追加します。
* [不要なPodを終了](/docs/concepts/workloads/pods/#pod-termination)して、
`Pending`状態のPodのための空きリソースを作ります。
diff --git a/content/ja/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md b/content/ja/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
index fdddb859ce..1fbdb763aa 100644
--- a/content/ja/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
+++ b/content/ja/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
@@ -33,7 +33,7 @@ content_type: task
kubectl apply -f https://k8s.io/examples/debug/termination.yaml
- YAMLファイルの`cmd`フィールドと`args`フィールドで、コンテナが10秒間スリープしてから`/dev/termination-log`ファイルに「Sleep expired」と書いているのがわかります。コンテナが「Sleep expired」メッセージを書き込んだ後、コンテナは終了します。
+ YAMLファイルの`command`フィールドと`args`フィールドで、コンテナが10秒間スリープしてから`/dev/termination-log`ファイルに「Sleep expired」と書いているのがわかります。コンテナが「Sleep expired」メッセージを書き込んだ後、コンテナは終了します。
1. Podに関する情報を表示します:
diff --git a/content/ja/docs/tasks/network/_index.md b/content/ja/docs/tasks/network/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases.md b/content/ja/docs/tasks/network/customize-hosts-file-for-pods.md
similarity index 99%
rename from content/ja/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases.md
rename to content/ja/docs/tasks/network/customize-hosts-file-for-pods.md
index 5c89abf5e7..f644fc575a 100644
--- a/content/ja/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases.md
+++ b/content/ja/docs/tasks/network/customize-hosts-file-for-pods.md
@@ -1,6 +1,6 @@
---
title: HostAliasesを使用してPodの/etc/hostsにエントリーを追加する
-content_type: concept
+content_type: task
weight: 60
min-kubernetes-server-version: 1.7
---
@@ -13,7 +13,7 @@ Podの`/etc/hosts`ファイルにエントリーを追加すると、DNSやそ
HostAliasesを使用せずにファイルを修正することはおすすめできません。このファイルはkubeletが管理しており、Podの作成や再起動時に上書きされる可能性があるためです。
-
+
## デフォルトのhostsファイルの内容
diff --git a/content/ja/docs/tasks/run-application/_index.md b/content/ja/docs/tasks/run-application/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/tasks/run-application/delete-stateful-set.md b/content/ja/docs/tasks/run-application/delete-stateful-set.md
index 659dabec17..81142068ed 100644
--- a/content/ja/docs/tasks/run-application/delete-stateful-set.md
+++ b/content/ja/docs/tasks/run-application/delete-stateful-set.md
@@ -37,13 +37,13 @@ StatefulSet自体が削除された後で、関連するヘッドレスサービ
kubectl delete service
```
-kubectlを使ってStatefulSetを削除すると0にスケールダウンされ、すべてのPodが削除されます。PodではなくStatefulSetだけを削除したい場合は、`--cascade=false`を使用してください。
+kubectlを使ってStatefulSetを削除すると0にスケールダウンされ、すべてのPodが削除されます。PodではなくStatefulSetだけを削除したい場合は、`--cascade=orphan`を使用してください。
```shell
-kubectl delete -f --cascade=false
+kubectl delete -f --cascade=orphan
```
-`--cascade=false`を`kubectl delete`に渡すことで、StatefulSetオブジェクト自身が削除された後でも、StatefulSetによって管理されていたPodは残ります。Podに`app=myapp`というラベルが付いている場合は、次のようにして削除できます:
+`--cascade=orphan`を`kubectl delete`に渡すことで、StatefulSetオブジェクト自身が削除された後でも、StatefulSetによって管理されていたPodは残ります。Podに`app=myapp`というラベルが付いている場合は、次のようにして削除できます:
```shell
kubectl delete pods -l app=myapp
diff --git a/content/ja/docs/tasks/service-catalog/_index.md b/content/ja/docs/tasks/service-catalog/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/tasks/tls/_index.md b/content/ja/docs/tasks/tls/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/tasks/tools/_index.md b/content/ja/docs/tasks/tools/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/tutorials/clusters/_index.md b/content/ja/docs/tutorials/clusters/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/tutorials/configuration/_index.md b/content/ja/docs/tutorials/configuration/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/tutorials/services/_index.md b/content/ja/docs/tutorials/services/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/tutorials/stateful-application/_index.md b/content/ja/docs/tutorials/stateful-application/_index.md
old mode 100755
new mode 100644
diff --git a/content/ja/docs/tutorials/stateful-application/basic-stateful-set.md b/content/ja/docs/tutorials/stateful-application/basic-stateful-set.md
index e14b1e5925..6b9d8da5a8 100644
--- a/content/ja/docs/tutorials/stateful-application/basic-stateful-set.md
+++ b/content/ja/docs/tutorials/stateful-application/basic-stateful-set.md
@@ -711,10 +711,10 @@ StatefulSetは、非カスケードな削除とカスケードな削除の両方
kubectl get pods -w -l app=nginx
```
-[`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands/#delete)を使用して、StatefulSetを削除します。このとき、`--cascade=false`パラメーターをコマンドに与えてください。このパラメーターは、Kubernetesに対して、StatefulSetだけを削除して配下のPodは削除しないように指示します。
+[`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands/#delete)を使用して、StatefulSetを削除します。このとき、`--cascade=orphan`パラメーターをコマンドに与えてください。このパラメーターは、Kubernetesに対して、StatefulSetだけを削除して配下のPodは削除しないように指示します。
```shell
-kubectl delete statefulset web --cascade=false
+kubectl delete statefulset web --cascade=orphan
```
```
statefulset.apps "web" deleted
@@ -814,7 +814,7 @@ web-1
kubectl get pods -w -l app=nginx
```
-2つ目のターミナルで、StatefulSetをもう一度削除します。今回は、`--cascade=false`パラメーターを省略します。
+2つ目のターミナルで、StatefulSetをもう一度削除します。今回は、`--cascade=orphan`パラメーターを省略します。
```shell
kubectl delete statefulset web
diff --git a/content/ja/docs/tutorials/stateful-application/cassandra.md b/content/ja/docs/tutorials/stateful-application/cassandra.md
index c5f8ed3986..4283a378b5 100644
--- a/content/ja/docs/tutorials/stateful-application/cassandra.md
+++ b/content/ja/docs/tutorials/stateful-application/cassandra.md
@@ -246,7 +246,7 @@ StatefulSetに関連するすべてのリソースを自動的に破棄するよ
## Cassandraコンテナの環境変数
-このチュートリアルのPodでは、Googleの[コンテナレジストリ](https://cloud.google.com/container-registry/docs/)の[`gcr.io/google-samples/cassandra:v13`](https://github.com/kubernetes/examples/blob/master/cassandra/image/Dockerfile)イメージを使用しました。このDockerイメージは[debian-base](https://github.com/kubernetes/kubernetes/tree/master/build/debian-base)をベースにしており、OpenJDK 8が含まれています。
+このチュートリアルのPodでは、Googleの[コンテナレジストリ](https://cloud.google.com/container-registry/docs/)の[`gcr.io/google-samples/cassandra:v13`](https://github.com/kubernetes/examples/blob/master/cassandra/image/Dockerfile)イメージを使用しました。このDockerイメージは[debian-base](https://github.com/kubernetes/release/tree/master/images/build/debian-base)をベースにしており、OpenJDK 8が含まれています。
このイメージには、Apache Debianリポジトリの標準のCassandraインストールが含まれます。
環境変数を利用すると、`cassandra.yaml`に挿入された値を変更できます。
diff --git a/content/ja/examples/application/job/redis/worker.py b/content/ja/examples/application/job/redis/worker.py
index 49e5dae798..87d90bde18 100644
--- a/content/ja/examples/application/job/redis/worker.py
+++ b/content/ja/examples/application/job/redis/worker.py
@@ -8,11 +8,11 @@ host="redis"
# import os
# host = os.getenv("REDIS_SERVICE_HOST")
-q = rediswq.RedisWQ(name="job2", host="redis")
+q = rediswq.RedisWQ(name="job2", host=host)
print("Worker with sessionID: " + q.sessionID())
print("Initial queue state: empty=" + str(q.empty()))
while not q.empty():
- item = q.lease(lease_secs=10, block=True, timeout=2)
+ item = q.lease(lease_secs=10, block=True, timeout=2)
if item is not None:
itemstr = item.decode("utf=8")
print("Working on " + itemstr)
diff --git a/content/ja/examples/controllers/daemonset.yaml b/content/ja/examples/controllers/daemonset.yaml
index 1bfa082833..375391826d 100644
--- a/content/ja/examples/controllers/daemonset.yaml
+++ b/content/ja/examples/controllers/daemonset.yaml
@@ -16,6 +16,7 @@ spec:
spec:
tolerations:
- key: node-role.kubernetes.io/master
+ operator: Exists
effect: NoSchedule
containers:
- name: fluentd-elasticsearch
diff --git a/content/ja/includes/task-tutorial-prereqs.md b/content/ja/includes/task-tutorial-prereqs.md
index e8ba679a99..09e7dda1b2 100644
--- a/content/ja/includes/task-tutorial-prereqs.md
+++ b/content/ja/includes/task-tutorial-prereqs.md
@@ -1,5 +1,6 @@
Kubernetesクラスターが必要、かつそのクラスターと通信するためにkubectlコマンドラインツールが設定されている必要があります。
-まだクラスターがない場合、[Minikube](/ja/docs/setup/learning-environment/minikube/)を使って作成するか、
+このチュートリアルは、コントロールプレーンのホストとして動作していない少なくとも2つのノードを持つクラスターで実行することをおすすめします。
+まだクラスターがない場合、[minikube](https://minikube.sigs.k8s.io/docs/tutorials/multi_node/)を使って作成するか、
以下のいずれかのKubernetesプレイグラウンドも使用できます:
* [Katacoda](https://www.katacoda.com/courses/kubernetes/playground)
diff --git a/content/ko/_index.html b/content/ko/_index.html
index 9aa0ab3cd3..c6350f1559 100644
--- a/content/ko/_index.html
+++ b/content/ko/_index.html
@@ -10,7 +10,7 @@ sitemap:
{{% blocks/feature image="flower" %}}
K8s라고도 알려진 [쿠버네티스]({{< relref "/docs/concepts/overview/what-is-kubernetes" >}})는 컨테이너화된 애플리케이션을 자동으로 배포, 스케일링 및 관리해주는 오픈소스 시스템입니다.
-애플리케이션을 구성하는 컨테이너들의 쉬운 관리 및 발견을 위해서 컨테이너들을 논리적인 단위로 그룹화합니다. 쿠버네티스는 [Google에서 15년간 프로덕션 워크로드 운영한 경험](http://queue.acm.org/detail.cfm?id=2898444)을 토대로 구축되었으며, 커뮤니티에서 제공한 최상의 아이디어와 방법들이 결합되어 있습니다.
+애플리케이션을 구성하는 컨테이너들의 쉬운 관리 및 발견을 위해서 컨테이너들을 논리적인 단위로 그룹화합니다. 쿠버네티스는 [Google에서 15년간 프로덕션 워크로드 운영한 경험](https://queue.acm.org/detail.cfm?id=2898444)을 토대로 구축되었으며, 커뮤니티에서 제공한 최상의 아이디어와 방법들이 결합되어 있습니다.
{{% /blocks/feature %}}
{{% blocks/feature image="scalable" %}}
@@ -43,12 +43,12 @@ Google이 일주일에 수십억 개의 컨테이너들을 운영하게 해준
diff --git a/content/ko/blog/_posts/2021-08-04-kubernetes-release-1.22.md b/content/ko/blog/_posts/2021-08-04-kubernetes-release-1.22.md
new file mode 100644
index 0000000000..d936d7c767
--- /dev/null
+++ b/content/ko/blog/_posts/2021-08-04-kubernetes-release-1.22.md
@@ -0,0 +1,157 @@
+---
+layout: blog
+title: '쿠버네티스 1.22: 새로운 정점에 도달(Reaching New Peaks)'
+date: 2021-08-04
+slug: kubernetes-1-22-release-announcement
+---
+
+**저자:** [쿠버네티스 1.22 릴리스 팀](https://github.com/kubernetes/sig-release/blob/master/releases/release-1.22/release-team.md)
+
+**번역:** [손석호(ETRI)](https://github.com/seokho-son), [서지훈(ETRI)](https://github.com/jihoon-seo), [쿠버네티스 문서 한글화 팀](https://kubernetes.slack.com/archives/CA1MMR86S)
+
+2021년의 두 번째 릴리스인 쿠버네티스 1.22 릴리스를 발표하게 되어 기쁘게 생각합니다!
+
+이번 릴리스는 53개의 개선 사항(enhancement)으로 구성되어 있습니다. 13개의 개선 사항은 스테이블(stable)로 졸업하였으며(graduated), 24개의 개선 사항은 베타(beta)로 이동하였고, 16개는 알파(alpha)에 진입하였습니다. 또한, 3개의 기능(feature)을 더 이상 사용하지 않게 되었습니다(deprecated).
+
+이번 해 4월에는 쿠버네티스 릴리스 케이던스(cadence)가 1년에 4회에서 3회로 공식적으로 변경되었습니다. 이번 릴리스가 해당 방식에 따라 긴 주기를 가진 첫 번째 릴리스입니다. 쿠버네티스 프로젝트가 성숙해짐에 따라, 사이클(cycle) 당 개선 사항도 늘어나고 있습니다. 이것은 기여자 커뮤니티 및 릴리스 엔지니어링 팀에게, 버전과 버전 사이에 더 많은 작업이 필요하다는 것을 의미합니다. 또한 점점 더 많은 기능을 포함하는 릴리스로 최신 상태를 유지하려는 최종-사용자 커뮤니티에도 부담을 줄 수 있습니다.
+
+연간 4회에서 3회로의 릴리스 케이던스 변경을 통해 프로젝트의 다양한 측면(기여와 릴리스가 관리되는 방법, 업그레이드 및 최신 릴리스 유지에 대한 커뮤니티의 역량 등)에 대한 균형을 이루고자 하였습니다.
+
+더 자세한 사항은 공식 블로그 포스트 [쿠버네티스 릴리스 케이던스 변경: 알아두어야 할 사항](https://kubernetes.io/blog/2021/07/20/new-kubernetes-release-cadence/)에서 확인할 수 있습니다.
+
+
+## 주요 주제
+
+### 서버-사이드 어플라이(Server-side Apply)가 GA로 졸업
+
+[서버-사이드 어플라이](https://kubernetes.io/docs/reference/using-api/server-side-apply/)는 쿠버네티스 API 서버에서 동작하는 신규 필드 오너십이며 오브젝트 병합 알고리즘입니다. 서버-사이드 어플라이는 사용자와 컨트롤러가 선언적인 구성을 통해서 자신의 리소스를 관리할 수 있도록 돕습니다. 이 기능은 단순히 fully specified intent를 전송하는 것만으로 자신의 오브젝트를 선언적으로 생성 또는 수정할 수 있도록 허용합니다. 몇 릴리스에 걸친 베타 과정 이후, 서버-사이드 어플라이는 이제 GA(generally available)가 되었습니다.
+
+### 외부 크리덴셜 제공자가 이제 스테이블이 됨
+
+쿠버네티스 클라이언트 [크리덴셜 플러그인](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins)에 대한 지원은 1.11부터 베타였으나, 쿠버네티스 1.22 릴리스에서 스테이블로 졸업하였습니다. 해당 GA 기능 집합은 인터랙티브 로그인 플로우(interactive login flow)를 제공하는 플러그인에 대한 향상된 지원을 포함합니다. 또한, 많은 버그가 수정되었습니다. 플러그인 개발은 [sample-exec-plugin](https://github.com/ankeesler/sample-exec-plugin)을 통해 시작할 수 있습니다.
+
+### etcd 3.5.0으로 변경
+
+쿠버네티스의 기본 백엔드 저장소인 etcd 3.5.0이 신규로 릴리스되었습니다. 신규 릴리스에는 보안, 성능, 모니터링, 개발자 경험 측면의 개선 사항이 포함되어 있습니다. 많은 버그가 수정되었으며 구조화된 로깅으로 마이그레이션(migration to structured logging) 및 빌트-인 로그 순환(built-in log rotation)과 같은 신규 중요 기능들도 일부 포함되었습니다. 해당 릴리스는 트래픽 부하에 대한 솔루션 구현을 위한 자세한 차기 로드맵도 제시하고 있습니다. [3.5.0 릴리스 발표](https://etcd.io/blog/2021/announcing-etcd-3.5/)에서 변경에 대한 자세한 항목을 확인할 수 있습니다.
+
+### 메모리 리소스에 대한 서비스 품질(Quality of Service)
+
+쿠버네티스는 원래 v1 cgroups API를 사용했습니다. 해당 디자인에 의해서, `Pod`에 대한 QoS 클래스는 CPU 리소스(예를 들면, `cpu_shares`)에만 적용되었습니다. 알파 기능으로, 쿠버네티스 v1.22에서는 메모리 할당(allocation)과 격리(isolation)를 제어하기 위한 cgroups v2 API를 사용할 수 있습니다. 이 기능은 메모리 리소스에 대한 컨텐션(contention)이 있을 때 워크로드와 노드의 가용성을 향상시키고, 컨테이너 라이프사이클에 대한 예측 가능성을 향상시킬 수 있도록 디자인되었습니다.
+
+### 노드 시스템 스왑(swap) 지원
+
+모든 시스템 관리자나 쿠버네티스 사용자는 쿠버네티스를 설정하거나 사용할 때 스왑 공간(space)을 비활성화해야 한다는 동일한 상황에 놓여 있었습니다. 쿠버네티스 1.22 릴리스에서는 노드의 스왑 메모리를 지원합니다(알파). 이 변경은 블록 스토리지의 일부를 추가적인 가상 메모리로 취급하도록, 관리자의 옵트인(opt in)을 받아서 리눅스 노드에 스왑을 구성합니다.
+
+### 윈도우(Windows) 개선 사항 및 기능
+
+SIG Windows는 계속해서 성장하는 개발자 커뮤니티를 지원하기 위해서 [개발 환경](https://github.com/kubernetes-sigs/sig-windows-dev-tools/)을 릴리스하였습니다. 이 새로운 도구는 여러 CNI 제공자를 지원하며, 여러 플랫폼에서 구동할 수 있습니다. 윈도우 kubelet과 kube-proxy를 컴파일하고, 다른 쿠버네티스 컴포넌트와 함께 빌드될 수 있도록 하는 새로운 방법을 제공하여, 최신(bleeding-edge) 윈도우 기능을 스크래치(scratch)부터 실행할 수 있도록 지원합니다.
+
+1.22 릴리스에서 윈도우 노드의 CSI 지원이 GA 상태가 되었습니다. 쿠버네티스 v1.22에서는 특권을 가진(privileged) 윈도우 컨테이너가 알파가 되었습니다. 윈도우 노드에서 CSI 스토리지를 사용하도록, 노드에서의 스토리지 작업에 대한 특권을 가진(privileged) [CSIProxy](https://github.com/kubernetes-csi/csi-proxy)가 CSI 노드 플러그인을 특권을 가지지 않은(unprivileged) 파드로 배치되도록 합니다.
+
+### 기본(default) seccomp 프로파일
+
+알파 기능인 기본 seccomp 프로파일이 신규 커맨드라인 플래그 및 설정과 함께 kubelet에 추가되었습니다. 이 신규 기능을 사용하면, `Unconfined`대신 `RuntimeDefault` seccomp 프로파일을 기본으로 사용하는 seccomp이 클러스터 전반에서 기본이 됩니다. 이는 쿠버네티스 디플로이먼트(Deployment)의 기본 보안을 강화합니다. 워크로드에 대한 보안이 기본으로 더 강화되었으므로, 이제 보안 관리자도 조금 더 안심하고 쉴 수 있습니다. 이 기능에 대한 자세한 사항은 공식적인 [seccomp 튜토리얼](https://kubernetes.io/docs/tutorials/clusters/seccomp/#enable-the-use-of-runtimedefault-as-the-default-seccomp-profile-for-all-workloads)을 참고하시기 바랍니다.
+
+### kubeadm을 통한 보안성이 더 높은 컨트롤 플레인
+
+이 신규 알파 기능을 사용하면 `kubeadm` 컨트롤 플레인 컴포넌트들을 루트가 아닌(non-root) 사용자로 동작시킬 수 있습니다. 이것은 `kubeadm`에 오랫동안 요청되어 온 보안 조치 사항입니다. 이 기능을 사용하려면 `kubeadm`에 한정된 RootlessControlPlane 기능 게이트를 활성화해야 합니다. 이 알파 기능을 사용하여 클러스터를 배치하는 경우, 사용자의 컨트롤 플레인은 더 낮은 특권(privileges)을 가지고 동작하게 됩니다.
+
+또한 쿠버네티스 1.22는 `kubeadm`의 신규 [v1beta3 구성 API](/docs/reference/config-api/kubeadm-config.v1beta3/)를 제공합니다. 이 버전에는 오랫동안 요청되어 온 몇 가지 기능들이 추가되었고, 기존의 일부 기능들은 사용 중단(deprecated)되었습니다. 이제 v1beta3 버전이 선호되는(preferred) API 버전입니다. 그러나, v1beta2 API도 여전히 사용 가능하며 아직 사용 중단(deprecated)되지 않았습니다.
+
+## 주요 변경 사항
+
+### 사용 중단된(deprecated) 일부 베타 APIs의 제거
+
+GA 버전과 중복된 사용 중단(deprecated)된 여러 베타 API가 1.22에서 제거되었습니다. 기존의 모든 오브젝트는 스테이블 APIs를 통해 상호 작용할 수 있습니다. 이 제거에는 `Ingress`, `IngressClass`, `Lease`, `APIService`, `ValidatingWebhookConfiguration`, `MutatingWebhookConfiguration`, `CustomResourceDefinition`, `TokenReview`, `SubjectAccessReview`, `CertificateSigningRequest` API의 베타 버전이 포함되었습니다.
+
+전체 항목은 [사용 중단된 API에 대한 마이그레이션 지침](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22)과 블로그 포스트 [1.22에서 쿠버네티스 API와 제거된 기능: 알아두어야 할 사항](https://blog.k8s.io/2021/07/14/upcoming-changes-in-kubernetes-1-22/)에서 확인 가능합니다.
+
+### 임시(ephemeral) 컨테이너에 대한 API 변경 및 개선
+
+1.22에서 [임시 컨테이너](https://kubernetes.io/ko/docs/concepts/workloads/pods/ephemeral-containers/)를 생성하기 위한 API가 변경되었습니다. 임시 컨테이너 기능은 알파이며 기본적으로 비활성화되었습니다. 신규 API는 예전 API를 사용하려는 클라이언트에 대해 동작하지 않습니다.
+
+스테이블 기능에 대해서, kubectl 도구는 쿠버네티스의 [버전 차이(skew) 정책](https://kubernetes.io/ko/releases/version-skew-policy/)을 따릅니다. 그러나, kubectl v1.21 이하의 버전은 임시 컨테이너에 대한 신규 API를 지원하지 않습니다. 만약 `kubectl debug`를 사용하여 임시 컨테이너를 생성할 계획이 있고 클러스터에서 쿠버네티스 v1.22로 구동하고 있는 경우, kubectl v1.21 이하의 버전에서는 그렇게 할 수 없다는 것을 알아두어야 합니다. 따라서 만약 클러스터 버전을 혼합하여 `kubectl debug`를 사용하려면 kubectl를 1.22로 업데이트하길 바랍니다.
+
+## 기타 업데이트
+
+### 스테이블로 졸업
+
+* [바운드 서비스 어카운트 토큰 볼륨(Bound Service Account Token Volumes)](https://github.com/kubernetes/enhancements/issues/542)
+* [CSI 서비스 어카운트 토큰(CSI Service Account Token)](https://github.com/kubernetes/enhancements/issues/2047)
+* [윈도우의 CSI 플러그인 지원](https://github.com/kubernetes/enhancements/issues/1122)
+* [사용 중단된 API 사용에 대한 경고(warning) 메커니즘](https://github.com/kubernetes/enhancements/issues/1693)
+* [PodDisruptionBudget 축출(eviction)](https://github.com/kubernetes/enhancements/issues/85)
+
+### 주목할만한 기능 업데이트
+
+* 파드시큐리티폴리시(PodSecurityPolicy)를 대체하기 위한 새로운 [파드시큐리티(PodSecurity) 어드미션(admission)](https://github.com/kubernetes/enhancements/issues/2579) 알파 기능이 소개됨.
+* [메모리 관리자(manager)](https://github.com/kubernetes/enhancements/issues/1769)가 베타가 됨.
+* [API 서버 트레이싱(tracing)](https://github.com/kubernetes/enhancements/issues/647)을 활성화하는 새로운 알파 기능.
+* [kubeadm 설정(configuration)](https://github.com/kubernetes/enhancements/issues/970) 포맷의 신규 v1beta3 버전.
+* 퍼시스턴트볼륨(PersistentVolume)을 위한 [Generic data populators](https://github.com/kubernetes/enhancements/issues/1495)를 알파로 활용 가능.
+* 쿠버네티스 컨트롤 플레인이 이제 [크론잡 v2 컨트롤러(CronJobs v2 controller)](https://github.com/kubernetes/enhancements/issues/19)를 사용하게 됨.
+* 알파 기능으로, 모든 쿠버네티스 노드 컴포넌트(kubelet, kube-proxy, 컨테이너 런타임을 포함)는 [루트가 아닌 사용자로](https://github.com/kubernetes/enhancements/issues/2033) 동작시킬 수 있음.
+
+# 릴리스 노트
+
+1.22 릴리스의 자세한 전체 사항은 [릴리스 노트](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.22.md)에서 확인할 수 있습니다.
+
+# 릴리스 위치
+
+쿠버네티스 1.22는 [여기](https://kubernetes.io/releases/download/)에서 다운로드할 수 있고, [GitHub 프로젝트](https://github.com/kubernetes/kubernetes/releases/tag/v1.22.0)에서도 찾을 수 있습니다.
+
+쿠버네티스를 시작하는 데 도움이 되는 좋은 자료가 많이 있습니다. 쿠버네티스 사이트에서 [상호 작용형 튜토리얼](https://kubernetes.io/ko/docs/tutorials/)을 수행할 수도 있고, [kind](https://kind.sigs.k8s.io)와 도커 컨테이너를 사용하여 로컬 클러스터를 사용자의 머신에서 구동해볼 수도 있습니다. 클러스터를 스크래치(scratch)부터 구축해보고 싶다면, Kelsey Hightower의 [쿠버네티스 어렵게 익히기(the Hard Way)](https://github.com/kelseyhightower/kubernetes-the-hard-way) 튜토리얼을 확인해보시기 바랍니다.
+
+# 릴리스 팀
+
+이 릴리스는 쿠버네티스 릴리스에 포함되는 모든 기술 콘텐츠, 문서, 코드, 기타 구성 요소 등을 제공하기 위해 팀들로 모인 매우 헌신적인 개인 그룹에 의해 가능했습니다.
+
+팀을 성공적인 릴리스로 이끈 릴리스 리드 Savitha Raghunathan에게 감사드리며, 릴리스 팀 이외에도 커뮤니티에 1.22 릴리스를 제공하기 위해 열심히 작업하고 지원한 모든 사람들에게 감사드립니다.
+
+우리는 또한 이 자리를 빌려 올해 초에 생을 마감한 팀 멤버 Peeyush Gupta를 추모하고 싶습니다. Peeyush Gupta는 SIG ContribEx 및 쿠버네티스 릴리스 팀에 활발히 참여했으며, 최근에는 1.22 커뮤니케이션 리드를 역임하였습니다. 그의 기여와 노력은 앞으로도 커뮤니티에 지속적으로 영향을 줄 것입니다. 그에 대한 추억과 추모를 공유하기 위한 [CNCF 추모](https://github.com/cncf/memorials/blob/main/peeyush-gupta.md) 페이지가 생성되어 있습니다.
+
+# 릴리스 로고
+
+
+
+진행 중인 팬데믹, 자연재해 및 항상 존재하는 번아웃의 그림자 속에서도, 쿠버네티스 1.22 릴리스는 53개의 개선 사항을 제공하였습니다. 이것은 현재까지 가장 큰 릴리스입니다. 이 성과는 열심히 일하고 열정적인 릴리스 팀 구성원과 쿠버네티스 생태계의 대단한 기여자들 덕분에 달성할 수 있었습니다. 이 릴리스 로고는 새로운 마일스톤과 새로운 기록을 세우기 위한 리마인더입니다. 이 로고를 모든 릴리스 팀 구성원, 등산객, 별을 보는 사람들에게 바칩니다!
+
+이 로고는 [Boris Zotkin](https://www.instagram.com/boris.z.man/)가 디자인하였습니다. Boris는 MathWorks에서 Mac/Linux 관리자 역할을 맡고 있습니다. 그는 인생에서의 소소한 재미를 즐기고 가족과 함께 시간을 보내는 것을 사랑합니다. 이 기술에 정통(tech-savvy)한 개인은 항상 도전을 준비하며 친구를 돕는 것에 행복을 느낍니다!
+
+# 사용자 하이라이트
+
+- 5월에 CNCF가 전 세계에 걸친 27 기관을 다양한 클라우드 네이티브 생태계의 신규 멤버로 받았습니다. 이 신규 [멤버](https://www.cncf.io/announcements/2021/05/05/27-new-members-join-the-cloud-native-computing-foundation/)는 다가오는 [KubeCon + CloudNativeCon NA in Los Angeles (October 12 – 15, 2021)](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/)를 포함한 CNCF 이벤트들에 참여할 것입니다.
+- CNCF는 [KubeCon + CloudNativeCon EU – Virtual 2021](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/)에서 Spotify에 [최고 엔드 유저 상(Top End User Award)](https://www.cncf.io/announcements/2021/05/05/cloud-native-computing-foundation-grants-spotify-the-top-end-user-award/)을 수여했습니다.
+
+# 프로젝트 속도(Velocity)
+
+[CNCF K8s DevStats 프로젝트](https://k8s.devstats.cncf.io/)는 쿠버네티스와 다양한 서브-프로젝트에 대한 흥미로운 데이터를 수집하고 있습니다. 여기에는 개인 기여부터 기여하는 회사 수에 이르기까지 모든 것이 포함되며, 이 생태계를 발전시키는 데 필요한 노력의 깊이와 넓이를 보여줍니다.
+
+우리는 15주(4월 26일에서 8월 4일) 간 진행된 v1.22 릴리스 주기에서, [1063개의 기업](https://k8s.devstats.cncf.io/d/9/companies-table?orgId=1&var-period_name=v1.21.0%20-%20now&var-metric=contributions)과 [2054명의 개인](https://k8s.devstats.cncf.io/d/66/developer-activity-counts-by-companies?orgId=1&var-period_name=v1.21.0%20-%20now&var-metric=contributions&var-repogroup_name=Kubernetes&var-country_name=All&var-companies=All)의 기여를 보았습니다.
+
+# 생태계 업데이트
+
+- 세 번째 가상 이벤트인 [KubeCon + CloudNativeCon Europe 2021](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/)이 5월에 열렸습니다. 모든 발표가 [온디맨드로 확인 가능](https://www.youtube.com/playlist?list=PLj6h78yzYM2MqBm19mRz9SYLsw4kfQBrC)합니다.
+- [Spring Term LFX 프로그램](https://www.cncf.io/blog/2021/07/13/spring-term-lfx-program-largest-graduating-class-with-28-successful-cncf-interns)이 28명의 성공적인 인턴을 배출한 최대 규모의 졸업반을 가졌습니다!
+- CNCF가 연초에 클라우드 네이티브 커뮤니티와 함께 배우고, 성장하고, 협업하기를 원하는 전 세계 누구에게나 상호 작용형 미디어 경험을 제공하고자, [Twitch에서 라이브스트리밍](https://www.cncf.io/blog/2021/06/03/cloud-native-community-goes-live-with-10-shows-on-twitch/)을 시작하였습니다.
+
+# 이벤트 업데이트
+
+- [KubeCon + CloudNativeCon North America 2021](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/)가 October 12 – 15, 2021에 Los Angeles에서 열립니다! 컨퍼런스와 등록에 대한 더 자세한 정보는 이벤트 사이트에서 찾을 수 있습니다.
+- [쿠버네티스 커뮤니티 Days](https://community.cncf.io/kubernetes-community-days/about-kcd/)가 Italy, UK, Washington DC에서 이벤트를 앞두고 있습니다.
+
+# 다가오는 릴리스 웨비나
+
+이번 릴리스에 대한 중요 기능뿐만 아니라 업그레이드 계획을 위해 필요한 사용 중지된 사항이나 제거에 대한 사항을 학습하고 싶다면, 2021년 9월 7일에 쿠버네티스 1.22 릴리스 팀 웨비나에 참여하세요. 더 자세한 정보와 등록에 대해서는 CNCF 온라인 프로그램 사이트의 [이벤트 페이지](https://community.cncf.io/events/details/cncf-cncf-online-programs-presents-cncf-live-webinar-kubernetes-122-release/)를 확인하세요.
+
+# 참여하기
+
+만약 쿠버네티스 커뮤니티 기여에 관심이 있다면, 특별 관심 그룹(Special Interest Groups, SIGs)이 좋은 시작 지점이 될 수 있습니다. 그중 많은 SIG가 당신의 관심사와 일치될 수 있습니다! 만약 커뮤니티와 공유하고 싶은 것이 있다면, 주간 커뮤니티 미팅에 참석할 수 있습니다. 또한 다음 중 어떠한 채널이라도 활용할 수 있습니다.
+
+* [쿠버네티스 기여자](https://www.kubernetes.dev/) 웹사이트에서 기여에 대한 더 자세한 사항을 확인
+* 최신 정보 업데이트를 위해 [@Kubernetesio](https://twitter.com/kubernetesio) 트위터 팔로우
+* [논의(discuss)](https://discuss.kubernetes.io/)에서 커뮤니티 논의에 참여
+* [슬랙](http://slack.k8s.io/)에서 커뮤니티에 참여
+* 쿠버네티스 [사용기](https://docs.google.com/a/linuxfoundation.org/forms/d/e/1FAIpQLScuI7Ye3VQHQTwBASrgkjQDSS5TP0g3AXfFhwSM9YpHgxRKFA/viewform) 공유
+* 쿠버네티스에서 일어나는 일에 대한 자세한 사항을 [블로그](https://kubernetes.io/blog/)를 통해 읽기
+* [쿠버네티스 릴리스 팀](https://github.com/kubernetes/sig-release/tree/master/release-team)에 대해 더 알아보기
diff --git a/content/ko/case-studies/box/index.html b/content/ko/case-studies/box/index.html
index 058ff7f9a2..392e3d66bb 100644
--- a/content/ko/case-studies/box/index.html
+++ b/content/ko/case-studies/box/index.html
@@ -23,7 +23,7 @@ case_study_details:
Solution
-
Over the past couple of years, Box has been decomposing its infrastructure into microservices, and became an early adopter of, as well as contributor to, Kubernetes container orchestration. Kubernetes, Ghods says, has allowed Box's developers to "target a universal set of concepts that are portable across all clouds."
+
Over the past couple of years, Box has been decomposing its infrastructure into microservices, and became an early adopter of, as well as contributor to, Kubernetes container orchestration. Kubernetes, Ghods says, has allowed Box's developers to "target a universal set of concepts that are portable across all clouds."
Impact
@@ -37,7 +37,7 @@ case_study_details:
In the summer of 2014, Box was feeling the pain of a decade's worth of hardware and software infrastructure that wasn't keeping up with the company's needs.
{{< /case-studies/lead >}}
-
A platform that allows its more than 50 million users (including governments and big businesses like General Electric) to manage and share content in the cloud, Box was originally a PHP monolith of millions of lines of code built exclusively with bare metal inside of its own data centers. It had already begun to slowly chip away at the monolith, decomposing it into microservices. And "as we've been expanding into regions around the globe, and as the public cloud wars have been heating up, we've been focusing a lot more on figuring out how we run our workload across many different environments and many different cloud infrastructure providers," says Box Cofounder and Services Architect Sam Ghods. "It's been a huge challenge thus far because of all these different providers, especially bare metal, have very different interfaces and ways in which you work with them."
+
A platform that allows its more than 50 million users (including governments and big businesses like General Electric) to manage and share content in the cloud, Box was originally a PHP monolith of millions of lines of code built exclusively with bare metal inside of its own data centers. It had already begun to slowly chip away at the monolith, decomposing it into microservices. And "as we've been expanding into regions around the globe, and as the public cloud wars have been heating up, we've been focusing a lot more on figuring out how we run our workload across many different environments and many different cloud infrastructure providers," says Box Cofounder and Services Architect Sam Ghods. "It's been a huge challenge thus far because of all these different providers, especially bare metal, have very different interfaces and ways in which you work with them."
Box's cloud native journey accelerated that June, when Ghods attended DockerCon. The company had come to the realization that it could no longer run its applications only off bare metal, and was researching containerizing with Docker, virtualizing with OpenStack, and supporting public cloud.
diff --git a/content/ko/docs/concepts/architecture/cloud-controller.md b/content/ko/docs/concepts/architecture/cloud-controller.md
index fe7fda364a..e5e7d315c5 100644
--- a/content/ko/docs/concepts/architecture/cloud-controller.md
+++ b/content/ko/docs/concepts/architecture/cloud-controller.md
@@ -210,7 +210,7 @@ rules:
자체 클라우드 컨트롤러 매니저를 구현하거나 기존 프로젝트를 확장하는 방법을 알고 싶은가?
-클라우드 컨트롤러 매니저는 Go 인터페이스를 사용해서 모든 클라우드 플러그인을 구현할 수 있다. 구체적으로, [kubernetes/cloud-provider](https://github.com/kubernetes/cloud-provider)의 [`cloud.go`](https://github.com/kubernetes/cloud-provider/blob/release-1.17/cloud.go#L42-L62)에 정의된 `CloudProvider` 인터페이스를 사용한다.
+클라우드 컨트롤러 매니저는 Go 인터페이스를 사용함으로써, 어떠한 클라우드에 대한 구현체(implementation)라도 플러그인 될 수 있도록 한다. 구체적으로는, [kubernetes/cloud-provider](https://github.com/kubernetes/cloud-provider)의 [`cloud.go`](https://github.com/kubernetes/cloud-provider/blob/release-1.21/cloud.go#L42-L69)에 정의된 `CloudProvider` 인터페이스를 사용한다.
이 문서(노드, 라우트와 서비스)에서 강조된 공유 컨트롤러의 구현과 공유 cloudprovider 인터페이스와 함께 일부 스캐폴딩(scaffolding)은 쿠버네티스 핵심의 일부이다. 클라우드 공급자 전용 구현은 쿠버네티스의 핵심 바깥에 있으며 `CloudProvider` 인터페이스를 구현한다.
diff --git a/content/ko/docs/concepts/architecture/controller.md b/content/ko/docs/concepts/architecture/controller.md
index e516dd9cc5..92afd615b6 100644
--- a/content/ko/docs/concepts/architecture/controller.md
+++ b/content/ko/docs/concepts/architecture/controller.md
@@ -159,11 +159,11 @@ IP 주소 관리 도구, 스토리지 서비스, 클라우드 제공자의 API
또는 쿠버네티스 외부에서 실행할 수 있다. 가장 적합한 것은 특정 컨트롤러의 기능에
따라 달라진다.
-
-
## {{% heading "whatsnext" %}}
* [쿠버네티스 컨트롤 플레인](/ko/docs/concepts/overview/components/#컨트롤-플레인-컴포넌트)에 대해 읽기
* [쿠버네티스 오브젝트](/ko/docs/concepts/overview/working-with-objects/kubernetes-objects/)의 몇 가지 기본 사항을 알아보자.
* [쿠버네티스 API](/ko/docs/concepts/overview/kubernetes-api/)에 대해 더 배워 보자.
-* 만약 자신만의 컨트롤러를 작성하기 원한다면, 쿠버네티스 확장하기의 [확장 패턴](/ko/docs/concepts/extend-kubernetes/extend-cluster/#익스텐션-패턴)을 본다.
+* 만약 자신만의 컨트롤러를 작성하기 원한다면,
+ 쿠버네티스 확장하기의 [확장 패턴](/ko/docs/concepts/extend-kubernetes/#익스텐션-패턴)을
+ 본다.
diff --git a/content/ko/docs/concepts/architecture/nodes.md b/content/ko/docs/concepts/architecture/nodes.md
index 5bba08100e..3ab89472d8 100644
--- a/content/ko/docs/concepts/architecture/nodes.md
+++ b/content/ko/docs/concepts/architecture/nodes.md
@@ -1,4 +1,7 @@
---
+
+
+
title: 노드
content_type: concept
weight: 10
@@ -8,7 +11,8 @@ weight: 10
쿠버네티스는 컨테이너를 파드내에 배치하고 _노드_ 에서 실행함으로 워크로드를 구동한다.
노드는 클러스터에 따라 가상 또는 물리적 머신일 수 있다. 각 노드는
-{{< glossary_tooltip text="컨트롤 플레인" term_id="control-plane" >}}에 의해 관리되며
+{{< glossary_tooltip text="컨트롤 플레인" term_id="control-plane" >}}에
+의해 관리되며
{{< glossary_tooltip text="파드" term_id="pod" >}}를
실행하는 데 필요한 서비스를 포함한다.
@@ -272,17 +276,18 @@ kubelet은 `NodeStatus` 와 리스 오브젝트를 생성하고 업데이트 할
#### 안정성
대부분의 경우, 노드 컨트롤러는 초당 `--node-eviction-rate`(기본값 0.1)로
-축출 비율을 제한한다. 이 말은 10초당 1개의 노드를 초과하여
+축출 속도를 제한한다. 이 말은 10초당 1개의 노드를 초과하여
파드 축출을 하지 않는다는 의미가 된다.
노드 축출 행위는 주어진 가용성 영역 내 하나의 노드가 상태가 불량할
경우 변화한다. 노드 컨트롤러는 영역 내 동시에 상태가 불량한 노드의 퍼센티지가 얼마나 되는지
체크한다(NodeReady 컨디션은 ConditionUnknown 또는
-ConditionFalse 다.).
-- 상태가 불량한 노드의 일부가 최소 `--unhealthy-zone-threshold`
- (기본값 0.55)가 되면 축출 비율은 감소한다.
+ConditionFalse 다).
+- 상태가 불량한 노드의 비율이 최소 `--unhealthy-zone-threshold`
+ (기본값 0.55)가 되면 축출 속도가 감소한다.
- 클러스터가 작으면 (즉 `--large-cluster-size-threshold`
- 노드 이하면 - 기본값 50) 축출은 중지되고, 그렇지 않으면 축출 비율은 초당
+ 노드 이하면 - 기본값 50) 축출이 중지된다.
+- 이외의 경우, 축출 속도는 초당
`--secondary-node-eviction-rate`(기본값 0.01)로 감소된다.
이 정책들이 가용성 영역 단위로 실행되어지는 이유는 나머지가 연결되어 있는 동안
@@ -293,7 +298,7 @@ ConditionFalse 다.).
노드가 가용성 영역들에 걸쳐 퍼져 있는 주된 이유는 하나의 전체 영역이
장애가 발생할 경우 워크로드가 상태 양호한 영역으로 이전되어질 수 있도록 하기 위해서이다.
그러므로, 하나의 영역 내 모든 노드들이 상태가 불량하면 노드 컨트롤러는
-`--node-eviction-rate` 의 정상 비율로 축출한다. 코너 케이스란 모든 영역이
+`--node-eviction-rate` 의 정상 속도로 축출한다. 코너 케이스란 모든 영역이
완전히 상태불량 (즉 클러스터 내 양호한 노드가 없는 경우) 한 경우이다.
이러한 경우, 노드 컨트롤러는 마스터 연결에 문제가 있어 일부 연결이
복원될 때까지 모든 축출을 중지하는 것으로 여긴다.
@@ -347,7 +352,8 @@ Kubelet은 노드가 종료되는 동안 파드가 일반 [파드 종료 프로
사용하여 주어진 기간 동안 노드 종료를 지연시키므로 systemd에 의존한다.
그레이스풀 노드 셧다운은 1.21에서 기본적으로 활성화된 `GracefulNodeShutdown`
-[기능 게이트](/ko/docs/reference/command-line-tools-reference/feature-gates/)로 제어된다.
+[기능 게이트](/ko/docs/reference/command-line-tools-reference/feature-gates/)로
+제어된다.
기본적으로, 아래 설명된 두 구성 옵션,
`ShutdownGracePeriod` 및 `ShutdownGracePeriodCriticalPods` 는 모두 0으로 설정되어 있으므로,
@@ -371,6 +377,20 @@ Kubelet은 노드가 종료되는 동안 파드가 일반 [파드 종료 프로
유예 종료에 할당되고, 마지막 10초는
[중요 파드](/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical)의 종료에 할당된다.
+{{< note >}}
+그레이스풀 노드 셧다운 과정에서 축출된 파드는 `Failed` 라고 표시된다.
+`kubectl get pods` 명령을 실행하면 축출된 파드의 상태가 `Shutdown`으로 표시된다.
+그리고 `kubectl describe pod` 명령을 실행하면 노드 셧다운으로 인해 파드가 축출되었음을 알 수 있다.
+
+```
+Status: Failed
+Reason: Shutdown
+Message: Node is shutting, evicting pods
+```
+
+실패한 파드 오브젝트는 명시적으로 삭제하거나 [가비지 콜렉션에 의해 정리](/ko/docs/concepts/workloads/pods/pod-lifecycle/#pod-garbage-collection)되기 전까지는 보존된다.
+이는 갑작스러운 노드 종료의 경우와 비교했을 때 동작에 차이가 있다.
+{{< /note >}}
## {{% heading "whatsnext" %}}
diff --git a/content/ko/docs/concepts/cluster-administration/_index.md b/content/ko/docs/concepts/cluster-administration/_index.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/concepts/cluster-administration/kubelet-garbage-collection.md b/content/ko/docs/concepts/cluster-administration/kubelet-garbage-collection.md
index 95ea899cbb..c64dd127b3 100644
--- a/content/ko/docs/concepts/cluster-administration/kubelet-garbage-collection.md
+++ b/content/ko/docs/concepts/cluster-administration/kubelet-garbage-collection.md
@@ -1,5 +1,4 @@
---
-
title: kubelet 가비지(Garbage) 수집 설정하기
content_type: concept
weight: 70
@@ -7,12 +6,13 @@ weight: 70
-가비지 수집은 사용되지 않는 [이미지](/ko/docs/concepts/containers/#컨테이너-이미지)들과 [컨테이너](/ko/docs/concepts/containers/)들을 정리하는 kubelet의 유용한 기능이다. Kubelet은 1분마다 컨테이너들에 대하여 가비지 수집을 수행하며, 5분마다 이미지들에 대하여 가비지 수집을 수행한다.
-
-별도의 가비지 수집 도구들을 사용하는 것은, 이러한 도구들이 존재할 수도 있는 컨테이너들을 제거함으로써 kubelet 을 중단시킬 수도 있으므로 권장하지 않는다.
-
-
+가비지 수집은 사용되지 않는
+[이미지](/ko/docs/concepts/containers/#컨테이너-이미지)들과
+[컨테이너](/ko/docs/concepts/containers/)들을 정리하는 kubelet의 유용한 기능이다. Kubelet은
+1분마다 컨테이너들에 대하여 가비지 수집을 수행하며, 5분마다 이미지들에 대하여 가비지 수집을 수행한다.
+별도의 가비지 수집 도구들을 사용하는 것은, 이러한 도구들이 존재할 수도 있는 컨테이너들을 제거함으로써
+kubelet을 중단시킬 수도 있으므로 권장하지 않는다.
@@ -28,10 +28,24 @@ weight: 70
## 컨테이너 수집
-컨테이너에 대한 가비지 수집 정책은 세 가지 사용자 정의 변수들을 고려한다: `MinAge` 는 컨테이너를 가비지 수집 할 수 있는 최소 연령이다. `MaxPerPodContainer` 는 모든 단일 파드 (UID, 컨테이너 이름) 쌍이 가질 수 있는
-최대 비활성 컨테이너의 수량이다. `MaxContainers` 죽은 컨테이너의 최대 수량이다. 이러한 변수는 `MinAge` 를 0으로 설정하고, `MaxPerPodContainer` 와 `MaxContainers` 를 각각 0 보다 작게 설정해서 비활성화 할 수 있다.
+컨테이너에 대한 가비지 수집 정책은 세 가지 사용자 정의 변수들을 고려한다.
+`MinAge` 는 컨테이너를 가비지 수집할 수 있는 최소 연령이다.
+`MaxPerPodContainer` 는 모든 단일 파드(UID, 컨테이너 이름)
+쌍이 가질 수 있는 최대 비활성 컨테이너의 수량이다.
+`MaxContainers` 는 죽은 컨테이너의 최대 수량이다.
+이러한 변수는 `MinAge` 를 0으로 설정하고,
+`MaxPerPodContainer` 와 `MaxContainers` 를 각각 0 보다 작게 설정해서 비활성화할 수 있다.
-Kubelet은 미확인, 삭제 또는 앞에서 언급 한 플래그가 설정 한 경계를 벗어나거나, 확인되지 않은 컨테이너에 대해 조치를 취한다. 일반적으로 가장 오래된 컨테이너가 먼저 제거된다. `MaxPerPodContainer` 와 `MaxContainer` 는 파드 당 최대 컨테이너 수 (`MaxPerPodContainer`)가 허용 가능한 범위의 전체 죽은 컨테이너의 수(`MaxContainers`)를 벗어나는 상황에서 잠재적으로 서로 충돌할 수 있습니다. 이러한 상황에서 `MaxPerPodContainer` 가 조정된다: 최악의 시나리오는 `MaxPerPodContainer` 를 1로 다운그레이드하고 가장 오래된 컨테이너를 제거하는 것이다. 추가로, 삭제된 파드가 소유 한 컨테이너는 `MinAge` 보다 오래된 컨테이너가 제거된다.
+Kubelet은 미확인, 삭제 또는 앞에서 언급한
+플래그가 설정한 경계를 벗어나거나, 확인되지 않은 컨테이너에 대해 조치를 취한다.
+일반적으로 가장 오래된 컨테이너가 먼저 제거된다. `MaxPerPodContainer` 와 `MaxContainer` 는
+파드 당 최대
+컨테이너 수(`MaxPerPodContainer`)가 허용 가능한 범위의
+전체 죽은 컨테이너의 수(`MaxContainers`)를 벗어나는 상황에서 잠재적으로 서로 충돌할 수 있다.
+다음의 상황에서 `MaxPerPodContainer` 가 조정된다.
+최악의 시나리오는 `MaxPerPodContainer` 를 1로 다운그레이드하고
+가장 오래된 컨테이너를 제거하는 것이다. 추가로, 삭제된 파드가 소유한 컨테이너는
+`MinAge` 보다 오래되면 제거된다.
kubelet이 관리하지 않는 컨테이너는 컨테이너 가비지 수집 대상이 아니다.
@@ -40,9 +54,9 @@ kubelet이 관리하지 않는 컨테이너는 컨테이너 가비지 수집 대
여러분은 후술될 kubelet 플래그들을 통하여 이미지 가비지 수집을 조정하기 위하여 다음의 임계값을 조정할 수 있다.
1. `image-gc-high-threshold`, 이미지 가비지 수집을 발생시키는 디스크 사용량의 비율로
-기본값은 85% 이다.
+ 기본값은 85% 이다.
2. `image-gc-low-threshold`, 이미지 가비지 수집을 더 이상 시도하지 않는 디스크 사용량의 비율로
-기본값은 80% 이다.
+ 기본값은 80% 이다.
다음의 kubelet 플래그를 통해 가비지 수집 정책을 사용자 정의할 수 있다.
@@ -77,9 +91,7 @@ kubelet이 관리하지 않는 컨테이너는 컨테이너 가비지 수집 대
| `--low-diskspace-threshold-mb` | `--eviction-hard` or `eviction-soft` | 축출이 다른 리소스에 대한 디스크 임계값을 일반화 함 |
| `--outofdisk-transition-frequency` | `--eviction-pressure-transition-period` | 축출이 다른 리소스로의 디스크 압력전환을 일반화 함 |
-
-
## {{% heading "whatsnext" %}}
-
-자세한 내용은 [리소스 부족 처리 구성](/docs/tasks/administer-cluster/out-of-resource/)를 본다.
+자세한 내용은 [리소스 부족 처리 구성](/docs/concepts/scheduling-eviction/node-pressure-eviction/)를
+본다.
diff --git a/content/ko/docs/concepts/cluster-administration/logging.md b/content/ko/docs/concepts/cluster-administration/logging.md
index 85f3e4efde..d4e0119c41 100644
--- a/content/ko/docs/concepts/cluster-administration/logging.md
+++ b/content/ko/docs/concepts/cluster-administration/logging.md
@@ -83,8 +83,11 @@ kubectl logs counter
[`configure-helper` 스크립트](https://github.com/kubernetes/kubernetes/blob/{{< param "githubbranch" >}}/cluster/gce/gci/configure-helper.sh)를 통해
자세히 알 수 있다.
-**CRI 컨테이너 런타임** 을 사용할 때, kubelet은 로그를 로테이션하고 로깅 디렉터리 구조를 관리한다. kubelet은
-이 정보를 CRI 컨테이너 런타임에 전송하고 런타임은 컨테이너 로그를 지정된 위치에 기록한다. 두 개의 kubelet 플래그 `container-log-max-size` 및 `container-log-max-files` 를 사용하여 각 로그 파일의 최대 크기와 각 컨테이너에 허용되는 최대 파일 수를 각각 구성할 수 있다.
+**CRI 컨테이너 런타임** 을 사용할 때, kubelet은 로그를 로테이션하고 로깅 디렉터리 구조를 관리한다.
+kubelet은 이 정보를 CRI 컨테이너 런타임에 전송하고 런타임은 컨테이너 로그를 지정된 위치에 기록한다.
+[kubelet config file](/docs/tasks/administer-cluster/kubelet-config-file/)에 있는
+두 개의 kubelet 파라미터 [`containerLogMaxSize` 및 `containerLogMaxFiles`](/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration)를
+사용하여 각 로그 파일의 최대 크기와 각 컨테이너에 허용되는 최대 파일 수를 각각 구성할 수 있다.
기본 로깅 예제에서와 같이 [`kubectl logs`](/docs/reference/generated/kubectl/kubectl-commands#logs)를
실행하면, 노드의 kubelet이 요청을 처리하고
diff --git a/content/ko/docs/concepts/cluster-administration/manage-deployment.md b/content/ko/docs/concepts/cluster-administration/manage-deployment.md
index abcc4c2cd5..7e3093d51e 100644
--- a/content/ko/docs/concepts/cluster-administration/manage-deployment.md
+++ b/content/ko/docs/concepts/cluster-administration/manage-deployment.md
@@ -50,7 +50,7 @@ kubectl apply -f https://k8s.io/examples/application/nginx/
URL을 구성 소스로 지정할 수도 있다. 이는 GitHub에 체크인된 구성 파일에서 직접 배포하는 데 편리하다.
```shell
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/nginx/nginx-deployment.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/application/nginx/nginx-deployment.yaml
```
```shell
diff --git a/content/ko/docs/concepts/cluster-administration/system-logs.md b/content/ko/docs/concepts/cluster-administration/system-logs.md
index 13008ebbd8..eff3c05a65 100644
--- a/content/ko/docs/concepts/cluster-administration/system-logs.md
+++ b/content/ko/docs/concepts/cluster-administration/system-logs.md
@@ -20,7 +20,7 @@ weight: 60
klog는 쿠버네티스의 로깅 라이브러리다. [klog](https://github.com/kubernetes/klog)
는 쿠버네티스 시스템 컴포넌트의 로그 메시지를 생성한다.
-klog 설정에 대한 더 많은 정보는, [커맨드라인 툴](/docs/reference/command-line-tools-reference/)을 참고한다.
+klog 설정에 대한 더 많은 정보는, [커맨드라인 툴](/ko/docs/reference/command-line-tools-reference/)을 참고한다.
klog 네이티브 형식 예 :
```
@@ -61,7 +61,7 @@ I1025 00:15:15.525108 1 controller_utils.go:116] "Pod status updated" pod=
{{}}
-JSON 출력은 많은 표준 klog 플래그를 지원하지 않는다. 지원하지 않는 klog 플래그 목록은, [커맨드라인 툴](/docs/reference/command-line-tools-reference/)을 참고한다.
+JSON 출력은 많은 표준 klog 플래그를 지원하지 않는다. 지원하지 않는 klog 플래그 목록은, [커맨드라인 툴](/ko/docs/reference/command-line-tools-reference/)을 참고한다.
모든 로그가 JSON 형식으로 작성되는 것은 아니다(예: 프로세스 시작 중). 로그를 파싱하려는 경우
JSON 형식이 아닌 로그 행을 처리할 수 있는지 확인해야 한다.
@@ -143,6 +143,6 @@ systemd를 사용하는 시스템에서는, kubelet과 컨테이너 런타임은
## {{% heading "whatsnext" %}}
-* [쿠버네티스 로깅 아키텍처](/docs/concepts/cluster-administration/logging/) 알아보기
+* [쿠버네티스 로깅 아키텍처](/ko/docs/concepts/cluster-administration/logging/) 알아보기
* [구조화된 로깅](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/1602-structured-logging) 알아보기
* [로깅 심각도(serverity) 규칙](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md) 알아보기
diff --git a/content/ko/docs/concepts/configuration/_index.md b/content/ko/docs/concepts/configuration/_index.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/concepts/configuration/manage-resources-containers.md b/content/ko/docs/concepts/configuration/manage-resources-containers.md
index ccd3ee9290..3084651390 100644
--- a/content/ko/docs/concepts/configuration/manage-resources-containers.md
+++ b/content/ko/docs/concepts/configuration/manage-resources-containers.md
@@ -105,9 +105,9 @@ CPU 리소스에 대한 제한 및 요청은 *cpu* 단위로 측정된다.
컨테이너는 CPU 1개를 요구하는 컨테이너의 절반만큼 CPU를 보장한다. `0.1` 이라는 표현은
"백 밀리cpu"로 읽을 수 있는 `100m` 표현과 동일하다. 어떤 사람들은
"백 밀리코어"라고 말하는데, 같은 것을 의미하는 것으로 이해된다.
-`0.1` 과 같이 소수점이 있는 요청은 API에 의해 `100m` 로 변환되며,
-`1m` 도 허용되지 않게 정밀하다. 이러한 이유로, `100m` 형식이
-선호될 수 있다.
+`0.1` 과 같이 소수점이 있는 요청은 API에 의해 `100m` 으로 변환되며,
+`1m` 보다 더 정밀한 단위는 허용되지 않는다. 이러한 이유로,
+`100m` 과 같은 형식이 선호될 수 있다.
CPU는 항상 절대 수량으로 요청되며, 상대적 수량은 아니다.
0.1은 단일 코어, 이중 코어 또는 48코어 시스템에서 동일한 양의 CPU이다.
diff --git a/content/ko/docs/concepts/configuration/organize-cluster-access-kubeconfig.md b/content/ko/docs/concepts/configuration/organize-cluster-access-kubeconfig.md
index a002414b67..aa739b381c 100644
--- a/content/ko/docs/concepts/configuration/organize-cluster-access-kubeconfig.md
+++ b/content/ko/docs/concepts/configuration/organize-cluster-access-kubeconfig.md
@@ -17,6 +17,11 @@ kubeconfig 파일들을 사용하여 클러스터, 사용자, 네임스페이스
`kubeconfig`라는 이름의 파일이 있다는 의미는 아니다.
{{< /note >}}
+{{< warning >}}
+신뢰할 수 있는 소스의 kubeconfig 파일만 사용한다. 특수 제작된 kubeconfig 파일을 사용하면 악성 코드가 실행되거나 파일이 노출될 수 있다.
+신뢰할 수 없는 kubeconfig 파일을 사용해야 하는 경우 셸 스크립트를 사용하는 경우처럼 먼저 신중하게 검사한다.
+{{< /warning>}}
+
기본적으로 `kubectl`은 `$HOME/.kube` 디렉터리에서 `config`라는 이름의 파일을 찾는다.
`KUBECONFIG` 환경 변수를 설정하거나
[`--kubeconfig`](/docs/reference/generated/kubectl/kubectl/) 플래그를 지정해서
@@ -154,4 +159,3 @@ kubeconfig 파일에서 파일과 경로 참조는 kubeconfig 파일의 위치
-
diff --git a/content/ko/docs/concepts/configuration/secret.md b/content/ko/docs/concepts/configuration/secret.md
index a4544397d7..06be7d5a54 100644
--- a/content/ko/docs/concepts/configuration/secret.md
+++ b/content/ko/docs/concepts/configuration/secret.md
@@ -31,7 +31,7 @@ weight: 30
시크릿을 안전하게 사용하려면 (최소한) 다음과 같이 하는 것이 좋다.
1. 시크릿에 대한 [암호화 활성화](/docs/tasks/administer-cluster/encrypt-data/).
-2. 시크릿 읽기 및 쓰기를 제한하는 [RBAC 규칙 활성화 또는 구성](/docs/reference/access-authn-authz/authorization/). 파드를 만들 권한이 있는 모든 사용자는 시크릿을 암묵적으로 얻을 수 있다.
+2. 시크릿 읽기 및 쓰기를 제한하는 [RBAC 규칙 활성화 또는 구성](/ko/docs/reference/access-authn-authz/authorization/). 파드를 만들 권한이 있는 모든 사용자는 시크릿을 암묵적으로 얻을 수 있다.
{{< /caution >}}
@@ -48,7 +48,7 @@ weight: 30
- 파드의 [이미지를 가져올 때 kubelet](#imagepullsecrets-사용하기)에 의해 사용.
시크릿 오브젝트의 이름은 유효한
-[DNS 서브도메인 이름](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names)이어야 한다.
+[DNS 서브도메인 이름](/ko/docs/concepts/overview/working-with-objects/names/#dns-서브도메인-이름)이어야 한다.
사용자는 시크릿을 위한 파일을 구성할 때 `data` 및 (또는) `stringData` 필드를
명시할 수 있다. 해당 `data` 와 `stringData` 필드는 선택적으로 명시할 수 있다.
`data` 필드의 모든 키(key)에 해당하는 값(value)은 base64로 인코딩된 문자열이어야 한다.
@@ -1156,10 +1156,10 @@ HTTP 요청을 처리하고, 복잡한 비즈니스 로직을 수행한 다음,
### 시크릿 API를 사용하는 클라이언트
-시크릿 API와 상호 작용하는 애플리케이션을 배포할 때, [RBAC](
-/docs/reference/access-authn-authz/rbac/)과 같은 [인가 정책](
-/docs/reference/access-authn-authz/authorization/)을
-사용하여 접근를 제한해야 한다.
+시크릿 API와 상호 작용하는 애플리케이션을 배포할 때,
+[RBAC](/docs/reference/access-authn-authz/rbac/)과 같은
+[인가 정책](/ko/docs/reference/access-authn-authz/authorization/)을
+사용하여 접근을 제한해야 한다.
시크릿은 종종 다양한 중요도에 걸친 값을 보유하며, 이 중 많은 부분이
쿠버네티스(예: 서비스 어카운트 토큰)와 외부 시스템으로 단계적으로
@@ -1235,10 +1235,6 @@ API 서버에서 kubelet으로의 통신은 SSL/TLS로 보호된다.
- 시크릿을 사용하는 파드를 생성할 수 있는 사용자는 해당 시크릿의 값도 볼 수 있다.
API 서버 정책이 해당 사용자가 시크릿을 읽을 수 있도록 허용하지 않더라도, 사용자는
시크릿을 노출하는 파드를 실행할 수 있다.
- - 현재, 모든 노드에 대한 루트 권한이 있는 모든 사용자는 kubelet을 가장하여
- API 서버에서 _모든_ 시크릿을 읽을 수 있다. 단일 노드에 대한 루트 취약점 공격의
- 영향을 제한하기 위해, 실제로 필요한 노드에만 시크릿을 보내는 것이 앞으로 계획된
- 기능이다.
## {{% heading "whatsnext" %}}
diff --git a/content/ko/docs/concepts/containers/_index.md b/content/ko/docs/concepts/containers/_index.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/concepts/containers/images.md b/content/ko/docs/concepts/containers/images.md
index fe7aca59aa..886f8247a3 100644
--- a/content/ko/docs/concepts/containers/images.md
+++ b/content/ko/docs/concepts/containers/images.md
@@ -77,6 +77,20 @@ weight: 10
`imagePullPolicy` 가 특정값 없이 정의되면, `Always` 로 설정된다.
+### 이미지풀백오프(ImagePullBackOff)
+
+kubelet이 컨테이너 런타임을 사용하여 파드의 컨테이너 생성을 시작할 때,
+`ImagePullBackOff`로 인해 컨테이너가
+[Waiting](/ko/docs/concepts/workloads/pods/pod-lifecycle/#container-state-waiting) 상태에 있을 수 있다.
+
+`ImagePullBackOff`라는 상태는 (이미지 이름이 잘못됨, 또는 `imagePullSecret` 없이
+비공개 레지스트리에서 풀링 시도 등의 이유로) 쿠버네티스가 컨테이너 이미지를
+가져올 수 없기 때문에 컨테이너를 실행할 수 없음을 의미한다. `BackOff`라는 단어는
+쿠버네티스가 백오프 딜레이를 증가시키면서 이미지 풀링을 계속 시도할 것임을 나타낸다.
+
+쿠버네티스는 시간 간격을 늘려가면서 시도를 계속하며, 시간 간격의 상한은 쿠버네티스 코드에
+300초(5분)로 정해져 있다.
+
## 이미지 인덱스가 있는 다중 아키텍처 이미지
바이너리 이미지를 제공할 뿐만 아니라, 컨테이너 레지스트리는 [컨테이너 이미지 인덱스](https://github.com/opencontainers/image-spec/blob/master/image-index.md)를 제공할 수도 있다. 이미지 인덱스는 컨테이너의 아키텍처별 버전에 대한 여러 [이미지 매니페스트](https://github.com/opencontainers/image-spec/blob/master/manifest.md)를 가리킬 수 있다. 아이디어는 이미지의 이름(예를 들어, `pause`, `example/mycontainer`, `kube-apiserver`)을 가질 수 있다는 것이다. 그래서 다른 시스템들이 사용하고 있는 컴퓨터 아키텍처에 적합한 바이너리 이미지를 가져올 수 있다.
@@ -116,7 +130,7 @@ weight: 10
도커는 프라이빗 레지스트리를 위한 키를 `$HOME/.dockercfg` 또는 `$HOME/.docker/config.json` 파일에 저장한다. 만약 동일한 파일을
-아래의 검색 경로 리스트에 넣으면, kubelete은 이미지를 풀 할 때 해당 파일을 자격 증명 공급자로 사용한다.
+아래의 검색 경로 리스트에 넣으면, kubelet은 이미지를 풀 할 때 해당 파일을 자격 증명 공급자로 사용한다.
* `{--root-dir:-/var/lib/kubelet}/config.json`
* `{cwd of kubelet}/config.json`
diff --git a/content/ko/docs/concepts/containers/runtime-class.md b/content/ko/docs/concepts/containers/runtime-class.md
index 2770b1e4b2..953571ec62 100644
--- a/content/ko/docs/concepts/containers/runtime-class.md
+++ b/content/ko/docs/concepts/containers/runtime-class.md
@@ -68,7 +68,7 @@ handler: myconfiguration # 상응하는 CRI 설정의 이름임
```
런타임클래스 오브젝트의 이름은 유효한
-[DNS 서브도메인 이름](/ko/docs/concepts/overview/working-with-objects/names/#dns-서브도메인-이름)어이야 한다.
+[DNS 레이블 이름](/ko/docs/concepts/overview/working-with-objects/names/#dns-레이블-이름)어이야 한다.
{{< note >}}
런타임클래스 쓰기 작업(create/update/patch/delete)은
@@ -132,7 +132,7 @@ https://github.com/containerd/cri/blob/master/docs/config.md
runtime_path = "${PATH_TO_BINARY}"
```
-더 자세한 것은 CRI-O의 [설정 문서](https://raw.githubusercontent.com/cri-o/cri-o/9f11d1d/docs/crio.conf.5.md)를 본다.
+더 자세한 것은 CRI-O의 [설정 문서](https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md)를 본다.
## 스케줄
@@ -175,5 +175,5 @@ PodOverhead를 사용하려면, PodOverhead [기능 게이트](/ko/docs/referenc
- [런타임클래스 설계](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/585-runtime-class/README.md)
- [런타임클래스 스케줄링 설계](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/585-runtime-class/README.md#runtimeclass-scheduling)
-- [파드 오버헤드](/ko/docs/concepts/configuration/pod-overhead/) 개념에 대해 읽기
-- [파드 오버헤드 기능 설계](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/20190226-pod-overhead.md)
+- [파드 오버헤드](/ko/docs/concepts/scheduling-eviction/pod-overhead/) 개념에 대해 읽기
+- [파드 오버헤드 기능 설계](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/688-pod-overhead)
diff --git a/content/ko/docs/concepts/extend-kubernetes/_index.md b/content/ko/docs/concepts/extend-kubernetes/_index.md
index f93537bf62..95c61079dd 100644
--- a/content/ko/docs/concepts/extend-kubernetes/_index.md
+++ b/content/ko/docs/concepts/extend-kubernetes/_index.md
@@ -21,7 +21,7 @@ no_list: true
조정하는 방법을 이해하려는 {{< glossary_tooltip text="클러스터 운영자" term_id="cluster-operator" >}}를 대상으로 한다.
잠재적인 {{< glossary_tooltip text="플랫폼 개발자" term_id="platform-developer" >}} 또는 쿠버네티스 프로젝트 {{< glossary_tooltip text="컨트리뷰터" term_id="contributor" >}}인 개발자에게도
어떤 익스텐션(extension) 포인트와 패턴이 있는지,
-그리고 그것들의 트레이드오프와 제약에 대한 소개 자료로 유용할 것이다.
+그리고 그것의 트레이드오프와 제약을 이해하는 데 도움이 될 것이다.
@@ -143,7 +143,7 @@ API를 추가해도 기존 API(예: 파드)의 동작에 직접 영향을 미치
### 인가
-[인가](/docs/reference/access-authn-authz/webhook/)은 특정 사용자가 API 리소스에서 읽고, 쓰고, 다른 작업을 수행할 수 있는지를 결정한다. 전체 리소스 레벨에서 작동하며 임의의 오브젝트 필드를 기준으로 구별하지 않는다. 빌트인 인증 옵션이 사용자의 요구를 충족시키지 못하면 [인가 웹훅](/docs/reference/access-authn-authz/webhook/)을 통해 사용자가 제공한 코드를 호출하여 인증 결정을 내릴 수 있다.
+[인가](/docs/reference/access-authn-authz/webhook/)는 특정 사용자가 API 리소스에서 읽고, 쓰고, 다른 작업을 수행할 수 있는지를 결정한다. 전체 리소스 레벨에서 작동하며 임의의 오브젝트 필드를 기준으로 구별하지 않는다. 빌트인 인증 옵션이 사용자의 요구를 충족시키지 못하면 [인가 웹훅](/docs/reference/access-authn-authz/webhook/)을 통해 사용자가 제공한 코드를 호출하여 인증 결정을 내릴 수 있다.
### 동적 어드미션 컨트롤
diff --git a/content/ko/docs/concepts/extend-kubernetes/api-extension/custom-resources.md b/content/ko/docs/concepts/extend-kubernetes/api-extension/custom-resources.md
index b543addee6..0357ac7619 100644
--- a/content/ko/docs/concepts/extend-kubernetes/api-extension/custom-resources.md
+++ b/content/ko/docs/concepts/extend-kubernetes/api-extension/custom-resources.md
@@ -128,7 +128,7 @@ CRD를 사용하면 다른 API 서버를 추가하지 않고도 새로운 타입
## 커스텀리소스데피니션
-[커스텀리소스데피니션](/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/)
+[커스텀리소스데피니션](/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/)
API 리소스를 사용하면 커스텀 리소스를 정의할 수 있다.
CRD 오브젝트를 정의하면 지정한 이름과 스키마를 사용하여 새 커스텀 리소스가 만들어진다.
쿠버네티스 API는 커스텀 리소스의 스토리지를 제공하고 처리한다.
diff --git a/content/ko/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md b/content/ko/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md
index 3596c9f72e..13313adf58 100644
--- a/content/ko/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md
+++ b/content/ko/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md
@@ -192,6 +192,7 @@ kubelet은 gRPC 서비스를 제공하여 사용 중인 장치를 검색하고,
// PodResourcesLister는 kubelet에서 제공하는 서비스로, 노드의 포드 및 컨테이너가
// 사용한 노드 리소스에 대한 정보를 제공한다.
service PodResourcesLister {
+ rpc List(ListPodResourcesRequest) returns (ListPodResourcesResponse) {}
rpc GetAllocatableResources(AllocatableResourcesRequest) returns (AllocatableResourcesResponse) {}
}
```
@@ -252,7 +253,7 @@ message AllocatableResourcesResponse {
`ContainerDevices` 는 장치가 어떤 NUMA 셀과 연관되는지를 선언하는 토폴로지 정보를 노출한다.
NUMA 셀은 불분명한(opaque) 정수 ID를 사용하여 식별되며, 이 값은
-[kubelet에 등록할 때](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#device-plugin-integration-with-the-topology-manager) 장치 플러그인이 보고하는 것과 일치한다.
+[kubelet에 등록할 때](/ko/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#토폴로지-관리자로-장치-플러그인-통합) 장치 플러그인이 보고하는 것과 일치한다.
gRPC 서비스는 `/var/lib/kubelet/pod-resources/kubelet.sock` 의 유닉스 소켓을 통해 제공된다.
@@ -264,8 +265,9 @@ gRPC 서비스는 `/var/lib/kubelet/pod-resources/kubelet.sock` 의 유닉스
{{< glossary_tooltip text="볼륨" term_id="volume" >}}으로 마운트해야 한다.
`PodResourcesLister service` 를 지원하려면 `KubeletPodResources` [기능 게이트](/ko/docs/reference/command-line-tools-reference/feature-gates/)를 활성화해야 한다.
+이것은 쿠버네티스 1.15부터 기본으로 활성화되어 있으며, 쿠버네티스 1.20부터는 v1 상태이다.
-## 토폴로지 관리자와 장치 플러그인 통합
+## 토폴로지 관리자로 장치 플러그인 통합
{{< feature-state for_k8s_version="v1.18" state="beta" >}}
diff --git a/content/ko/docs/concepts/extend-kubernetes/operator.md b/content/ko/docs/concepts/extend-kubernetes/operator.md
index a0959f83dc..80ed86c2ec 100644
--- a/content/ko/docs/concepts/extend-kubernetes/operator.md
+++ b/content/ko/docs/concepts/extend-kubernetes/operator.md
@@ -51,8 +51,7 @@ weight: 30
* 내부 멤버 선출 절차없이 분산 애플리케이션의
리더를 선택
-오퍼레이터의 모습을 더 자세하게 볼 수 있는 방법은 무엇인가? 자세한 예는
-다음과 같다.
+오퍼레이터의 모습을 더 자세하게 볼 수 있는 방법은 무엇인가? 예시는 다음과 같다.
1. 클러스터에 구성할 수 있는 SampleDB라는 사용자 정의 리소스.
2. 오퍼레이터의 컨트롤러 부분이 포함된 파드의 실행을
@@ -116,7 +115,7 @@ kubectl edit SampleDB/example-database # 일부 설정을 수동으로 변경하
* [Charmed Operator Framework](https://juju.is/)
* [kubebuilder](https://book.kubebuilder.io/) 사용하기
* [KUDO](https://kudo.dev/) (Kubernetes Universal Declarative Operator)
-* 웹훅(WebHook)과 함께 [Metacontroller](https://metacontroller.app/)를
+* 웹훅(WebHook)과 함께 [Metacontroller](https://metacontroller.github.io/metacontroller/intro.html)를
사용하여 직접 구현하기
* [오퍼레이터 프레임워크](https://operatorframework.io)
* [shell-operator](https://github.com/flant/shell-operator)
@@ -124,6 +123,7 @@ kubectl edit SampleDB/example-database # 일부 설정을 수동으로 변경하
## {{% heading "whatsnext" %}}
+* {{< glossary_tooltip text="CNCF" term_id="cncf" >}} [오퍼레이터 백서](https://github.com/cncf/tag-app-delivery/blob/eece8f7307f2970f46f100f51932db106db46968/operator-wg/whitepaper/Operator-WhitePaper_v1-0.md) 읽어보기
* [사용자 정의 리소스](/ko/docs/concepts/extend-kubernetes/api-extension/custom-resources/)에 대해 더 알아보기
* [OperatorHub.io](https://operatorhub.io/)에서 유스케이스에 맞는 이미 만들어진 오퍼레이터 찾기
* 다른 사람들이 사용할 수 있도록 자신의 오퍼레이터를 [게시](https://operatorhub.io/)하기
diff --git a/content/ko/docs/concepts/overview/_index.md b/content/ko/docs/concepts/overview/_index.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/concepts/overview/kubernetes-api.md b/content/ko/docs/concepts/overview/kubernetes-api.md
index 026e0e007c..919d59b459 100644
--- a/content/ko/docs/concepts/overview/kubernetes-api.md
+++ b/content/ko/docs/concepts/overview/kubernetes-api.md
@@ -20,14 +20,14 @@ card:
쿠버네티스 API를 사용하면 쿠버네티스의 API 오브젝트(예:
파드(Pod), 네임스페이스(Namespace), 컨피그맵(ConfigMap) 그리고 이벤트(Event))를 질의(query)하고 조작할 수 있다.
-대부분의 작업은 [kubectl](/docs/reference/kubectl/overview/)
+대부분의 작업은 [kubectl](/ko/docs/reference/kubectl/overview/)
커맨드 라인 인터페이스 또는 API를 사용하는
[kubeadm](/ko/docs/reference/setup-tools/kubeadm/)과
같은 다른 커맨드 라인 도구를 통해 수행할 수 있다.
그러나, REST 호출을 사용하여 API에 직접 접근할 수도 있다.
쿠버네티스 API를 사용하여 애플리케이션을 작성하는 경우
-[클라이언트 라이브러리](/docs/reference/using-api/client-libraries/) 중 하나를 사용하는 것이 좋다.
+[클라이언트 라이브러리](/ko/docs/reference/using-api/client-libraries/) 중 하나를 사용하는 것이 좋다.
@@ -130,7 +130,7 @@ API 리소스는 API 그룹, 리소스 유형, 네임스페이스
{{< /note >}}
API 버전 수준 정의에 대한 자세한 내용은
-[API 버전 레퍼런스](/ko/docs/reference/using-api/api-overview/#api-버전-규칙)를 참조한다.
+[API 버전 레퍼런스](/ko/docs/reference/using-api/#api-버전-규칙)를 참조한다.
diff --git a/content/ko/docs/concepts/policy/node-resource-managers.md b/content/ko/docs/concepts/policy/node-resource-managers.md
new file mode 100644
index 0000000000..fb3e5f46f5
--- /dev/null
+++ b/content/ko/docs/concepts/policy/node-resource-managers.md
@@ -0,0 +1,22 @@
+---
+
+
+
+title: 노드 리소스 매니저
+content_type: 개념
+weight: 50
+---
+
+
+
+쿠버네티스는 지연 시간에 민감하고 처리량이 많은 워크로드를 지원하기 위해 리소스 매니저 세트를 제공한다. 매니저는 CPU, 장치 및 메모리 (hugepages) 리소스와 같은 특정한 요구 사항으로 구성된 파드를 위해 노드의 리소스 할당을 조정하고 최적화하는 것을 목표로 한다.
+
+
+
+주 매니저인 토폴로지 매니저는 [정책](/docs/tasks/administer-cluster/topology-manager/)을 통해 전체 리소스 관리 프로세스를 조정하는 Kubelet 컴포넌트이다.
+
+개별 매니저의 구성은 다음의 문서에 자세히 기술되어 있다.
+
+- [CPU 관리 정책](/docs/tasks/administer-cluster/cpu-management-policies/)
+- [장치 매니저](/ko/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#토폴로지-관리자와-장치-플러그인-통합)
+- [메모리 관리 정책](/docs/tasks/administer-cluster/memory-manager/)
diff --git a/content/ko/docs/concepts/policy/pod-security-policy.md b/content/ko/docs/concepts/policy/pod-security-policy.md
index 8afee5760b..ff98e134eb 100644
--- a/content/ko/docs/concepts/policy/pod-security-policy.md
+++ b/content/ko/docs/concepts/policy/pod-security-policy.md
@@ -11,7 +11,8 @@ weight: 30
{{< feature-state for_k8s_version="v1.21" state="deprecated" >}}
-파드시큐리티폴리시(PodSecurityPolicy)는 쿠버네티스 v1.21부터 더이상 사용되지 않으며, v1.25에서 제거된다.
+파드시큐리티폴리시(PodSecurityPolicy)는 쿠버네티스 v1.21부터 더이상 사용되지 않으며, v1.25에서 제거된다. 사용 중단에 대한 상세 사항은
+[파드시큐리티폴리시 사용 중단: 과거, 현재, 그리고 미래](/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/)를 참조한다.
파드 시큐리티 폴리시를 사용하면 파드 생성 및 업데이트에 대한 세분화된 권한을
부여할 수 있다.
@@ -48,10 +49,9 @@ _Pod Security Policy_ 는 파드 명세의 보안 관련 측면을 제어하는
## 파드 시큐리티 폴리시 활성화
-파드 시큐리티 폴리시 제어는 선택 사항(하지만 권장함)인
-[어드미션
-컨트롤러](/docs/reference/access-authn-authz/admission-controllers/#podsecuritypolicy)로
-구현된다. [어드미션 컨트롤러 활성화](/docs/reference/access-authn-authz/admission-controllers/#how-do-i-turn-on-an-admission-control-plug-in)하면
+파드 시큐리티 폴리시 제어는 선택 사항인 [어드미션
+컨트롤러](/docs/reference/access-authn-authz/admission-controllers/#podsecuritypolicy)로 구현된다.
+[어드미션 컨트롤러를 활성화](/docs/reference/access-authn-authz/admission-controllers/#how-do-i-turn-on-an-admission-control-plug-in)하면
파드시큐리티폴리시가 적용되지만,
정책을 승인하지 않고 활성화하면 클러스터에
**파드가 생성되지 않는다.**
@@ -110,11 +110,15 @@ roleRef:
name:
apiGroup: rbac.authorization.k8s.io
subjects:
-# Authorize specific service accounts:
+# 네임스페이스의 모든 서비스 어카운트 승인(권장):
+- kind: Group
+ apiGroup: rbac.authorization.k8s.io
+ name: system:serviceaccounts:
+# 특정 서비스 어카운트 승인(권장하지 않음):
- kind: ServiceAccount
name:
namespace:
-# Authorize specific users (not recommended):
+# 특정 사용자 승인(권장하지 않음):
- kind: User
apiGroup: rbac.authorization.k8s.io
name:
@@ -124,21 +128,55 @@ subjects:
실행되는 파드에 대해서만 사용 권한을 부여한다. 네임스페이스에서 실행되는 모든 파드에 접근 권한을
부여하기 위해 시스템 그룹과 쌍을 이룰 수 있다.
```yaml
-# Authorize all service accounts in a namespace:
+# 네임스페이스의 모든 서비스 어카운트 승인:
- kind: Group
apiGroup: rbac.authorization.k8s.io
name: system:serviceaccounts
-# Or equivalently, all authenticated users in a namespace:
+# 또는 동일하게, 네임스페이스의 모든 승인된 사용자에게 사용 권한 부여
- kind: Group
apiGroup: rbac.authorization.k8s.io
name: system:authenticated
```
RBAC 바인딩에 대한 자세한 예는,
-[역할 바인딩 예제](/docs/reference/access-authn-authz/rbac#role-binding-examples)를 참고하길 바란다.
+[역할 바인딩 예제](/docs/reference/access-authn-authz/rbac#role-binding-examples)를 참고한다.
파드시큐리티폴리시 인증에 대한 전체 예제는
-[아래](#예제)를 참고하길 바란다.
+[아래](#예제)를 참고한다.
+### 추천 예제
+
+파드시큐리티폴리시는 새롭고 간결해진 `PodSecurity` {{< glossary_tooltip
+text="어드미션 컨트롤러" term_id="admission-controller" >}}로 대체되고 있다.
+이 변경에 대한 상세사항은
+[파드시큐리티폴리시 사용 중단: 과거, 현재, 그리고 미래](/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/)를 참조한다.
+다음 가이드라인을 참조하여 파드시큐리티폴리시를 새로운 어드미션 컨트롤러로 쉽게 전환할 수 있다.
+
+1. 파드시큐리티폴리시를 [파드 보안 표준](/docs/concepts/security/pod-security-standards/)에 의해 정의된 폴리시로 한정한다.
+ - {{< example file="policy/privileged-psp.yaml" >}}Privileged{{< /example >}}
+ - {{< example file="policy/baseline-psp.yaml" >}}Baseline{{< /example >}}
+ - {{< example file="policy/restricted-psp.yaml" >}}Restricted{{< /example >}}
+
+2. `system:serviceaccounts:` (여기서 ``는 타겟 네임스페이스) 그룹을 사용하여
+ 파드시큐리티폴리시를 전체 네임스페이스에만 바인드한다. 예시는 다음과 같다.
+
+ ```yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ # 이 클러스터롤바인딩(ClusterRoleBinding)을 통해 "development" 네임스페이스의 모든 파드가 기준 파드시큐리티폴리시(PSP)를 사용할 수 있다.
+ kind: ClusterRoleBinding
+ metadata:
+ name: psp-baseline-namespaces
+ roleRef:
+ kind: ClusterRole
+ name: psp-baseline
+ apiGroup: rbac.authorization.k8s.io
+ subjects:
+ - kind: Group
+ name: system:serviceaccounts:development
+ apiGroup: rbac.authorization.k8s.io
+ - kind: Group
+ name: system:serviceaccounts:canary
+ apiGroup: rbac.authorization.k8s.io
+ ```
### 문제 해결
@@ -464,12 +502,12 @@ podsecuritypolicy "example" deleted
예를 들면 다음과 같습니다.
```yaml
-allowedHostPaths:
- # 이 정책은 "/foo", "/foo/", "/foo/bar" 등을 허용하지만,
- # "/fool", "/etc/foo" 등은 허용하지 않는다.
- # "/foo/../" 는 절대 유효하지 않다.
- - pathPrefix: "/foo"
- readOnly: true # 읽기 전용 마운트만 허용
+ allowedHostPaths:
+ # 이 정책은 "/foo", "/foo/", "/foo/bar" 등을 허용하지만,
+ # "/fool", "/etc/foo" 등은 허용하지 않는다.
+ # "/foo/../" 는 절대 유효하지 않다.
+ - pathPrefix: "/foo"
+ readOnly: true # 읽기 전용 마운트만 허용
```
{{< warning >}}호스트 파일시스템에 제한없는 접근을 부여하며, 컨테이너가 특권을 에스컬레이션
@@ -567,7 +605,7 @@ spec:
리눅스 기능은 전통적으로 슈퍼유저와 관련된 권한을 보다 세밀하게 분류한다.
이러한 기능 중 일부는 권한 에스컬레이션 또는 컨테이너 분류에 사용될 수 있으며
파드시큐리티폴리시에 의해 제한될 수 있다. 리눅스 기능에 대한 자세한 내용은
-[기능(7)](http://man7.org/linux/man-pages/man7/capabilities.7.html)을
+[기능(7)](https://man7.org/linux/man-pages/man7/capabilities.7.html)을
참고하길 바란다.
다음 필드는 대문자로 표기된 기능 이름 목록을
@@ -661,5 +699,10 @@ spec:
## {{% heading "whatsnext" %}}
+- [파드시큐리티폴리시 사용 중단: 과거, 현재, 그리고
+미래](/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/)에서
+파드시큐리티폴리시의 미래에 대해 알아본다.
+
- 폴리시 권장 사항에 대해서는 [파드 보안 표준](/docs/concepts/security/pod-security-standards/)을 참조한다.
+
- API 세부 정보는 [파드 시큐리티 폴리시 레퍼런스](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritypolicy-v1beta1-policy) 참조한다.
diff --git a/content/ko/docs/concepts/policy/resource-quotas.md b/content/ko/docs/concepts/policy/resource-quotas.md
index 8e1d918ef4..b5254e4300 100644
--- a/content/ko/docs/concepts/policy/resource-quotas.md
+++ b/content/ko/docs/concepts/policy/resource-quotas.md
@@ -58,7 +58,8 @@ weight: 20
## 리소스 쿼터 활성화
많은 쿠버네티스 배포판에 기본적으로 리소스 쿼터 지원이 활성화되어 있다.
-{{< glossary_tooltip text="API 서버" term_id="kube-apiserver" >}} `--enable-admission-plugins=` 플래그의 인수 중 하나로
+{{< glossary_tooltip text="API 서버" term_id="kube-apiserver" >}}
+`--enable-admission-plugins=` 플래그의 인수 중 하나로
`ResourceQuota`가 있는 경우 활성화된다.
해당 네임스페이스에 리소스쿼터가 있는 경우 특정 네임스페이스에
@@ -66,7 +67,9 @@ weight: 20
## 컴퓨트 리소스 쿼터
-지정된 네임스페이스에서 요청할 수 있는 총 [컴퓨트 리소스](/ko/docs/concepts/configuration/manage-resources-containers/) 합을 제한할 수 있다.
+지정된 네임스페이스에서 요청할 수 있는 총
+[컴퓨트 리소스](/ko/docs/concepts/configuration/manage-resources-containers/)
+합을 제한할 수 있다.
다음과 같은 리소스 유형이 지원된다.
@@ -125,7 +128,9 @@ GPU 리소스를 다음과 같이 쿼터를 정의할 수 있다.
| `ephemeral-storage` | `requests.ephemeral-storage` 와 같음. |
{{< note >}}
-CRI 컨테이너 런타임을 사용할 때, 컨테이너 로그는 임시 스토리지 쿼터에 포함된다. 이로 인해 스토리지 쿼터를 소진한 파드가 예기치 않게 축출될 수 있다. 자세한 내용은 [로깅 아키텍처](/ko/docs/concepts/cluster-administration/logging/)를 참조한다.
+CRI 컨테이너 런타임을 사용할 때, 컨테이너 로그는 임시 스토리지 쿼터에 포함된다.
+이로 인해 스토리지 쿼터를 소진한 파드가 예기치 않게 축출될 수 있다.
+자세한 내용은 [로깅 아키텍처](/ko/docs/concepts/cluster-administration/logging/)를 참조한다.
{{< /note >}}
## 오브젝트 수 쿼터
@@ -192,7 +197,7 @@ CRI 컨테이너 런타임을 사용할 때, 컨테이너 로그는 임시 스
| `NotTerminating` | `.spec.activeDeadlineSeconds is nil`에 일치하는 파드 |
| `BestEffort` | 최상의 서비스 품질을 제공하는 파드 |
| `NotBestEffort` | 서비스 품질이 나쁜 파드 |
-| `PriorityClass` | 지정된 [프라이어리티 클래스](/ko/docs/concepts/configuration/pod-priority-preemption)를 참조하여 일치하는 파드. |
+| `PriorityClass` | 지정된 [프라이어리티클래스](/ko/docs/concepts/scheduling-eviction/pod-priority-preemption/)를 참조하여 일치하는 파드. |
| `CrossNamespacePodAffinity` | 크로스-네임스페이스 파드 [(안티)어피니티 용어]가 있는 파드 |
`BestEffort` 범위는 다음의 리소스를 추적하도록 쿼터를 제한한다.
@@ -248,13 +253,14 @@ CRI 컨테이너 런타임을 사용할 때, 컨테이너 로그는 임시 스
{{< feature-state for_k8s_version="v1.17" state="stable" >}}
-특정 [우선 순위](/ko/docs/concepts/configuration/pod-priority-preemption/#파드-우선순위)로 파드를 생성할 수 있다.
+특정 [우선 순위](/ko/docs/concepts/scheduling-eviction/pod-priority-preemption/#파드-우선순위)로 파드를 생성할 수 있다.
쿼터 스펙의 `scopeSelector` 필드를 사용하여 파드의 우선 순위에 따라 파드의 시스템 리소스 사용을
제어할 수 있다.
쿼터 스펙의 `scopeSelector`가 파드를 선택한 경우에만 쿼터가 일치하고 사용된다.
-`scopeSelector` 필드를 사용하여 우선 순위 클래스의 쿼터 범위를 지정하면, 쿼터 오브젝트는 다음의 리소스만 추적하도록 제한된다.
+`scopeSelector` 필드를 사용하여 우선 순위 클래스의 쿼터 범위를 지정하면,
+쿼터 오브젝트는 다음의 리소스만 추적하도록 제한된다.
* `pods`
* `cpu`
@@ -554,7 +560,7 @@ kubectl create -f ./object-counts.yaml --namespace=myspace
kubectl get quota --namespace=myspace
```
-```
+```none
NAME AGE
compute-resources 30s
object-counts 32s
@@ -564,7 +570,7 @@ object-counts 32s
kubectl describe quota compute-resources --namespace=myspace
```
-```
+```none
Name: compute-resources
Namespace: myspace
Resource Used Hard
@@ -580,7 +586,7 @@ requests.nvidia.com/gpu 0 4
kubectl describe quota object-counts --namespace=myspace
```
-```
+```none
Name: object-counts
Namespace: myspace
Resource Used Hard
@@ -677,10 +683,10 @@ plugins:
{{< codenew file="policy/priority-class-resourcequota.yaml" >}}
```shell
-$ kubectl apply -f https://k8s.io/examples/policy/priority-class-resourcequota.yaml -n kube-system
+kubectl apply -f https://k8s.io/examples/policy/priority-class-resourcequota.yaml -n kube-system
```
-```
+```none
resourcequota/pods-cluster-services created
```
diff --git a/content/ko/docs/concepts/scheduling-eviction/_index.md b/content/ko/docs/concepts/scheduling-eviction/_index.md
index 5ae3f5822e..7128dbe99f 100644
--- a/content/ko/docs/concepts/scheduling-eviction/_index.md
+++ b/content/ko/docs/concepts/scheduling-eviction/_index.md
@@ -32,6 +32,6 @@ no_list: true
{{}}
-* [파드 우선순위와 선점](/docs/concepts/scheduling-eviction/pod-priority-preemption/)
+* [파드 우선순위와 선점](/ko/docs/concepts/scheduling-eviction/pod-priority-preemption/)
* [노드-압박 축출](/docs/concepts/scheduling-eviction/node-pressure-eviction/)
-* [API를 이용한 축출](/docs/concepts/scheduling-eviction/api-eviction/)
+* [API를 이용한 축출](/ko/docs/concepts/scheduling-eviction/api-eviction/)
diff --git a/content/ko/docs/concepts/scheduling-eviction/api-eviction.md b/content/ko/docs/concepts/scheduling-eviction/api-eviction.md
new file mode 100644
index 0000000000..53724320b0
--- /dev/null
+++ b/content/ko/docs/concepts/scheduling-eviction/api-eviction.md
@@ -0,0 +1,18 @@
+---
+title: API를 이용한 축출(Eviction)
+content_type: concept
+weight: 70
+---
+
+{{< glossary_definition term_id="api-eviction" length="short" >}}
+
+`kubectl drain` 명령과 같은 kube-apiserver의 클라이언트를 사용하여,
+축출 API를 직접 호출해 축출 요청을 할 수 있다.
+그러면 API 서버가 파드를 종료하는 `Eviction` 오브젝트가 생성된다.
+
+API를 이용한 축출은 구성된 [`PodDisruptionBudgets`](/docs/tasks/run-application/configure-pdb/) 및 [`terminationGracePeriodSeconds`](/ko/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination)를 준수한다.
+
+## {{% heading "whatsnext" %}}
+
+- [노드-압박 축출](/docs/concepts/scheduling-eviction/node-pressure-eviction/)에 대해 더 배우기
+- [파드 우선순위와 선점](/ko/docs/concepts/scheduling-eviction/pod-priority-preemption/)에 대해 더 배우기
diff --git a/content/ko/docs/concepts/scheduling-eviction/assign-pod-node.md b/content/ko/docs/concepts/scheduling-eviction/assign-pod-node.md
index da30c01ab2..f46e075b57 100644
--- a/content/ko/docs/concepts/scheduling-eviction/assign-pod-node.md
+++ b/content/ko/docs/concepts/scheduling-eviction/assign-pod-node.md
@@ -72,7 +72,7 @@ spec:
## 넘어가기 전에: 내장 노드 레이블들 {#built-in-node-labels}
[붙인](#1-단계-노드에-레이블-붙이기) 레이블뿐만 아니라, 노드에는
-표준 레이블 셋이 미리 채워져 있다. 이들 목록은 [잘 알려진 레이블, 어노테이션 및 테인트](/docs/reference/labels-annotations-taints/)를 참고한다.
+표준 레이블 셋이 미리 채워져 있다. 이들 목록은 [잘 알려진 레이블, 어노테이션 및 테인트](/ko/docs/reference/labels-annotations-taints/)를 참고한다.
{{< note >}}
이 레이블들의 값은 클라우드 공급자에 따라 다르고 신뢰성이 보장되지 않는다.
@@ -402,7 +402,7 @@ web-server-1287567482-s330j 1/1 Running 0 7m 10.192.3
`nodeName` 은 PodSpec의 필드이다. 만약 비어있지 않으면, 스케줄러는
파드를 무시하고 명명된 노드에서 실행 중인 kubelet이
파드를 실행하려고 한다. 따라서 만약 PodSpec에 `nodeName` 가
-제공된 경우, 노드 선텍을 위해 위의 방법보다 우선한다.
+제공된 경우, 노드 선택을 위해 위의 방법보다 우선한다.
`nodeName` 을 사용해서 노드를 선택할 때의 몇 가지 제한은 다음과 같다.
diff --git a/content/ko/docs/concepts/scheduling-eviction/node-pressure-eviction.md b/content/ko/docs/concepts/scheduling-eviction/node-pressure-eviction.md
new file mode 100644
index 0000000000..a3330a1b0d
--- /dev/null
+++ b/content/ko/docs/concepts/scheduling-eviction/node-pressure-eviction.md
@@ -0,0 +1,411 @@
+---
+title: 노드-압박 축출
+content_type: concept
+weight: 60
+---
+
+{{}}
+
+{{}}은
+클러스터 노드의 CPU, 메모리, 디스크 공간, 파일시스템 inode와 같은 자원을 모니터링한다.
+이러한 자원 중 하나 이상이 특정 소모 수준에 도달하면,
+kubelet은 하나 이상의 파드를 능동적으로 중단시켜
+자원을 회수하고 고갈 상황을 방지할 수 있다.
+
+노드-압박 축출 과정에서, kubelet은 축출할 파드의 `PodPhase`를
+`Failed`로 설정한다. 이로써 파드가 종료된다.
+
+노드-압박 축출은
+[API를 이용한 축출](/ko/docs/concepts/scheduling-eviction/api-eviction/)과는 차이가 있다.
+
+kubelet은 이전에 설정된 `PodDisruptionBudget` 값이나 파드의 `terminationGracePeriodSeconds` 값을 따르지 않는다.
+[소프트 축출 임계값](#soft-eviction-thresholds)을 사용하는 경우,
+kubelet은 이전에 설정된 `eviction-max-pod-grace-period` 값을 따른다.
+[하드 축출 임계값](#hard-eviction-thresholds)을 사용하는 경우, 파드 종료 시 `0s` 만큼 기다린 후 종료한다(즉, 기다리지 않고 바로 종료한다).
+
+실패한 파드를 새로운 파드로 교체하는
+{{< glossary_tooltip text="워크로드" term_id="workload" >}} 리소스(예:
+{{< glossary_tooltip text="스테이트풀셋(StatefulSet)" term_id="statefulset" >}} 또는
+{{< glossary_tooltip text="디플로이먼트(Deployment)" term_id="deployment" >}})가 파드를 관리하는 경우,
+컨트롤 플레인이나 `kube-controller-manager`가 축출된 파드를 대신할 새 파드를 생성한다.
+
+{{}}
+kubelet은 최종 사용자 파드를 종료하기 전에
+먼저 [노드 수준 자원을 회수](#reclaim-node-resources)하려고 시도한다.
+예를 들어, 디스크 자원이 부족하면 먼저 사용하지 않는 컨테이너 이미지를 제거한다.
+{{}}
+
+kubelet은 축출 결정을 내리기 위해 다음과 같은 다양한 파라미터를 사용한다.
+
+ * 축출 신호
+ * 축출 임계값
+ * 모니터링 간격
+
+### 축출 신호 {#eviction-signals}
+
+축출 신호는 특정 시점에서 특정 자원의 현재 상태이다.
+Kubelet은 노드에서 사용할 수 있는 리소스의 최소량인
+축출 임계값과 축출 신호를 비교하여
+축출 결정을 내린다.
+
+Kubelet은 다음과 같은 축출 신호를 사용한다.
+
+| 축출 신호 | 설명 |
+|----------------------|---------------------------------------------------------------------------------------|
+| `memory.available` | `memory.available` := `node.status.capacity[memory]` - `node.stats.memory.workingSet` |
+| `nodefs.available` | `nodefs.available` := `node.stats.fs.available` |
+| `nodefs.inodesFree` | `nodefs.inodesFree` := `node.stats.fs.inodesFree` |
+| `imagefs.available` | `imagefs.available` := `node.stats.runtime.imagefs.available` |
+| `imagefs.inodesFree` | `imagefs.inodesFree` := `node.stats.runtime.imagefs.inodesFree` |
+| `pid.available` | `pid.available` := `node.stats.rlimit.maxpid` - `node.stats.rlimit.curproc` |
+
+이 표에서, `설명` 열은 kubelet이 축출 신호 값을 계산하는 방법을 나타낸다.
+각 축출 신호는 백분율 또는 숫자값을 지원한다.
+Kubelet은 총 용량 대비 축출 신호의 백분율 값을
+계산한다.
+
+`memory.available` 값은 `free -m`과 같은 도구가 아니라 cgroupfs로부터 도출된다.
+이는 `free -m`이 컨테이너 안에서는 동작하지 않고, 또한 사용자가
+[node allocatable](/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable)
+기능을 사용하는 경우 자원 부족에 대한 결정은 루트 노드뿐만 아니라
+cgroup 계층 구조의 최종 사용자 파드 부분에서도 지역적으로 이루어지기 때문에 중요하다.
+이 [스크립트](/examples/admin/resource/memory-available.sh)는
+kubelet이 `memory.available`을 계산하기 위해 수행하는 동일한 단계들을 재현한다.
+kubelet은 메모리 압박 상황에서 메모리가 회수 가능하다고 가정하므로,
+inactive_file(즉, 비활성 LRU 목록의 파일 기반 메모리 바이트 수)을
+계산에서 제외한다.
+
+kubelet은 다음과 같은 파일시스템 파티션을 지원한다.
+
+1. `nodefs`: 노드의 메인 파일시스템이며, 로컬 디스크 볼륨, emptyDir,
+ 로그 스토리지 등에 사용된다. 예를 들어 `nodefs`는 `/var/lib/kubelet/`을 포함한다.
+1. `imagefs`: 컨테이너 런타임이 컨테이너 이미지 및
+ 컨테이너 쓰기 가능 레이어를 저장하는 데 사용하는 선택적 파일시스템이다.
+
+Kubelet은 이러한 파일시스템을 자동으로 검색하고 다른 파일시스템은 무시한다.
+Kubelet은 다른 구성은 지원하지 않는다.
+
+{{}}
+일부 kubelet 가비지 수집 기능은 더 이상 사용되지 않으며 축출로 대체되었다.
+사용 중지된 기능의 목록은 [kubelet 가비지 수집 사용 중단](/ko/docs/concepts/cluster-administration/kubelet-garbage-collection/#사용-중단-deprecation)을 참조한다.
+{{}}
+
+### 축출 임계값
+
+kubelet이 축출 결정을 내릴 때 사용하는 축출 임계값을
+사용자가 임의로 설정할 수 있다.
+
+축출 임계값은 `[eviction-signal][operator][quantity]` 형태를 갖는다.
+
+* `eviction-signal`에는 사용할 [축출 신호](#eviction-signals)를 적는다.
+* `operator`에는 [관계연산자](https://ko.wikipedia.org/wiki/관계연산자#표준_관계연산자)를
+ 적는다(예: `<` - 미만)
+* `quantity`에는 `1Gi`와 같이 축출 임계값 수치를 적는다.
+ `quantity`에 들어가는 값은 쿠버네티스가 사용하는 수치 표현 방식과 맞아야 한다.
+ 숫자값 또는 백분율(`%`)을 사용할 수 있다.
+
+예를 들어, 노드에 총 `10Gi`의 메모리가 있고
+`1Gi` 아래로 내려갔을 때 축출이 시작되도록 만들고 싶으면, 축출 임계값을
+`memory.available<10%` 또는 `memory.available<1Gi` 형태로 정할 수 있다. 둘을 동시에 사용할 수는 없다.
+
+소프트 축출 임계값과 하드 축출 임계값을 설정할 수 있다.
+
+#### 소프트 축출 임계값 {#soft-eviction-thresholds}
+
+소프트 축출 임계값은 관리자가 설정하는 유예 시간(필수)과 함께 정의된다.
+kubelet은 유예 시간이 초과될 때까지 파드를 제거하지 않는다.
+유예 시간이 지정되지 않으면 kubelet 시작 시
+오류가 반환된다.
+
+kubelet이 축출 과정에서 사용할 수 있도록,
+'소프트 축출 임계값'과 '최대 허용 파드 종료 유예 시간' 둘 다를 설정할 수 있다.
+'최대 허용 파드 종료 유예 시간'이 설정되어 있는 상태에서 '소프트 축출 임계값'에 도달하면,
+kubelet은 두 유예 시간 중 작은 쪽을 적용한다.
+'최대 허용 파드 종료 유예 시간'을 설정하지 않으면,
+kubelet은 축출된 파드를 유예 시간 없이 즉시 종료한다.
+
+소프트 축출 임계값을 설정할 때 다음과 같은 플래그를 사용할 수 있다.
+
+* `eviction-soft`: 축출 임계값(예: `memory.available<1.5Gi`)의 집합이며,
+ 지정된 유예 시간동안 이 축출 임계값 조건이 충족되면 파드 축출이 트리거된다.
+* `eviction-soft-grace-period`: 축출 유예 시간의 집합이며,
+ 소프트 축출 임계값 조건이 이 유예 시간동안 충족되면 파드 축출이 트리거된다.
+* `eviction-max-pod-grace-period`: '최대 허용 파드 종료 유예 시간(단위: 초)'이며,
+ 소프트 축출 임계값 조건이 충족되어 파드를 종료할 때 사용한다.
+
+#### 하드 축출 임계값 {#hard-eviction-thresholds}
+
+하드 축출 임계값에는 유예 시간이 없다. 하드 축출 임계값 조건이 충족되면,
+kubelet은 고갈된 자원을 회수하기 위해 파드를 유예 시간 없이
+즉시 종료한다.
+
+`eviction-hard` 플래그를 사용하여 하드 축출
+임계값(예: `memory.available<1Gi`)을 설정할 수 있다.
+
+kubelet은 다음과 같은 하드 축출 임계값을 기본적으로 설정하고 있다.
+
+* `memory.available<100Mi`
+* `nodefs.available<10%`
+* `imagefs.available<15%`
+* `nodefs.inodesFree<5%` (리눅스 노드)
+
+### 축출 모니터링 시간 간격
+
+kubelet은 `housekeeping-interval`에 설정된 시간 간격(기본값: `10s`)마다
+축출 임계값을 확인한다.
+
+### 노드 컨디션 {#node-conditions}
+
+kubelet은 하드/소프트 축출 임계값 조건이 충족되어
+노드 압박이 발생했다는 것을 알리기 위해,
+설정된 유예 시간과는 관계없이 노드 컨디션을 보고한다.
+
+kubelet은 다음과 같이 노드 컨디션과 축출 신호를 매핑한다.
+
+| 노드 컨디션 | 축출 신호 | 설명 |
+|-------------------|---------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|
+| `MemoryPressure` | `memory.available` | 노드의 가용 메모리 양이 축출 임계값에 도달함 |
+| `DiskPressure` | `nodefs.available`, `nodefs.inodesFree`, `imagefs.available`, 또는 `imagefs.inodesFree` | 노드의 루트 파일시스템 또는 이미지 파일시스템의 가용 디스크 공간 또는 inode의 수가 축출 임계값에 도달함 |
+| `PIDPressure` | `pid.available` | (리눅스) 노드의 가용 프로세스 ID(PID)가 축출 임계값 이하로 내려옴 |
+
+kubelet은 `--node-status-update-frequency`에 설정된
+시간 간격(기본값: `10s`)마다 노드 컨디션을 업데이트한다.
+
+#### 노드 컨디션 진동(oscillation)
+
+경우에 따라, 노드의 축출 신호값이 사전에 설정된 유예 시간 동안 유지되지 않고
+소프트 축출 임계값을 중심으로 진동할 수 있다. 이로 인해 노드 컨디션이 계속
+`true`와 `false`로 바뀌며, 잘못된 축출 결정을 야기할 수 있다.
+
+이러한 진동을 방지하기 위해, `eviction-pressure-transition-period` 플래그를
+사용하여 kubelet이 노드 컨디션을 다른 상태로 바꾸기 위해 기다려야 하는 시간을
+설정할 수 있다. 기본값은 `5m`이다.
+
+### 노드-수준 자원 회수하기 {#reclaim-node-resources}
+
+kubelet은 최종 사용자 파드를 축출하기 전에 노드-수준 자원 회수를 시도한다.
+
+`DiskPressure` 노드 컨디션이 보고되면,
+kubelet은 노드의 파일시스템을 기반으로 노드-수준 자원을 회수한다.
+
+#### `imagefs`가 있는 경우
+
+컨테이너 런타임이 사용할 전용 `imagefs` 파일시스템이 노드에 있으면,
+kubelet은 다음 작업을 수행한다.
+
+ * `nodefs` 파일시스템이 축출 임계값 조건을 충족하면,
+ kubelet은 종료된 파드와 컨테이너에 대해 가비지 수집을 수행한다.
+ * `imagefs` 파일시스템이 축출 임계값 조건을 충족하면,
+ kubelet은 모든 사용중이지 않은 이미지를 삭제한다.
+
+#### `imagefs`가 없는 경우
+
+노드에 `nodefs` 파일시스템만 있고 이것이 축출 임계값 조건을 충족한 경우,
+kubelet은 다음 순서로 디스크 공간을 확보한다.
+
+1. 종료된 파드와 컨테이너에 대해 가비지 수집을 수행한다.
+1. 사용중이지 않은 이미지를 삭제한다.
+
+### kubelet 축출을 위한 파드 선택
+
+kubelet이 노드-수준 자원을 회수했음에도 축출 신호가 임계값 아래로 내려가지 않으면,
+kubelet은 최종 사용자 파드 축출을 시작한다.
+
+kubelet은 파드 축출 순서를 결정하기 위해 다음의 파라미터를 활용한다.
+
+1. 파드의 자원 사용량이 요청량을 초과했는지 여부
+1. [파드 우선순위](/ko/docs/concepts/scheduling-eviction/pod-priority-preemption/)
+1. 파드의 자원 요청량 대비 자원 사용량
+
+결과적으로, kubelet은 다음과 같은 순서로 파드의 축출 순서를 정하고 축출을 수행한다.
+
+1. `BestEffort` 또는 `Burstable` 파드 중 자원 사용량이 요청량을 초과한 파드.
+ 이 파드들은 파드들의 우선순위, 그리고 자원 사용량이 요청량을
+ 얼마나 초과했는지에 따라 축출된다.
+1. `Guaranteed`, `Burstable` 파드 중 자원 사용량이 요청량보다 낮은 파드는
+ 우선순위에 따라 후순위로 축출된다.
+
+{{}}
+kubelet이 파드 축출 순서를 결정할 때 파드의 QoS 클래스는 이용하지 않는다.
+메모리 등의 자원을 회수할 때, QoS 클래스를 이용하여 가장 가능성이 높은 파드 축출 순서를 예측할 수는 있다.
+QoS는 EphemeralStorage 요청에 적용되지 않으므로,
+노드가 예를 들어 `DiskPressure` 아래에 있는 경우 위의 시나리오가 적용되지 않는다.
+{{}}
+
+`Guaranteed` 파드는 모든 컨테이너에 대해 자원 요청량과 제한이 명시되고
+그 둘이 동일할 때에만 보장(guaranteed)된다. 다른 파드의 자원 사용으로 인해
+`Guaranteed` 파드가 축출되는 일은 발생하지 않는다. 만약 시스템 데몬(예:
+`kubelet`, `docker`, `journald`)이 `system-reserved` 또는 `kube-reserved`
+할당을 통해 예약된 것보다 더 많은 자원을 소비하고, 노드에는 요청량보다 적은 양의
+자원을 사용하고 있는 `Guaranteed` / `Burstable` 파드만 존재한다면,
+kubelet은 노드 안정성을 유지하고 자원 고갈이 다른 파드에 미칠 영향을 통제하기 위해
+이러한 파드 중 하나를 골라 축출해야 한다.
+이 경우, 가장 낮은 `Priority`를 갖는 파드가 선택된다.
+
+`inodes`와 `PIDs`에 대한 요청량은 정의하고 있지 않기 때문에, kubelet이 `inode`
+또는 `PID` 고갈 때문에 파드를 축출할 때에는 파드의 `Priority`를 이용하여 축출
+순위를 정한다.
+
+노드에 전용 `imagefs` 파일시스템이 있는지 여부에 따라 kubelet이 파드 축출 순서를
+정하는 방식에 차이가 있다.
+
+#### `imagefs`가 있는 경우
+
+`nodefs`로 인한 축출의 경우, kubelet은 `nodefs`
+사용량(`모든 컨테이너의 로컬 볼륨 + 로그`)을 기준으로 축출 순서를 정한다.
+
+`imagefs`로 인한 축출의 경우, kubelet은 모든 컨테이너의
+쓰기 가능한 레이어(writable layer) 사용량을 기준으로 축출 순서를 정한다.
+
+#### `imagefs`가 없는 경우
+
+`nodefs`로 인한 축출의 경우, kubelet은 각 파드의 총
+디스크 사용량(`모든 컨테이너의 로컬 볼륨 + 로그 + 쓰기 가능한 레이어`)을 기준으로 축출 순서를 정한다.
+
+### 최소 축출 회수량
+
+경우에 따라, 파드를 축출했음에도 적은 양의 자원만이 회수될 수 있다.
+이로 인해 kubelet이 반복적으로 축출 임계값 도달을 감지하고
+여러 번의 축출을 수행할 수 있다.
+
+`--eviction-minimum-reclaim` 플래그 또는
+[kubelet 설정 파일](/docs/tasks/administer-cluster/kubelet-config-file/)을 이용하여
+각 자원에 대한 최소 회수량을 설정할 수 있다. kubelet이 자원 부족 상황을 감지하면,
+앞서 설정한 최소 회수량에 도달할때까지 회수를 계속 진행한다.
+
+예를 들어, 다음 YAML은 최소 회수량을 정의하고 있다.
+
+```yaml
+apiVersion: kubelet.config.k8s.io/v1beta1
+kind: KubeletConfiguration
+evictionHard:
+ memory.available: "500Mi"
+ nodefs.available: "1Gi"
+ imagefs.available: "100Gi"
+evictionMinimumReclaim:
+ memory.available: "0Mi"
+ nodefs.available: "500Mi"
+ imagefs.available: "2Gi"
+```
+
+이 예제에서, 만약 `nodefs.available` 축출 신호가 축출 임계값 조건에 도달하면,
+kubelet은 축출 신호가 임계값인 `1Gi`에 도달할 때까지 자원을 회수하며,
+이어서 축출 신호가 `1.5Gi`에 도달할 때까지 최소 `500Mi` 이상의 자원을
+회수한다.
+
+유사한 방식으로, kubelet은 `imagefs.available` 축출 신호가
+`102Gi`에 도달할 때까지 `imagefs` 자원을 회수한다.
+
+모든 자원에 대해 `eviction-minimum-reclaim`의 기본값은 `0`이다.
+
+### 노드 메모리 부족 시의 동작
+
+kubelet의 메모리 회수가 가능하기 이전에
+노드에 메모리 부족(out of memory, 이하 OOM) 이벤트가 발생하면,
+노드는 [oom_killer](https://lwn.net/Articles/391222/)에 의존한다.
+
+kubelet은 각 파드에 설정된 QoS를 기반으로 각 컨테이너에 `oom_score_adj` 값을 설정한다.
+
+| 서비스 품질(Quality of Service) | oom_score_adj |
+|--------------------|-----------------------------------------------------------------------------------|
+| `Guaranteed` | -997 |
+| `BestEffort` | 1000 |
+| `Burstable` | min(max(2, 1000 - (1000 * memoryRequestBytes) / machineMemoryCapacityBytes), 999) |
+
+{{}}
+또한, kubelet은 `system-node-critical` {{}}를 갖는 파드의 컨테이너에
+`oom_score_adj` 값을 `-997`로 설정한다.
+{{}}
+
+노드가 OOM을 겪기 전에 kubelet이 메모리를 회수하지 못하면, `oom_killer`가 노드의
+메모리 사용률 백분율을 이용하여 `oom_score`를 계산하고, 각 컨테이너의 실질
+`oom_score`를 구하기 위해 `oom_score_adj`를 더한다. 그 뒤 `oom_score`가 가장 높은
+컨테이너부터 종료시킨다.
+
+이는 곧, 스케줄링 요청에 비해 많은 양의 메모리를 사용하면서
+QoS가 낮은 파드에 속한 컨테이너가 먼저 종료됨을 의미한다.
+
+파드 축출과 달리, 컨테이너가 OOM으로 인해 종료되면,
+`kubelet`이 컨테이너의 `RestartPolicy`를 기반으로 컨테이너를 다시 실행할 수 있다.
+
+### 추천 예시 {#node-pressure-eviction-good-practices}
+
+아래 섹션에서 축출 설정에 대한 추천 예시를 소개한다.
+
+#### 스케줄 가능한 자원과 축출 정책
+
+kubelet에 축출 정책을 설정할 때, 만약 어떤 파드 배치가 즉시 메모리 압박을
+야기하기 때문에 축출을 유발한다면 스케줄러가 그 파드 배치를 수행하지 않도록
+설정해야 한다.
+
+다음 시나리오를 가정한다.
+
+* 노드 메모리 용량: `10Gi`
+* 운영자는 시스템 데몬(커널, `kubelet` 등)을 위해 메모리 용량의 10%를 확보해 놓고 싶어 한다.
+* 운영자는 시스템 OOM 발생을 줄이기 위해 메모리 사용률이 95%인 상황에서 파드를 축출하고 싶어한다.
+
+이것이 실현되도록, kubelet이 다음과 같이 실행된다.
+
+```
+--eviction-hard=memory.available<500Mi
+--system-reserved=memory=1.5Gi
+```
+
+이 환경 설정에서, `--system-reserved` 플래그는 시스템 용으로 `1.5Gi` 메모리를
+확보하는데, 이는 `총 메모리의 10% + 축출 임계값`에 해당된다.
+
+파드가 요청량보다 많은 메모리를 사용하거나 시스템이 `1Gi` 이상의 메모리를
+사용하여, `memory.available` 축출 신호가 `500Mi` 아래로 내려가면 노드가 축출
+임계값에 도달할 수 있다.
+
+#### 데몬셋(DaemonSet)
+
+파드 우선 순위(Priority)는 파드 축출 결정을 내릴 때의 주요 요소이다.
+kubelet이 `DaemonSet`에 속하는 파드를 축출하지 않도록 하려면
+해당 파드의 파드 스펙에 충분히 높은 `priorityClass`를 지정한다.
+또는 낮은 `priorityClass`나 기본값을 사용하여
+리소스가 충분할 때만 `DaemonSet` 파드가 실행되도록 허용할 수도 있다.
+
+### 알려진 이슈
+
+다음 섹션에서는 리소스 부족 처리와 관련된 알려진 이슈에 대해 다룬다.
+
+#### kubelet이 메모리 압박을 즉시 감지하지 못할 수 있음
+
+기본적으로 kubelet은 `cAdvisor`를 폴링하여
+일정한 간격으로 메모리 사용량 통계를 수집한다.
+해당 타임 윈도우 내에서 메모리 사용량이 빠르게 증가하면 kubelet이
+`MemoryPressure`를 충분히 빠르게 감지하지 못해 `OOMKiller`가 계속 호출될 수 있다.
+
+`--kernel-memcg-notification` 플래그를 사용하여
+kubelet의 `memcg` 알림 API가 임계값을 초과할 때 즉시 알림을 받도록
+할 수 있다.
+
+사용률(utilization)을 극단적으로 높이려는 것이 아니라 오버커밋(overcommit)에 대한 합리적인 조치만 원하는 경우,
+이 문제에 대한 현실적인 해결 방법은 `--kube-reserved` 및
+`--system-reserved` 플래그를 사용하여 시스템에 메모리를 할당하는 것이다.
+
+#### `active_file` 메모리가 사용 가능한 메모리로 간주되지 않음
+
+리눅스에서, 커널은 활성 LRU 목록의 파일 지원 메모리 바이트 수를 `active_file`
+통계로 추적한다. kubelet은 `active_file` 메모리 영역을 회수할 수 없는 것으로
+취급한다. 임시 로컬 스토리지를 포함하여 블록 지원 로컬 스토리지를 집중적으로
+사용하는 워크로드의 경우 파일 및 블록 데이터의 커널 수준 캐시는 최근에 액세스한
+많은 캐시 페이지가 `active_file`로 계산될 가능성이 있음을 의미한다. 활성 LRU
+목록에 이러한 커널 블록 버퍼가 충분히 많으면, kubelet은 이를 높은 자원 사용
+상태로 간주하고 노드가 메모리 압박을 겪고 있다고 테인트를 표시할 수 있으며, 이는
+파드 축출을 유발한다.
+
+더 자세한 사항은 [https://github.com/kubernetes/kubernetes/issues/43916](https://github.com/kubernetes/kubernetes/issues/43916)를 참고한다.
+
+집중적인 I/O 작업을 수행할 가능성이 있는 컨테이너에 대해 메모리 제한량 및 메모리
+요청량을 동일하게 설정하여 이 문제를 해결할 수 있다. 해당 컨테이너에 대한 최적의
+메모리 제한량을 추정하거나 측정해야 한다.
+
+## {{% heading "whatsnext" %}}
+
+* [API를 이용한 축출](/ko/docs/concepts/scheduling-eviction/api-eviction/)에 대해 알아본다.
+* [파드 우선순위와 선점](/ko/docs/concepts/scheduling-eviction/pod-priority-preemption/)에 대해 알아본다.
+* [PodDisruptionBudgets](/docs/tasks/run-application/configure-pdb/)에 대해 알아본다.
+* [서비스 품질](/ko/docs/tasks/configure-pod-container/quality-service-pod/)(QoS)에 대해 알아본다.
+* [축출 API](/docs/reference/generated/kubernetes-api/{{}}/#create-eviction-pod-v1-core)를 확인한다.
diff --git a/content/ko/docs/concepts/scheduling-eviction/pod-priority-preemption.md b/content/ko/docs/concepts/scheduling-eviction/pod-priority-preemption.md
index 581525d833..f149290882 100644
--- a/content/ko/docs/concepts/scheduling-eviction/pod-priority-preemption.md
+++ b/content/ko/docs/concepts/scheduling-eviction/pod-priority-preemption.md
@@ -25,7 +25,7 @@ weight: 70
관리자는 리소스쿼터를 사용하여 사용자가 우선순위가 높은 파드를 생성하지
못하게 할 수 있다.
-자세한 내용은 [기본적으로 프라이어리티 클래스(Priority Class) 소비 제한](/ko/docs/concepts/policy/resource-quotas/#기본적으로-우선-순위-클래스-소비-제한)을
+자세한 내용은 [기본적으로 프라이어리티클래스(Priority Class) 소비 제한](/ko/docs/concepts/policy/resource-quotas/#기본적으로-우선-순위-클래스-소비-제한)을
참고한다.
{{< /warning >}}
@@ -50,7 +50,7 @@ weight: 70
## 프라이어리티클래스
-프라이어리티클래스는 프라이어리티 클래스 이름에서 우선순위의 정수 값으로의 매핑을
+프라이어리티클래스는 프라이어리티클래스 이름에서 우선순위의 정수 값으로의 매핑을
정의하는 네임스페이스가 아닌(non-namespaced) 오브젝트이다. 이름은
프라이어리티클래스 오브젝트의 메타데이터의 `name` 필드에 지정된다. 값은
필수 `value` 필드에 지정되어 있다. 값이 클수록, 우선순위가
@@ -96,7 +96,7 @@ metadata:
name: high-priority
value: 1000000
globalDefault: false
-description: "이 프라이어리티 클래스는 XYZ 서비스 파드에만 사용해야 한다."
+description: "이 프라이어리티클래스는 XYZ 서비스 파드에만 사용해야 한다."
```
## 비-선점 프라이어리티클래스 {#non-preempting-priority-class}
@@ -142,7 +142,7 @@ metadata:
value: 1000000
preemptionPolicy: Never
globalDefault: false
-description: "이 프라이어리티 클래스는 다른 파드를 축출하지 않는다."
+description: "이 프라이어리티클래스는 다른 파드를 축출하지 않는다."
```
## 파드 우선순위
@@ -150,7 +150,7 @@ description: "이 프라이어리티 클래스는 다른 파드를 축출하지
프라이어리티클래스가 하나 이상 있으면, 그것의 명세에서 이들 프라이어리티클래스 이름 중 하나를
지정하는 파드를 생성할 수 있다. 우선순위 어드미션
컨트롤러는 `priorityClassName` 필드를 사용하고 우선순위의 정수 값을
-채운다. 프라이어리티 클래스를 찾을 수 없으면, 파드가 거부된다.
+채운다. 프라이어리티클래스를 찾을 수 없으면, 파드가 거부된다.
다음의 YAML은 이전 예제에서 생성된 프라이어리티클래스를
사용하는 파드 구성의 예이다. 우선순위 어드미션 컨트롤러는
@@ -351,12 +351,12 @@ spec:
축출 대상으로 고려한다.
QoS와 파드 우선순위를 모두 고려하는 유일한 컴포넌트는
-[kubelet 리소스 부족 축출](/docs/tasks/administer-cluster/out-of-resource/)이다.
+[kubelet 리소스 부족 축출](/docs/concepts/scheduling-eviction/node-pressure-eviction/)이다.
kubelet은 부족한 리소스의 사용이 요청을 초과하는지 여부에 따라, 그런 다음 우선순위에 따라,
파드의 스케줄링 요청에 대한 부족한 컴퓨팅 리소스의 소비에 의해
먼저 축출 대상 파드의 순위를 매긴다.
더 자세한 내용은
-[엔드유저 파드 축출](/docs/tasks/administer-cluster/out-of-resource/#evicting-end-user-pods)을
+[엔드유저 파드 축출](/docs/concepts/scheduling-eviction/node-pressure-eviction/#evicting-end-user-pods)을
참조한다.
kubelet 리소스 부족 축출은 사용량이 요청을 초과하지 않는 경우
@@ -367,4 +367,4 @@ kubelet 리소스 부족 축출은 사용량이 요청을 초과하지 않는
## {{% heading "whatsnext" %}}
-* 프라이어리티클래스와 관련하여 리소스쿼터 사용에 대해 [기본적으로 프라이어리티 클래스 소비 제한](/ko/docs/concepts/policy/resource-quotas/#기본적으로-우선-순위-클래스-소비-제한)을 읽어보자.
+* 프라이어리티클래스와 관련하여 리소스쿼터 사용에 대해 [기본적으로 프라이어리티클래스 소비 제한](/ko/docs/concepts/policy/resource-quotas/#기본적으로-우선-순위-클래스-소비-제한)을 읽어보자.
diff --git a/content/ko/docs/concepts/scheduling-eviction/resource-bin-packing.md b/content/ko/docs/concepts/scheduling-eviction/resource-bin-packing.md
index 34ff6f3108..1ac3b81262 100644
--- a/content/ko/docs/concepts/scheduling-eviction/resource-bin-packing.md
+++ b/content/ko/docs/concepts/scheduling-eviction/resource-bin-packing.md
@@ -26,7 +26,7 @@ kube-scheduler를 미세 조정할 수 있다.
통해 사용자는 적절한 파라미터를 사용해서 확장된 리소스를 빈 팩으로 만들 수 있어
대규모의 클러스터에서 부족한 리소스의 활용도가 향상된다.
`RequestedToCapacityRatioResourceAllocation` 우선 순위 기능의
-동작은 `requestedToCapacityRatioArguments`라는
+동작은 `RequestedToCapacityRatioArgs`라는
구성 옵션으로 제어할 수 있다. 이 인수는 `shape`와 `resources`
두 개의 파라미터로 구성된다. `shape` 파라미터는 사용자가 `utilization`과
`score` 값을 기반으로 최소 요청 또는 최대 요청된 대로 기능을
@@ -39,27 +39,29 @@ kube-scheduler를 미세 조정할 수 있다.
설정하는 구성의 예시이다.
```yaml
-apiVersion: v1
-kind: Policy
+apiVersion: kubescheduler.config.k8s.io/v1beta1
+kind: KubeSchedulerConfiguration
+profiles:
# ...
-priorities:
- # ...
- - name: RequestedToCapacityRatioPriority
- weight: 2
- argument:
- requestedToCapacityRatioArguments:
- shape:
- - utilization: 0
- score: 0
- - utilization: 100
- score: 10
- resources:
- - name: intel.com/foo
- weight: 3
- - name: intel.com/bar
- weight: 5
+ pluginConfig:
+ - name: RequestedToCapacityRatio
+ args:
+ shape:
+ - utilization: 0
+ score: 10
+ - utilization: 100
+ score: 0
+ resources:
+ - name: intel.com/foo
+ weight: 3
+ - name: intel.com/bar
+ weight: 5
```
+kube-scheduler 플래그 `--config=/path/to/config/file` 을 사용하여
+`KubeSchedulerConfiguration` 파일을 참조하면 구성이 스케줄러에
+전달된다.
+
**이 기능은 기본적으로 비활성화되어 있다.**
### 우선 순위 기능 튜닝하기
diff --git a/content/ko/docs/concepts/scheduling-eviction/taint-and-toleration.md b/content/ko/docs/concepts/scheduling-eviction/taint-and-toleration.md
index 588adee0f7..c47f5f995b 100644
--- a/content/ko/docs/concepts/scheduling-eviction/taint-and-toleration.md
+++ b/content/ko/docs/concepts/scheduling-eviction/taint-and-toleration.md
@@ -1,4 +1,8 @@
---
+
+
+
+
title: 테인트(Taints)와 톨러레이션(Tolerations)
content_type: concept
weight: 40
@@ -260,13 +264,27 @@ tolerations:
이렇게 하면 이러한 문제로 인해 데몬셋 파드가 축출되지 않는다.
-## 컨디션별 노드 테인트하기
+## 컨디션을 기준으로 노드 테인트하기
-노드 라이프사이클 컨트롤러는 `NoSchedule` 이펙트가 있는 노드 컨디션에 해당하는
-테인트를 자동으로 생성한다.
-마찬가지로 스케줄러는 노드 컨디션을 확인하지 않는다. 대신 스케줄러는 테인트를 확인한다. 이렇게 하면 노드 컨디션이 노드에 스케줄된 내용에 영향을 미치지 않는다. 사용자는 적절한 파드 톨러레이션을 추가하여 노드의 일부 문제(노드 컨디션으로 표시)를 무시하도록 선택할 수 있다.
+컨트롤 플레인은 노드 {{}}를 이용하여
+[노드 조건](/docs/concepts/scheduling-eviction/node-pressure-eviction/)에 대한 `NoSchedule` 효과를 사용하여 자동으로 테인트를 생성한다.
-쿠버네티스 1.8 버전부터 데몬셋 컨트롤러는 다음의 `NoSchedule` 톨러레이션을
+스케줄러는 스케줄링 결정을 내릴 때 노드 조건을 확인하는 것이 아니라 테인트를 확인한다.
+이렇게 하면 노드 조건이 스케줄링에 직접적인 영향을 주지 않는다.
+예를 들어 `DiskPressure` 노드 조건이 활성화된 경우
+컨트롤 플레인은 `node.kubernetes.io/disk-pressure` 테인트를 추가하고 영향을 받는 노드에 새 파드를 할당하지 않는다.
+`MemoryPressure` 노드 조건이 활성화되면
+컨트롤 플레인이 `node.kubernetes.io/memory-pressure` 테인트를 추가한다.
+
+새로 생성된 파드에 파드 톨러레이션을 추가하여 노드 조건을 무시하도록 할 수 있다.
+또한 컨트롤 플레인은 `BestEffort` 이외의
+{{< glossary_tooltip text="QoS 클래스" term_id="qos-class" >}}를 가지는 파드에
+`node.kubernetes.io/memory-pressure` 톨러레이션을 추가한다.
+이는 쿠버네티스가 `Guaranteed` 또는 `Burstable` QoS 클래스를 갖는 파드(메모리 요청이 설정되지 않은 파드 포함)를
+마치 그 파드들이 메모리 압박에 대처 가능한 것처럼 다루는 반면,
+새로운 `BestEffort` 파드는 영향을 받는 노드에 할당하지 않기 때문이다.
+
+데몬셋 컨트롤러는 다음의 `NoSchedule` 톨러레이션을
모든 데몬에 자동으로 추가하여, 데몬셋이 중단되는 것을 방지한다.
* `node.kubernetes.io/memory-pressure`
@@ -278,8 +296,7 @@ tolerations:
이러한 톨러레이션을 추가하면 이전 버전과의 호환성이 보장된다. 데몬셋에
임의의 톨러레이션을 추가할 수도 있다.
-
## {{% heading "whatsnext" %}}
-* [리소스 부족 다루기](/docs/tasks/administer-cluster/out-of-resource/)와 어떻게 구성하는지에 대해 알아보기
-* [파드 우선순위](/ko/docs/concepts/configuration/pod-priority-preemption/)에 대해 알아보기
+* [리소스 부족 다루기](/docs/concepts/scheduling-eviction/node-pressure-eviction/)와 어떻게 구성하는지에 대해 알아보기
+* [파드 우선순위](/ko/docs/concepts/scheduling-eviction/pod-priority-preemption/)에 대해 알아보기
diff --git a/content/ko/docs/concepts/security/overview.md b/content/ko/docs/concepts/security/overview.md
index 9cd48a172c..64ed2675b2 100644
--- a/content/ko/docs/concepts/security/overview.md
+++ b/content/ko/docs/concepts/security/overview.md
@@ -149,7 +149,7 @@ TLS를 통한 접근 | 코드가 TCP를 통해 통신해야 한다면, 미리
* [파드에 대한 네트워크 정책](/ko/docs/concepts/services-networking/network-policies/)
* [쿠버네티스 API 접근 제어하기](/ko/docs/concepts/security/controlling-access)
* [클러스터 보안](/docs/tasks/administer-cluster/securing-a-cluster/)
-* 컨트롤 플레인을 위한 [전송 데이터 암호화](/docs/tasks/tls/managing-tls-in-a-cluster/)
+* 컨트롤 플레인을 위한 [전송 데이터 암호화](/ko/docs/tasks/tls/managing-tls-in-a-cluster/)
* [Rest에서 데이터 암호화](/docs/tasks/administer-cluster/encrypt-data/)
* [쿠버네티스 시크릿](/ko/docs/concepts/configuration/secret/)
* [런타임 클래스](/ko/docs/concepts/containers/runtime-class)
diff --git a/content/ko/docs/concepts/services-networking/dns-pod-service.md b/content/ko/docs/concepts/services-networking/dns-pod-service.md
index e3254d3ba8..b405617118 100644
--- a/content/ko/docs/concepts/services-networking/dns-pod-service.md
+++ b/content/ko/docs/concepts/services-networking/dns-pod-service.md
@@ -7,6 +7,7 @@ content_type: concept
weight: 20
---
+
쿠버네티스는 파드와 서비스를 위한 DNS 레코드를 생성한다. 사용자는 IP 주소 대신에
일관된 DNS 네임을 통해서 서비스에 접속할 수 있다.
@@ -49,7 +50,7 @@ options ndots:5
```
요약하면, _test_ 네임스페이스에 있는 파드는 `data.prod` 또는
-`data.prod.cluster.local` 중 하나를 통해 성공적으로 해석될 수 있다.
+`data.prod.svc.cluster.local` 중 하나를 통해 성공적으로 해석될 수 있다.
### DNS 레코드
@@ -261,6 +262,8 @@ spec:
### 파드의 DNS 설정 {#pod-dns-config}
+{{< feature-state for_k8s_version="v1.14" state="stable" >}}
+
사용자들은 파드의 DNS 설정을 통해서 직접 파드의 DNS를 세팅할 수 있다.
`dnsConfig` 필드는 선택적이고, `dnsPolicy` 세팅과 함께 동작한다.
@@ -310,18 +313,6 @@ search default.svc.cluster-domain.example svc.cluster-domain.example cluster-dom
options ndots:5
```
-### 기능 지원 여부
-
-파드 DNS 구성 및 DNS 정책 "`None`"에 대한 지원 정보는 아래에서 확인 할 수 있다.
-
-| k8s 버전 | 기능 지원 |
-| :---------: |:-----------:|
-| 1.14 | 안정 |
-| 1.10 | 베타 (기본)|
-| 1.9 | 알파 |
-
-
-
## {{% heading "whatsnext" %}}
diff --git a/content/ko/docs/concepts/services-networking/endpoint-slices.md b/content/ko/docs/concepts/services-networking/endpoint-slices.md
index 4e12cf9ff2..4ea1281faa 100644
--- a/content/ko/docs/concepts/services-networking/endpoint-slices.md
+++ b/content/ko/docs/concepts/services-networking/endpoint-slices.md
@@ -154,7 +154,7 @@ v1beta1 API의 `topology` 필드에 있는 `"topology.kubernetes.io/zone"`
### 관리
-대부분의 경우, 컨트롤 플레인(특히, 엔드포인트 슬라이스
+대부분의 경우, 컨트롤 플레인(특히, 엔드포인트슬라이스
{{< glossary_tooltip text="컨트롤러" term_id="controller" >}})는
엔드포인트슬라이스 오브젝트를 생성하고 관리한다. 다른 엔티티나 컨트롤러가 추가
엔드포인트슬라이스 집합을 관리하게 할 수 있는 서비스 메시 구현과 같이
@@ -165,13 +165,13 @@ v1beta1 API의 `topology` 필드에 있는 `"topology.kubernetes.io/zone"`
엔티티를 나타내는 `endpointslice.kubernetes.io/managed-by`
{{< glossary_tooltip term_id="label" text="레이블" >}}을
정의한다.
-엔드포인트 슬라이스 컨트롤러는 관리하는 모든 엔드포인트슬라이스에 레이블의 값으로
+엔드포인트슬라이스 컨트롤러는 관리하는 모든 엔드포인트슬라이스에 레이블의 값으로
`endpointslice-controller.k8s.io` 를 설정한다. 엔드포인트슬라이스를
관리하는 다른 엔티티도 이 레이블에 고유한 값을 설정해야 한다.
### 소유권
-대부분의 유스케이스에서, 엔드포인트 슬라이스 오브젝트가 엔드포인트를
+대부분의 유스케이스에서, 엔드포인트슬라이스 오브젝트가 엔드포인트를
추적하는 서비스가 엔드포인트슬라이스를 소유한다. 이 소유권은 각 엔드포인트슬라이스의 소유자
참조와 서비스에 속한 모든 엔드포인트슬라이스의 간단한 조회를 가능하게 하는
`kubernetes.io/service-name` 레이블로 표시된다.
@@ -247,5 +247,4 @@ v1beta1 API의 `topology` 필드에 있는 `"topology.kubernetes.io/zone"`
## {{% heading "whatsnext" %}}
-* [엔드포인트슬라이스 활성화하기](/docs/tasks/administer-cluster/enabling-endpointslices)에 대해 배우기
-* [애플리케이션을 서비스와 함께 연결하기](/ko/docs/concepts/services-networking/connect-applications-service/)를 읽어보기
+* [서비스와 애플리케이션 연결하기](/ko/docs/concepts/services-networking/connect-applications-service/)를 읽어보기
diff --git a/content/ko/docs/concepts/services-networking/network-policies.md b/content/ko/docs/concepts/services-networking/network-policies.md
index c68d6f2862..5a9b16a309 100644
--- a/content/ko/docs/concepts/services-networking/network-policies.md
+++ b/content/ko/docs/concepts/services-networking/network-policies.md
@@ -212,9 +212,10 @@ __ipBlock__: 인그레스 소스 또는 이그레스 대상으로 허용할 IP C
## SCTP 지원
-{{< feature-state for_k8s_version="v1.19" state="beta" >}}
+{{< feature-state for_k8s_version="v1.20" state="stable" >}}
-베타 기능으로, 기본 활성화되어 있다. 클러스터 수준에서 SCTP를 비활성화하려면, 사용자(또는 클러스터 관리자)가 API 서버에 `--feature-gates=SCTPSupport=false,…` 를 사용해서 `SCTPSupport` [기능 게이트](/ko/docs/reference/command-line-tools-reference/feature-gates/)를 비활성화해야 한다.
+안정된 기능으로, 기본 활성화되어 있다. 클러스터 수준에서 SCTP를 비활성화하려면, 사용자(또는 클러스터 관리자)가 API 서버에 `--feature-gates=SCTPSupport=false,…` 를 사용해서 `SCTPSupport` [기능 게이트](/ko/docs/reference/command-line-tools-reference/feature-gates/)를 비활성화해야 한다.
+해당 기능 게이트가 활성화되어 있는 경우, 네트워크폴리시의 `protocol` 필드를 `SCTP`로 지정할 수 있다.
{{< note >}}
SCTP 프로토콜 네트워크폴리시를 지원하는 {{< glossary_tooltip text="CNI" term_id="cni" >}} 플러그인을 사용하고 있어야 한다.
diff --git a/content/ko/docs/concepts/services-networking/service-traffic-policy.md b/content/ko/docs/concepts/services-networking/service-traffic-policy.md
new file mode 100644
index 0000000000..c4f87e2b3e
--- /dev/null
+++ b/content/ko/docs/concepts/services-networking/service-traffic-policy.md
@@ -0,0 +1,73 @@
+---
+
+
+title: 서비스 내부 트래픽 정책
+content_type: concept
+weight: 45
+---
+
+
+
+
+{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+
+_서비스 내부 트래픽 정책_ 을 사용하면 내부 트래픽 제한이 트래픽이 시작된
+노드 내의 엔드포인트로만 내부 트래픽을 라우팅하도록 한다.
+여기서 "내부" 트래픽은 현재 클러스터의 파드로부터 시작된 트래픽을 지칭한다.
+이를 통해 비용을 절감하고 성능을 개선할 수 있다.
+
+
+
+## 서비스 내부 트래픽 정책 사용
+
+
+[기능 게이트](/ko/docs/reference/command-line-tools-reference/feature-gates/)에서
+`ServiceInternalTrafficPolicy`를 활성화한 후에
+{{< glossary_tooltip text="서비스" term_id="service" >}}의
+`.spec.internalTrafficPolicy`를 `Local`로 설정하여 내부 전용 트래픽 정책을 활성화 할 수 있다.
+이것은 kube-proxy가 클러스터 내부 트래픽을 위해 노드 내부 엔드포인트로만 사용하도록 한다.
+
+{{< note >}}
+지정된 서비스에 대한 엔드포인트가 없는 노드의 파드인 경우에
+서비스는 다른 노드에 엔드포인트가 있더라도 엔드포인트가 없는 것처럼 작동한다.
+(이 노드의 파드에 대해서)
+{{< /note >}}
+
+다음 예제는 서비스의 `.spec.internalTrafficPolicy`를 `Local`로
+설정하는 것을 보여 준다:
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: my-service
+spec:
+ selector:
+ app: MyApp
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: 9376
+ internalTrafficPolicy: Local
+```
+
+## 작동 방식
+
+kube-proxy는 `spec.internalTrafficPolicy` 의 설정에 따라서 라우팅되는
+엔드포인트를 필터링한다.
+이것을 `Local`로 설정하면, 노드 내부 엔드포인트만 고려한다.
+이 설정이 `Cluster`이거나 누락되었다면 모든 엔드포인트를 고려한다.
+[기능 게이트](/ko/docs/reference/command-line-tools-reference/feature-gates/)의
+`ServiceInternalTrafficPolicy`를 활성화한다면, `spec.internalTrafficPolicy`는 기본값 "Cluster"로 설정된다.
+
+## 제약조건
+
+* 같은 서비스에서 `externalTrafficPolicy` 가 `Local`로 설정된 경우
+서비스 내부 트래픽 정책이 사용되지 않는다.
+클러스터에서 동일하지 않은 다른 서비스에서 이 두 가지 기능은 동시에 사용할 수 있다.
+
+## {{% heading "whatsnext" %}}
+
+* [토폴로지 인식 힌트 활성화](/docs/tasks/administer-cluster/enabling-topology-aware-hints)에 대해서 읽기
+* [서비스 외부 트래픽 정책](/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip)에 대해서 읽기
+* [서비스와 애플리케이션 연결하기](/ko/docs/concepts/services-networking/connect-applications-service/) 읽기
diff --git a/content/ko/docs/concepts/services-networking/service.md b/content/ko/docs/concepts/services-networking/service.md
index 7bbb4f6f63..5c4b9edeee 100644
--- a/content/ko/docs/concepts/services-networking/service.md
+++ b/content/ko/docs/concepts/services-networking/service.md
@@ -215,7 +215,7 @@ API 리소스이다. 개념적으로 엔드포인트와 매우 유사하지만,
오브젝트에 의해 미러링된다.
이 필드는 표준 쿠버네티스 레이블 구문을 따른다. 값은
-[IANA 표준 서비스 이름](http://www.iana.org/assignments/service-names) 또는
+[IANA 표준 서비스 이름](https://www.iana.org/assignments/service-names) 또는
`mycompany.com/my-custom-protocol`과 같은 도메인 접두사 이름 중 하나여야 한다.
## 가상 IP와 서비스 프록시
diff --git a/content/ko/docs/concepts/storage/storage-classes.md b/content/ko/docs/concepts/storage/storage-classes.md
index 0bec67ef8a..f4385419f1 100644
--- a/content/ko/docs/concepts/storage/storage-classes.md
+++ b/content/ko/docs/concepts/storage/storage-classes.md
@@ -1,4 +1,9 @@
---
+
+
+
+
+
title: 스토리지 클래스
content_type: concept
weight: 30
@@ -184,7 +189,7 @@ CSI | 1.14 (alpha), 1.16 (beta)
CSI 드라이버에 대한 문서를 본다.
{{< note >}}
- `waitForFirstConsumer`를 사용한다면, 노드 어피니티를 지정하기 위해서 파드 스펙에 `nodeName`을 사용하지는 않아야 한다.
+ `WaitForFirstConsumer`를 사용한다면, 노드 어피니티를 지정하기 위해서 파드 스펙에 `nodeName`을 사용하지는 않아야 한다.
만약 `nodeName`을 사용한다면, 스케줄러가 바이패스되고 PVC가 `pending` 상태로 있을 것이다.
대신, 아래와 같이 호스트네임을 이용하는 노드셀렉터를 사용할 수 있다.
@@ -653,11 +658,11 @@ metadata:
provisioner: kubernetes.io/azure-disk
parameters:
storageaccounttype: Standard_LRS
- kind: Shared
+ kind: managed
```
* `storageaccounttype`: Azure 스토리지 계정 Sku 계층. 기본값은 없음.
-* `kind`: 가능한 값은 `shared` (기본값), `dedicated`, 그리고 `managed` 이다.
+* `kind`: 가능한 값은 `shared`, `dedicated`, 그리고 `managed` (기본값) 이다.
`kind` 가 `shared` 인 경우, 모든 비관리 디스크는 클러스터와
동일한 리소스 그룹에 있는 몇 개의 공유 스토리지 계정에 생성된다. `kind` 가
`dedicated` 인 경우, 클러스터와 동일한 리소스 그룹에서 새로운
diff --git a/content/ko/docs/concepts/storage/volumes.md b/content/ko/docs/concepts/storage/volumes.md
index 6156a4704b..29f4755172 100644
--- a/content/ko/docs/concepts/storage/volumes.md
+++ b/content/ko/docs/concepts/storage/volumes.md
@@ -1,4 +1,9 @@
---
+
+
+
+
+
title: 볼륨
content_type: concept
weight: 10
@@ -13,7 +18,6 @@ weight: 10
파일을 공유할 때 발생한다.
쿠버네티스 {{< glossary_tooltip text="볼륨" term_id="volume" >}} 추상화는
이러한 문제를 모두 해결한다.
-
[파드](/ko/docs/concepts/workloads/pods/)에 대해 익숙해지는 것을 추천한다.
@@ -40,7 +44,6 @@ weight: 10
볼륨을 사용하려면, `.spec.volumes` 에서 파드에 제공할 볼륨을 지정하고
`.spec.containers[*].volumeMounts` 의 컨테이너에 해당 볼륨을 마운트할 위치를 선언한다.
-
컨테이너의 프로세스는 도커 이미지와 볼륨으로 구성된 파일시스템
뷰를 본다. [도커 이미지](https://docs.docker.com/userguide/dockerimages/)는
파일시스템 계층의 루트에 있다. 볼륨은 이미지 내에 지정된 경로에
@@ -117,6 +120,7 @@ EBS 볼륨이 파티션된 경우, 선택적 필드인 `partition: "}}
컨트롤러 관리자와 kubelet에 의해 로드되지 않도록 `awsElasticBlockStore` 스토리지
@@ -257,6 +261,9 @@ spec:
`path` 에서 파생된다.
{{< note >}}
+* [컨피그맵](/docs/tasks/configure-pod-container/configure-pod-configmap/)을 사용하기 위해서는
+ 먼저 컨피그맵을 생성해야 한다.
+
* 컨피그맵을 [`subPath`](#subpath-사용하기) 볼륨 마운트로 사용하는 컨테이너는 컨피그맵
업데이트를 수신하지 않는다.
@@ -522,6 +529,15 @@ glusterfs 볼륨에 데이터를 미리 채울 수 있으며, 파드 간에 데
### hostPath {#hostpath}
+{{< warning >}}
+HostPath 볼륨에는 많은 보안 위험이 있으며, 가능하면 HostPath를 사용하지 않는
+것이 좋다. HostPath 볼륨을 사용해야 하는 경우, 필요한 파일 또는 디렉터리로만
+범위를 지정하고 ReadOnly로 마운트해야 한다.
+
+AdmissionPolicy를 사용하여 특정 디렉터리로의 HostPath 액세스를 제한하는 경우,
+`readOnly` 마운트를 사용하는 정책이 유효하려면 `volumeMounts` 가 반드시 지정되어야 한다.
+{{< /warning >}}
+
`hostPath` 볼륨은 호스트 노드의 파일시스템에 있는 파일이나 디렉터리를
파드에 마운트 한다. 이것은 대부분의 파드들이 필요한 것은 아니지만, 일부
애플리케이션에 강력한 탈출구를 제공한다.
@@ -538,13 +554,12 @@ glusterfs 볼륨에 데이터를 미리 채울 수 있으며, 파드 간에 데
필드가 `type` 에 지원되는 값은 다음과 같다.
-
| 값 | 행동 |
|:------|:---------|
| | 빈 문자열 (기본값)은 이전 버전과의 호환성을 위한 것으로, hostPath 볼륨은 마운트 하기 전에 아무런 검사도 수행되지 않는다. |
| `DirectoryOrCreate` | 만약 주어진 경로에 아무것도 없다면, 필요에 따라 Kubelet이 가지고 있는 동일한 그룹과 소유권, 권한을 0755로 설정한 빈 디렉터리를 생성한다. |
| `Directory` | 주어진 경로에 디렉터리가 있어야 함 |
-| `FileOrCreate` | 만약 주어진 경로에 아무것도 없다면, 필요에 따라 Kubelet이 가지고 있는 동일한 그룹과 소유권, 권한을 0644로 설정한 빈 디렉터리를 생성한다. |
+| `FileOrCreate` | 만약 주어진 경로에 아무것도 없다면, 필요에 따라 Kubelet이 가지고 있는 동일한 그룹과 소유권, 권한을 0644로 설정한 빈 파일을 생성한다. |
| `File` | 주어진 경로에 파일이 있어야 함 |
| `Socket` | 주어진 경로에 UNIX 소캣이 있어야 함 |
| `CharDevice` | 주어진 경로에 문자 디바이스가 있어야 함 |
@@ -552,6 +567,9 @@ glusterfs 볼륨에 데이터를 미리 채울 수 있으며, 파드 간에 데
다음과 같은 이유로 이 유형의 볼륨 사용시 주의해야 한다.
+* HostPath는 권한있는 시스템 자격 증명 (예 : Kubelet 용) 또는 권한있는 API
+ (예 : 컨테이너 런타임 소켓)를 노출 할 수 있으며, 이는 컨테이너 이스케이프 또는
+ 클러스터의 다른 부분을 공격하는 데 사용될 수 있다.
* 동일한 구성(파드템플릿으로 생성한 것과 같은)을
가진 파드는 노드에 있는 파일이 다르기 때문에 노드마다 다르게 동작할 수 있다.
* 기본 호스트에 생성된 파일 또는 디렉터리는 root만 쓸 수 있다.
@@ -909,12 +927,13 @@ API 서버에 대해 `--service-account-max-token-expiration` 옵션을 지정
상대 경로를 지정한다.
{{< note >}}
-projected 볼륨 소스를 [`subPath`](#subpath-사용하기) 볼륨으로 마운트해서 사용하는 컨테이너는 해당 볼륨 소스의 업데이트를 수신하지 않는다.
+projected 볼륨 소스를 [`subPath`](#subpath-사용하기) 볼륨으로 마운트해서 사용하는 컨테이너는
+해당 볼륨 소스의 업데이트를 수신하지 않는다.
{{< /note >}}
### quobyte
-`quobyte` 볼륨을 사용하면 기존 [Quobyte](http://www.quobyte.com) 볼륨을
+`quobyte` 볼륨을 사용하면 기존 [Quobyte](https://www.quobyte.com) 볼륨을
파드에 마운트할 수 있다.
{{< note >}}
@@ -1103,7 +1122,6 @@ vmware-vdiskmanager -c -t 0 -s 40GB -a lsilogic myDisk.vmdk
{{< /tabs >}}
-
#### vSphere VMDK 구성 예시 {#vsphere-vmdk-configuration}
```yaml
@@ -1133,8 +1151,7 @@ spec:
{{< feature-state for_k8s_version="v1.19" state="beta" >}}
`vsphereVolume` 용 `CSIMigration` 기능이 활성화되면, 기존 인-트리 플러그인에서
-`csi.vsphere.vmware.com` {{< glossary_tooltip text="CSI" term_id="csi" >}} 드라이버로 모든 플러그인 작업을 리디렉션한다.
-이 기능을 사용하려면,
+`csi.vsphere.vmware.com` {{< glossary_tooltip text="CSI" term_id="csi" >}} 드라이버로 모든 플러그인 작업을 리디렉션한다. 이 기능을 사용하려면,
[vSphere CSI 드라이버](https://github.com/kubernetes-sigs/vsphere-csi-driver)가
클러스터에 설치되어야 하며 `CSIMigration` 및 `CSIMigrationvSphere`
[기능 게이트](/ko/docs/reference/command-line-tools-reference/feature-gates/)가 활성화되어 있어야 한다.
diff --git a/content/ko/docs/concepts/workloads/controllers/daemonset.md b/content/ko/docs/concepts/workloads/controllers/daemonset.md
index d7d583d142..1496b25ec3 100644
--- a/content/ko/docs/concepts/workloads/controllers/daemonset.md
+++ b/content/ko/docs/concepts/workloads/controllers/daemonset.md
@@ -1,4 +1,10 @@
---
+
+
+
+
+
+
title: 데몬셋
content_type: concept
weight: 40
@@ -26,7 +32,8 @@ _데몬셋_ 은 모든(또는 일부) 노드가 파드의 사본을 실행하도
### 데몬셋 생성
-YAML 파일로 데몬셋을 설명 할 수 있다. 예를 들어 아래 `daemonset.yaml` 파일은 fluentd-elasticsearch 도커 이미지를 실행하는 데몬셋을 설명한다.
+YAML 파일에 데몬셋 명세를 작성할 수 있다. 예를 들어 아래 `daemonset.yaml` 파일은
+fluentd-elasticsearch 도커 이미지를 실행하는 데몬셋을 설명한다.
{{< codenew file="controllers/daemonset.yaml" >}}
@@ -40,19 +47,23 @@ kubectl apply -f https://k8s.io/examples/controllers/daemonset.yaml
다른 모든 쿠버네티스 설정과 마찬가지로 데몬셋에는 `apiVersion`, `kind` 그리고 `metadata` 필드가 필요하다.
일반적인 설정파일 작업에 대한 정보는
-[스테이트리스 애플리케이션 실행하기](/docs/tasks/run-application/run-stateless-application-deployment/),
-[컨테이너 구성하기](/ko/docs/tasks/) 그리고 [kubectl을 사용한 오브젝트 관리](/ko/docs/concepts/overview/working-with-objects/object-management/) 문서를 참고한다.
+[스테이트리스 애플리케이션 실행하기](/docs/tasks/run-application/run-stateless-application-deployment/)와
+ [kubectl을 사용한 오브젝트 관리](/ko/docs/concepts/overview/working-with-objects/object-management/)를 참고한다.
데몬셋 오브젝트의 이름은 유효한
[DNS 서브도메인 이름](/ko/docs/concepts/overview/working-with-objects/names/#dns-서브도메인-이름)이어야 한다.
-데몬셋에는 [`.spec`](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status) 섹션도 필요하다.
+데몬셋에는
+[`.spec`](https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status)
+섹션도 필요하다.
### 파드 템플릿
`.spec.template` 는 `.spec` 의 필수 필드 중 하나이다.
-`.spec.template` 는 [파드 템플릿](/ko/docs/concepts/workloads/pods/#파드-템플릿)이다. 이것은 중첩되어 있다는 점과 `apiVersion` 또는 `kind` 를 가지지 않는 것을 제외하면 {{< glossary_tooltip text="파드" term_id="pod" >}}와 정확히 같은 스키마를 가진다.
+`.spec.template` 는 [파드 템플릿](/ko/docs/concepts/workloads/pods/#파드-템플릿)이다.
+이것은 중첩되어 있다는 점과 `apiVersion` 또는 `kind` 를 가지지 않는 것을 제외하면
+{{< glossary_tooltip text="파드" term_id="pod" >}}와 정확히 같은 스키마를 가진다.
데몬셋의 파드 템플릿에는 파드의 필수 필드 외에도 적절한 레이블이 명시되어야
한다([파드 셀렉터](#파드-셀렉터)를 본다).
@@ -73,19 +84,22 @@ kubectl apply -f https://k8s.io/examples/controllers/daemonset.yaml
`.spec.selector` 는 다음 2개의 필드로 구성된 오브젝트이다.
-* `matchLabels` - [레플리케이션 컨트롤러](/ko/docs/concepts/workloads/controllers/replicationcontroller/)의 `.spec.selector` 와 동일하게 작동한다.
+* `matchLabels` - [레플리케이션 컨트롤러](/ko/docs/concepts/workloads/controllers/replicationcontroller/)의
+`.spec.selector` 와 동일하게 작동한다.
* `matchExpressions` - 키, 값 목록 그리고 키 및 값에 관련된 연산자를
명시해서 보다 정교한 셀렉터를 만들 수 있다.
2개의 필드가 명시되면 두 필드를 모두 만족하는 것(ANDed)이 결과가 된다.
-만약 `.spec.selector` 를 명시하면, 이것은 `.spec.template.metadata.labels` 와 일치해야 한다. 일치하지 않는 구성은 API에 의해 거부된다.
+만약 `.spec.selector` 를 명시하면, 이것은 `.spec.template.metadata.labels` 와 일치해야 한다.
+일치하지 않는 구성은 API에 의해 거부된다.
### 오직 일부 노드에서만 파드 실행
만약 `.spec.template.spec.nodeSelector` 를 명시하면 데몬셋 컨트롤러는
[노드 셀렉터](/ko/docs/concepts/scheduling-eviction/assign-pod-node/#노드-셀렉터-nodeselector)와
-일치하는 노드에 파드를 생성한다. 마찬가지로 `.spec.template.spec.affinity` 를 명시하면
+일치하는 노드에 파드를 생성한다.
+마찬가지로 `.spec.template.spec.affinity` 를 명시하면
데몬셋 컨트롤러는 [노드 어피니티](/ko/docs/concepts/scheduling-eviction/assign-pod-node/#노드-어피니티)와 일치하는 노드에 파드를 생성한다.
만약 둘 중 하나를 명시하지 않으면 데몬셋 컨트롤러는 모든 노드에서 파드를 생성한다.
@@ -100,18 +114,19 @@ kubectl apply -f https://k8s.io/examples/controllers/daemonset.yaml
데몬셋 파드는 데몬셋 컨트롤러에 의해 생성되고 스케줄된다.
이에 대한 이슈를 소개한다.
- * 파드 동작의 불일치: 스케줄 되기 위해서 대기 중인 일반 파드는 `Pending` 상태로 생성된다.
- 그러나 데몬셋 파드는 `Pending` 상태로 생성되지 않는다.
- 이것은 사용자에게 혼란을 준다.
- * [파드 선점](/ko/docs/concepts/configuration/pod-priority-preemption/)은
- 기본 스케줄러에서 처리한다. 선점이 활성화되면 데몬셋 컨트롤러는
- 파드 우선순위와 선점을 고려하지 않고 스케줄 한다.
+* 파드 동작의 불일치: 스케줄 되기 위해서 대기 중인 일반 파드는 `Pending` 상태로 생성된다.
+ 그러나 데몬셋 파드는 `Pending` 상태로 생성되지 않는다.
+ 이것은 사용자에게 혼란을 준다.
+* [파드 선점](/ko/docs/concepts/scheduling-eviction/pod-priority-preemption/)은
+ 기본 스케줄러에서 처리한다. 선점이 활성화되면 데몬셋 컨트롤러는
+ 파드 우선순위와 선점을 고려하지 않고 스케줄 한다.
`ScheduleDaemonSetPods` 로 데몬셋 파드에 `.spec.nodeName` 용어 대신
`NodeAffinity` 용어를 추가해서 데몬셋 컨트롤러 대신 기본
스케줄러를 사용해서 데몬셋을 스케줄할 수 있다. 이후에 기본
스케줄러를 사용해서 대상 호스트에 파드를 바인딩한다. 만약 데몬셋 파드에
-이미 노드 선호도가 존재한다면 교체한다(대상 호스트를 선택하기 전에 원래 노드의 어피니티가 고려된다). 데몬셋 컨트롤러는
+이미 노드 선호도가 존재한다면 교체한다(대상 호스트를 선택하기 전에
+원래 노드의 어피니티가 고려된다). 데몬셋 컨트롤러는
데몬셋 파드를 만들거나 수정할 때만 이런 작업을 수행하며,
데몬셋의 `spec.template` 은 변경되지 않는다.
@@ -152,10 +167,12 @@ nodeAffinity:
- **푸시(Push)**: 데몬셋의 파드는 통계 데이터베이스와 같은 다른 서비스로 업데이트를 보내도록
구성되어있다. 그들은 클라이언트들을 가지지 않는다.
-- **노드IP와 알려진 포트**: 데몬셋의 파드는 `호스트 포트`를 사용할 수 있으며, 노드IP를 통해 파드에 접근할 수 있다. 클라이언트는 노드IP를 어떻게든지 알고 있으며, 관례에 따라 포트를 알고 있다.
+- **노드IP와 알려진 포트**: 데몬셋의 파드는 `호스트 포트`를 사용할 수 있으며,
+ 노드IP를 통해 파드에 접근할 수 있다.
+ 클라이언트는 노드IP를 어떻게든지 알고 있으며, 관례에 따라 포트를 알고 있다.
- **DNS**: 동일한 파드 셀렉터로 [헤드리스 서비스](/ko/docs/concepts/services-networking/service/#헤드리스-headless-서비스)를 만들고,
- 그 다음에 `엔드포인트` 리소스를 사용해서 데몬셋을 찾거나 DNS에서 여러 A레코드를
- 검색한다.
+ 그 다음에 `엔드포인트` 리소스를 사용해서 데몬셋을 찾거나
+ DNS에서 여러 A레코드를 검색한다.
- **서비스**: 동일한 파드 셀렉터로 서비스를 생성하고, 서비스를 사용해서
임의의 노드의 데몬에 도달한다(특정 노드에 도달할 방법이 없다).
diff --git a/content/ko/docs/concepts/workloads/controllers/job.md b/content/ko/docs/concepts/workloads/controllers/job.md
index 6cdab2d6c5..c24beb0fca 100644
--- a/content/ko/docs/concepts/workloads/controllers/job.md
+++ b/content/ko/docs/concepts/workloads/controllers/job.md
@@ -304,7 +304,7 @@ spec:
### 완료된 잡을 위한 TTL 메커니즘
-{{< feature-state for_k8s_version="v1.12" state="alpha" >}}
+{{< feature-state for_k8s_version="v1.21" state="beta" >}}
완료된 잡 (`Complete` 또는 `Failed`)을 자동으로 정리하는 또 다른 방법은
잡의 `.spec.ttlSecondsAfterFinished` 필드를 지정해서 완료된 리소스에 대해
@@ -342,11 +342,6 @@ spec:
삭제되도록 할 수 있다. 만약 필드를 설정하지 않으면, 이 잡이 완료된
후에 TTL 컨트롤러에 의해 정리되지 않는다.
-이 TTL 메커니즘은 기능 게이트 `TTLAfterFinished`와 함께 알파 단계이다. 더
-자세한 정보는 완료된 리소스를 위한
-[TTL 컨트롤러](/ko/docs/concepts/workloads/controllers/ttlafterfinished/)
-문서를 본다.
-
## 잡 패턴
잡 오브젝트를 사용해서 신뢰할 수 있는 파드의 병렬 실행을 지원할 수 있다. 잡 오브젝트는 과학
diff --git a/content/ko/docs/concepts/workloads/controllers/statefulset.md b/content/ko/docs/concepts/workloads/controllers/statefulset.md
index 3a1f784259..e231770cc5 100644
--- a/content/ko/docs/concepts/workloads/controllers/statefulset.md
+++ b/content/ko/docs/concepts/workloads/controllers/statefulset.md
@@ -213,9 +213,9 @@ web-0이 실패할 경우 web-1은 web-0이 Running 및 Ready 상태가
`OrderedReady` 파드 관리는 스테이트풀셋의 기본이다.
이것은 [위에서](#디플로이먼트와-스케일-보증) 설명한 행위를 구현한다.
-#### 병렬 파드 관리
+#### Parallel 파드 관리
-`병렬` 파드 관리는 스테이트풀셋 컨트롤러에게 모든 파드를
+`Parallel` 파드 관리는 스테이트풀셋 컨트롤러에게 모든 파드를
병렬로 실행 또는 종료하게 한다. 그리고 다른 파드의 실행이나
종료에 앞서 파드가 Running 및 Ready 상태가 되거나 완전히 종료되기를 기다리지 않는다.
이 옵션은 오직 스케일링 작업에 대한 동작에만 영향을 미친다. 업데이트는 영향을
diff --git a/content/ko/docs/concepts/workloads/pods/_index.md b/content/ko/docs/concepts/workloads/pods/_index.md
index 8645053bef..22b98b705c 100644
--- a/content/ko/docs/concepts/workloads/pods/_index.md
+++ b/content/ko/docs/concepts/workloads/pods/_index.md
@@ -32,10 +32,10 @@ _파드_ (고래 떼(pod of whales)나 콩꼬투리(pea pod)와 마찬가지로)
## 파드란 무엇인가?
{{< note >}}
-[도커](https://www.docker.com/)가 가장 일반적으로
-잘 알려진 런타임이지만, 쿠버네티스는 도커보다
-{{< glossary_tooltip text="컨테이너 런타임" term_id="container-runtime" >}}을
-더 많이 지원하며, 도커의 일부 용어를 사용하면 파드를 설명하는 데 도움이 된다.
+[도커](https://www.docker.com/)가 가장 일반적으로 잘 알려진
+{{< glossary_tooltip text="컨테이너 런타임" term_id="container-runtime" >}}이지만,
+쿠버네티스는 도커 외에도 다양한 컨테이너 런타임을 지원하며,
+파드를 설명할 때 도커 관련 용어를 사용하면 더 쉽게 설명할 수 있다.
{{< /note >}}
파드의 공유 콘텍스트는 리눅스 네임스페이스, 컨트롤 그룹(cgroup) 및
diff --git a/content/ko/docs/concepts/workloads/pods/disruptions.md b/content/ko/docs/concepts/workloads/pods/disruptions.md
index 02730d4306..497d857d11 100644
--- a/content/ko/docs/concepts/workloads/pods/disruptions.md
+++ b/content/ko/docs/concepts/workloads/pods/disruptions.md
@@ -31,7 +31,7 @@ weight: 60
- 클라우드 공급자 또는 하이퍼바이저의 오류로 인한 VM 장애
- 커널 패닉
- 클러스터 네트워크 파티션의 발생으로 클러스터에서 노드가 사라짐
-- 노드의 [리소스 부족](/docs/tasks/administer-cluster/out-of-resource/)으로 파드가 축출됨
+- 노드의 [리소스 부족](/docs/concepts/scheduling-eviction/node-pressure-eviction/)으로 파드가 축출됨
리소스 부족을 제외한 나머지 조건은 대부분의 사용자가 익숙할 것이다.
왜냐하면
@@ -76,7 +76,7 @@ weight: 60
- 복제된 애플리케이션의 구동 시 훨씬 더 높은 가용성을 위해 랙 전체
([안티-어피니티](/ko/docs/concepts/scheduling-eviction/assign-pod-node/#파드간-어피니티와-안티-어피니티) 이용)
또는 영역 간
- ([다중 영역 클러스터](/docs/setup/multiple-zones)를 이용한다면)에
+ ([다중 영역 클러스터](/ko/docs/setup/best-practices/multiple-zones/)를 이용한다면)에
애플리케이션을 분산해야 한다.
자발적 중단의 빈도는 다양하다. 기본적인 쿠버네티스 클러스터에서는 자동화된 자발적 중단은 발생하지 않는다(사용자가 지시한 자발적 중단만 발생한다).
@@ -86,9 +86,10 @@ weight: 60
단편화를 제거하고 노드의 효율을 높이는 과정에서 자발적 중단을 야기할 수 있다.
클러스터 관리자 또는 호스팅 공급자는
예측 가능한 자발적 중단 수준에 대해 문서화해야 한다.
-파드 스펙 안에 [프라이어리티클래스 사용하기](/ko/docs/concepts/configuration/pod-priority-preemption/)와 같은 특정 환경설정 옵션
+파드 스펙 안에 [프라이어리티클래스 사용하기](/ko/docs/concepts/scheduling-eviction/pod-priority-preemption/)와 같은 특정 환경설정 옵션
또한 자발적(+ 비자발적) 중단을 유발할 수 있다.
+
## 파드 disruption budgets
{{< feature-state for_k8s_version="v1.21" state="stable" >}}
diff --git a/content/ko/docs/concepts/workloads/pods/pod-lifecycle.md b/content/ko/docs/concepts/workloads/pods/pod-lifecycle.md
index 71523e183a..010694409e 100644
--- a/content/ko/docs/concepts/workloads/pods/pod-lifecycle.md
+++ b/content/ko/docs/concepts/workloads/pods/pod-lifecycle.md
@@ -39,7 +39,7 @@ ID([UID](/ko/docs/concepts/overview/working-with-objects/names/#uids))가
파드는 자체적으로 자가 치유되지 않는다. 파드가
{{< glossary_tooltip text="노드" term_id="node" >}}에 스케줄된 후에 해당 노드가 실패하면, 파드는 삭제된다. 마찬가지로, 파드는
-리소스 부족 또는 노드 유지 관리 작업으로 인해 축출되지 않는다. 쿠버네티스는
+리소스 부족 또는 노드 유지 관리 작업으로 인한 축출에서 살아남지 못한다. 쿠버네티스는
{{< glossary_tooltip term_id="controller" text="컨트롤러" >}}라
부르는 하이-레벨 추상화를 사용하여
상대적으로 일회용인 파드 인스턴스를 관리하는 작업을 처리한다.
@@ -304,13 +304,23 @@ kubelet은 실행 중인 컨테이너들에 대해서 선택적으로 세 가지
보일 수도 있지만, 스팩에 준비성 프로브가 존재한다는 것은 파드가
트래픽을 받지 않는 상태에서 시작되고 프로브가 성공하기 시작한 이후에만
트래픽을 받는다는 뜻이다.
-만약 컨테이너가 대량의 데이터, 설정 파일들,
-또는 시동 중 마그레이션을 처리해야 한다면, 준비성 프로브를 지정하길 바란다.
-만약 당신의 컨테이너가 유지 관리를 위해서 자체 중단되게 하려면,
+만약 컨테이너가 유지 관리를 위해서 자체 중단되게 하려면,
준비성 프로브를 지정하길 바란다.
준비성 프로브는 활성 프로브와는 다르게 준비성에 특정된 엔드포인트를 확인한다.
+만약 애플리케이션이 백엔드 서비스에 엄격한 의존성이 있다면,
+활성 프로브와 준비성 프로브 모두 활용할 수도 있다. 활성 프로브는 애플리케이션 스스로가 건강한 상태면
+통과하지만, 준비성 프로브는 추가적으로 요구되는 각 백-엔드 서비스가 가용한지 확인한다. 이를 이용하여,
+오류 메시지만 응답하는 파드로
+트래픽이 가는 것을 막을 수 있다.
+
+만약 컨테이너가 시동 시 대량 데이터의 로딩, 구성 파일, 또는
+마이그레이션에 대한 작업을
+수행해야 한다면, [스타트업 프로브](#언제-스타트업-프로브를-사용해야-하는가)를 사용하면 된다. 그러나, 만약
+failed 애플리케이션과 시동 중에 아직 데이터를 처리하고 있는 애플리케이션을 구분하여 탐지하고
+싶다면, 준비성 프로브를 사용하는 것이 더 적합할 것이다.
+
{{< note >}}
파드가 삭제될 때 요청들을 흘려 보내기(drain) 위해
준비성 프로브가 꼭 필요한 것은 아니다. 삭제 시에, 파드는
diff --git a/content/ko/docs/concepts/workloads/pods/pod-topology-spread-constraints.md b/content/ko/docs/concepts/workloads/pods/pod-topology-spread-constraints.md
index 2601f5c871..304471bb28 100644
--- a/content/ko/docs/concepts/workloads/pods/pod-topology-spread-constraints.md
+++ b/content/ko/docs/concepts/workloads/pods/pod-topology-spread-constraints.md
@@ -15,7 +15,7 @@ obsolete -->
{{< note >}}
v1.18 이전 버전의 쿠버네티스에서는 파드 토폴로지 분배 제약조건을 사용하려면
[API 서버](/ko/docs/concepts/overview/components/#kube-apiserver)와
-[스케줄러](/docs/reference/generated/kube-scheduler/)에서
+[스케줄러](/docs/reference/command-line-tools-reference/kube-scheduler/)에서
`EvenPodsSpread`[기능 게이트](/ko/docs/reference/command-line-tools-reference/feature-gates/)를
활성화해야 한다
{{< /note >}}
@@ -82,12 +82,11 @@ spec:
사용자는 하나 또는 다중 `topologySpreadConstraint` 를 정의해서 kube-scheduler 에게 클러스터에 걸쳐 있는 기존 파드와 시작하는 각각의 파드와 연관하여 배치하는 방법을 명령할 수 있다. 필드는 다음과 같다.
- **maxSkew** 는 파드가 균등하지 않게 분산될 수 있는 정도를 나타낸다.
- 이것은 주어진 토폴로지 유형의 임의의 두 토폴로지 도메인에 일치하는
- 파드의 수 사이에서 허용되는 차이의 최댓값이다. 이것은 0보다는 커야
- 한다. 그 의미는 `whenUnsatisfiable` 의 값에 따라 다르다.
+ 이것은 0보다는 커야 한다. 그 의미는 `whenUnsatisfiable` 의 값에 따라 다르다.
- `whenUnsatisfiable` 이 "DoNotSchedule"과 같을 때, `maxSkew` 는
- 대상 토폴로지에서 일치하는 파드 수와 전역 최솟값 사이에
- 허용되는 최대 차이이다.
+ 대상 토폴로지에서 일치하는 파드 수와 전역 최솟값
+ (토폴로지 도메인에서 레이블 셀렉터와 일치하는 최소 파드 수. 예를 들어 3개의 영역에 각각 0, 2, 3개의 일치하는 파드가 있으면, 전역 최솟값은 0)
+ 사이에 허용되는 최대 차이이다.
- `whenUnsatisfiable` 이 "ScheduleAnyway"와 같으면, 스케줄러는
왜곡을 줄이는데 도움이 되는 토폴로지에 더 높은 우선 순위를 부여한다.
- **topologyKey** 는 노드 레이블의 키다. 만약 두 노드가 이 키로 레이블이 지정되고, 레이블이 동일한 값을 가진다면 스케줄러는 두 노드를 같은 토폴로지에 있는것으로 여기게 된다. 스케줄러는 각 토폴로지 도메인에 균형잡힌 수의 파드를 배치하려고 시도한다.
@@ -96,6 +95,8 @@ spec:
- `ScheduleAnyway` 는 스케줄러에게 차이(skew)를 최소화하는 노드에 높은 우선 순위를 부여하면서, 스케줄링을 계속하도록 지시한다.
- **labelSelector** 는 일치하는 파드를 찾는데 사용된다. 이 레이블 셀렉터와 일치하는 파드의 수를 계산하여 해당 토폴로지 도메인에 속할 파드의 수를 결정한다. 자세한 내용은 [레이블 셀렉터](/ko/docs/concepts/overview/working-with-objects/labels/#레이블-셀렉터)를 참조한다.
+파드에 2개 이상의 `topologySpreadConstraint`가 정의되어 있으면, 각 제약 조건은 AND로 연결된다 - kube-scheduler는 새로운 파드의 모든 제약 조건을 만족하는 노드를 찾는다.
+
사용자는 `kubectl explain Pod.spec.topologySpreadConstraints` 를 실행해서 이 필드에 대한 자세한 내용을 알 수 있다.
### 예시: 단수 토폴로지 분배 제약 조건
@@ -387,7 +388,8 @@ profiles:
## 알려진 제한사항
-- 디플로이먼트를 스케일링 다운하면 그 결과로 파드의 분포가 불균형이 될 수 있다.
+- 파드가 제거된 이후에도 제약 조건이 계속 충족된다는 보장은 없다. 예를 들어 디플로이먼트를 스케일링 다운하면 그 결과로 파드의 분포가 불균형해질 수 있다.
+[Descheduler](https://github.com/kubernetes-sigs/descheduler)를 사용하여 파드 분포를 다시 균형있게 만들 수 있다.
- 파드와 일치하는 테인트(taint)가 된 노드가 존중된다. [이슈 80921](https://github.com/kubernetes/kubernetes/issues/80921)을 본다.
## {{% heading "whatsnext" %}}
diff --git a/content/ko/docs/contribute/_index.md b/content/ko/docs/contribute/_index.md
index 0582739545..dcb7a68f49 100644
--- a/content/ko/docs/contribute/_index.md
+++ b/content/ko/docs/contribute/_index.md
@@ -46,7 +46,7 @@ card:
1. CNCF [Contributor License Agreement](https://github.com/kubernetes/community/blob/master/CLA.md)에 서명합니다.
1. [문서 리포지터리](https://github.com/kubernetes/website)와 웹사이트의
[정적 사이트 생성기](https://gohugo.io)를 숙지합니다.
-1. [풀 리퀘스트 열기](/ko/docs/contribute/new-content/new-content/)와
+1. [풀 리퀘스트 열기](/ko/docs/contribute/new-content/open-a-pr/)와
[변경 검토](/ko/docs/contribute/review/reviewing-prs/)의
기본 프로세스를 이해하도록 합니다.
@@ -60,7 +60,7 @@ card:
기여할 수 있는 다양한 방법에 대해 알아봅니다.
- [`kubernetes/website` 이슈 목록](https://github.com/kubernetes/website/issues/)을
확인하여 좋은 진입점이 되는 이슈를 찾을 수 있습니다.
-- 기존 문서에 대해 [GitHub을 사용해서 풀 리퀘스트 열거나](/ko/docs/contribute/new-content/new-content/#github을-사용하여-변경하기)
+- 기존 문서에 대해 [GitHub을 사용해서 풀 리퀘스트 열거나](/ko/docs/contribute/new-content/open-a-pr/#github을-사용하여-변경하기)
GitHub에서의 이슈 제기에 대해 자세히 알아봅니다.
- 정확성과 언어에 대해 다른 쿠버네티스 커뮤니티 맴버의
[풀 리퀘스트 검토](/ko/docs/contribute/review/reviewing-prs/)를 합니다.
@@ -71,7 +71,7 @@ card:
## 다음 단계
-- 리포지터리의 [로컬 복제본에서 작업](/ko/docs/contribute/new-content/new-content/#fork-the-repo)하는
+- 리포지터리의 [로컬 복제본에서 작업](/ko/docs/contribute/new-content/open-a-pr/#fork-the-repo)하는
방법을 배워봅니다.
- [릴리스된 기능](/docs/contribute/new-content/new-features/)을 문서화 합니다.
- [SIG Docs](/ko/docs/contribute/participate/)에 참여하고,
@@ -96,6 +96,6 @@ SIG Docs는 여러가지 방법으로 의견을 나누고 있습니다.
## 다른 기여 방법들
-- [쿠버네티스 커뮤니티 사이트](/community/)를 방문하십시오. 트위터 또는 스택 오버플로우에 참여하고, 현지 쿠버네티스 모임과 이벤트 등에 대해 알아봅니다.
+- [쿠버네티스 커뮤니티 사이트](/ko/community/)를 방문하십시오. 트위터 또는 스택 오버플로우에 참여하고, 현지 쿠버네티스 모임과 이벤트 등에 대해 알아봅니다.
- [기여자 치트시트](https://github.com/kubernetes/community/tree/master/contributors/guide/contributor-cheatsheet)를 읽고 쿠버네티스 기능 개발에 참여합니다.
- [블로그 게시물 또는 사례 연구](/docs/contribute/new-content/blogs-case-studies/)를 제출합니다.
diff --git a/content/ko/docs/contribute/analytics.md b/content/ko/docs/contribute/analytics.md
new file mode 100644
index 0000000000..d96d1ed576
--- /dev/null
+++ b/content/ko/docs/contribute/analytics.md
@@ -0,0 +1,25 @@
+---
+title: 사이트 분석 보기
+content_type: concept
+weight: 100
+card:
+ name: contribute
+ weight: 100
+---
+
+
+
+이 페이지는 kubernetes.io 사이트 분석을 제공하는 대시보드에 대한 정보를 담고 있다.
+
+
+
+
+[대시보드 보기](https://datastudio.google.com/reporting/fede2672-b2fd-402a-91d2-7473bdb10f04).
+
+이 대시보드는 Google Data Studio를 사용하여 구축되었으며 kubernetes.io에서 Google Analytics를 사용하여 수집한 정보를 보여준다.
+
+### 대시보드 사용
+
+기본적으로 대시보드는 지난 30일 동안 수집된 모든 데이터의 분석을 제공한다. 날짜 선택을 통해 특정 날짜 범위의 데이터를 볼 수 있다. 그 외 필터링 옵션을 사용하면, 사용자의 위치, 사이트에 접속하는데 사용된 장치, 번역된 문서 언어 등을 기준으로 데이터를 확인할 수 있다.
+
+ 이 대시보드에 문제가 있거나 개선을 요청하려면, [이슈를 오픈](https://github.com/kubernetes/website/issues/new/choose) 한다.
diff --git a/content/ko/docs/contribute/generate-ref-docs/quickstart.md b/content/ko/docs/contribute/generate-ref-docs/quickstart.md
index 6e3fbb5263..6855696b9d 100644
--- a/content/ko/docs/contribute/generate-ref-docs/quickstart.md
+++ b/content/ko/docs/contribute/generate-ref-docs/quickstart.md
@@ -18,7 +18,7 @@ weight: 40
## `website` 저장소 클론하기 {#Getting-the-docs-repository}
-개인 계정에 있는 포크 버전의 `website` 저장소가 `kubernetes/website` 저장소의 master 브랜치만큼 최신인지 확인한 뒤,
+개인 계정에 있는 포크 버전의 `website` 저장소가 GitHub에 있는 `kubernetes/website` 저장소(`main` 브랜치)의 최신 상태와 일치하는지 확인한 뒤,
개인 계정에 있는 포크 버전의 `website` 저장소를 로컬 개발 환경으로 클론한다.
```shell
@@ -171,7 +171,7 @@ cd /update-imported-docs
`release.yml` 환경설정 파일은 상대경로 링크를 수정하는 방법을 포함하고 있다.
임포트하는 파일 안에 있는 상대경로 링크를 수정하려면, `gen-absolute-links` 필드를
`true` 로 명시한다. 이에 대한 예시는
-[`release.yml`](https://github.com/kubernetes/website/blob/master/update-imported-docs/release.yml) 에서 볼 수 있다.
+[`release.yml`](https://github.com/kubernetes/website/blob/main/update-imported-docs/release.yml) 에서 볼 수 있다.
## `kubernetes/website` 의 변경사항을 커밋하기 {#Adding-and-committing-changes-in-kubernetes-website}
diff --git a/content/ko/docs/contribute/localization_ko.md b/content/ko/docs/contribute/localization_ko.md
index fe506a7bb1..e2e10f01cc 100644
--- a/content/ko/docs/contribute/localization_ko.md
+++ b/content/ko/docs/contribute/localization_ko.md
@@ -133,7 +133,7 @@ weight: 10
### API 오브젝트 용어 한글화 방침
일반적으로 `kubectl api-resources` 결과의 `kind` 에 해당하는 API 오브젝트는
-[국립국어원 외래어 표기법](http://kornorms.korean.go.kr/regltn/regltnView.do?regltn_code=0003#a)에
+[국립국어원 외래어 표기법](https://kornorms.korean.go.kr/regltn/regltnView.do?regltn_code=0003#a)에
따라 한글로 표기하고 영문을 병기한다. 예를 들면 다음과 같다.
API 오브젝트(kind) | 한글화(외래어 표기 및 영문 병기)
diff --git a/content/ko/docs/contribute/new-content/open-a-pr.md b/content/ko/docs/contribute/new-content/open-a-pr.md
index 552a6e1a0c..a1f0178b3c 100644
--- a/content/ko/docs/contribute/new-content/open-a-pr.md
+++ b/content/ko/docs/contribute/new-content/open-a-pr.md
@@ -127,7 +127,7 @@ git에 익숙하거나, 변경 사항이 몇 줄보다 클 경우,
upstream https://github.com/kubernetes/website.git (push)
```
-6. 포크의 `origin/master` 와 `kubernetes/website` 의 `upstream/master` 에서 커밋을 가져온다.
+6. 포크의 `origin/main` 와 `kubernetes/website` 의 `upstream/main` 에서 커밋을 가져온다.
```bash
git fetch origin
@@ -137,15 +137,15 @@ git에 익숙하거나, 변경 사항이 몇 줄보다 클 경우,
이를 통해 변경을 시작하기 전에 로컬 리포지터리가 최신 상태인지 확인한다.
{{< note >}}
- 이 워크플로는 [쿠버네티스 커뮤니티 GitHub 워크플로](https://github.com/kubernetes/community/blob/master/contributors/guide/github-workflow.md)와 다르다. 포크에 업데이트를 푸시하기 전에 로컬의 `master` 복사본을 `upstream/master` 와 병합할 필요가 없다.
+ 이 워크플로는 [쿠버네티스 커뮤니티 GitHub 워크플로](https://github.com/kubernetes/community/blob/master/contributors/guide/github-workflow.md)와 다르다. 포크에 업데이트를 푸시하기 전에 로컬의 `main` 복사본을 `upstream/main` 와 병합할 필요가 없다.
{{< /note >}}
### 브랜치 만들기
1. 작업할 브랜치 기반을 결정한다.
- - 기존 콘텐츠를 개선하려면, `upstream/master` 를 사용한다.
- - 기존 기능에 대한 새로운 콘텐츠를 작성하려면, `upstream/master` 를 사용한다.
+ - 기존 콘텐츠를 개선하려면, `upstream/main` 를 사용한다.
+ - 기존 기능에 대한 새로운 콘텐츠를 작성하려면, `upstream/main` 를 사용한다.
- 현지화된 콘텐츠의 경우, 현지화 규칙을 사용한다. 자세한 내용은 [쿠버네티스 문서 현지화](/ko/docs/contribute/localization_ko/)를 참고한다.
- 다가오는 쿠버네티스 릴리스의 새로운 기능에 대해서는 기능 브랜치(feature branch)를 사용한다. 자세한 정보는 [릴리스 문서화](/docs/contribute/new-content/new-features/)를 참고한다.
- 콘텐츠 재구성과 같이 여러 SIG Docs 기여자들이 협업하는 장기적인 작업에는,
@@ -154,10 +154,10 @@ git에 익숙하거나, 변경 사항이 몇 줄보다 클 경우,
브랜치 선택에 도움이 필요하면, 슬랙 채널 `#sig-docs` 에 문의한다.
-2. 1단계에서 식별된 브랜치를 기반으로 새 브랜치를 작성한다. 이 예에서는 기본 브랜치가 `upstream/master` 라고 가정한다.
+2. 1단계에서 식별된 브랜치를 기반으로 새 브랜치를 작성한다. 이 예에서는 기본 브랜치가 `upstream/main` 라고 가정한다.
```bash
- git checkout -b upstream/master
+ git checkout -b upstream/main
```
3. 텍스트 편집기를 사용하여 변경한다.
@@ -264,7 +264,7 @@ website의 컨테이너 이미지를 만들거나 Hugo를 로컬에서 실행할
또는, 컴퓨터에 `hugo` 명령을 설치하여 사용한다.
-1. [`website/netlify.toml`](https://raw.githubusercontent.com/kubernetes/website/master/netlify.toml)에 지정된 [Hugo](https://gohugo.io/getting-started/installing/) 버전을 설치한다.
+1. [`website/netlify.toml`](https://raw.githubusercontent.com/kubernetes/website/main/netlify.toml)에 지정된 [Hugo](https://gohugo.io/getting-started/installing/) 버전을 설치한다.
2. website 리포지터리를 업데이트하지 않았다면, `website/themes/docsy` 디렉터리가 비어 있다.
테마의 로컬 복제본이 없으면 사이트를 빌드할 수 없다. website 테마를 업데이트하려면, 다음을 실행한다.
@@ -372,11 +372,11 @@ PR을 연 후, GitHub는 자동 테스트를 실행하고 [Netlify](https://www.
git push --force-with-lease origin
```
-2. `kubernetes/website` 의 `upstream/master` 에 대한 변경 사항을 가져오고 브랜치를 리베이스한다.
+2. `kubernetes/website` 의 `upstream/main` 에 대한 변경 사항을 가져오고 브랜치를 리베이스한다.
```bash
git fetch upstream
- git rebase upstream/master
+ git rebase upstream/main
```
3. 리베이스의 결과를 검사한다.
diff --git a/content/ko/docs/contribute/new-content/overview.md b/content/ko/docs/contribute/new-content/overview.md
index 5c8f6569da..540f1e6c12 100644
--- a/content/ko/docs/contribute/new-content/overview.md
+++ b/content/ko/docs/contribute/new-content/overview.md
@@ -42,7 +42,7 @@ CLA에 서명하지 않은 기여자의 풀 리퀘스트(pull request)는 자동
시나리오 | 브랜치
:---------|:------------
-현재 릴리스의 기존 또는 새로운 영어 콘텐츠 | `master`
+현재 릴리스의 기존 또는 새로운 영어 콘텐츠 | `main`
기능 변경 릴리스의 콘텐츠 | `dev-` 패턴을 사용하여 기능 변경이 있는 주 버전과 부 버전에 해당하는 브랜치. 예를 들어, `v{{< skew nextMinorVersion >}}` 에서 기능이 변경된 경우, ``dev-{{< skew nextMinorVersion >}}`` 에 문서 변경을 추가한다.
다른 언어로된 콘텐츠(현지화) | 현지화 규칙을 사용. 자세한 내용은 [현지화 브랜치 전략](/docs/contribute/localization/#branching-strategy)을 참고한다.
@@ -60,6 +60,6 @@ PR 당 하나의 언어로 풀 리퀘스트를 제한한다. 여러 언어로
## 기여자를 위한 도구들
-`kubernetes/website` 리포지터리의 [문서 기여자를 위한 도구](https://github.com/kubernetes/website/tree/master/content/en/docs/doc-contributor-tools) 디렉터리에는 기여 여정이 좀 더 순조롭게 진행되도록 도와주는 도구들이 포함되어 있다.
+`kubernetes/website` 리포지터리의 [문서 기여자를 위한 도구](https://github.com/kubernetes/website/tree/main/content/en/docs/doc-contributor-tools) 디렉터리에는 기여 여정이 좀 더 순조롭게 진행되도록 도와주는 도구들이 포함되어 있다.
diff --git a/content/ko/docs/contribute/participate/_index.md b/content/ko/docs/contribute/participate/_index.md
index ef271ca31c..c2d9aed771 100644
--- a/content/ko/docs/contribute/participate/_index.md
+++ b/content/ko/docs/contribute/participate/_index.md
@@ -73,8 +73,8 @@ GitHub의 SIG Docs [팀]에는 두 분류가 있다.
- approve
이 두 플러그인은 `kubernetes/website` GitHub 리포지터리 최상위 수준에 있는
-[OWNERS](https://github.com/kubernetes/website/blob/master/OWNERS)와
-[OWNERS_ALIASES](https://github.com/kubernetes/website/blob/master/OWNERS_ALIASES)
+[OWNERS](https://github.com/kubernetes/website/blob/main/OWNERS)와
+[OWNERS_ALIASES](https://github.com/kubernetes/website/blob/main/OWNERS_ALIASES)
파일을 사용해서
해당 리포지터리에 대해 prow가 작동하는 방식을 제어한다.
@@ -94,7 +94,7 @@ PR 소유자에게 조언하는데 활용된다.
## 병합 작업 방식
풀 리퀘스트 요청이 콘텐츠를 발행하는데 사용하는
-브랜치에 병합되면, 해당 콘텐츠는 http://kubernetes.io 에 공개된다. 게시된 콘텐츠의
+브랜치에 병합되면, 해당 콘텐츠는 https://kubernetes.io 에 공개된다. 게시된 콘텐츠의
품질을 높히기 위해 SIG Docs 승인자가 풀 리퀘스트를 병합하는 것을 제한한다.
작동 방식은 다음과 같다.
diff --git a/content/ko/docs/contribute/participate/pr-wranglers.md b/content/ko/docs/contribute/participate/pr-wranglers.md
index 30c0979969..674696ee90 100644
--- a/content/ko/docs/contribute/participate/pr-wranglers.md
+++ b/content/ko/docs/contribute/participate/pr-wranglers.md
@@ -19,7 +19,7 @@ PR 랭글러는 일주일 간 매일 다음의 일을 해야 한다.
- 매일 새로 올라오는 이슈를 심사하고 태그를 지정한다. SIG Docs가 메타데이터를 사용하는 방법에 대한 지침은 [이슈 심사 및 분류](/ko/docs/contribute/review/for-approvers/#이슈-심사와-분류)를 참고한다.
- [스타일](/docs/contribute/style/style-guide/)과 [콘텐츠](/docs/contribute/style/content-guide/) 가이드를 준수하는지에 대해 [열린(open) 풀 리퀘스트](https://github.com/kubernetes/website/pulls)를 매일 리뷰한다.
- 가장 작은 PR(`size/XS`)부터 시작하고, 가장 큰(`size/XXL`) PR까지 리뷰한다. 가능한 한 많은 PR을 리뷰한다.
-- PR 기여자들이 [CLA]()에 서명했는지 확인한다.
+- PR 기여자들이 [CLA](https://github.com/kubernetes/community/blob/master/CLA.md)에 서명했는지 확인한다.
- CLA에 서명하지 않은 기여자에게 CLA에 서명하도록 알리려면 [이](https://github.com/zparnold/k8s-docs-pr-botherer) 스크립트를 사용한다.
- 제안된 변경 사항에 대한 피드백을 제공하고 다른 SIG의 멤버에게 기술 리뷰를 요청한다.
- 제안된 콘텐츠 변경에 대해 PR에 인라인 제안(inline suggestion)을 제공한다.
@@ -45,8 +45,8 @@ PR 랭글러는 일주일 간 매일 다음의 일을 해야 한다.
지정한다. 콘텐츠에 대한 작업이 필요하다면, 제안하거나 인라인 피드백을 추가한다.
- [LGTM 보유, 문서 승인 필요](https://github.com/kubernetes/website/pulls?q=is%3Aopen+is%3Apr+-label%3Ado-not-merge%2Fwork-in-progress+-label%3Ado-not-merge%2Fhold+label%3Alanguage%2Fen+label%3Algtm+):
병합을 위해 `/approve` 코멘트가 필요한 PR을 나열한다.
-- [퀵윈(Quick Wins)](https://github.com/kubernetes/website/pulls?utf8=%E2%9C%93&q=is%3Apr+is%3Aopen+base%3Amaster+-label%3A%22do-not-merge%2Fwork-in-progress%22+-label%3A%22do-not-merge%2Fhold%22+label%3A%22cncf-cla%3A+yes%22+label%3A%22size%2FXS%22+label%3A%22language%2Fen%22): 명확한 결격 사유가 없는 메인 브랜치에 대한 PR을 나열한다. ([XS, S, M, L, XL, XXL] 크기의 PR을 작업할 때 크기 레이블에서 "XS"를 변경한다)
-- [메인 브랜치이외의 브랜치에 대한 PR](https://github.com/kubernetes/website/pulls?q=is%3Aopen+is%3Apr+label%3Alanguage%2Fen+-base%3Amaster): `dev-` 브랜치에 대한 것일 경우, 곧 출시될 예정인 릴리스이다. `/assign @` 을 사용하여 [문서 릴리스 관리자](https://github.com/kubernetes/sig-release/tree/master/release-team#kubernetes-release-team-roles)를 할당한다. 오래된 브랜치에 대한 PR인 경우, PR 작성자가 가장 적합한 브랜치를 대상으로 하고 있는지 여부를 파악할 수 있도록 도와준다.
+- [퀵윈(Quick Wins)](https://github.com/kubernetes/website/pulls?utf8=%E2%9C%93&q=is%3Apr+is%3Aopen+base%3Amain+-label%3A%22do-not-merge%2Fwork-in-progress%22+-label%3A%22do-not-merge%2Fhold%22+label%3A%22cncf-cla%3A+yes%22+label%3A%22size%2FXS%22+label%3A%22language%2Fen%22): 명확한 결격 사유가 없는 메인 브랜치에 대한 PR을 나열한다. ([XS, S, M, L, XL, XXL] 크기의 PR을 작업할 때 크기 레이블에서 "XS"를 변경한다)
+- [메인 브랜치이외의 브랜치에 대한 PR](https://github.com/kubernetes/website/pulls?q=is%3Aopen+is%3Apr+label%3Alanguage%2Fen+-base%3Amain): `dev-` 브랜치에 대한 것일 경우, 곧 출시될 예정인 릴리스이다. `/assign @` 을 사용하여 [문서 릴리스 관리자](https://github.com/kubernetes/sig-release/tree/master/release-team#kubernetes-release-team-roles)를 할당한다. 오래된 브랜치에 대한 PR인 경우, PR 작성자가 가장 적합한 브랜치를 대상으로 하고 있는지 여부를 파악할 수 있도록 도와준다.
### 랭글러를 위한 유용한 Prow 명령어
diff --git a/content/ko/docs/contribute/participate/roles-and-responsibilities.md b/content/ko/docs/contribute/participate/roles-and-responsibilities.md
index 448502c0c3..ad27eea6ff 100644
--- a/content/ko/docs/contribute/participate/roles-and-responsibilities.md
+++ b/content/ko/docs/contribute/participate/roles-and-responsibilities.md
@@ -29,7 +29,7 @@ GitHub 계정을 가진 누구나 쿠버네티스에 기여할 수 있다. SIG D
이슈를 올린다.
- 풀 리퀘스트에 대해 구속력 없는 피드백을 제공한다.
- 현지화에 기여한다.
-- [슬랙](http://slack.k8s.io/) 또는
+- [슬랙](https://slack.k8s.io/) 또는
[SIG docs 메일링 리스트](https://groups.google.com/forum/#!forum/kubernetes-sig-docs)에 개선을 제안한다.
[CLA에 서명](/ko/docs/contribute/new-content/overview/#sign-the-cla) 후에 누구나 다음을 할 수 있다.
@@ -144,14 +144,14 @@ LGTM은 "Looks good to me"의 약자이며 풀 리퀘스트가 기술적으로
지원하려면, 다음을 수행한다.
1. `kubernetes/website` 리포지터리 내
- [OWNERS_ALIASES](https://github.com/kubernetes/website/blob/master/OWNERS) 파일의 섹션에
+ [OWNERS_ALIASES](https://github.com/kubernetes/website/blob/main/OWNERS) 파일의 섹션에
여러분의 GitHub 사용자 이름을 추가하는 풀 리퀘스트를 연다.
-
- {{< note >}}
- 자신을 추가할 위치가 확실하지 않으면, `sig-docs-ko-reviews` 에 추가한다.
- {{< /note >}}
-
-1. PR을 하나 이상의 SIG-Docs 승인자(`sig-docs-{language}-owners` 에
+
+ {{< note >}}
+ 자신을 추가할 위치가 확실하지 않으면, `sig-docs-ko-reviews` 에 추가한다.
+ {{< /note >}}
+
+2. PR을 하나 이상의 SIG-Docs 승인자(`sig-docs-{language}-owners` 에
나열된 사용자 이름)에게 지정한다.
승인되면, SIG Docs 리더가 적당한 GitHub 팀에 여러분을 추가한다. 일단 추가되면,
@@ -203,7 +203,7 @@ PR은 자동으로 병합된다. SIG Docs 승인자는 추가적인 기술 리
- 주간 로테이션을 위해
[PR Wrangler 로테이션 스케줄](https://github.com/kubernetes/website/wiki/PR-Wranglers)에
참여한다. SIG Docs는 모든 승인자들이 이 로테이션에 참여할 것으로 기대한다. 자세한 내용은
- [PR 랭글러(PR wrangler)](/ko/docs/contribute/participating/pr-wranglers/)를
+ [PR 랭글러(PR wrangler)](/ko/docs/contribute/participate/pr-wranglers/)를
참고한다.
## 승인자 되기
@@ -216,7 +216,7 @@ PR은 자동으로 병합된다. SIG Docs 승인자는 추가적인 기술 리
지원하려면 다음을 수행한다.
1. `kubernetes/website` 리포지터리 내
- [OWNERS_ALIASES](https://github.com/kubernetes/website/blob/master/OWNERS)
+ [OWNERS_ALIASES](https://github.com/kubernetes/website/blob/main/OWNERS)
파일의 섹션에 자신을 추가하는 풀 리퀘스트를 연다.
{{< note >}}
@@ -231,4 +231,4 @@ PR은 자동으로 병합된다. SIG Docs 승인자는 추가적인 기술 리
## {{% heading "whatsnext" %}}
-- 모든 승인자가 교대로 수행하는 역할인 [PR 랭글러](/ko/docs/contribute/participating/pr-wranglers)에 대해 읽어보기
+- 모든 승인자가 교대로 수행하는 역할인 [PR 랭글러](/ko/docs/contribute/participate/pr-wranglers)에 대해 읽어보기
diff --git a/content/ko/docs/contribute/review/reviewing-prs.md b/content/ko/docs/contribute/review/reviewing-prs.md
index f0a164de00..e0b07a79a9 100644
--- a/content/ko/docs/contribute/review/reviewing-prs.md
+++ b/content/ko/docs/contribute/review/reviewing-prs.md
@@ -18,7 +18,7 @@ weight: 10
- 적합한 코멘트를 남길 수 있도록 [콘텐츠 가이드](/docs/contribute/style/content-guide/)와
[스타일 가이드](/docs/contribute/style/style-guide/)를 읽는다.
- 쿠버네티스 문서화 커뮤니티의 다양한
- [역할과 책임](/ko/docs/contribute/participating/#역할과-책임)을 이해한다.
+ [역할과 책임](/ko/docs/contribute/participate/#역할과-책임)을 이해한다.
@@ -87,7 +87,7 @@ weight: 10
- PR이 새로운 페이지를 소개하는가? 그렇다면,
- 페이지가 올바른 [페이지 콘텐츠 타입](/docs/contribute/style/page-content-types/)과 연관된 Hugo 단축 코드를 사용하는가?
- 섹션의 측면 탐색에 페이지가 올바르게 나타나는가?
- - 페이지가 [문서 홈](/ko/docs/home/) 목록에 나타나야 하는가?
+ - 페이지가 [문서 홈](/docs/home/) 목록에 나타나야 하는가?
- 변경 사항이 Netlify 미리보기에 표시되는가? 목록, 코드 블록, 표, 메모 및 이미지에 특히 주의한다.
### 기타
diff --git a/content/ko/docs/contribute/style/write-new-topic.md b/content/ko/docs/contribute/style/write-new-topic.md
index 7441882615..9bb3376933 100644
--- a/content/ko/docs/contribute/style/write-new-topic.md
+++ b/content/ko/docs/contribute/style/write-new-topic.md
@@ -172,4 +172,4 @@ kubectl create -f https://k8s.io/examples/pods/storage/gce-volume.yaml
## {{% heading "whatsnext" %}}
* [페이지 콘텐츠 타입 사용](/docs/contribute/style/page-content-types/)에 대해 알아보기.
-* [풀 리퀘스트 작성](/ko/docs/contribute/new-content/new-content/)에 대해 알아보기.
+* [풀 리퀘스트 작성](/ko/docs/contribute/new-content/open-a-pr/)에 대해 알아보기.
diff --git a/content/ko/docs/contribute/suggesting-improvements.md b/content/ko/docs/contribute/suggesting-improvements.md
index 7dd9f80a71..e10faf6ea8 100644
--- a/content/ko/docs/contribute/suggesting-improvements.md
+++ b/content/ko/docs/contribute/suggesting-improvements.md
@@ -10,7 +10,7 @@ card:
-쿠버네티스 문서에 문제가 있거나, 새로운 내용에 대한 아이디어가 있으면, 이슈를 연다. [GitHub 계정](https://github.com/join)과 웹 브라우저만 있으면 된다.
+쿠버네티스 문서의 문제를 발견하거나 새로운 내용에 대한 아이디어가 있으면, 이슈를 연다. [GitHub 계정](https://github.com/join)과 웹 브라우저만 있으면 된다.
대부분의 경우, 쿠버네티스 문서에 대한 새로운 작업은 GitHub의 이슈로 시작된다. 그런 다음
쿠버네티스 기여자는 필요에 따라 이슈를 리뷰, 분류하고 태그를 지정한다. 다음으로, 여러분이나
@@ -22,7 +22,7 @@ card:
## 이슈 열기
-기존 콘텐츠에 대한 개선을 제안하거나, 오류를 발견하면, 이슈를 연다.
+기존 콘텐츠에 대한 개선을 제안하고 싶거나 오류를 발견하면, 이슈를 연다.
1. 오른쪽 사이드바에서 **문서에 이슈 생성** 링크를 클릭한다. 그러면 헤더가
미리 채워진 GitHub 이슈 페이지로 리디렉션된다.
diff --git a/content/ko/docs/home/supported-doc-versions.md b/content/ko/docs/home/supported-doc-versions.md
index 07d33e49b9..35f6f9a1b0 100644
--- a/content/ko/docs/home/supported-doc-versions.md
+++ b/content/ko/docs/home/supported-doc-versions.md
@@ -7,3 +7,6 @@ card:
weight: 10
title: 사용 가능한 문서 버전
---
+
+이 웹사이트에서는 쿠버네티스 최신 버전 및
+이전 4개 버전에 대한 문서를 제공하고 있다.
diff --git a/content/ko/docs/reference/_index.md b/content/ko/docs/reference/_index.md
index a441e80783..55401988b4 100644
--- a/content/ko/docs/reference/_index.md
+++ b/content/ko/docs/reference/_index.md
@@ -9,6 +9,7 @@ content_type: concept
no_list: true
---
+
쿠버네티스 문서의 본 섹션에서는 레퍼런스를 다룬다.
@@ -37,7 +38,7 @@ no_list: true
- [쿠버네티스 Python 클라이언트 라이브러리](https://github.com/kubernetes-client/python)
- [쿠버네티스 Java 클라이언트 라이브러리](https://github.com/kubernetes-client/java)
- [쿠버네티스 JavaScript 클라이언트 라이브러리](https://github.com/kubernetes-client/javascript)
-- [쿠버네티스 Dotnet 클라이언트 라이브러리](https://github.com/kubernetes-client/csharp)
+- [쿠버네티스 C# 클라이언트 라이브러리](https://github.com/kubernetes-client/csharp)
- [쿠버네티스 Haskell 클라이언트 라이브러리](https://github.com/kubernetes-client/haskell)
## CLI
@@ -48,26 +49,26 @@ no_list: true
## 컴포넌트
-* [kubelet](/docs/reference/command-line-tools-reference/kubelet/) - 각
-노드에서 구동되는 주요한 에이전트. kubelet은 PodSpecs 집합을 가지며
+* [kubelet](/docs/reference/command-line-tools-reference/kubelet/) - 각
+노드에서 구동되는 주요한 에이전트. kubelet은 PodSpecs 집합을 가지며
기술된 컨테이너가 구동되고 있는지, 정상 작동하는지를 보장한다.
-* [kube-apiserver](/docs/reference/command-line-tools-reference/kube-apiserver/) -
-파드, 서비스, 레플리케이션 컨트롤러와 같은 API 오브젝트에 대한 검증과 구성을
+* [kube-apiserver](/docs/reference/command-line-tools-reference/kube-apiserver/) -
+파드, 서비스, 레플리케이션 컨트롤러와 같은 API 오브젝트에 대한 검증과 구성을
수행하는 REST API.
* [kube-controller-manager](/docs/reference/command-line-tools-reference/kube-controller-manager/) - 쿠버네티스에 탑재된 핵심 제어 루프를 포함하는 데몬.
-* [kube-proxy](/docs/reference/command-line-tools-reference/kube-proxy/) - 간단한
-TCP/UDP 스트림 포워딩이나 백-엔드 집합에 걸쳐서 라운드-로빈 TCP/UDP 포워딩을
+* [kube-proxy](/ko/docs/reference/command-line-tools-reference/kube-proxy/) - 간단한
+TCP/UDP 스트림 포워딩이나 백-엔드 집합에 걸쳐서 라운드-로빈 TCP/UDP 포워딩을
할 수 있다.
* [kube-scheduler](/docs/reference/command-line-tools-reference/kube-scheduler/) - 가용성, 성능 및 용량을 관리하는 스케줄러.
* [kube-scheduler 정책](/ko/docs/reference/scheduling/policies)
* [kube-scheduler 프로파일](/ko/docs/reference/scheduling/config/#여러-프로파일)
-## 환경설정 API
+## API 설정
-이 섹션은 쿠버네티스 구성요소 또는 도구를 환경설정하는 데에 사용되는
-"미발표된" API를 다룬다. 이 API들은 사용자나 관리자가 클러스터를
-사용/관리하는 데에 중요하지만, 이들 API의 대부분은 아직 API 서버가
+이 섹션은 쿠버네티스 구성요소 또는 도구를 환경설정하는 데에 사용되는
+"미발표된" API를 다룬다. 이 API들은 사용자나 관리자가 클러스터를
+사용/관리하는 데에 중요하지만, 이들 API의 대부분은 아직 API 서버가
제공하지 않는다.
* [kubelet 환경설정 (v1beta1)](/docs/reference/config-api/kubelet-config.v1beta1/)
@@ -78,6 +79,10 @@ TCP/UDP 스트림 포워딩이나 백-엔드 집합에 걸쳐서 라운드-로
* [클라이언트 인증 API (v1beta1)](/docs/reference/config-api/client-authentication.v1beta1/)
* [WebhookAdmission 환경설정 (v1)](/docs/reference/config-api/apiserver-webhookadmission.v1/)
+## kubeadm을 위한 API 설정
+
+* [v1beta2](/docs/reference/config-api/kubeadm-config.v1beta2/)
+
## 설계 문서
쿠버네티스 기능에 대한 설계 문서의 아카이브.
diff --git a/content/ko/docs/reference/access-authn-authz/service-accounts-admin.md b/content/ko/docs/reference/access-authn-authz/service-accounts-admin.md
index c5a13a5608..ca06783465 100644
--- a/content/ko/docs/reference/access-authn-authz/service-accounts-admin.md
+++ b/content/ko/docs/reference/access-authn-authz/service-accounts-admin.md
@@ -53,7 +53,7 @@ weight: 50
1. 이전 단계는 파드에 참조되는 `ServiceAccount` 가 있도록 하고, 그렇지 않으면 이를 거부한다.
1. 서비스어카운트 `automountServiceAccountToken` 와 파드의 `automountServiceAccountToken` 중 어느 것도 `false` 로 설정되어 있지 않다면, API 접근을 위한 토큰이 포함된 `volume` 을 파드에 추가한다.
1. 이전 단계에서 서비스어카운트 토큰을 위한 볼륨이 만들어졌다면, `/var/run/secrets/kubernetes.io/serviceaccount` 에 마운트된 파드의 각 컨테이너에 `volumeSource` 를 추가한다.
-1. 파드에 `ImagePullSecrets` 이 없는 경우, `ServiceAccount` 의 `ImagePullSecrets` 이 파드에 추가된다.
+1. 파드에 `imagePullSecrets` 이 없는 경우, `ServiceAccount` 의 `imagePullSecrets` 이 파드에 추가된다.
#### 바인딩된 서비스 어카운트 토큰 볼륨
@@ -86,14 +86,14 @@ weight: 50
프로젝티드 볼륨은 세 가지로 구성된다.
1. kube-apiserver로부터 TokenRequest API를 통해 얻은 서비스어카운트토큰(ServiceAccountToken). 서비스어카운트토큰은 기본적으로 1시간 뒤에, 또는 파드가 삭제될 때 만료된다. 서비스어카운트토큰은 파드에 연결되며 kube-apiserver를 위해 존재한다.
-1. kube-apiserver에 대한 연결을 확인하는 데 사용되는 CA 번들을 포함하는 컨피그맵(ConfigMap). 이 기능은 모든 네임스페이스에 "kube-root-ca.crt" 컨피그맵을 게시하는 기능 게이트인 `RootCAConfigMap`이 활성화되어 있어야 동작한다. `RootCAConfigMap`은 1.20에서 기본적으로 활성화되어 있으며, 1.21 이상에서는 항상 활성화된 상태이다.
+1. kube-apiserver에 대한 연결을 확인하는 데 사용되는 CA 번들을 포함하는 컨피그맵(ConfigMap). 이 기능은 모든 네임스페이스에 "kube-root-ca.crt" 컨피그맵을 게시하는 기능 게이트인 `RootCAConfigMap`에 의해 동작한다. `RootCAConfigMap` 기능 게이트는 1.21에서 GA로 전환되었으며 기본적으로 활성화되어 있다. (이 플래그는 1.22에서 `--feature-gate` 인자에서 제외될 예정이다.)
1. 파드의 네임스페이스를 참조하는 DownwardAPI.
상세 사항은 [프로젝티드 볼륨](/docs/tasks/configure-pod-container/configure-projected-volume-storage/)을 참고한다.
`BoundServiceAccountTokenVolume` 기능 게이트가 활성화되어 있지 않은 경우,
-위의 프로젝티드 볼륨을 파드 스펙에 추가하여 시크릿 기반 서비스 어카운트 볼륨을 프로젝티드 볼륨으로 수동으로 옮길 수 있다.
-그러나, `RootCAConfigMap`은 활성화되어 있어야 한다.
+위의 프로젝티드 볼륨을 파드 스펙에 추가하여
+시크릿 기반 서비스 어카운트 볼륨을 프로젝티드 볼륨으로 수동으로 옮길 수 있다.
### 토큰 컨트롤러
diff --git a/content/ko/docs/reference/command-line-tools-reference/feature-gates.md b/content/ko/docs/reference/command-line-tools-reference/feature-gates.md
index a658d58497..97262073a1 100644
--- a/content/ko/docs/reference/command-line-tools-reference/feature-gates.md
+++ b/content/ko/docs/reference/command-line-tools-reference/feature-gates.md
@@ -61,6 +61,7 @@ kubelet과 같은 컴포넌트의 기능 게이트를 설정하려면, 기능
| `BalanceAttachedNodeVolumes` | `false` | 알파 | 1.11 | |
| `BoundServiceAccountTokenVolume` | `false` | 알파 | 1.13 | 1.20 |
| `BoundServiceAccountTokenVolume` | `true` | 베타 | 1.21 | |
+| `ControllerManagerLeaderMigration` | `false` | 알파 | 1.21 | |
| `CPUManager` | `false` | 알파 | 1.8 | 1.9 |
| `CPUManager` | `true` | 베타 | 1.10 | |
| `CSIInlineVolume` | `false` | 알파 | 1.15 | 1.15 |
@@ -152,7 +153,8 @@ kubelet과 같은 컴포넌트의 기능 게이트를 설정하려면, 기능
| `ProbeTerminationGracePeriod` | `false` | 알파 | 1.21 | |
| `ProcMountType` | `false` | 알파 | 1.12 | |
| `QOSReserved` | `false` | 알파 | 1.11 | |
-| `RemainingItemCount` | `false` | 알파 | 1.15 | |
+| `RemainingItemCount` | `false` | 알파 | 1.15 | 1.15 |
+| `RemainingItemCount` | `true` | 베타 | 1.16 | |
| `RemoveSelfLink` | `false` | 알파 | 1.16 | 1.19 |
| `RemoveSelfLink` | `true` | 베타 | 1.20 | |
| `RotateKubeletServerCertificate` | `false` | 알파 | 1.7 | 1.11 |
@@ -378,7 +380,6 @@ kubelet과 같은 컴포넌트의 기능 게이트를 설정하려면, 기능
| `TokenRequestProjection` | `false` | 알파 | 1.11 | 1.11 |
| `TokenRequestProjection` | `true` | 베타 | 1.12 | 1.19 |
| `TokenRequestProjection` | `true` | GA | 1.20 | - |
-| `VolumeCapacityPriority` | `false` | 알파 | 1.21 | - |
| `VolumePVCDataSource` | `false` | 알파 | 1.15 | 1.15 |
| `VolumePVCDataSource` | `true` | 베타 | 1.16 | 1.17 |
| `VolumePVCDataSource` | `true` | GA | 1.18 | - |
@@ -478,6 +479,11 @@ kubelet과 같은 컴포넌트의 기능 게이트를 설정하려면, 기능
`kube-apiserver`를 시작하여 확장 토큰 기능을 끈다.
자세한 내용은 [바운드 서비스 계정 토큰](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1205-bound-service-account-tokens/README.md)을
확인한다.
+- `ControllerManagerLeaderMigration`: HA 클러스터에서 클러스터 오퍼레이터가
+ kube-controller-manager의 컨트롤러들을 외부 controller-manager(예를 들면,
+ cloud-controller-manager)로 다운타임 없이 라이브 마이그레이션할 수 있도록 허용하도록
+ [kube-controller-manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/#initial-leader-migration-configuration)와 [cloud-controller-manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/#deploy-cloud-controller-manager)의
+ 리더 마이그레이션(Leader Migration)을 활성화한다.
- `CPUManager`: 컨테이너 수준의 CPU 어피니티 지원을 활성화한다.
[CPU 관리 정책](/docs/tasks/administer-cluster/cpu-management-policies/)을 참고한다.
- `CRIContainerLogRotation`: cri 컨테이너 런타임에 컨테이너 로그 로테이션을 활성화한다. 로그 파일 사이즈 기본값은 10MB이며,
@@ -611,12 +617,12 @@ kubelet과 같은 컴포넌트의 기능 게이트를 설정하려면, 기능
- `EnableEquivalenceClassCache`: 스케줄러가 파드를 스케줄링할 때 노드의
동등성을 캐시할 수 있게 한다.
- `EndpointSlice`: 보다 스케일링 가능하고 확장 가능한 네트워크 엔드포인트에 대한
- 엔드포인트슬라이스(EndpointSlices)를 활성화한다. [엔드포인트슬라이스 활성화](/docs/tasks/administer-cluster/enabling-endpointslices/)를 참고한다.
+ 엔드포인트슬라이스(EndpointSlices)를 활성화한다. [엔드포인트슬라이스 활성화](/ko/docs/concepts/services-networking/endpoint-slices/)를 참고한다.
- `EndpointSliceNodeName` : 엔드포인트슬라이스 `nodeName` 필드를 활성화한다.
- `EndpointSliceProxying`: 활성화되면, 리눅스에서 실행되는
kube-proxy는 엔드포인트 대신 엔드포인트슬라이스를
기본 데이터 소스로 사용하여 확장성과 성능을 향상시킨다.
- [엔드포인트 슬라이스 활성화](/docs/tasks/administer-cluster/enabling-endpointslices/)를 참고한다.
+ [엔드포인트슬라이스 활성화](/ko/docs/concepts/services-networking/endpoint-slices/)를 참고한다.
- `EndpointSliceTerminatingCondition`: 엔드포인트슬라이스 `terminating` 및 `serving`
조건 필드를 활성화한다.
- `EphemeralContainers`: 파드를 실행하기 위한
@@ -636,7 +642,7 @@ kubelet과 같은 컴포넌트의 기능 게이트를 설정하려면, 기능
- `ExperimentalCriticalPodAnnotation`: 특정 파드에 *critical* 로
어노테이션을 달아서 [스케줄링이 보장되도록](/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) 한다.
이 기능은 v1.13부터 파드 우선 순위 및 선점으로 인해 사용 중단되었다.
-- `ExperimentalHostUserNamespaceDefaultingGate`: 사용자 네임스페이스를 호스트로
+- `ExperimentalHostUserNamespaceDefaulting`: 사용자 네임스페이스를 호스트로
기본 활성화한다. 이것은 다른 호스트 네임스페이스, 호스트 마운트,
권한이 있는 컨테이너 또는 특정 비-네임스페이스(non-namespaced) 기능(예: `MKNODE`, `SYS_MODULE` 등)을
사용하는 컨테이너를 위한 것이다. 도커 데몬에서 사용자 네임스페이스
@@ -726,7 +732,7 @@ kubelet과 같은 컴포넌트의 기능 게이트를 설정하려면, 기능
[CrossNamespacePodAffinity](/ko/docs/concepts/policy/resource-quotas/#네임스페이스-간-파드-어피니티-쿼터) 쿼터 범위 기능을 활성화한다.
- `PodOverhead`: 파드 오버헤드를 판단하기 위해 [파드오버헤드(PodOverhead)](/ko/docs/concepts/scheduling-eviction/pod-overhead/)
기능을 활성화한다.
-- `PodPriority`: [우선 순위](/ko/docs/concepts/configuration/pod-priority-preemption/)를
+- `PodPriority`: [우선 순위](/ko/docs/concepts/scheduling-eviction/pod-priority-preemption/)를
기반으로 파드의 스케줄링 취소와 선점을 활성화한다.
- `PodReadinessGates`: 파드 준비성 평가를 확장하기 위해
`PodReadinessGate` 필드 설정을 활성화한다. 자세한 내용은 [파드의 준비성 게이트](/ko/docs/concepts/workloads/pods/pod-lifecycle/#pod-readiness-gate)를
@@ -763,6 +769,8 @@ kubelet과 같은 컴포넌트의 기능 게이트를 설정하려면, 기능
- `RotateKubeletClientCertificate`: kubelet에서 클라이언트 TLS 인증서의 로테이션을 활성화한다.
자세한 내용은 [kubelet 구성](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/#kubelet-configuration)을 참고한다.
- `RotateKubeletServerCertificate`: kubelet에서 서버 TLS 인증서의 로테이션을 활성화한다.
+ 자세한 사항은
+ [kubelet 구성](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/#kubelet-configuration)을 확인한다.
- `RunAsGroup`: 컨테이너의 init 프로세스에 설정된 기본 그룹 ID 제어를
활성화한다.
- `RuntimeClass`: 컨테이너 런타임 구성을 선택하기 위해 [런타임클래스(RuntimeClass)](/ko/docs/concepts/containers/runtime-class/)
@@ -793,6 +801,8 @@ kubelet과 같은 컴포넌트의 기능 게이트를 설정하려면, 기능
- `SetHostnameAsFQDN`: 전체 주소 도메인 이름(FQDN)을 파드의 호스트 이름으로
설정하는 기능을 활성화한다.
[파드의 `setHostnameAsFQDN` 필드](/ko/docs/concepts/services-networking/dns-pod-service/#pod-sethostnameasfqdn-field)를 참고한다.
+- `SizeMemoryBackedVolumes`: memory-backed 볼륨(보통 `emptyDir` 볼륨)의 크기 상한을
+ 지정할 수 있도록 kubelets를 활성화한다.
- `StartupProbe`: kubelet에서
[스타트업](/ko/docs/concepts/workloads/pods/pod-lifecycle/#언제-스타트업-프로브를-사용해야-하는가)
프로브를 활성화한다.
@@ -859,12 +869,12 @@ kubelet과 같은 컴포넌트의 기능 게이트를 설정하려면, 기능
- `WindowsGMSA`: 파드에서 컨테이너 런타임으로 GMSA 자격 증명 스펙을 전달할 수 있다.
- `WindowsRunAsUserName` : 기본 사용자가 아닌(non-default) 사용자로 윈도우 컨테이너에서
애플리케이션을 실행할 수 있도록 지원한다. 자세한 내용은
- [RunAsUserName 구성](/docs/tasks/configure-pod-container/configure-runasusername)을
+ [RunAsUserName 구성](/ko/docs/tasks/configure-pod-container/configure-runasusername/)을
참고한다.
- `WindowsEndpointSliceProxying`: 활성화되면, 윈도우에서 실행되는 kube-proxy는
엔드포인트 대신 엔드포인트슬라이스를 기본 데이터 소스로 사용하여
확장성과 성능을 향상시킨다.
- [엔드포인트 슬라이스 활성화하기](/docs/tasks/administer-cluster/enabling-endpointslices/)를 참고한다.
+ [엔드포인트슬라이스 활성화하기](/ko/docs/concepts/services-networking/endpoint-slices/)를 참고한다.
## {{% heading "whatsnext" %}}
diff --git a/content/ko/docs/reference/command-line-tools-reference/kube-proxy.md b/content/ko/docs/reference/command-line-tools-reference/kube-proxy.md
index eab89638db..29e9deee83 100644
--- a/content/ko/docs/reference/command-line-tools-reference/kube-proxy.md
+++ b/content/ko/docs/reference/command-line-tools-reference/kube-proxy.md
@@ -424,7 +424,7 @@ kube-proxy [flags]
--show-hidden-metrics-for-version string
-
숨겨진 메트릭을 표시할 이전 버전. 이전 마이너 버전만 인식하며, 다른 값은 허용하지 않는다. '1.16' 형태로 사용한다. 이 옵션의 존재 목적은, 다음 릴리스에서 추가적인 메트릭을 숨기는지에 대한 여부를 사용자가 알게 하여, 그 이후 릴리스에서 메트릭이 영구적으로 삭제됐을 때 사용자가 놀라지 않도록 하기 위함이다.
+
숨겨진 메트릭을 표시하려는 이전 버전. 이전 마이너 버전만 인식하며, 다른 값은 허용하지 않는다. 포멧은 <메이저>.<마이너> 와 같으며, 예를 들면 '1.16' 과 같다. 이 포멧의 목적은, 다음 릴리스가 숨길 추가적인 메트릭을 사용자에게 공지하여, 그 이후 릴리스에서 메트릭이 영구적으로 삭제됐을 때 사용자가 놀라지 않도록 하기 위함이다.
diff --git a/content/ko/docs/reference/glossary/annotation.md b/content/ko/docs/reference/glossary/annotation.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/api-eviction.md b/content/ko/docs/reference/glossary/api-eviction.md
new file mode 100644
index 0000000000..f8a65c606e
--- /dev/null
+++ b/content/ko/docs/reference/glossary/api-eviction.md
@@ -0,0 +1,23 @@
+---
+title: API를 이용한 축출(Eviction)
+id: api-eviction
+date: 2021-04-27
+full_link: /docs/concepts/scheduling-eviction/pod-eviction/#api-eviction
+short_description: >
+ API를 이용한 축출은 축출 API를 사용하여 파드의 정상 종료를 트리거하는
+ 축출 오브젝트를 만드는 프로세스이다
+aka:
+tags:
+ - operation
+---
+
+API를 이용한 축출은 [축출 API](/docs/reference/generated/kubernetes-api/{{}}/#create-eviction-pod-v1-core)를 사용하여
+생성된 `Eviction` 오브젝트로 파드를 정상 종료한다.
+
+
+
+`kubectl drain` 명령과 같은 kube-apiserver의 클라이언트를 사용하여
+축출 API를 직접 호출해 축출 요청을 할 수 있다.
+`Eviction` 오브젝트가 생성되면, API 서버가 파드를 종료한다.
+
+API를 이용한 축출은 [노드-압박 축출](/docs/concepts/scheduling-eviction/eviction/#kubelet-eviction)과 동일하지 않다.
diff --git a/content/ko/docs/reference/glossary/certificate.md b/content/ko/docs/reference/glossary/certificate.md
index b5bc067015..7c40e48795 100644
--- a/content/ko/docs/reference/glossary/certificate.md
+++ b/content/ko/docs/reference/glossary/certificate.md
@@ -2,7 +2,7 @@
title: 인증서(Certificate)
id: certificate
date: 2018-04-12
-full_link: /docs/tasks/tls/managing-tls-in-a-cluster/
+full_link: /ko/docs/tasks/tls/managing-tls-in-a-cluster/
short_description: >
암호화된 안전한 파일로 쿠버네티스 클러스터 접근 검증에 사용한다.
diff --git a/content/ko/docs/reference/glossary/cluster.md b/content/ko/docs/reference/glossary/cluster.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/configmap.md b/content/ko/docs/reference/glossary/configmap.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/container-env-variables.md b/content/ko/docs/reference/glossary/container-env-variables.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/container.md b/content/ko/docs/reference/glossary/container.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/cronjob.md b/content/ko/docs/reference/glossary/cronjob.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/customresourcedefinition.md b/content/ko/docs/reference/glossary/customresourcedefinition.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/daemonset.md b/content/ko/docs/reference/glossary/daemonset.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/deployment.md b/content/ko/docs/reference/glossary/deployment.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/docker.md b/content/ko/docs/reference/glossary/docker.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/extensions.md b/content/ko/docs/reference/glossary/extensions.md
index caf7bfa226..547cd934bc 100644
--- a/content/ko/docs/reference/glossary/extensions.md
+++ b/content/ko/docs/reference/glossary/extensions.md
@@ -2,7 +2,7 @@
title: 익스텐션(Extensions)
id: Extensions
date: 2019-02-01
-full_link: /ko/docs/concepts/extend-kubernetes/extend-cluster/#익스텐션
+full_link: /ko/docs/concepts/extend-kubernetes/#익스텐션
short_description: >
익스텐션은 새로운 타입의 하드웨어를 지원하기 위해 쿠버네티스를 확장하고 깊게 통합시키는 소프트웨어 컴포넌트이다.
@@ -15,4 +15,4 @@ tags:
-대부분의 클러스터 관리자는 호스트된 쿠버네티스 또는 쿠버네티스의 배포 인스턴스를 사용할 것이다. 그 결과, 대부분의 쿠버네티스 사용자는 [익스텐션](/ko/docs/concepts/extend-kubernetes/extend-cluster/#익스텐션)의 설치가 필요할 것이며, 일부 사용자만 직접 새로운 것을 만들 것이다.
+대부분의 클러스터 관리자는 호스트된 쿠버네티스 또는 쿠버네티스의 배포 인스턴스를 사용할 것이다. 그 결과, 대부분의 쿠버네티스 사용자는 [익스텐션](/ko/docs/concepts/extend-kubernetes/#익스텐션)의 설치가 필요할 것이며, 일부 사용자만 직접 새로운 것을 만들 것이다.
diff --git a/content/ko/docs/reference/glossary/image.md b/content/ko/docs/reference/glossary/image.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/index.md b/content/ko/docs/reference/glossary/index.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/ingress.md b/content/ko/docs/reference/glossary/ingress.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/init-container.md b/content/ko/docs/reference/glossary/init-container.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/istio.md b/content/ko/docs/reference/glossary/istio.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/job.md b/content/ko/docs/reference/glossary/job.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/kube-controller-manager.md b/content/ko/docs/reference/glossary/kube-controller-manager.md
index e327a6c285..f4cf8f1bd2 100644
--- a/content/ko/docs/reference/glossary/kube-controller-manager.md
+++ b/content/ko/docs/reference/glossary/kube-controller-manager.md
@@ -4,15 +4,15 @@ id: kube-controller-manager
date: 2018-04-12
full_link: /docs/reference/command-line-tools-reference/kube-controller-manager/
short_description: >
- {{< glossary_tooltip text="컨트롤러" term_id="controller" >}} 프로세스를 실행하는 컨트롤 플레인 컴포넌트.
+ 컨트롤러 프로세스를 실행하는 컨트롤 플레인 컴포넌트.
-aka:
+aka:
tags:
- architecture
- fundamental
---
- {{< glossary_tooltip text="컨트롤러" term_id="controller" >}}를 구동하는 마스터 상의 컴포넌트.
+ {{< glossary_tooltip text="컨트롤러" term_id="controller" >}} 프로세스를 실행하는 컨트롤 플레인 컴포넌트.
-
+
-논리적으로, 각 {{< glossary_tooltip text="컨트롤러" term_id="controller" >}}는 개별 프로세스이지만, 복잡성을 낮추기 위해 모두 단일 바이너리로 컴파일되고 단일 프로세스 내에서 실행된다.
+논리적으로, 각 {{< glossary_tooltip text="컨트롤러" term_id="controller" >}}는 분리된 프로세스이지만, 복잡성을 낮추기 위해 모두 단일 바이너리로 컴파일되고 단일 프로세스 내에서 실행된다.
diff --git a/content/ko/docs/reference/glossary/kube-proxy.md b/content/ko/docs/reference/glossary/kube-proxy.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/kube-scheduler.md b/content/ko/docs/reference/glossary/kube-scheduler.md
index 38562f6087..33f79adf67 100644
--- a/content/ko/docs/reference/glossary/kube-scheduler.md
+++ b/content/ko/docs/reference/glossary/kube-scheduler.md
@@ -2,7 +2,7 @@
title: kube-scheduler
id: kube-scheduler
date: 2018-04-12
-full_link: /docs/reference/generated/kube-scheduler/
+full_link: /docs/reference/command-line-tools-reference/kube-scheduler/
short_description: >
노드가 배정되지 않은 새로 생성된 파드를 감지하고, 실행할 노드를 선택하는 컨트롤 플레인 컴포넌트.
diff --git a/content/ko/docs/reference/glossary/kubectl.md b/content/ko/docs/reference/glossary/kubectl.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/kubernetes-api.md b/content/ko/docs/reference/glossary/kubernetes-api.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/label.md b/content/ko/docs/reference/glossary/label.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/limitrange.md b/content/ko/docs/reference/glossary/limitrange.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/minikube.md b/content/ko/docs/reference/glossary/minikube.md
old mode 100755
new mode 100644
index f43966260e..8efe83c0cd
--- a/content/ko/docs/reference/glossary/minikube.md
+++ b/content/ko/docs/reference/glossary/minikube.md
@@ -2,7 +2,7 @@
title: Minikube
id: minikube
date: 2018-04-12
-full_link: /ko/docs/setup/learning-environment/minikube/
+full_link: /ko/docs/tasks/tools/#minikube
short_description: >
로컬에서 쿠버네티스를 실행하기 위한 도구.
diff --git a/content/ko/docs/reference/glossary/mirror-pod.md b/content/ko/docs/reference/glossary/mirror-pod.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/name.md b/content/ko/docs/reference/glossary/name.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/namespace.md b/content/ko/docs/reference/glossary/namespace.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/network-policy.md b/content/ko/docs/reference/glossary/network-policy.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/node-pressure-eviction.md b/content/ko/docs/reference/glossary/node-pressure-eviction.md
new file mode 100644
index 0000000000..b0984ab807
--- /dev/null
+++ b/content/ko/docs/reference/glossary/node-pressure-eviction.md
@@ -0,0 +1,24 @@
+---
+title: 노드-압박 축출
+id: node-pressure-eviction
+date: 2021-05-13
+full_link: /ko/docs/concepts/scheduling-eviction/node-pressure-eviction/
+short_description: >
+ 노드-압박 축출은 kubelet이 노드의 자원을 회수하기 위해
+ 파드를 능동적으로 중단시키는 절차이다.
+aka:
+- kubelet eviction
+tags:
+- operation
+---
+노드-압박 축출은 {{}}이 노드의 자원을 회수하기 위해
+파드를 능동적으로 중단시키는 절차이다.
+
+
+
+kubelet은 클러스터 노드의 CPU, 메모리, 디스크 공간, 파일시스템
+inode와 같은 자원을 모니터링한다. 이러한 자원 중 하나 이상이
+특정 소모 수준에 도달하면, kubelet은 하나 이상의 파드를 능동적으로 중단시켜
+자원을 회수하고 고갈 상황을 방지할 수 있다.
+
+노드-압박 축출은 [API를 이용한 축출](/ko/docs/concepts/scheduling-eviction/api-eviction/)과는 차이가 있다.
diff --git a/content/ko/docs/reference/glossary/node.md b/content/ko/docs/reference/glossary/node.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/pod-security-policy.md b/content/ko/docs/reference/glossary/pod-security-policy.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/pod.md b/content/ko/docs/reference/glossary/pod.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/qos-class.md b/content/ko/docs/reference/glossary/qos-class.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/rbac.md b/content/ko/docs/reference/glossary/rbac.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/replica-set.md b/content/ko/docs/reference/glossary/replica-set.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/replication-controller.md b/content/ko/docs/reference/glossary/replication-controller.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/resource-quota.md b/content/ko/docs/reference/glossary/resource-quota.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/selector.md b/content/ko/docs/reference/glossary/selector.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/service-account.md b/content/ko/docs/reference/glossary/service-account.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/service.md b/content/ko/docs/reference/glossary/service.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/statefulset.md b/content/ko/docs/reference/glossary/statefulset.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/static-pod.md b/content/ko/docs/reference/glossary/static-pod.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/uid.md b/content/ko/docs/reference/glossary/uid.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/glossary/volume.md b/content/ko/docs/reference/glossary/volume.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/kubectl/_index.md b/content/ko/docs/reference/kubectl/_index.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/reference/kubectl/kubectl.md b/content/ko/docs/reference/kubectl/kubectl.md
index ede8c85457..81e4d3fa74 100644
--- a/content/ko/docs/reference/kubectl/kubectl.md
+++ b/content/ko/docs/reference/kubectl/kubectl.md
@@ -9,7 +9,7 @@ weight: 30
kubectl은 쿠버네티스 클러스터 관리자를 제어한다.
- 자세한 정보는 https://kubernetes.io/docs/reference/kubectl/overview/ 에서 확인한다.
+ 자세한 정보는 [kubectl 개요](/ko/docs/reference/kubectl/overview/)를 확인한다.
```
kubectl [flags]
diff --git a/content/ko/docs/reference/labels-annotations-taints.md b/content/ko/docs/reference/labels-annotations-taints.md
new file mode 100644
index 0000000000..0854c1b5cf
--- /dev/null
+++ b/content/ko/docs/reference/labels-annotations-taints.md
@@ -0,0 +1,325 @@
+---
+title: 잘 알려진 레이블, 어노테이션, 테인트(Taint)
+content_type: concept
+weight: 20
+---
+
+
+
+쿠버네티스는 모든 레이블과 어노테이션을 `kubernetes.io` 네임스페이스 아래에 정의해 놓았다.
+
+이 문서는 각 값에 대한 레퍼런스를 제공하며, 값을 할당하기 위한 협력 포인트도 제공한다.
+
+
+
+
+
+## kubernetes.io/arch
+
+예시: `kubernetes.io/arch=amd64`
+
+적용 대상: 노드
+
+Go에 의해 정의된 `runtime.GOARCH` 값을 kubelet이 읽어서 이 레이블의 값으로 채운다. arm 노드와 x86 노드를 혼합하여 사용하는 경우 유용할 수 있다.
+
+## kubernetes.io/os
+
+예시: `kubernetes.io/os=linux`
+
+적용 대상: 노드
+
+Go에 의해 정의된 `runtime.GOOS` 값을 kubelet이 읽어서 이 레이블의 값으로 채운다. 클러스터에서 여러 운영체제를 혼합하여 사용(예: 리눅스 및 윈도우 노드)하는 경우 유용할 수 있다.
+
+## kubernetes.io/metadata.name
+
+예시: `kubernetes.io/metadata.name=mynamespace`
+
+적용 대상: 네임스페이스
+
+`NamespaceDefaultLabelName` [기능 게이트](/ko/docs/reference/command-line-tools-reference/feature-gates/)가
+활성화되어 있으면,
+쿠버네티스 API 서버가 모든 네임스페이스에 이 레이블을 적용한다.
+레이블의 값은 네임스페이스의 이름으로 적용된다.
+
+레이블 {{< glossary_tooltip text="셀렉터" term_id="selector" >}}를 이용하여 특정 네임스페이스를 지정하고 싶다면
+이 레이블이 유용할 수 있다.
+
+## beta.kubernetes.io/arch (사용 중단됨)
+
+이 레이블은 사용 중단되었다. 대신 `kubernetes.io/arch` 을 사용한다.
+
+## beta.kubernetes.io/os (사용 중단됨)
+
+이 레이블은 사용 중단되었다. 대신 `kubernetes.io/os` 을 사용한다.
+
+## kubernetes.io/hostname {#kubernetesiohostname}
+
+예시: `kubernetes.io/hostname=ip-172-20-114-199.ec2.internal`
+
+적용 대상: 노드
+
+kubelet이 호스트네임을 읽어서 이 레이블의 값으로 채운다. `kubelet` 에 `--hostname-override` 플래그를 전달하여 실제 호스트네임과 다른 값으로 설정할 수도 있다.
+
+이 레이블은 토폴로지 계층의 일부로도 사용된다. [`topology.kubernetes.io/zone`](#topologykubernetesiozone)에서 세부 사항을 확인한다.
+
+
+## controller.kubernetes.io/pod-deletion-cost {#pod-deletion-cost}
+
+예시: `controller.kubernetes.io/pod-deletion-cost=10`
+
+적용 대상: Pod
+
+이 어노테이션은 레플리카셋(ReplicaSet) 다운스케일 순서를 조정할 수 있는 요소인 [파드 삭제 비용](/ko/docs/concepts/workloads/controllers/replicaset/#파드-삭제-비용)을
+설정하기 위해 사용한다. 명시된 값은 `int32` 타입으로 파싱된다.
+
+## beta.kubernetes.io/instance-type (사용 중단됨)
+
+{{< note >}} v1.17부터, [`node.kubernetes.io/instance-type`](#nodekubernetesioinstance-type)으로 대체되었다. {{< /note >}}
+
+## node.kubernetes.io/instance-type {#nodekubernetesioinstance-type}
+
+예시: `node.kubernetes.io/instance-type=m3.medium`
+
+적용 대상: 노드
+
+`클라우드 제공자`에 의해 정의된 인스턴스 타입의 값을 kubelet이 읽어서 이 레이블의 값으로 채운다.
+`클라우드 제공자`를 사용하는 경우에만 이 레이블이 설정된다.
+특정 워크로드를 특정 인스턴스 타입에 할당하고 싶다면 이 레이블이 유용할 수 있다.
+하지만 일반적으로는 자원 기반 스케줄링을 수행하는 쿠버네티스 스케줄러를 이용하게 된다. 인스턴스 타입 보다는 특성을 기준으로 스케줄링을 고려해야 한다(예: `g2.2xlarge` 를 요구하기보다는, GPU가 필요하다고 요구한다).
+
+## failure-domain.beta.kubernetes.io/region (사용 중단됨) {#failure-domainbetakubernetesioregion}
+
+[`topology.kubernetes.io/region`](#topologykubernetesioregion)을 확인한다.
+
+{{< note >}} v1.17부터, [`topology.kubernetes.io/region`](#topologykubernetesioregion)으로 대체되었다. {{< /note >}}
+
+## failure-domain.beta.kubernetes.io/zone (사용 중단됨) {#failure-domainbetakubernetesiozone}
+
+[`topology.kubernetes.io/zone`](#topologykubernetesiozone)을 확인한다.
+
+{{< note >}} v1.17부터, [`topology.kubernetes.io/zone`](#topologykubernetesiozone)으로 대체되었다. {{< /note >}}
+
+## statefulset.kubernetes.io/pod-name {#statefulsetkubernetesiopod-name}
+
+예시:
+
+`statefulset.kubernetes.io/pod-name=mystatefulset-7`
+
+스테이트풀셋(StatefulSet) 컨트롤러가 파드를 위한 스테이트풀셋을 생성하면, 컨트롤 플레인이 파드에 이 레이블을 설정한다.
+생성되는 파드의 이름을 이 레이블의 값으로 설정한다.
+
+스테이트풀셋 문서의 [파드 이름 레이블](/ko/docs/concepts/workloads/controllers/statefulset/#파드-이름-레이블)에서
+상세 사항을 확인한다.
+
+## topology.kubernetes.io/region {#topologykubernetesioregion}
+
+예시:
+
+`topology.kubernetes.io/region=us-east-1`
+
+[`topology.kubernetes.io/zone`](#topologykubernetesiozone)을 확인한다.
+
+## topology.kubernetes.io/zone {#topologykubernetesiozone}
+
+예시:
+
+`topology.kubernetes.io/zone=us-east-1c`
+
+적용 대상: 노드, 퍼시스턴트볼륨(PersistentVolume)
+
+노드의 경우: `클라우드 제공자`가 제공하는 값을 이용하여 `kubelet` 또는 외부 `cloud-controller-manager`가 이 어노테이션의 값을 설정한다. `클라우드 제공자`를 사용하는 경우에만 이 레이블이 설정된다. 하지만, 토폴로지 내에서 의미가 있는 경우에만 이 레이블을 노드에 설정해야 한다.
+
+퍼시스턴트볼륨의 경우: 토폴로지 어웨어 볼륨 프로비저너가 자동으로 퍼시스턴트볼륨에 노드 어피니티 제약을 설정한다.
+
+영역(zone)은 논리적 고장 도메인을 나타낸다. 가용성 향상을 위해 일반적으로 쿠버네티스 클러스터는 여러 영역에 걸쳐 구성된다. 영역에 대한 정확한 정의는 사업자 별 인프라 구현에 따라 다르지만, 일반적으로 영역은 '영역 내 매우 낮은 네트워크 지연시간, 영역 내 네트워크 트래픽 비용 없음, 다른 영역의 고장에 독립적임' 등의 공통적인 특성을 갖는다. 예를 들어, 같은 영역 내의 노드는 하나의 네트워크 스위치를 공유하여 활용할 수 있으며, 반대로 다른 영역에 있는 노드는 하나의 네트워크 스위치를 공유해서는 안 된다.
+
+지역(region)은 하나 이상의 영역으로 구성된 더 큰 도메인을 나타낸다. 쿠버네티스 클러스터가 여러 지역에 걸쳐 있는 경우는 드물다. 영역이나 지역에 대한 정확한 정의는 사업자 별 인프라 구현에 따라 다르지만, 일반적으로 지역은 '지역 내 네트워크 지연시간보다 지역 간 네트워크 지연시간이 큼, 지역 간 네트워크 트래픽은 비용이 발생함, 다른 영역/지역의 고장에 독립적임' 등의 공통적인 특성을 갖는다. 예를 들어, 같은 지역 내의 노드는 전력 인프라(예: UPS 또는 발전기)를 공유하여 활용할 수 있으며, 반대로 다른 지역에 있는 노드는 일반적으로 전력 인프라를 공유하지 않는다.
+
+쿠버네티스는 영역과 지역의 구조에 대해 다음과 같이 가정한다.
+1) 지역과 영역은 계층적이다. 영역은 지역의 엄격한 부분집합(strict subset)이며, 하나의 영역이 두 개의 지역에 속할 수는 없다.
+2) 영역 이름은 모든 지역에 걸쳐서 유일하다. 예를 들어, "africa-east-1" 라는 지역은 "africa-east-1a" 와 "africa-east-1b" 라는 영역으로 구성될 수 있다.
+
+토폴로지 레이블이 변경되는 일은 없다고 가정할 수 있다. 일반적으로 레이블의 값은 변경될 수 있지만, 특정 노드가 삭제 후 재생성되지 않고서는 다른 영역으로 이동할 수 없기 때문이다.
+
+쿠버네티스는 이 정보를 다양한 방식으로 활용할 수 있다. 예를 들어, 단일 영역 클러스터에서는 스케줄러가 자동으로 레플리카셋의 파드를 여러 노드에 퍼뜨린다(노드 고장의 영향을 줄이기 위해 - [`kubernetes.io/hostname`](#kubernetesiohostname) 참고). 복수 영역 클러스터에서는, 여러 영역에 퍼뜨린다(영역 고장의 영향을 줄이기 위해). 이는 _SelectorSpreadPriority_ 를 통해 실현된다.
+
+_SelectorSpreadPriority_ 는 최선 노력(best effort) 배치 방법이다. 클러스터가 위치한 영역들의 특성이 서로 다르다면(예: 노드 숫자가 다름, 노드 타입이 다름, 파드 자원 요구사항이 다름), 파드 숫자를 영역별로 다르게 하여 배치할 수 있다. 필요하다면, 영역들의 특성(노드 숫자/타입)을 일치시켜 불균형 배치의 가능성을 줄일 수 있다.
+
+스케줄러도 (_VolumeZonePredicate_ 표시자를 이용하여) '파드가 요청하는 볼륨'이 위치하는 영역과 같은 영역에 파드를 배치한다. 여러 영역에서 볼륨에 접근할 수는 없다.
+
+`PersistentVolumeLabel`이 퍼시스턴트볼륨의 자동 레이블링을 지원하지 않는다면, 레이블을 수동으로 추가하거나 `PersistentVolumeLabel`이 동작하도록 변경할 수 있다.
+`PersistentVolumeLabel`이 설정되어 있으면, 스케줄러는 파드가 다른 영역에 있는 볼륨에 마운트하는 것을 막는다. 만약 사용 중인 인프라에 이러한 제약이 없다면, 볼륨에 영역 레이블을 추가할 필요가 전혀 없다.
+
+## node.kubernetes.io/windows-build {#nodekubernetesiowindows-build}
+
+예시: `node.kubernetes.io/windows-build=10.0.17763`
+
+적용 대상: 노드
+
+kubelet이 Microsoft 윈도우에서 실행되고 있다면, 사용 중인 Windows Server 버전을 기록하기 위해 kubelet이 노드에 이 레이블을 추가한다.
+
+이 레이블의 값은 "MajorVersion.MinorVersion.BuildNumber"의 형태를 갖는다.
+
+## service.kubernetes.io/headless {#servicekubernetesioheadless}
+
+예시: `service.kubernetes.io/headless=""`
+
+적용 대상: 서비스
+
+서비스가 헤드리스(headless)이면, 컨트롤 플레인이 엔드포인트(Endpoints) 오브젝트에 이 레이블을 추가한다.
+
+## kubernetes.io/service-name {#kubernetesioservice-name}
+
+예시: `kubernetes.io/service-name="nginx"`
+
+적용 대상: 서비스
+
+쿠버네티스가 여러 서비스를 구분하기 위해 이 레이블을 사용한다. 현재는 `ELB`(Elastic Load Balancer) 를 위해서만 사용되고 있다.
+
+## endpointslice.kubernetes.io/managed-by {#endpointslicekubernetesiomanaged-by}
+
+예시: `endpointslice.kubernetes.io/managed-by="controller"`
+
+적용 대상: 엔드포인트슬라이스(EndpointSlices)
+
+이 레이블은 엔드포인트슬라이스(EndpointSlice)를 어떤 컨트롤러나 엔티티가 관리하는지를 나타내기 위해 사용된다. 이 레이블을 사용함으로써 한 클러스터 내에서 여러 엔드포인트슬라이스 오브젝트가 각각 다른 컨트롤러나 엔티티에 의해 관리될 수 있다.
+
+## endpointslice.kubernetes.io/skip-mirror {#endpointslicekubernetesioskip-mirror}
+
+예시: `endpointslice.kubernetes.io/skip-mirror="true"`
+
+적용 대상: 엔드포인트(Endpoints)
+
+특정 자원에 이 레이블을 `"true"` 로 설정하여, EndpointSliceMirroring 컨트롤러가 엔드포인트슬라이스를 이용하여 해당 자원을 미러링하지 않도록 지시할 수 있다.
+
+## service.kubernetes.io/service-proxy-name {#servicekubernetesioservice-proxy-name}
+
+예시: `service.kubernetes.io/service-proxy-name="foo-bar"`
+
+적용 대상: 서비스
+
+kube-proxy 에는 커스텀 프록시를 위한 이와 같은 레이블이 있으며, 이 레이블은 서비스 컨트롤을 커스텀 프록시에 위임한다.
+
+## experimental.windows.kubernetes.io/isolation-type
+
+예시: `experimental.windows.kubernetes.io/isolation-type: "hyperv"`
+
+적용 대상: 파드
+
+Hyper-V 격리(isolation)를 사용하여 윈도우 컨테이너를 실행하려면 이 어노테이션을 사용한다. Hyper-V 격리 기능을 활성화하고 Hyper-V 격리가 적용된 컨테이너를 생성하기 위해, kubelet은 기능 게이트 `HyperVContainer=true` 로 설정하여 실행되어야 하며, 파드에는 `experimental.windows.kubernetes.io/isolation-type=hyperv` 어노테이션이 설정되어 있어야 한다.
+
+{{< note >}}
+이 어노테이션은 하나의 컨테이너로 구성된 파드에만 설정할 수 있다.
+{{< /note >}}
+
+## ingressclass.kubernetes.io/is-default-class
+
+예시: `ingressclass.kubernetes.io/is-default-class: "true"`
+
+적용 대상: 인그레스클래스(IngressClass)
+
+하나의 인그레스클래스 리소스에 이 어노테이션이 `"true"`로 설정된 경우, 클래스가 명시되지 않은 새로운 인그레스(Ingress) 리소스는 해당 기본 클래스로 할당될 것이다.
+
+## kubernetes.io/ingress.class (사용 중단됨)
+
+{{< note >}}
+v1.18부터, `spec.ingressClassName`으로 대체되었다.
+{{< /note >}}
+
+## storageclass.kubernetes.io/is-default-class
+
+예시: `storageclass.kubernetes.io/is-default-class=true`
+
+적용 대상: 스토리지클래스(StorageClass)
+
+하나의 스토리지클래스(StorageClass) 리소스에 이 어노테이션이 `"true"`로 설정된 경우,
+클래스가 명시되지 않은 새로운 퍼시스턴트볼륨클레임(PersistentVolumeClaim) 리소스는 해당 기본 클래스로 할당될 것이다.
+
+## alpha.kubernetes.io/provided-node-ip
+
+예시: `alpha.kubernetes.io/provided-node-ip: "10.0.0.1"`
+
+적용 대상: 노드
+
+kubelet이 노드에 할당된 IPv4 주소를 명시하기 위해 이 어노테이션을 사용할 수 있다.
+
+kubelet이 "외부" 클라우드 제공자에 의해 실행되었다면, 명령줄 플래그(`--node-ip`)를 통해 설정된 IP 주소를 명시하기 위해 kubelet이 이 어노테이션을 노드에 설정한다. cloud-controller-manager는 클라우드 제공자에게 이 IP 주소가 유효한지를 검증한다.
+
+## batch.kubernetes.io/job-completion-index
+
+예시: `batch.kubernetes.io/job-completion-index: "3"`
+
+적용 대상: 파드
+
+kube-controller-manager의 잡(Job) 컨트롤러는
+`Indexed` [완료 모드](/ko/docs/concepts/workloads/controllers/job/#완료-모드)로 생성된 파드에 이 어노테이션을 추가한다.
+
+## kubectl.kubernetes.io/default-container
+
+예시: `kubectl.kubernetes.io/default-container: "front-end-app"`
+
+파드의 기본 컨테이너로 사용할 컨테이너 이름을 지정하는 어노테이션이다. 예를 들어, `kubectl logs` 또는 `kubectl exec` 명령을 사용할 때 `-c` 또는 `--container` 플래그를 지정하지 않으면, 이 어노테이션으로 명시된 기본 컨테이너를 대상으로 실행될 것이다.
+
+## endpoints.kubernetes.io/over-capacity
+
+예시: `endpoints.kubernetes.io/over-capacity:warning`
+
+적용 대상: 엔드포인트(Endpoints)
+
+v1.21 이상의 쿠버네티스 클러스터에서, 엔드포인트(Endpoints) 컨트롤러가 1000개 이상의 엔드포인트를 관리하고 있다면 각 엔드포인트 리소스에 이 어노테이션을 추가한다. 이 어노테이션은 엔드포인트 리소스가 용량 초과 되었음을 나타낸다.
+
+**이 이후로 나오는 테인트는 모두 '적용 대상: 노드' 이다.**
+
+## node.kubernetes.io/not-ready
+
+예시: `node.kubernetes.io/not-ready:NoExecute`
+
+노드 컨트롤러는 노드의 헬스를 모니터링하여 노드가 사용 가능한 상태인지를 감지하고 그에 따라 이 테인트를 추가하거나 제거한다.
+
+## node.kubernetes.io/unreachable
+
+예시: `node.kubernetes.io/unreachable:NoExecute`
+
+노드 컨트롤러는 [노드 컨디션](/ko/docs/concepts/architecture/nodes/#condition)이 `Ready`에서 `Unknown`으로 변경된 노드에 이 테인트를 추가한다.
+
+## node.kubernetes.io/unschedulable
+
+예시: `node.kubernetes.io/unschedulable:NoSchedule`
+
+경쟁 상태(race condition) 발생을 막기 위해, 생성 중인 노드에 이 테인트가 추가된다.
+
+## node.kubernetes.io/memory-pressure
+
+예시: `node.kubernetes.io/memory-pressure:NoSchedule`
+
+kubelet은 노드의 `memory.available`와 `allocatableMemory.available`을 관측하여 메모리 압박을 감지한다. 그 뒤, 관측한 값을 kubelet에 설정된 문턱값(threshold)과 비교하여 노드 컨디션과 테인트의 추가/삭제 여부를 결정한다.
+
+## node.kubernetes.io/disk-pressure
+
+예시: `node.kubernetes.io/disk-pressure:NoSchedule`
+
+kubelet은 노드의 `imagefs.available`, `imagefs.inodesFree`, `nodefs.available`, `nodefs.inodesFree`(리눅스에 대해서만)를 관측하여 디스크 압박을 감지한다. 그 뒤, 관측한 값을 kubelet에 설정된 문턱값(threshold)과 비교하여 노드 컨디션과 테인트의 추가/삭제 여부를 결정한다.
+
+## node.kubernetes.io/network-unavailable
+
+예시: `node.kubernetes.io/network-unavailable:NoSchedule`
+
+사용 중인 클라우드 공급자가 추가 네트워크 환경설정을 필요로 한다고 명시하면, kubelet이 이 테인트를 설정한다. 클라우드 상의 네트워크 경로가 올바르게 구성되어야, 클라우드 공급자가 이 테인트를 제거할 것이다.
+
+## node.kubernetes.io/pid-pressure
+
+예시: `node.kubernetes.io/pid-pressure:NoSchedule`
+
+kubelet은 '`/proc/sys/kernel/pid_max`의 크기의 D-값'과 노드에서 쿠버네티스가 사용 중인 PID를 확인하여, `pid.available` 지표라고 불리는 '사용 가능한 PID 수'를 가져온다. 그 뒤, 관측한 지표를 kubelet에 설정된 문턱값(threshold)과 비교하여 노드 컨디션과 테인트의 추가/삭제 여부를 결정한다.
+
+## node.cloudprovider.kubernetes.io/uninitialized
+
+예시: `node.cloudprovider.kubernetes.io/uninitialized:NoSchedule`
+
+kubelet이 "외부" 클라우드 공급자에 의해 실행되었다면 노드가 '사용 불가능'한 상태라고 표시하기 위해 이 테인트가 추가되며, 추후 cloud-controller-manager가 이 노드를 초기화하고 이 테인트를 제거한다.
+
+## node.cloudprovider.kubernetes.io/shutdown
+
+예시: `node.cloudprovider.kubernetes.io/shutdown:NoSchedule`
+
+노드의 상태가 클라우드 공급자가 정의한 'shutdown' 상태이면, 이에 따라 노드에 `node.cloudprovider.kubernetes.io/shutdown` 테인트가 `NoSchedule` 값으로 설정된다.
diff --git a/content/ko/docs/reference/scheduling/config.md b/content/ko/docs/reference/scheduling/config.md
index 5da54ed813..2f46c78d8b 100644
--- a/content/ko/docs/reference/scheduling/config.md
+++ b/content/ko/docs/reference/scheduling/config.md
@@ -18,9 +18,9 @@ weight: 20
각 단계는 익스텐션 포인트(extension point)를 통해 노출된다. 플러그인은 이러한
익스텐션 포인트 중 하나 이상을 구현하여 스케줄링 동작을 제공한다.
-[KubeSchedulerConfiguration (v1beta1)](/docs/reference/config-api/kube-scheduler-config.v1beta1/)
-구조에 맞게 파일을 작성하고,
-`kube-scheduler --config `을 실행하여
+[KubeSchedulerConfiguration (v1beta1)](/docs/reference/config-api/kube-scheduler-config.v1beta1/)
+구조에 맞게 파일을 작성하고,
+`kube-scheduler --config `을 실행하여
스케줄링 프로파일을 지정할 수 있다.
최소 구성은 다음과 같다.
@@ -149,8 +149,8 @@ profiles:
또는 바인딩할 수 있는지 확인한다.
익스텐션 포인트: `PreFilter`, `Filter`, `Reserve`, `PreBind`, `Score`.
{{< note >}}
- `Score` 익스텐션 포인트는 `VolumeCapacityPriority` 기능이
- 활성화되어 있어야 활성화되며,
+ `Score` 익스텐션 포인트는 `VolumeCapacityPriority` 기능이
+ 활성화되어 있어야 활성화되며,
요청된 볼륨 사이즈를 만족하는 가장 작은 PV들을 우선순위 매긴다.
{{< /note >}}
- `VolumeRestrictions`: 노드에 마운트된 볼륨이 볼륨 제공자에 특정한
@@ -250,6 +250,6 @@ profiles:
## {{% heading "whatsnext" %}}
-* [kube-scheduler 레퍼런스](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler/) 읽어보기
+* [kube-scheduler 레퍼런스](/docs/reference/command-line-tools-reference/kube-scheduler/) 읽어보기
* [스케줄링](/ko/docs/concepts/scheduling-eviction/kube-scheduler/)에 대해 알아보기
* [kube-scheduler configuration (v1beta1)](/docs/reference/config-api/kube-scheduler-config.v1beta1/) 레퍼런스 읽어보기
diff --git a/content/ko/docs/reference/tools/_index.md b/content/ko/docs/reference/tools/_index.md
index a38158bf14..6ac3b1dc82 100644
--- a/content/ko/docs/reference/tools/_index.md
+++ b/content/ko/docs/reference/tools/_index.md
@@ -1,8 +1,10 @@
---
-
-
title: 도구
+
+
content_type: concept
+weight: 80
+no_list: true
---
@@ -10,13 +12,6 @@ content_type: concept
-## Kubectl
-
-[`kubectl`](/ko/docs/tasks/tools/install-kubectl/)은 쿠버네티스를 위한 커맨드라인 툴이며, 쿠버네티스 클러스터 매니저을 제어한다.
-
-## Kubeadm
-
-[`kubeadm`](/ko/docs/setup/production-environment/tools/kubeadm/install-kubeadm/)은 물리적 환경, 클라우드 서버, 또는 가상머신 상에서 안전한 쿠버네티스를 쉽게 프로비저닝하기 위한 커맨드라인 툴이다(현재는 알파 상태).
## Minikube
@@ -31,8 +26,8 @@ content_type: concept
## Helm
-[`쿠버네티스 Helm`](https://github.com/kubernetes/helm)은 사전 구성된 쿠버네티스 리소스를 관리하기위한 도구이며
-또한 Helm의 쿠버네티스 차트라고도 한다.
+[Helm](https://helm.sh/)은 사전 구성된 쿠버네티스 리소스 패키지를 관리하기 위한 도구이다.
+이 패키지는 _Helm charts_ 라고 알려져 있다.
Helm의 용도
diff --git a/content/ko/docs/reference/using-api/client-libraries.md b/content/ko/docs/reference/using-api/client-libraries.md
index 639c10ac34..11d2e793bc 100644
--- a/content/ko/docs/reference/using-api/client-libraries.md
+++ b/content/ko/docs/reference/using-api/client-libraries.md
@@ -65,7 +65,6 @@ API 호출 또는 요청/응답 타입을 직접 구현할 필요는 없다.
| PHP | [github.com/maclof/kubernetes-client](https://github.com/maclof/kubernetes-client) |
| PHP | [github.com/travisghansen/kubernetes-client-php](https://github.com/travisghansen/kubernetes-client-php) |
| PHP | [github.com/renoki-co/php-k8s](https://github.com/renoki-co/php-k8s) |
-| Python | [github.com/eldarion-gondor/pykube](https://github.com/eldarion-gondor/pykube) |
| Python | [github.com/fiaas/k8s](https://github.com/fiaas/k8s) |
| Python | [github.com/mnubo/kubernetes-py](https://github.com/mnubo/kubernetes-py) |
| Python | [github.com/tomplus/kubernetes_asyncio](https://github.com/tomplus/kubernetes_asyncio) |
diff --git a/content/ko/docs/setup/_index.md b/content/ko/docs/setup/_index.md
index b09963d0e2..3c6013c590 100644
--- a/content/ko/docs/setup/_index.md
+++ b/content/ko/docs/setup/_index.md
@@ -1,17 +1,21 @@
---
-no_issue: true
+
+
+
+
title: 시작하기
main_menu: true
weight: 20
content_type: concept
+no_list: true
card:
name: setup
weight: 20
anchors:
- anchor: "#학습-환경"
title: 학습 환경
- - anchor: "#운영-환경"
- title: 운영 환경
+ - anchor: "#프로덕션-환경"
+ title: 프로덕션 환경
---
@@ -20,16 +24,40 @@ card:
쿠버네티스를 설치할 때는 유지보수의 용이성, 보안, 제어, 사용 가능한 리소스, 그리고
클러스터를 운영하고 관리하기 위해 필요한 전문성을 기반으로 설치 유형을 선택한다.
-쿠버네티스 클러스터를 로컬 머신에, 클라우드에, 온-프레미스 데이터센터에 배포할 수 있고, 아니면 매니지드 쿠버네티스 클러스터를 선택할 수도 있다. 광범위한 클라우드 제공 업체 또는 베어 메탈 환경에 걸쳐 사용할 수 있는 맞춤형 솔루션도 있다.
+[쿠버네티스를 다운로드](/releases/download/)하여
+로컬 머신에, 클라우드에, 데이터센터에 쿠버네티스 클러스터를 구축할 수 있다.
+
+쿠버네티스 클러스터를 직접 관리하고 싶지 않다면, [인증된 플랫폼](/ko/docs/setup/production-environment/turnkey-solutions/)과
+같은 매니지드 서비스를 선택할 수도 있다.
+광범위한 클라우드 또는 베어 메탈 환경에 걸쳐 사용할 수 있는
+표준화된/맞춤형 솔루션도 있다.
## 학습 환경
-쿠버네티스를 배우고 있다면, 쿠버네티스 커뮤니티에서 지원하는 도구나, 로컬 머신에서 쿠버네티스를 설치하기 위한 생태계 내의 도구를 사용하자.
+쿠버네티스를 배우고 있다면, 쿠버네티스 커뮤니티에서 지원하는 도구나,
+로컬 머신에서 쿠버네티스를 설치하기 위한 생태계 내의 도구를 사용한다.
+[도구 설치](/ko/docs/tasks/tools/)를 살펴본다.
-## 운영 환경
+## 프로덕션 환경
-운영 환경을 위한 솔루션을 평가할 때에는, 쿠버네티스 클러스터 운영에 대한 어떤 측면(또는 _추상적인 개념_)을 스스로 관리하기를 원하는지, 제공자에게 넘기기를 원하는지 고려하자.
+[프로덕션 환경](/ko/docs/setup/production-environment/)을 위한
+솔루션을 평가할 때에는, 쿠버네티스 클러스터(또는 _추상화된 객체_)
+운영에 대한 어떤 측면을 스스로 관리하기를 원하는지,
+또는 제공자에게 넘기기를 원하는지 고려한다.
-[쿠버네티스 파트너](https://kubernetes.io/partners/#conformance)에는 [공인 쿠버네티스](https://github.com/cncf/k8s-conformance/#certified-kubernetes) 공급자 목록이 포함되어 있다.
+클러스터를 직접 관리하는 경우, 공식적으로 지원되는 쿠버네티스 구축 도구는
+[kubeadm](/ko/docs/setup/production-environment/tools/kubeadm/)이다.
+
+## {{% heading "whatsnext" %}}
+
+- [쿠버네티스를 다운로드](/releases/download/)한다.
+- `kubectl`을 포함한 [도구를 설치](/ko/docs/tasks/tools/)한다.
+- 새로운 클러스터에 사용할 [컨테이너 런타임](/ko/docs/setup/production-environment/container-runtimes/)을 선택한다.
+- 클러스터 구성의 [모범 사례](/ko/docs/setup/best-practices/)를 확인한다.
+
+쿠버네티스의 {{< glossary_tooltip term_id="control-plane" text="컨트롤 플레인" >}}은
+리눅스에서 실행되도록 설계되었다. 클러스터 내에서는 리눅스 또는
+다른 운영 체제(예: 윈도우)에서 애플리케이션을 실행할 수 있다.
+- [윈도우 노드를 포함하는 클러스터 구성하기](/ko/docs/setup/production-environment/windows/)를 살펴본다.
diff --git a/content/ko/docs/setup/best-practices/certificates.md b/content/ko/docs/setup/best-practices/certificates.md
index 77665edbe2..e6640be52d 100644
--- a/content/ko/docs/setup/best-practices/certificates.md
+++ b/content/ko/docs/setup/best-practices/certificates.md
@@ -1,23 +1,23 @@
---
-title: PKI 인증서 및 요구 조건
+title: PKI 인증서 및 요구 사항
content_type: concept
weight: 40
---
-쿠버네티스는 TLS 위에 인증을 위해 PKI 인증서가 필요하다.
-만약 [kubeadm](/ko/docs/reference/setup-tools/kubeadm/)으로 쿠버네티스를 설치했다면, 클러스터에 필요한 인증서는 자동으로 생성된다.
+쿠버네티스는 TLS를 통한 인증을 위해서 PKI 인증서가 필요하다.
+만약 [kubeadm](/ko/docs/reference/setup-tools/kubeadm/)으로 쿠버네티스를 설치한다면, 클러스터에 필요한 인증서는 자동으로 생성된다.
또한 더 안전하게 자신이 소유한 인증서를 생성할 수 있다. 이를 테면, 개인키를 API 서버에 저장하지 않으므로 더 안전하게 보관할 수 있다.
-이 페이지는 클러스터에 필요한 인증서를 설명한다.
+이 페이지는 클러스터가 필요로 하는 인증서에 대해서 설명한다.
-## 클러스터에서 인증서는 어떻게 이용되나?
+## 클러스터에서 인증서가 이용되는 방식
-쿠버네티스는 다음 작업에서 PKI가 필요하다.
+쿠버네티스는 다음 작업에서 PKI를 필요로 한다.
* kubelet에서 API 서버 인증서를 인증시 사용하는 클라이언트 인증서
* API 서버 엔드포인트를 위한 서버 인증서
@@ -36,7 +36,7 @@ etcd 역시 클라이언트와 피어 간에 상호 TLS 인증을 구현한다.
## 인증서를 저장하는 위치
-만약 쿠버네티스를 kubeadm으로 설치했다면 인증서는 `/etc/kubernets/pki`에 저장된다. 이 문서에 언급된 모든 파일 경로는 그 디렉터리에 상대적이다.
+만약 쿠버네티스를 kubeadm으로 설치했다면 인증서는 `/etc/kubernetes/pki`에 저장된다. 이 문서에 언급된 모든 파일 경로는 그 디렉터리에 상대적이다.
## 인증서 수동 설정
diff --git a/content/ko/docs/setup/best-practices/cluster-large.md b/content/ko/docs/setup/best-practices/cluster-large.md
index d0293e72f6..899c63f6b7 100644
--- a/content/ko/docs/setup/best-practices/cluster-large.md
+++ b/content/ko/docs/setup/best-practices/cluster-large.md
@@ -6,13 +6,13 @@ weight: 20
클러스터는 {{< glossary_tooltip text="컨트롤 플레인" term_id="control-plane" >}}에서 관리하는
쿠버네티스 에이전트를 실행하는 {{< glossary_tooltip text="노드" term_id="node" >}}(물리
또는 가상 머신)의 집합이다.
-쿠버네티스 {{}}는 노드 5000개까지의 클러스터를 지원한다. 보다 정확하게는,
+쿠버네티스 {{}}는 노드 5,000개까지의 클러스터를 지원한다. 보다 정확하게는,
쿠버네티스는 다음 기준을 *모두* 만족하는 설정을 수용하도록 설계되었다.
-* 노드 당 파드 100 개 이하
-* 노드 5000개 이하
-* 전체 파드 150000개 이하
-* 전체 컨테이너 300000개 이하
+* 노드 당 파드 110 개 이하
+* 노드 5,000개 이하
+* 전체 파드 150,000개 이하
+* 전체 컨테이너 300,000개 이하
노드를 추가하거나 제거하여 클러스터를 확장할 수 있다. 이를 수행하는 방법은
클러스터 배포 방법에 따라 다르다.
diff --git a/content/ko/docs/setup/best-practices/multiple-zones.md b/content/ko/docs/setup/best-practices/multiple-zones.md
index 3d825ebd08..93ab353d37 100644
--- a/content/ko/docs/setup/best-practices/multiple-zones.md
+++ b/content/ko/docs/setup/best-practices/multiple-zones.md
@@ -55,7 +55,7 @@ content_type: concept
특정 kubelet을 나타내는 노드 오브젝트에
{{< glossary_tooltip text="레이블" term_id="label" >}}을 자동으로 추가한다.
이러한 레이블에는
-[영역 정보](/docs/reference/labels-annotations-taints/#topologykubernetesiozone)가 포함될 수 있다.
+[영역 정보](/ko/docs/reference/labels-annotations-taints/#topologykubernetesiozone)가 포함될 수 있다.
클러스터가 여러 영역 또는 지역에 걸쳐있는 경우,
[파드 토폴로지 분배 제약 조건](/ko/docs/concepts/workloads/pods/pod-topology-spread-constraints/)과
diff --git a/content/ko/docs/setup/production-environment/_index.md b/content/ko/docs/setup/production-environment/_index.md
index 3471214564..1394c2f325 100644
--- a/content/ko/docs/setup/production-environment/_index.md
+++ b/content/ko/docs/setup/production-environment/_index.md
@@ -53,7 +53,7 @@ no_list: true
관리하여, 사용자 및 워크로드가 접근할 수 있는 자원에 대한 제한을 설정할 수 있다.
쿠버네티스 프로덕션 환경을 직접 구축하기 전에, 이 작업의 일부 또는 전체를
-[턴키 클라우드 솔루션](/docs/setup/production-environment/turnkey-solutions/)
+[턴키 클라우드 솔루션](/ko/docs/setup/production-environment/turnkey-solutions/)
제공 업체 또는 기타 [쿠버네티스 파트너](/ko/partners/)에게
넘기는 것을 고려할 수 있다.
다음과 같은 옵션이 있다.
@@ -151,7 +151,7 @@ etcd는 클러스터 구성 데이터를 저장하므로
[kube-controller-manager](/docs/reference/command-line-tools-reference/kube-controller-manager/),
[kube-scheduler](/docs/reference/command-line-tools-reference/kube-scheduler/)를 참조한다.
고가용성 컨트롤 플레인 예제는
-[고가용성 토폴로지를 위한 옵션](/docs/setup/production-environment/tools/kubeadm/ha-topology/),
+[고가용성 토폴로지를 위한 옵션](/ko/docs/setup/production-environment/tools/kubeadm/ha-topology/),
[kubeadm을 이용하여 고가용성 클러스터 생성하기](/docs/setup/production-environment/tools/kubeadm/high-availability/),
[쿠버네티스를 위한 etcd 클러스터 운영하기](/docs/tasks/administer-cluster/configure-upgrade-etcd/)를 참조한다.
etcd 백업 계획을 세우려면
@@ -274,8 +274,8 @@ DNS 서비스도 확장할 준비가 되어 있어야 한다.
## {{% heading "whatsnext" %}}
- 프로덕션 쿠버네티스를 직접 구축할지,
-아니면 [턴키 클라우드 솔루션](/docs/setup/production-environment/turnkey-solutions/) 또는
-[쿠버네티스 파트너](/partners/)가 제공하는 서비스를 이용할지 결정한다.
+아니면 [턴키 클라우드 솔루션](/ko/docs/setup/production-environment/turnkey-solutions/) 또는
+[쿠버네티스 파트너](/ko/partners/)가 제공하는 서비스를 이용할지 결정한다.
- 클러스터를 직접 구축한다면,
[인증서](/ko/docs/setup/best-practices/certificates/)를 어떻게 관리할지,
[etcd](/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm/)와
diff --git a/content/ko/docs/setup/production-environment/container-runtimes.md b/content/ko/docs/setup/production-environment/container-runtimes.md
index d2638f4433..fb749a2346 100644
--- a/content/ko/docs/setup/production-environment/container-runtimes.md
+++ b/content/ko/docs/setup/production-environment/container-runtimes.md
@@ -97,7 +97,10 @@ containerd를 설치한다.
{{< tabs name="tab-cri-containerd-installation" >}}
{{% tab name="Linux" %}}
-1. 공식 도커 리포지터리에서 `containerd.io` 패키지를 설치한다. 각 리눅스 배포한에 대한 도커 리포지터리를 설정하고 `containerd.io` 패키지를 설치하는 방법은 [도커 엔진 설치](https://docs.docker.com/engine/install/#server)에서 찾을 수 있다.
+1. 공식 도커 리포지터리에서 `containerd.io` 패키지를 설치한다.
+각 리눅스 배포판에 대한 도커 리포지터리를 설정하고
+`containerd.io` 패키지를 설치하는 방법은
+[도커 엔진 설치](https://docs.docker.com/engine/install/#server)에서 찾을 수 있다.
2. containerd 설정
@@ -115,7 +118,8 @@ containerd를 설치한다.
{{% /tab %}}
{{% tab name="Windows (PowerShell)" %}}
-PowerShell 세션을 시작하고 `$Version`을 원하는 버전(예: `$Version:1.4.3`)으로 설정한 후 다음 명령을 실행한다.
+PowerShell 세션을 시작하고 `$Version`을 원하는 버전으로
+설정(예: `$Version:1.4.3`)한 후 다음 명령을 실행한다.
1. containerd 다운로드
@@ -242,7 +246,8 @@ sudo apt-get install cri-o cri-o-runc
{{% tab name="Ubuntu" %}}
-다음의 운영 체제에서 CRI-O를 설치하려면, 환경 변수 `OS` 를 아래의 표에서 적절한 필드로 설정한다.
+다음의 운영 체제에서 CRI-O를 설치하려면, 환경 변수 `OS` 를
+아래의 표에서 적절한 필드로 설정한다.
| 운영 체제 | `$OS` |
| ---------------- | ----------------- |
@@ -277,7 +282,8 @@ apt-get install cri-o cri-o-runc
{{% tab name="CentOS" %}}
-다음의 운영 체제에서 CRI-O를 설치하려면, 환경 변수 `OS` 를 아래의 표에서 적절한 필드로 설정한다.
+다음의 운영 체제에서 CRI-O를 설치하려면, 환경 변수 `OS` 를
+아래의 표에서 적절한 필드로 설정한다.
| 운영 체제 | `$OS` |
| ---------------- | ----------------- |
@@ -357,7 +363,10 @@ CRI-O의 cgroup 드라이버 구성을 동기화 상태로
### 도커
-1. 각 노드에서 [도커 엔진 설치](https://docs.docker.com/engine/install/#server)에 따라 리눅스 배포판용 도커를 설치한다. 이 [의존성 파일](https://git.k8s.io/kubernetes/build/dependencies.yaml)에서 검증된 최신 버전의 도커를 찾을 수 있다.
+1. 각 노드에서 [도커 엔진 설치](https://docs.docker.com/engine/install/#server)에 따라
+리눅스 배포판용 도커를 설치한다.
+이 [의존성 파일](https://git.k8s.io/kubernetes/build/dependencies.yaml)에서
+검증된 최신 버전의 도커를 찾을 수 있다.
2. 특히 컨테이너의 cgroup 관리에 systemd를 사용하도록 도커 데몬을 구성한다.
@@ -376,7 +385,8 @@ CRI-O의 cgroup 드라이버 구성을 동기화 상태로
```
{{< note >}}
- `overlay2`는 리눅스 커널 4.0 이상 또는 3.10.0-514 버전 이상을 사용하는 RHEL 또는 CentOS를 구동하는 시스템에서 선호하는 스토리지 드라이버이다.
+ `overlay2`는 리눅스 커널 4.0 이상 또는 3.10.0-514 버전 이상을 사용하는 RHEL
+ 또는 CentOS를 구동하는 시스템에서 선호하는 스토리지 드라이버이다.
{{< /note >}}
3. 도커 재시작과 부팅시 실행되게 설정
diff --git a/content/ko/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md b/content/ko/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md
index d978e7d59f..cae9a85b0a 100644
--- a/content/ko/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md
+++ b/content/ko/docs/setup/production-environment/tools/kubeadm/control-plane-flags.md
@@ -9,7 +9,8 @@ weight: 40
{{< feature-state for_k8s_version="v1.12" state="stable" >}}
-kubeadm의 `ClusterConfiguration` 오브젝트는 API 서버, 컨트롤러매니저, 스케줄러와 같은 컨트롤 플레인 구성요소에 전달되는 기본 플래그 `extraArgs` 필드를 노출한다. 이 구성요소는 다음 필드를 사용하도록 정의되어 있다.
+kubeadm의 `ClusterConfiguration` 오브젝트는 API 서버, 컨트롤러매니저, 스케줄러와 같은 컨트롤 플레인 구성요소에 전달되는
+기본 플래그 `extraArgs` 필드를 노출한다. 이 구성요소는 다음 필드를 사용하도록 정의되어 있다.
- `apiServer`
- `controllerManager`
@@ -19,10 +20,10 @@ kubeadm의 `ClusterConfiguration` 오브젝트는 API 서버, 컨트롤러매니
1. 사용자 구성에서 적절한 필드를 추가한다.
2. 필드에 대체할 플래그를 추가한다.
-3. `kubeadm init`에 `--config ` 파라미터를 추가해서 실행한다.
+3. `kubeadm init`에 `--config ` 파라미터를 추가해서 실행한다.
각 필드의 구성에서 자세한 정보를 보려면,
-[API 참고 문서](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2#ClusterConfiguration)에서 확인해 볼 수 있다.
+[API 참고 문서](/docs/reference/config-api/kubeadm-config.v1beta2/)에서 확인해 볼 수 있다.
{{< note >}}
`kubeadm config print init-defaults`를 실행하고 원하는 파일에 출력을 저장하여 기본값인 `ClusterConfiguration` 오브젝트를 생성할 수 있다.
@@ -34,9 +35,9 @@ kubeadm의 `ClusterConfiguration` 오브젝트는 API 서버, 컨트롤러매니
## APIServer 플래그
-자세한 내용은 [kube-apiserver에 대한 참고 문서](/docs/reference/command-line-tools-reference/kube-apiserver/)를 확인한다.
+자세한 내용은 [kube-apiserver 레퍼런스 문서](/docs/reference/command-line-tools-reference/kube-apiserver/)를 확인한다.
-사용 예:
+예시:
```yaml
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
@@ -51,9 +52,9 @@ apiServer:
## 컨트롤러매니저 플래그
-자세한 내용은 [kube-controller-manager에 대한 참고 문서](/docs/reference/command-line-tools-reference/kube-controller-manager/)를 확인한다.
+자세한 내용은 [kube-controller-manager 레퍼런스 문서](/docs/reference/command-line-tools-reference/kube-controller-manager/)를 확인한다.
-사용 예:
+예시:
```yaml
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
@@ -67,9 +68,9 @@ controllerManager:
## 스케줄러 플래그
-자세한 내용은 [kube-scheduler에 대한 참고 문서](/docs/reference/command-line-tools-reference/kube-scheduler/)를 확인한다.
+자세한 내용은 [kube-scheduler 레퍼런스 문서](/docs/reference/command-line-tools-reference/kube-scheduler/)를 확인한다.
-사용 예:
+예시:
```yaml
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
diff --git a/content/ko/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/ko/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
index a7ce213fda..6f50124f8d 100644
--- a/content/ko/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
+++ b/content/ko/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
@@ -169,7 +169,7 @@ kubeadm은 `kubelet` 또는 `kubectl` 을 설치하거나 관리하지 **않으
버전 차이에 대한 자세한 내용은 다음을 참고한다.
-* 쿠버네티스 [버전 및 버전-차이 정책](/docs/setup/release/version-skew-policy/)
+* 쿠버네티스 [버전 및 버전-차이 정책](/ko/releases/version-skew-policy/)
* Kubeadm 관련 [버전 차이 정책](/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#version-skew-policy)
{{< tabs name="k8s_install" >}}
diff --git a/content/ko/docs/setup/production-environment/turnkey-solutions.md b/content/ko/docs/setup/production-environment/turnkey-solutions.md
new file mode 100644
index 0000000000..2feb5de30a
--- /dev/null
+++ b/content/ko/docs/setup/production-environment/turnkey-solutions.md
@@ -0,0 +1,14 @@
+---
+title: 턴키 클라우드 솔루션
+content_type: concept
+weight: 30
+---
+
+
+이 페이지는 인증된 쿠버네티스 솔루션 제공자 목록을 제공한다. 각 제공자
+페이지를 통해서, 프로덕션에 준비된 클러스터를 설치 및 설정하는 방법을
+학습할 수 있다.
+
+
+
+{{< cncf-landscape helpers=true category="certified-kubernetes-hosted" >}}
diff --git a/content/ko/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md b/content/ko/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md
index eb48f3f65d..67db901778 100644
--- a/content/ko/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md
+++ b/content/ko/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md
@@ -84,7 +84,7 @@ weight: 65
단계별 지침을 제공한다. 이 가이드에는 클러스터 노드와 함께 사용자 애플리케이션을
업그레이드하기 위한 권장 업그레이드 절차가 포함된다.
윈도우 노드는 현재 리눅스 노드와 동일한 방식으로 쿠버네티스
-[버전-스큐(skew) 정책](/ko/docs/setup/release/version-skew-policy/)(노드 대 컨트롤 플레인
+[버전-차이(skew) 정책](/ko/releases/version-skew-policy/)(노드 대 컨트롤 플레인
버전 관리)을 준수한다.
@@ -102,6 +102,8 @@ weight: 65
Microsoft는 `mcr.microsoft.com/oss/kubernetes/pause:3.4.1`에서
윈도우 퍼즈 인프라 컨테이너를 유지한다.
+이외에도 `k8s.gcr.io/pause:3.5`를 통해 쿠버네티스에서 관리하는 다중 아키텍처 이미지를
+사용할 수도 있는데, 이 이미지는 리눅스와 윈도우를 모두 지원한다.
#### 컴퓨트
@@ -809,7 +811,7 @@ DNS, 라우트, 메트릭과 같은 많은 구성은 리눅스에서와 같이 /
1. [BitLocker](https://docs.microsoft.com/ko-kr/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server)를
사용한 볼륨-레벨 암호화를 사용한다.
-[RunAsUsername](/ko/docs/tasks/configure-pod-container/configure-runasusername)은
+[RunAsUsername](/ko/docs/tasks/configure-pod-container/configure-runasusername/)은
컨테이너 프로세스를 노드 기본 사용자로 실행하기 위해 윈도우 파드 또는
컨테이너에 지정할 수 있다. 이것은
[RunAsUser](/ko/docs/concepts/policy/pod-security-policy/#사용자-및-그룹)와 거의 동일하다.
diff --git a/content/ko/docs/setup/production-environment/windows/user-guide-windows-containers.md b/content/ko/docs/setup/production-environment/windows/user-guide-windows-containers.md
index aabc838ea5..5c3d52e475 100644
--- a/content/ko/docs/setup/production-environment/windows/user-guide-windows-containers.md
+++ b/content/ko/docs/setup/production-environment/windows/user-guide-windows-containers.md
@@ -6,7 +6,8 @@ weight: 75
-많은 조직에서 실행하는 서비스와 애플리케이션의 상당 부분이 윈도우 애플리케이션으로 구성된다. 이 가이드는 쿠버네티스에서 윈도우 컨테이너를 구성하고 배포하는 단계를 안내한다.
+많은 조직에서 실행하는 서비스와 애플리케이션의 상당 부분이 윈도우 애플리케이션으로 구성된다.
+이 가이드는 쿠버네티스에서 윈도우 컨테이너를 구성하고 배포하는 단계를 안내한다.
@@ -19,12 +20,18 @@ weight: 75
## 시작하기 전에
-* [윈도우 서버에서 운영하는 마스터와 워커 노드](/ko/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes)를 포함한 쿠버네티스 클러스터를 생성한다.
-* 쿠버네티스에서 서비스와 워크로드를 생성하고 배포하는 것은 리눅스나 윈도우 컨테이너 모두 비슷한 방식이라는 것이 중요하다. [Kubectl 커맨드](/ko/docs/reference/kubectl/overview/)로 클러스터에 접속하는 것은 동일하다. 아래 단원의 예시는 윈도우 컨테이너를 경험하기 위해 제공한다.
+* [윈도우 서버에서 운영하는 마스터와 워커 노드](/ko/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes)를
+포함한 쿠버네티스 클러스터를 생성한다.
+* 쿠버네티스에서 서비스와 워크로드를 생성하고 배포하는 것은 리눅스나 윈도우 컨테이너
+모두 비슷한 방식이라는 것이 중요하다.
+[Kubectl 커맨드](/ko/docs/reference/kubectl/overview/)로 클러스터에 접속하는 것은 동일하다.
+아래 단원의 예시를 통해 윈도우 컨테이너와 좀 더 빨리 친숙해질 수 있다.
## 시작하기: 윈도우 컨테이너 배포하기
-쿠버네티스에서 윈도우 컨테이너를 배포하려면, 먼저 예시 애플리케이션을 생성해야 한다. 아래 예시 YAML 파일은 간단한 웹서버 애플리케이션을 생성한다. 아래 내용으로 채운 서비스 스펙을 `win-webserver.yaml`로 생성하자.
+쿠버네티스에서 윈도우 컨테이너를 배포하려면, 먼저 예시 애플리케이션을 생성해야 한다.
+아래 예시 YAML 파일은 간단한 웹서버 애플리케이션을 생성한다.
+아래 내용으로 채운 서비스 스펙을 `win-webserver.yaml`로 생성하자.
```yaml
apiVersion: v1
@@ -71,7 +78,8 @@ spec:
```
{{< note >}}
-포트 매핑도 지원하지만, 간략한 예시를 위해 컨테이너 포트 80을 직접 서비스로 노출한다.
+포트 매핑도 지원하지만, 간략한 예시를 위해
+컨테이너 포트 80을 직접 서비스로 노출한다.
{{< /note >}}
1. 모든 노드가 건강한지 확인한다.
@@ -91,53 +99,87 @@ spec:
1. 이 디플로이먼트가 성공적인지 확인한다. 다음을 검토하자.
- * 윈도우 노드에 파드당 두 컨테이너, `docker ps`를 사용한다.
- * 리눅스 마스터에서 나열된 두 파드, `kubectl get pods`를 사용한다.
- * 네트워크를 통한 노드에서 파드 간에 통신, 리눅스 마스터에서 `curl`을 파드 IP 주소의 80 포트로 실행하여 웹 서버 응답을 확인한다.
- * 파드와 파드 간에 통신, `docker exec` 나 `kubectl exec`를 이용해 파드 간에 핑(ping)한다(윈도우 노드를 여럿가지고 있다면 호스트를 달리하며).
- * 서비스와 파드 간에 통신, 리눅스 마스터와 독립 파드에서 `curl`을 가상 서비스 IP 주소(`kubectl get services`로 보여지는)로 실행한다.
- * 서비스 검색(discovery), 쿠버네티스 [기본 DNS 접미사](/ko/docs/concepts/services-networking/dns-pod-service/#서비스)와 서비스 이름으로 `curl`을 실행한다.
- * 인바운드 연결, 클러스터 외부 장비나 리눅스 마스터에서 NodePort로 `curl`을 실행한다.
- * 아웃바운드 연결, `kubectl exec`를 이용해서 파드에서 외부 IP 주소로 `curl`을 실행한다.
+ * 윈도우 노드에 파드당 두 컨테이너가 존재하는지 확인하려면, `docker ps`를 사용한다.
+ * 리눅스 마스터에서 나열된 두 파드가 존재하는지 확인하려면, `kubectl get pods`를 사용한다.
+ * 네트워크를 통한 노드에서 파드로의 통신이 되는지 확인하려면, 리눅스 마스터에서 `curl`을
+ 파드 IP 주소의 80 포트로 실행하여 웹 서버 응답을 확인한다.
+ * 파드 간 통신이 되는지 확인하려면, `docker exec` 나 `kubectl exec`를 이용해 파드 간에
+ 핑(ping)한다(윈도우 노드가 2대 이상이라면, 서로 다른 노드에 있는 파드 간 통신도 확인할 수 있다).
+ * 서비스에서 파드로의 통신이 되는지 확인하려면, 리눅스 마스터와 독립 파드에서 `curl`을 가상 서비스
+ IP 주소(`kubectl get services`로 볼 수 있는)로 실행한다.
+ * 서비스 검색(discovery)이 되는지 확인하려면, 쿠버네티스 [기본 DNS 접미사](/ko/docs/concepts/services-networking/dns-pod-service/#서비스)와 서비스 이름으로 `curl`을 실행한다.
+ * 인바운드 연결이 되는지 확인하려면, 클러스터 외부 장비나 리눅스 마스터에서 NodePort로 `curl`을 실행한다.
+ * 아웃바운드 연결이 되는지 확인하려면, `kubectl exec`를 이용해서 파드에서 외부 IP 주소로 `curl`을 실행한다.
{{< note >}}
-윈도우 컨테이너 호스트는 현재 윈도우 네트워킹 스택의 플랫폼 제한으로 인해, 그 안에서 스케줄링하는 서비스의 IP 주소로 접근할 수 없다. 윈도우 파드만 서비스 IP 주소로 접근할 수 있다.
+윈도우 컨테이너 호스트는 현재 윈도우 네트워킹 스택의 플랫폼 제한으로 인해, 그 안에서 스케줄링하는 서비스의 IP 주소로 접근할 수 없다.
+윈도우 파드만 서비스 IP 주소로 접근할 수 있다.
{{< /note >}}
## 가시성
### 워크로드에서 로그 캡쳐하기
-로그는 가시성의 중요한 요소이다. 로그는 사용자가 워크로드의 운영측면을 파악할 수 있도록 하며 문제 해결의 핵심 요소이다. 윈도우 컨테이너와 워크로드 내의 윈도우 컨테이너가 리눅스 컨테이너와는 다르게 동작하기 때문에, 사용자가 로그를 수집하는 데 어려움을 겪었기에 운영 가시성이 제한되었다. 예를 들어 윈도우 워크로드는 일반적으로 ETW(Event Tracing for Windows)에 로그인하거나 애플리케이션 이벤트 로그에 항목을 푸시하도록 구성한다. Microsoft의 오픈 소스 도구인 [LogMonitor](https://github.com/microsoft/windows-container-tools/tree/master/LogMonitor)는 윈도우 컨테이너 안에 구성된 로그 소스를 모니터링하는 권장하는 방법이다. LogMonitor는 이벤트 로그, ETW 공급자 그리고 사용자 정의 애플리케이션 로그 모니터링을 지원하고 `kubectl logs ` 에 의한 사용을 위해 STDOUT으로 파이프한다.
+로그는 가시성의 중요한 요소이다. 로그는 사용자가 워크로드의 운영측면을
+파악할 수 있도록 하며 문제 해결의 핵심 요소이다.
+윈도우 컨테이너, 그리고 윈도우 컨테이너 내의 워크로드는 리눅스 컨테이너와는 다르게 동작하기 때문에,
+사용자가 로그를 수집하기 어려웠고 이로 인해 운영 가시성이 제한되어 왔다.
+예를 들어 윈도우 워크로드는 일반적으로 ETW(Event Tracing for Windows)에 로그인하거나
+애플리케이션 이벤트 로그에 항목을 푸시하도록 구성한다.
+Microsoft의 오픈 소스 도구인 [LogMonitor](https://github.com/microsoft/windows-container-tools/tree/master/LogMonitor)는
+윈도우 컨테이너 안에 구성된 로그 소스를 모니터링하는 권장하는 방법이다.
+LogMonitor는 이벤트 로그, ETW 공급자 그리고 사용자 정의 애플리케이션 로그 모니터링을 지원하고
+`kubectl logs ` 에 의한 사용을 위해 STDOUT으로 파이프한다.
-LogMonitor Github 페이지의 지침에 따라 모든 컨테이너 바이너리와 설정 파일을 복사하고, LogMonitor에 필요한 입력 지점을 추가해서 로그를 STDOUT으로 푸시한다.
+LogMonitor GitHub 페이지의 지침에 따라 모든 컨테이너 바이너리와 설정 파일을 복사하고,
+LogMonitor가 로그를 STDOUT으로 푸시할 수 있도록 필요한 엔트리포인트를 추가한다.
## 설정 가능한 컨테이너 username 사용하기
-쿠버네티스 v1.16 부터, 윈도우 컨테이너는 이미지 기본 값과는 다른 username으로 엔트리포인트와 프로세스를 실행하도록 설정할 수 있다. 이 방식은 리눅스 컨테이너에서 지원되는 방식과는 조금 차이가 있다. [여기](/docs/tasks/configure-pod-container/configure-runasusername/)에서 이에 대해 추가적으로 배울 수 있다.
+쿠버네티스 v1.16 부터, 윈도우 컨테이너는 이미지 기본 값과는 다른 username으로 엔트리포인트와 프로세스를
+실행하도록 설정할 수 있다.
+이 방식은 리눅스 컨테이너에서 지원되는 방식과는 조금 차이가 있다.
+[여기](/ko/docs/tasks/configure-pod-container/configure-runasusername/)에서 이에 대해 추가적으로 배울 수 있다.
## 그룹 매니지드 서비스 어카운트를 이용하여 워크로드 신원 관리하기
-쿠버네티스 v1.14부터 윈도우 컨테이너 워크로드는 그룹 매니지드 서비스 어카운트(GMSA, Group Managed Service Account)를 이용하여 구성할 수 있다. 그룹 매니지드 서비스 어카운트는 액티브 디렉터리 어카운트의 특정한 종류로 자동 암호 관리 기능, 단순화된 서비스 주체 이름(SPN, simplified service principal name), 여러 서버의 다른 관리자에게 관리를 위임하는 기능을 제공한다. GMSA로 구성한 컨테이너는 GMSA로 구성된 신원을 들고 있는 동안 외부 액티브 디렉터리 도메인 리소스를 접근할 수 있다. 윈도우 컨테이너를 위한 GMSA를 이용하고 구성하는 방법은 [여기](/docs/tasks/configure-pod-container/configure-gmsa/)에서 알아보자.
+쿠버네티스 v1.14부터 윈도우 컨테이너 워크로드는 그룹 매니지드 서비스 어카운트(GMSA, Group Managed Service Account)를 이용하여 구성할 수 있다.
+그룹 매니지드 서비스 어카운트는 액티브 디렉터리 어카운트의 특정한 종류로 자동 암호 관리 기능,
+단순화된 서비스 주체 이름(SPN, simplified service principal name), 여러 서버의 다른 관리자에게 관리를 위임하는 기능을 제공한다.
+GMSA로 구성한 컨테이너는 GMSA로 구성된 신원을 들고 있는 동안 외부 액티브 디렉터리 도메인 리소스를 접근할 수 있다.
+윈도우 컨테이너를 위한 GMSA를 이용하고 구성하는 방법은 [여기](/docs/tasks/configure-pod-container/configure-gmsa/)에서 알아보자.
## 테인트(Taint)와 톨러레이션(Toleration)
-오늘날 사용자는 리눅스와 윈도우 워크로드를 특정 OS 노드별로 보존하기 위해 테인트와 노드 셀렉터(nodeSelector)의 조합을 이용해야 한다. 이것은 윈도우 사용자에게만 부담을 줄 것으로 보인다. 아래는 권장되는 방식의 개요인데, 이것의 주요 목표 중에 하나는 이 방식이 기존 리눅스 워크로드와 호환되어야 한다는 것이다.
+오늘날 사용자는 리눅스와 윈도우 워크로드를 (동일한 OS를 실행하는) 적절한 노드에 할당되도록 하기 위해 테인트와
+노드셀렉터(nodeSelector)의 조합을 이용해야 한다.
+이것은 윈도우 사용자에게만 부담을 줄 것으로 보인다. 아래는 권장되는 방식의 개요인데,
+이것의 주요 목표 중에 하나는 이 방식이 기존 리눅스 워크로드와 호환되어야 한다는 것이다.
### 특정 OS 워크로드를 적절한 컨테이너 호스트에서 처리하도록 보장하기
-사용자는 윈도우 컨테이너가 테인트와 톨러레이션을 이용해서 적절한 호스트에서 스케줄링되기를 보장할 수 있다. 오늘날 모든 쿠버네티스 노드는 다음 기본 레이블을 가지고 있다.
+사용자는 테인트와 톨러레이션을 이용하여 윈도우 컨테이너가 적절한 호스트에서 스케줄링되기를 보장할 수 있다.
+오늘날 모든 쿠버네티스 노드는 다음 기본 레이블을 가지고 있다.
* kubernetes.io/os = [windows|linux]
* kubernetes.io/arch = [amd64|arm64|...]
-파드 사양에 노드 셀렉터를 `"kubernetes.io/os": windows`와 같이 지정하지 않았다면, 그 파드는 리눅스나 윈도우, 아무 호스트에나 스케줄링될 수 있다. 윈도우 컨테이너는 윈도우에서만 운영될 수 있고 리눅스 컨테이너는 리눅스에서만 운영될 수 있기 때문에 이는 문제를 일으킬 수 있다. 가장 좋은 방법은 노드 셀렉터를 사용하는 것이다.
+파드 사양에 노드 셀렉터를 `"kubernetes.io/os": windows`와 같이 지정하지 않았다면,
+그 파드는 리눅스나 윈도우, 아무 호스트에나 스케줄링될 수 있다.
+윈도우 컨테이너는 윈도우에서만 운영될 수 있고 리눅스 컨테이너는 리눅스에서만 운영될 수 있기 때문에 이는 문제를 일으킬 수 있다.
+가장 좋은 방법은 노드 셀렉터를 사용하는 것이다.
-그러나 많은 경우 사용자는 이미 존재하는 대량의 리눅스 컨테이너용 디플로이먼트를 가지고 있을 뿐만 아니라, 헬름(Helm) 차트 커뮤니티 같은 상용 구성의 에코시스템이나, 오퍼레이터(Operator) 같은 프로그래밍 방식의 파드 생성 사례가 있음을 알고 있다. 이런 상황에서는 노드 셀렉터를 추가하는 구성 변경을 망설일 수 있다. 이에 대한 대안은 테인트를 사용하는 것이다. Kubelet은 등록하는 동안 테인트를 설정할 수 있기 때문에, 윈도우에서만 운영할 때에 자동으로 테인트를 추가하기 쉽다.
+그러나 많은 경우 사용자는 이미 존재하는 대량의 리눅스 컨테이너용 디플로이먼트를 가지고 있을 뿐만 아니라,
+헬름(Helm) 차트 커뮤니티 같은 상용 구성의 에코시스템이나, 오퍼레이터(Operator) 같은 프로그래밍 방식의 파드 생성 사례가 있음을 알고 있다.
+이런 상황에서는 노드 셀렉터를 추가하는 구성 변경을 망설일 수 있다.
+이에 대한 대안은 테인트를 사용하는 것이다. Kubelet은 등록하는 동안 테인트를 설정할 수 있기 때문에,
+윈도우에서만 운영할 때에 자동으로 테인트를 추가하기 쉽다.
예를 들면, `--register-with-taints='os=windows:NoSchedule'`
-모든 윈도우 노드에 테인트를 추가하여 아무 것도 거기에 스케줄링하지 않게 될 것이다(존재하는 리눅스 파드를 포함하여). 윈도우 파드가 윈도우 노드에 스케줄링되려면, 윈도우를 선택하기 위한 노드 셀렉터 및 적합하게 일치하는 톨러레이션이 모두 필요하다.
+모든 윈도우 노드에 테인트를 추가하여 아무 것도 거기에 스케줄링하지 않게 될 것이다(존재하는 리눅스 파드를 포함하여).
+윈도우 파드가 윈도우 노드에 스케줄링되려면,
+윈도우를 선택하기 위한 노드 셀렉터 및 적합하게 일치하는 톨러레이션이 모두 필요하다.
```yaml
nodeSelector:
@@ -152,14 +194,14 @@ tolerations:
### 동일 클러스터에서 여러 윈도우 버전을 조작하는 방법
-파드에서 사용하는 윈도우 서버 버전은 노드 버전과 일치해야 한다. 만약 동일한 클러스터에서 여러 윈도우
-서버 버전을 사용하려면, 추가로 노드 레이블과 nodeSelectors를 설정해야만 한다.
+파드에서 사용하는 윈도우 서버 버전은 노드의 윈도우 서버 버전과 일치해야 한다. 만약 동일한 클러스터에서 여러 윈도우
+서버 버전을 사용하려면, 추가로 노드 레이블과 nodeSelectors를 설정해야 한다.
-쿠버네티스 1.17은 이것을 단순화하기 위해 새로운 레이블인 `node.kubernetes.io/windows-build` 를 자동으로 추가 한다. 만약 이전 버전을
-실행 중인 경우 이 레이블을 윈도우 노드에 수동으로 추가하는 것을 권장한다.
+쿠버네티스 1.17은 이것을 단순화하기 위해 새로운 레이블인 `node.kubernetes.io/windows-build` 를 자동으로 추가한다.
+만약 이전 버전을 실행 중인 경우, 이 레이블을 윈도우 노드에 수동으로 추가하는 것을 권장한다.
-이 레이블은 호환성을 일치해야 하는 윈도우 메이저, 마이너 및 빌드 번호를 나타낸다. 여기에 현재
-사용하는 각 윈도우 서버 버전이 있다.
+이 레이블은 호환성을 위해 일치시켜야 하는 윈도우 메이저, 마이너 및 빌드 번호를 나타낸다.
+각 윈도우 서버 버전에 대해 현재 사용하고 있는 빌드 번호는 다음과 같다.
| 제품 이름 | 빌드 번호 |
|--------------------------------------|------------------------|
@@ -170,11 +212,12 @@ tolerations:
### RuntimeClass로 단순화
-[RuntimeClass] 를 사용해서 테인트(taint)와 톨러레이션(toleration)을 사용하는 프로세스를 간소화 할 수 있다. 클러스터 관리자는
-이 테인트와 톨러레이션을 캡슐화하는데 사용되는 `RuntimeClass` 오브젝트를 생성할 수 있다.
+[런타임클래스(RuntimeClass)](/ko/docs/concepts/containers/runtime-class/)를 사용해서 테인트(taint)와 톨러레이션(toleration)을 사용하는 프로세스를 간소화 할 수 있다.
+클러스터 관리자는 이 테인트와 톨러레이션을 캡슐화하는 데 사용되는 `RuntimeClass` 오브젝트를 생성할 수 있다.
-1. 이 파일을 `runtimeClasses.yml` 로 저장한다. 여기에는 윈도우 OS, 아키텍처 및 버전에 적합한 `nodeSelector` 가 포함되었다.
+1. 이 파일을 `runtimeClasses.yml` 로 저장한다. 여기에는 윈도우 OS,
+아키텍처 및 버전에 적합한 `nodeSelector` 가 포함되어 있다.
```yaml
apiVersion: node.k8s.io/v1
diff --git a/content/ko/docs/tasks/access-application-cluster/_index.md b/content/ko/docs/tasks/access-application-cluster/_index.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md b/content/ko/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md
index 477e310943..b3997580f2 100644
--- a/content/ko/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md
+++ b/content/ko/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md
@@ -7,7 +7,6 @@ card:
weight: 40
---
-
이 페이지에서는 구성 파일을 사용하여 다수의 클러스터에 접근할 수 있도록
@@ -22,19 +21,21 @@ card:
{{< /note >}}
+{{< warning >}}
+신뢰할 수 있는 소스의 kubeconfig 파일만 사용해야 한다. 특수 제작된 kubeconfig 파일은 악성코드를 실행하거나 파일을 노출시킬 수 있다.
+신뢰할 수 없는 kubeconfig 파일을 꼭 사용해야 한다면, 셸 스크립트를 사용하는 경우처럼 신중한 검사가 선행되어야 한다.
+{{< /warning>}}
+
## {{% heading "prerequisites" %}}
-
{{< include "task-tutorial-prereqs.md" >}}
{{< glossary_tooltip text="kubectl" term_id="kubectl" >}}이 설치되었는지 확인하려면,
`kubectl version --client`을 실행한다. kubectl 버전은 클러스터의 API 서버 버전과
-[마이너 버전 하나 차이 이내](/ko/docs/setup/release/version-skew-policy/#kubectl)여야
+[마이너 버전 하나 차이 이내](/ko/releases/version-skew-policy/#kubectl)여야
한다.
-
-
## 클러스터, 사용자, 컨텍스트 정의
@@ -49,7 +50,7 @@ scratch 클러스터에 접근하려면 사용자네임과 패스워드로 인
`config-exercise`라는 디렉터리를 생성한다. `config-exercise` 디렉터리에
다음 내용을 가진 `config-demo`라는 파일을 생성한다.
-```shell
+```yaml
apiVersion: v1
kind: Config
preferences: {}
@@ -114,7 +115,7 @@ kubectl config --kubeconfig=config-demo view
두 클러스터, 두 사용자, 세 컨텍스트들이 출력 결과로 나온다.
-```shell
+```yaml
apiVersion: v1
clusters:
- cluster:
@@ -186,7 +187,7 @@ kubectl config --kubeconfig=config-demo view --minify
`dev-frontend` 컨텍스트에 관련된 구성 정보가 출력 결과로 표시될 것이다.
-```shell
+```yaml
apiVersion: v1
clusters:
- cluster:
@@ -238,7 +239,6 @@ kubectl config --kubeconfig=config-demo use-context dev-storage
현재 컨텍스트인 `dev-storage`에 관련된 설정을 보자.
-
```shell
kubectl config --kubeconfig=config-demo view --minify
```
@@ -247,7 +247,7 @@ kubectl config --kubeconfig=config-demo view --minify
`config-exercise` 디렉터리에서 다음 내용으로 `config-demo-2`라는 파일을 생성한다.
-```shell
+```yaml
apiVersion: v1
kind: Config
preferences: {}
@@ -269,13 +269,17 @@ contexts:
예:
### 리눅스
+
```shell
-export KUBECONFIG_SAVED=$KUBECONFIG
+export KUBECONFIG_SAVED=$KUBECONFIG
```
+
### 윈도우 PowerShell
-```shell
+
+```powershell
$Env:KUBECONFIG_SAVED=$ENV:KUBECONFIG
```
+
`KUBECONFIG` 환경 변수는 구성 파일들의 경로의 리스트이다. 이 리스트는
리눅스와 Mac에서는 콜론으로 구분되며 윈도우에서는 세미콜론으로 구분된다.
`KUBECONFIG` 환경 변수를 가지고 있다면, 리스트에 포함된 구성 파일들에
@@ -284,11 +288,14 @@ $Env:KUBECONFIG_SAVED=$ENV:KUBECONFIG
다음 예와 같이 임시로 `KUBECONFIG` 환경 변수에 두 개의 경로들을 덧붙여보자.
### 리눅스
+
```shell
-export KUBECONFIG=$KUBECONFIG:config-demo:config-demo-2
+export KUBECONFIG=$KUBECONFIG:config-demo:config-demo-2
```
+
### 윈도우 PowerShell
-```shell
+
+```powershell
$Env:KUBECONFIG=("config-demo;config-demo-2")
```
@@ -303,7 +310,7 @@ kubectl config view
컨텍스트와 `config-demo` 파일의 세 개의 컨텍스트들을
가지고 있다는 것에 주목하길 바란다.
-```shell
+```yaml
contexts:
- context:
cluster: development
@@ -347,12 +354,15 @@ kubeconfig 파일들을 어떻게 병합하는지에 대한 상세정보는
예:
### 리눅스
+
```shell
export KUBECONFIG=$KUBECONFIG:$HOME/.kube/config
```
+
### 윈도우 Powershell
-```shell
- $Env:KUBECONFIG="$Env:KUBECONFIG;$HOME\.kube\config"
+
+```powershell
+$Env:KUBECONFIG="$Env:KUBECONFIG;$HOME\.kube\config"
```
이제 `KUBECONFIG` 환경 변수에 리스트에 포함된 모든 파일들이 합쳐진 구성 정보를 보자.
@@ -367,19 +377,18 @@ kubectl config view
`KUBECONFIG` 환경 변수를 원래 값으로 되돌려 놓자. 예를 들면:
### 리눅스
+
```shell
export KUBECONFIG=$KUBECONFIG_SAVED
```
### 윈도우 PowerShell
-```shell
- $Env:KUBECONFIG=$ENV:KUBECONFIG_SAVED
+
+```powershell
+$Env:KUBECONFIG=$ENV:KUBECONFIG_SAVED
```
-
-
## {{% heading "whatsnext" %}}
-
* [kubeconfig 파일을 사용하여 클러스터 접근 구성하기](/ko/docs/concepts/configuration/organize-cluster-access-kubeconfig/)
* [kubectl config](/docs/reference/generated/kubectl/kubectl-commands#config)
diff --git a/content/ko/docs/tasks/access-application-cluster/connecting-frontend-backend.md b/content/ko/docs/tasks/access-application-cluster/connecting-frontend-backend.md
index 488ea59ff6..11afa655e8 100644
--- a/content/ko/docs/tasks/access-application-cluster/connecting-frontend-backend.md
+++ b/content/ko/docs/tasks/access-application-cluster/connecting-frontend-backend.md
@@ -220,4 +220,4 @@ kubectl delete deployment frontend backend
* [서비스](/ko/docs/concepts/services-networking/service/)에 대해 더 알아본다.
* [컨피그맵](/docs/tasks/configure-pod-container/configure-pod-configmap/)에 대해 더 알아본다.
-* [서비스와 파드용 DNS](/docs/concepts/services-networking/dns-pod-service/)에 대해 더 알아본다.
+* [서비스와 파드용 DNS](/ko/docs/concepts/services-networking/dns-pod-service/)에 대해 더 알아본다.
diff --git a/content/ko/docs/tasks/access-application-cluster/list-all-running-container-images.md b/content/ko/docs/tasks/access-application-cluster/list-all-running-container-images.md
index 77f5f5d635..f777d192cd 100644
--- a/content/ko/docs/tasks/access-application-cluster/list-all-running-container-images.md
+++ b/content/ko/docs/tasks/access-application-cluster/list-all-running-container-images.md
@@ -22,7 +22,7 @@ weight: 100
## 모든 네임스페이스의 모든 컨테이너 이미지 가져오기
- `kubectl get pods --all-namespaces` 를 사용하여 모든 네임스페이스의 모든 파드 정보를 가져온다.
-- 컨테이너 이미지 이름만 출력하기 위해 `-o jsonpath={..image}` 를 사용한다.
+- 컨테이너 이미지 이름만 출력하기 위해 `-o jsonpath={.items[*].spec.containers[*].image}` 를 사용한다.
이 명령어는 결과값으로 받은 json을 반복적으로 파싱하여,
`image` 필드만을 출력한다.
- jsonpath를 사용하는 방법에 대해 더 많은 정보를 얻고 싶다면
@@ -33,7 +33,7 @@ weight: 100
- `uniq` 를 사용하여 이미지 개수를 합산한다.
```shell
-kubectl get pods --all-namespaces -o jsonpath="{..image}" |\
+kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].image}" |\
tr -s '[[:space:]]' '\n' |\
sort |\
uniq -c
@@ -80,7 +80,7 @@ sort
명령어 결과값은 `app=nginx` 레이블에 일치하는 파드만 출력한다.
```shell
-kubectl get pods --all-namespaces -o=jsonpath="{..image}" -l app=nginx
+kubectl get pods --all-namespaces -o=jsonpath="{.items[*].spec.containers[*].image}" -l app=nginx
```
## 파드 네임스페이스로 필터링된 컨테이너 이미지 목록 보기
@@ -89,7 +89,7 @@ kubectl get pods --all-namespaces -o=jsonpath="{..image}" -l app=nginx
아래의 명령어 결과값은 `kube-system` 네임스페이스에 있는 파드만 출력한다.
```shell
-kubectl get pods --namespace kube-system -o jsonpath="{..image}"
+kubectl get pods --namespace kube-system -o jsonpath="{.items[*].spec.containers[*].image}"
```
## jsonpath 대신 Go 템플릿을 사용하여 컨테이너 이미지 목록 보기
diff --git a/content/ko/docs/tasks/administer-cluster/_index.md b/content/ko/docs/tasks/administer-cluster/_index.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/tasks/administer-cluster/certificates.md b/content/ko/docs/tasks/administer-cluster/certificates.md
index 8c8f6a148b..076f09faf4 100644
--- a/content/ko/docs/tasks/administer-cluster/certificates.md
+++ b/content/ko/docs/tasks/administer-cluster/certificates.md
@@ -116,7 +116,10 @@ weight: 20
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key \
-CAcreateserial -out server.crt -days 10000 \
-extensions v3_ext -extfile csr.conf
-1. 인증서를 본다.
+1. 인증서 서명 요청을 확인한다.
+
+ openssl req -noout -text -in ./server.csr
+1. 인증서를 확인한다.
openssl x509 -noout -text -in ./server.crt
@@ -246,5 +249,5 @@ done.
## 인증서 API
`certificates.k8s.io` API를 사용해서
-[여기](/docs/tasks/tls/managing-tls-in-a-cluster)에
+[여기](/ko/docs/tasks/tls/managing-tls-in-a-cluster/)에
설명된 대로 인증에 사용할 x509 인증서를 프로비전 할 수 있다.
diff --git a/content/ko/docs/tasks/administer-cluster/declare-network-policy.md b/content/ko/docs/tasks/administer-cluster/declare-network-policy.md
index 2a476d520d..6d4193e63c 100644
--- a/content/ko/docs/tasks/administer-cluster/declare-network-policy.md
+++ b/content/ko/docs/tasks/administer-cluster/declare-network-policy.md
@@ -89,7 +89,7 @@ remote file exists
{{< codenew file="service/networking/nginx-policy.yaml" >}}
네트워크폴리시 오브젝트의 이름은 유효한
-[DNS 서브도메인 이름](/ko/docs/concepts/overview/working-with-objects/names#dns-subdomain-names)이어야 한다.
+[DNS 서브도메인 이름](/ko/docs/concepts/overview/working-with-objects/names/#dns-서브도메인-이름)이어야 한다.
{{< note >}}
네트워크폴리시는 정책이 적용되는 파드의 그룹을 선택하는 `podSelector` 를 포함한다. 사용자는 이 정책이 `app=nginx` 레이블을 갖는 파드를 선택하는 것을 볼 수 있다. 레이블은 `nginx` 디플로이먼트에 있는 파드에 자동으로 추가된다. 빈 `podSelector` 는 네임스페이스의 모든 파드를 선택한다.
diff --git a/content/ko/docs/tasks/administer-cluster/dns-custom-nameservers.md b/content/ko/docs/tasks/administer-cluster/dns-custom-nameservers.md
index 9521bb1ec6..f681bc8778 100644
--- a/content/ko/docs/tasks/administer-cluster/dns-custom-nameservers.md
+++ b/content/ko/docs/tasks/administer-cluster/dns-custom-nameservers.md
@@ -23,7 +23,7 @@ DNS 변환(DNS resolution) 절차를 사용자 정의하는 방법을 설명한
## 소개
-DNS는 _애드온 관리자_ 인 [클러스터 애드온](http://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/README.md)을
+DNS는 _애드온 관리자_ 인 [클러스터 애드온](https://releases.k8s.io/{{< param "githubbranch" >}}/cluster/addons/README.md)을
사용하여 자동으로 시작되는 쿠버네티스
내장 서비스이다.
diff --git a/content/ko/docs/tasks/administer-cluster/enable-disable-api.md b/content/ko/docs/tasks/administer-cluster/enable-disable-api.md
new file mode 100644
index 0000000000..202035c291
--- /dev/null
+++ b/content/ko/docs/tasks/administer-cluster/enable-disable-api.md
@@ -0,0 +1,29 @@
+---
+title: 쿠버네티스 API 활성화 혹은 비활성화하기
+content_type: task
+---
+
+
+이 페이지는 클러스터 {{< glossary_tooltip text="컨트롤 플레인" term_id="control-plane" >}}의
+특정한 API 버전을 활성화하거나 비활성화하는 방법에 대해 설명한다.
+
+
+
+
+API 서버에 `--runtime-config=api/` 커맨드 라인 인자를 사용함으로서 특정한 API 버전을
+활성화하거나 비활성화할 수 있다. 이 인자에 대한 값으로는 콤마로 구분된 API 버전의 목록을 사용한다.
+뒤쪽에 위치한 값은 앞쪽의 값보다 우선적으로 사용된다.
+
+이 `runtime-config` 커맨드 라인 인자에는 다음의 두 개의 특수 키를 사용할 수도 있다.
+
+- `api/all`: 사용할 수 있는 모든 API를 선택한다.
+- `api/legacy`: 레거시 API만을 선택한다. 여기서 레거시 API란 명시적으로
+ [사용이 중단된](/docs/reference/using-api/deprecation-policy/) 모든 API를 가리킨다.
+
+예를 들어서, v1을 제외한 모든 API 버전을 비활성화하기 위해서는 `kube-apiserver`에
+`--runtime-config=api/all=false,api/v1=true` 인자를 사용한다.
+
+## {{% heading "whatsnext" %}}
+
+`kube-apiserver` 컴포넌트에 대한 더 자세한 내용은 다음의 [문서](/docs/reference/command-line-tools-reference/kube-apiserver/)
+를 참고한다.
diff --git a/content/ko/docs/tasks/administer-cluster/enabling-topology-aware-hints.md b/content/ko/docs/tasks/administer-cluster/enabling-topology-aware-hints.md
new file mode 100644
index 0000000000..c0342fb377
--- /dev/null
+++ b/content/ko/docs/tasks/administer-cluster/enabling-topology-aware-hints.md
@@ -0,0 +1,38 @@
+---
+title: 토폴로지 인지 힌트 활성화하기
+content_type: task
+min-kubernetes-server-version: 1.21
+---
+
+
+{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+
+_토폴로지 인지 힌트_ 는 {{< glossary_tooltip text="엔드포인트슬라이스(EndpointSlices)" term_id="endpoint-slice" >}}에 포함되어 있는
+토폴로지 정보를 이용해 토폴로지 인지 라우팅을 가능하게 한다.
+이 방법은 트래픽을 해당 트래픽이 시작된 곳과 최대한 근접하도록 라우팅하는데,
+이를 통해 비용을 줄이거나 네트워크 성능을 향상시킬 수 있다.
+
+## {{% heading "prerequisites" %}}
+
+ {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+토폴로지 인지 힌트를 활성화하기 위해서는 다음의 필수 구성 요소가 필요하다.
+
+* {{< glossary_tooltip text="kube-proxy" term_id="kube-proxy" >}}가
+ iptables 모드 혹은 IPVS 모드로 동작하도록 설정
+* 엔드포인트슬라이스가 비활성화되지 않았는지 확인
+
+## 토폴로지 인지 힌트 활성화하기
+
+서비스 토폴로지 힌트를 활성화하기 위해서는 kube-apiserver, kube-controller-manager, kube-proxy에 대해
+`TopologyAwareHints` [기능 게이트](/ko/docs/reference/command-line-tools-reference/feature-gates/)를
+활성화한다.
+
+```
+--feature-gates="TopologyAwareHints=true"
+```
+
+## {{% heading "whatsnext" %}}
+
+* 서비스 항목 아래의 [토폴로지 인지 힌트](/docs/concepts/services-networking/topology-aware-hints)를 참고
+* [서비스와 애플리케이션 연결하기](/ko/docs/concepts/services-networking/connect-applications-service/)를 참고
diff --git a/content/ko/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods.md b/content/ko/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods.md
new file mode 100644
index 0000000000..bbc44c94a1
--- /dev/null
+++ b/content/ko/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods.md
@@ -0,0 +1,25 @@
+---
+
+
+
+
+title: 중요한 애드온 파드 스케줄링 보장하기
+content_type: concept
+---
+
+
+
+API 서버, 스케줄러 및 컨트롤러 매니저와 같은 쿠버네티스 주요 컴포넌트들은 컨트롤 플레인 노드에서 동작한다. 반면, 애드온들은 일반 클러스터 노드에서 동작한다.
+이러한 애드온들 중 일부(예: 메트릭 서버, DNS, UI)는 클러스터 전부가 정상적으로 동작하는 데 필수적일 수 있다.
+만약, 필수 애드온이 축출되고(수동 축출, 혹은 업그레이드와 같은 동작으로 인한 의도하지 않은 축출)
+pending 상태가 된다면, 클러스터가 더 이상 제대로 동작하지 않을 수 있다. (사용률이 매우 높은 클러스터에서 해당 애드온이
+축출되자마자 다른 대기중인 파드가 스케줄링되거나 다른 이유로 노드에서 사용할 수 있는 자원량이 줄어들어 pending 상태가 발생할 수 있다)
+
+유의할 점은, 파드를 중요(critical)로 표시하는 것은 축출을 완전히 방지하기 위함이 아니다. 이것은 단지 파드가 영구적으로 사용할 수 없게 되는 것만을 방지하기 위함이다.
+중요로 표시한 스태틱(static) 파드는 축출될 수 없다. 반면, 중요로 표시한 일반적인(non-static) 파드의 경우 항상 다시 스케줄링된다.
+
+
+
+### 파드를 중요(critical)로 표시하기
+
+파드를 중요로 표시하기 위해서는, 해당 파드에 대해 priorityClassName을 `system-cluster-critical`이나 `system-node-critical`로 설정한다. `system-node-critical`은 가장 높은 우선 순위를 가지며, 심지어 `system-cluster-critical`보다도 우선 순위가 높다.
diff --git a/content/ko/docs/tasks/administer-cluster/highly-available-control-plane.md b/content/ko/docs/tasks/administer-cluster/highly-available-control-plane.md
new file mode 100644
index 0000000000..2ee11427f3
--- /dev/null
+++ b/content/ko/docs/tasks/administer-cluster/highly-available-control-plane.md
@@ -0,0 +1,216 @@
+---
+
+
+title: 고가용성 쿠버네티스 클러스터 컨트롤 플레인 설정하기
+content_type: task
+
+---
+
+
+
+{{< feature-state for_k8s_version="v1.5" state="alpha" >}}
+
+구글 컴퓨트 엔진(Google Compute Engine, 이하 GCE)의 `kube-up`이나 `kube-down` 스크립트에 쿠버네티스 컨트롤 플레인 노드를 복제할 수 있다. 하지만 이러한 스크립트들은 프로덕션 용도로 사용하기에 적합하지 않으며, 프로젝트의 CI에서만 주로 사용된다.
+이 문서는 kube-up/down 스크립트를 사용하여 고가용(HA) 컨트롤 플레인을 관리하는 방법과 GCE와 함께 사용하기 위해 HA 컨트롤 플레인을 구현하는 방법에 관해 설명한다.
+
+
+
+
+## {{% heading "prerequisites" %}}
+
+
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+
+
+
+
+
+## HA 호환 클러스터 시작
+
+새 HA 호환 클러스터를 생성하려면, `kube-up` 스크립트에 다음 플래그를 설정해야 한다.
+
+* `MULTIZONE=true` - 서버의 기본 영역(zone)과 다른 영역에서 컨트롤 플레인 kubelet이 제거되지 않도록 한다.
+여러 영역에서 컨트롤 플레인 노드를 실행(권장됨)하려는 경우에 필요하다.
+
+* `ENABLE_ETCD_QUORUM_READ=true` - 모든 API 서버에서 읽은 내용이 최신 데이터를 반환하도록 하기 위한 것이다.
+true인 경우, Etcd의 리더 복제본에서 읽는다.
+이 값을 true로 설정하는 것은 선택 사항이다. 읽기는 더 안정적이지만 느리게 된다.
+
+선택적으로, 첫 번째 컨트롤 플레인 노드가 생성될 GCE 영역을 지정할 수 있다.
+다음 플래그를 설정한다.
+
+* `KUBE_GCE_ZONE=zone` - 첫 번째 컨트롤 플레인 노드가 실행될 영역.
+
+다음 샘플 커맨드는 europe-west1-b GCE 영역에 HA 호환 클러스터를 구성한다.
+
+```shell
+MULTIZONE=true KUBE_GCE_ZONE=europe-west1-b ENABLE_ETCD_QUORUM_READS=true ./cluster/kube-up.sh
+```
+
+위의 커맨드는 하나의 컨트롤 플레인 노드를 포함하는 클러스터를 생성한다.
+그러나 후속 커맨드로 새 컨트롤 플레인 노드를 추가할 수 있다.
+
+## 새 컨트롤 플레인 노드 추가
+
+HA 호환 클러스터를 생성했다면, 여기에 컨트롤 플레인 노드를 추가할 수 있다.
+`kube-up` 스크립트에 다음 플래그를 사용하여 컨트롤 플레인 노드를 추가한다.
+
+* `KUBE_REPLICATE_EXISTING_MASTER=true` - 기존 컨트롤 플레인 노드의 복제본을
+만든다.
+
+* `KUBE_GCE_ZONE=zone` - 컨트롤 플레인 노드가 실행될 영역.
+반드시 다른 컨트롤 플레인 노드가 존재하는 영역과 동일한 지역(region)에 있어야 한다.
+
+HA 호환 클러스터를 시작할 때, 상속되는 `MULTIZONE`이나 `ENABLE_ETCD_QUORUM_READS` 플래그를 따로
+설정할 필요는 없다.
+
+다음 샘플 커맨드는 기존 HA 호환 클러스터에서
+컨트롤 플레인 노드를 복제한다.
+
+```shell
+KUBE_GCE_ZONE=europe-west1-c KUBE_REPLICATE_EXISTING_MASTER=true ./cluster/kube-up.sh
+```
+
+## 컨트롤 플레인 노드 제거
+
+다음 플래그가 있는 `kube-down` 스크립트를 사용하여 HA 클러스터에서 컨트롤 플레인 노드를 제거할 수 있다.
+
+* `KUBE_DELETE_NODES=false` - kubelet을 삭제하지 않기 위한 것이다.
+
+* `KUBE_GCE_ZONE=zone` - 컨트롤 플레인 노드가 제거될 영역.
+
+* `KUBE_REPLICA_NAME=replica_name` - (선택) 제거할 컨트롤 플레인 노드의 이름.
+명시하지 않으면, 해당 영역의 모든 복제본이 제거된다.
+
+다음 샘플 커맨드는 기존 HA 클러스터에서 컨트롤 플레인 노드를 제거한다.
+
+```shell
+KUBE_DELETE_NODES=false KUBE_GCE_ZONE=europe-west1-c ./cluster/kube-down.sh
+```
+
+## 동작에 실패한 컨트롤 플레인 노드 처리
+
+HA 클러스터의 컨트롤 플레인 노드 중 하나가 동작에 실패하면,
+클러스터에서 해당 노드를 제거하고 동일한 영역에 새 컨트롤 플레인
+노드를 추가하는 것이 가장 좋다.
+다음 샘플 커맨드로 이 과정을 시연한다.
+
+1. 손상된 복제본을 제거한다.
+
+```shell
+KUBE_DELETE_NODES=false KUBE_GCE_ZONE=replica_zone KUBE_REPLICA_NAME=replica_name ./cluster/kube-down.sh
+```
+
+
기존 복제본을 대신할 새 노드를 추가한다.
+
+```shell
+KUBE_GCE_ZONE=replica-zone KUBE_REPLICATE_EXISTING_MASTER=true ./cluster/kube-up.sh
+```
+
+## HA 클러스터에서 컨트롤 플레인 노드 복제에 관한 모범 사례
+
+* 다른 영역에 컨트롤 플레인 노드를 배치하도록 한다. 한 영역이 동작에 실패하는 동안,
+해당 영역에 있는 컨트롤 플레인 노드도 모두 동작에 실패할 것이다.
+영역 장애를 극복하기 위해 노드를 여러 영역에 배치한다
+(더 자세한 내용은 [멀티 영역](/ko/docs/setup/best-practices/multiple-zones/)를 참조한다).
+
+* 두 개의 노드로 구성된 컨트롤 플레인은 사용하지 않는다. 두 개의 노드로 구성된
+컨트롤 플레인에서의 합의를 위해서는 지속적 상태(persistent state) 변경 시 두 컨트롤 플레인 노드가 모두 정상적으로 동작 중이어야 한다.
+결과적으로 두 컨트롤 플레인 노드 모두 필요하고, 둘 중 한 컨트롤 플레인 노드에만 장애가 발생해도
+클러스터의 심각한 장애 상태를 초래한다.
+따라서 HA 관점에서는 두 개의 노드로 구성된 컨트롤 플레인은
+단일 노드로 구성된 컨트롤 플레인보다도 못하다.
+
+* 컨트롤 플레인 노드를 추가하면, 클러스터의 상태(Etcd)도 새 인스턴스로 복사된다.
+클러스터가 크면, 이 상태를 복제하는 시간이 오래 걸릴 수 있다.
+이 작업은 [etcd 관리 가이드](https://etcd.io/docs/v2.3/admin_guide/#member-migration)에 기술한 대로
+Etcd 데이터 디렉터리를 마이그레이션하여 속도를 높일 수 있다.
+(향후에 Etcd 데이터 디렉터리 마이그레이션 지원 추가를 고려 중이다)
+
+
+
+
+
+## 구현 지침
+
+
+
+### 개요
+
+각 컨트롤 플레인 노드는 다음 모드에서 다음 구성 요소를 실행한다.
+
+* Etcd 인스턴스: 모든 인스턴스는 합의를 사용하여 함께 클러스터화 한다.
+
+* API 서버: 각 서버는 내부 Etcd와 통신한다. 클러스터의 모든 API 서버가 가용하게 된다.
+
+* 컨트롤러, 스케줄러, 클러스터 오토스케일러: 임대 방식을 이용한다. 각 인스턴스 중 하나만이 클러스터에서 활성화된다.
+
+* 애드온 매니저: 각 매니저는 애드온의 동기화를 유지하려고 독립적으로 작업한다.
+
+또한 API 서버 앞단에 외부/내부 트래픽을 라우팅하는 로드 밸런서가 있을 것이다.
+
+### 로드 밸런싱
+
+두 번째 컨트롤 플레인 노드를 배치할 때, 두 개의 복제본에 대한 로드 밸런서가 생성될 것이고, 첫 번째 복제본의 IP 주소가 로드 밸런서의 IP 주소로 승격된다.
+비슷하게 끝에서 두 번째의 컨트롤 플레인 노드를 제거한 후에는 로드 밸런서가 제거되고
+해당 IP 주소는 마지막으로 남은 복제본에 할당된다.
+로드 밸런서 생성 및 제거는 복잡한 작업이며, 이를 전파하는 데 시간(~20분)이 걸릴 수 있다.
+
+### 컨트롤 플레인 서비스와 Kubelet
+
+쿠버네티스 서비스에서 최신의 쿠버네티스 API 서버 목록을 유지하는 대신,
+시스템은 모든 트래픽을 외부 IP 주소로 보낸다.
+
+* 단일 노드 컨트롤 플레인의 경우, IP 주소는 단일 컨트롤 플레인 노드를 가리킨다.
+
+* 고가용성 컨트롤 플레인의 경우, IP 주소는 컨트롤 플레인 노드 앞의 로드밸런서를 가리킨다.
+
+마찬가지로 Kubelet은 외부 IP 주소를 사용하여 컨트롤 플레인과 통신한다.
+
+### 컨트롤 플레인 노드 인증서
+
+쿠버네티스는 각 컨트롤 플레인 노드의 외부 퍼블릭 IP 주소와 내부 IP 주소를 대상으로 TLS 인증서를 발급한다.
+컨트롤 플레인 노드의 임시 퍼블릭 IP 주소에 대한 인증서는 없다.
+임시 퍼블릭 IP 주소를 통해 컨트롤 플레인 노드에 접근하려면, TLS 검증을 건너뛰어야 한다.
+
+### etcd 클러스터화
+
+etcd를 클러스터로 구축하려면, etcd 인스턴스간 통신에 필요한 포트를 열어야 한다(클러스터 내부 통신용).
+이러한 배포를 안전하게 하기 위해, etcd 인스턴스간의 통신은 SSL을 이용하여 승인한다.
+
+### API 서버 신원
+
+{{< feature-state state="alpha" for_k8s_version="v1.20" >}}
+
+API 서버 식별 기능은
+[기능 게이트](/ko/docs/reference/command-line-tools-reference/feature-gates/)에
+의해 제어되며 기본적으로 활성화되지 않는다.
+{{< glossary_tooltip text="API 서버" term_id="kube-apiserver" >}}
+시작 시 `APIServerIdentity` 라는 기능 게이트를 활성화하여 API 서버 신원을 활성화할 수 있다.
+
+```shell
+kube-apiserver \
+--feature-gates=APIServerIdentity=true \
+ # …다른 플래그는 평소와 같다.
+```
+
+부트스트랩 중에 각 kube-apiserver는 고유한 ID를 자신에게 할당한다. ID는
+`kube-apiserver-{UUID}` 형식이다. 각 kube-apiserver는
+_kube-system_ {{< glossary_tooltip text="네임스페이스" term_id="namespace">}}에
+[임대](/docs/reference/generated/kubernetes-api/{{< param "version" >}}//#lease-v1-coordination-k8s-io)를 생성한다.
+임대 이름은 kube-apiserver의 고유 ID이다. 임대에는
+`k8s.io/component=kube-apiserver` 라는 레이블이 있다. 각 kube-apiserver는
+`IdentityLeaseRenewIntervalSeconds` (기본값은 10초)마다 임대를 새로 갱신한다. 각
+kube-apiserver는 `IdentityLeaseDurationSeconds` (기본값은 3600초)마다
+모든 kube-apiserver 식별 ID 임대를 확인하고,
+`IdentityLeaseDurationSeconds` 이상 갱신되지 않은 임대를 삭제한다.
+`IdentityLeaseRenewIntervalSeconds` 및 `IdentityLeaseDurationSeconds`는
+kube-apiserver 플래그 `identity-lease-renew-interval-seconds`
+및 `identity-lease-duration-seconds`로 구성된다.
+
+이 기능을 활성화하는 것은 HA API 서버 조정과 관련된 기능을
+사용하기 위한 전제조건이다(예: `StorageVersionAPI` 기능 게이트).
+
+## 추가 자료
+
+[자동화된 HA 마스터 배포 - 제안 문서](https://git.k8s.io/community/contributors/design-proposals/cluster-lifecycle/ha_master.md)
diff --git a/content/ko/docs/tasks/administer-cluster/highly-available-master.md b/content/ko/docs/tasks/administer-cluster/highly-available-master.md
deleted file mode 100644
index 76a734bd65..0000000000
--- a/content/ko/docs/tasks/administer-cluster/highly-available-master.md
+++ /dev/null
@@ -1,207 +0,0 @@
----
-reviewers:
-title: 고가용성 쿠버네티스 클러스터 마스터 설정하기
-content_type: task
----
-
-
-
-{{< feature-state for_k8s_version="v1.5" state="alpha" >}}
-
-구글 컴퓨트 엔진(Google Compute Engine, 이하 GCE)의 `kube-up`이나 `kube-down` 스크립트에 쿠버네티스 마스터를 복제할 수 있다.
-이 문서는 kube-up/down 스크립트를 사용하여 고가용(HA) 마스터를 관리하는 방법과 GCE와 함께 사용하기 위해 HA 마스터를 구현하는 방법에 관해 설명한다.
-
-
-
-
-## {{% heading "prerequisites" %}}
-
-
-{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
-
-
-
-
-
-## HA 호환 클러스터 시작
-
-새 HA 호환 클러스터를 생성하려면, `kube-up` 스크립트에 다음 플래그를 설정해야 한다.
-
-* `MULTIZONE=true` - 서버의 기본 존(zone)과 다른 존에서 마스터 복제본의 kubelet이 제거되지 않도록 한다.
-다른 존에서 마스터 복제본을 실행하려는 경우에 권장하고 필요하다.
-
-* `ENABLE_ETCD_QUORUM_READ=true` - 모든 API 서버에서 읽은 내용이 최신 데이터를 반환하도록 하기 위한 것이다.
-true인 경우, Etcd의 리더 복제본에서 읽는다.
-이 값을 true로 설정하는 것은 선택 사항이다. 읽기는 더 안정적이지만 느리게 된다.
-
-선택적으로 첫 번째 마스터 복제본이 생성될 GCE 존을 지정할 수 있다.
-다음 플래그를 설정한다.
-
-* `KUBE_GCE_ZONE=zone` - 첫 마스터 복제본이 실행될 존.
-
-다음 샘플 커맨드는 europe-west1-b GCE 존에 HA 호환 클러스터를 구성한다.
-
-```shell
-MULTIZONE=true KUBE_GCE_ZONE=europe-west1-b ENABLE_ETCD_QUORUM_READS=true ./cluster/kube-up.sh
-```
-
-위에 커맨드는 하나의 마스터로 클러스터를 생성한다.
-그러나 후속 커맨드로 새 마스터 복제본을 추가할 수 있다.
-
-## 새 마스터 복제본 추가
-
-HA 호환 클러스터를 생성한 다음 그것의 마스터 복제본을 추가할 수 있다.
-`kube-up` 스크립트에 다음 플래그를 사용하여 마스터 복제본을 추가한다.
-
-* `KUBE_REPLICATE_EXISTING_MASTER=true` - 기존 마스터의 복제본을
-만든다.
-
-* `KUBE_GCE_ZONE=zone` - 마스터 복제본이 실행될 존.
-반드시 다른 복제본 존과 동일한 존에 있어야 한다.
-
-HA 호환 클러스터를 시작할 때, 상속되는 `MULTIZONE`이나 `ENABLE_ETCD_QUORUM_READS` 플래그를 따로
-설정할 필요는 없다.
-
-다음 샘플 커맨드는 기존 HA 호환 클러스터에서 마스터를 복제한다.
-
-```shell
-KUBE_GCE_ZONE=europe-west1-c KUBE_REPLICATE_EXISTING_MASTER=true ./cluster/kube-up.sh
-```
-
-## 마스터 복제본 제거
-
-다음 플래그가 있는 `kube-down` 스크립트를 사용하여 HA 클러스터에서 마스터 복제본을 제거할 수 있다.
-
-* `KUBE_DELETE_NODES=false` - kubelet을 삭제하지 않기 위한 것이다.
-
-* `KUBE_GCE_ZONE=zone` - 마스터 복제본이 제거될 존.
-
-* `KUBE_REPLICA_NAME=replica_name` - (선택) 제거할 마스터 복제본의 이름.
-비어있는 경우, 해당 존의 모든 복제본이 제거된다.
-
-다음 샘플 커맨드는 기존 HA 클러스터에서 마스터 복제본을 제거한다.
-
-```shell
-KUBE_DELETE_NODES=false KUBE_GCE_ZONE=europe-west1-c ./cluster/kube-down.sh
-```
-
-## 마스터 복제 실패 처리
-
-HA 클러스터의 마스터 복제본 중 하나가 실패하면,
-클러스터에서 복제본을 제거하고 동일한 존에서 새 복제본을 추가하는 것이 가장 좋다.
-다음 샘플 커맨드로 이 과정을 시연한다.
-
-1. 손상된 복제본을 제거한다.
-
- ```shell
- KUBE_DELETE_NODES=false KUBE_GCE_ZONE=replica_zone KUBE_REPLICA_NAME=replica_name ./cluster/kube-down.sh
- ```
-
-1. 기존 복제본 대신 새 복제본을 추가한다.
-
- ```shell
- KUBE_GCE_ZONE=replica-zone KUBE_REPLICATE_EXISTING_MASTER=true ./cluster/kube-up.sh
- ```
-
-## HA 클러스터에서 마스터 복제에 관한 모범 사례
-
-* 다른 존에 마스터 복제본을 배치하도록 한다. 한 존이 실패하는 동안, 해당 존에 있는 마스터도 모두 실패할 것이다.
-존 장애를 극복하기 위해 노드를 여러 존에 배치한다
-(더 자세한 내용은 [멀티 존](/ko/docs/setup/best-practices/multiple-zones/)를 참조한다).
-
-* 두 개의 마스터 복제본은 사용하지 않는다. 두 개의 복제 클러스터에 대한 합의는 지속적 상태를 변경해야 할 때 두 복제본 모두 실행해야 한다.
-결과적으로 두 복제본 모두 필요하고, 어떤 복제본의 장애에도 클러스터가 대부분 장애 상태로 변한다.
-따라서 두 개의 복제본 클러스터는 HA 관점에서 단일 복제 클러스터보다 열등하다.
-
-* 마스터 복제본을 추가하면, 클러스터의 상태(Etcd)도 새 인스턴스로 복사된다.
-클러스터가 크면, 이 상태를 복제하는 시간이 오래 걸릴 수 있다.
-이 작업은 [여기](https://coreos.com/etcd/docs/latest/admin_guide.html#member-migration) 기술한 대로
-Etcd 데이터 디렉터리를 마이그레이션하여 속도를 높일 수 있다(향후에 Etcd 데이터 디렉터리 마이그레이션 지원 추가를 고려 중이다).
-
-
-
-
-
-## 구현 지침
-
-
-
-### 개요
-
-각 마스터 복제본은 다음 모드에서 다음 구성 요소를 실행한다.
-
-* Etcd 인스턴스: 모든 인스턴스는 합의를 사용하여 함께 클러스터화 한다.
-
-* API 서버: 각 서버는 내부 Etcd와 통신한다. 클러스터의 모든 API 서버가 가용하게 된다.
-
-* 컨트롤러, 스케줄러, 클러스터 오토스케일러: 임대 방식을 이용한다. 각 인스턴스 중 하나만이 클러스터에서 활성화된다.
-
-* 애드온 매니저: 각 매니저는 애드온의 동기화를 유지하려고 독립적으로 작업한다.
-
-또한 API 서버 앞단에 외부/내부 트래픽을 라우팅하는 로드 밸런서가 있을 것이다.
-
-### 로드 밸런싱
-
-두 번째 마스터 복제본을 시작할 때, 두 개의 복제본을 포함된 로드 밸런서가 생성될 것이고, 첫 번째 복제본의 IP 주소가 로드 밸런서의 IP 주소로 승격된다.
-비슷하게 끝에서 두 번째의 마스터 복제본을 제거한 후에는 로드 밸런서가 제거되고
-해당 IP 주소는 마지막으로 남은 복제본에 할당된다.
-로드 밸런서 생성 및 제거는 복잡한 작업이며, 이를 전파하는 데 시간(~20분)이 걸릴 수 있다.
-
-### 마스터 서비스와 Kubelet
-
-쿠버네티스 서비스에서 최신의 쿠버네티스 API 서버 목록을 유지하는 대신,
-시스템은 모든 트래픽을 외부 IP 주소로 보낸다.
-
-* 단일 마스터 클러스터에서 IP 주소는 단일 마스터를 가리킨다.
-
-* 다중 마스터 클러스터에서 IP 주소는 마스터 앞에 로드밸런서를 가리킨다.
-
-마찬가지로 Kubelet은 외부 IP 주소를 사용하여 마스터와 통신한다.
-
-### 마스터 인증서
-
-쿠버네티스는 각 복제본의 외부 퍼블릭 IP 주소와 내부 IP 주소를 대상으로 마스터 TLS 인증서를 발급한다.
-복제본의 임시 공개 IP 주소에 대한 인증서는 없다.
-임시 퍼블릭 IP 주소를 통해 복제본에 접근하려면, TLS 검증을 건너뛰어야 한다.
-
-### etcd 클러스터화
-
-etcd를 클러스터로 구축하려면, etcd 인스턴스간 통신에 필요한 포트를 열어야 한다(클러스터 내부 통신용).
-이러한 배포를 안전하게 하기 위해, etcd 인스턴스간의 통신은 SSL을 이용하여 승인한다.
-
-### API 서버 신원
-
-{{< feature-state state="alpha" for_k8s_version="v1.20" >}}
-
-API 서버 식별 기능은
-[기능 게이트](/ko/docs/reference/command-line-tools-reference/feature-gates/)에
-의해 제어되며 기본적으로 활성화되지 않는다.
-{{< glossary_tooltip text="API 서버" term_id="kube-apiserver" >}}
-시작 시 `APIServerIdentity` 라는 기능 게이트를 활성화하여 API 서버 신원을 활성화할 수 있다.
-
-```shell
-kube-apiserver \
---feature-gates=APIServerIdentity=true \
- # …다른 플래그는 평소와 같다.
-```
-
-부트스트랩 중에 각 kube-apiserver는 고유한 ID를 자신에게 할당한다. ID는
-`kube-apiserver-{UUID}` 형식이다. 각 kube-apiserver는
-_kube-system_ {{< glossary_tooltip text="네임스페이스" term_id="namespace">}}에
-[임대](/docs/reference/generated/kubernetes-api/{{< param "version" >}}//#lease-v1-coordination-k8s-io)를 생성한다.
-임대 이름은 kube-apiserver의 고유 ID이다. 임대에는
-`k8s.io/component=kube-apiserver` 라는 레이블이 있다. 각 kube-apiserver는
-`IdentityLeaseRenewIntervalSeconds` (기본값은 10초)마다 임대를 새로 갱신한다. 각
-kube-apiserver는 `IdentityLeaseDurationSeconds` (기본값은 3600초)마다
-모든 kube-apiserver 식별 ID 임대를 확인하고,
-`IdentityLeaseDurationSeconds` 이상 갱신되지 않은 임대를 삭제한다.
-`IdentityLeaseRenewIntervalSeconds` 및 `IdentityLeaseDurationSeconds`는
-kube-apiserver 플래그 `identity-lease-renew-interval-seconds`
-및 `identity-lease-duration-seconds`로 구성된다.
-
-이 기능을 활성화하는 것은 HA API 서버 조정과 관련된 기능을
-사용하기 위한 전제조건이다(예: `StorageVersionAPI` 기능 게이트).
-
-## 추가 자료
-
-[자동화된 HA 마스터 배포 - 제안 문서](https://git.k8s.io/community/contributors/design-proposals/cluster-lifecycle/ha_master.md)
diff --git a/content/ko/docs/tasks/administer-cluster/kubeadm/_index.md b/content/ko/docs/tasks/administer-cluster/kubeadm/_index.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md b/content/ko/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
index 16c84d451c..e67a08a74e 100644
--- a/content/ko/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
+++ b/content/ko/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md
@@ -183,7 +183,7 @@ curl.exe -LO https://github.com/kubernetes-sigs/sig-windows-tools/releases/lates
```powershell
# 예
-.\Install-Containerd.ps1 -ContainerDVersion v1.4.1
+.\Install-Containerd.ps1 -ContainerDVersion 1.4.1
```
{{< /note >}}
diff --git a/content/ko/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md b/content/ko/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
index 02b2b1330f..de6feb480d 100644
--- a/content/ko/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
+++ b/content/ko/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
@@ -85,7 +85,11 @@ front-proxy-ca Dec 28, 2029 23:36 UTC 9y no
{{< /warning >}}
{{< note >}}
-kubeadm은 자동 인증서 갱신을 위해 kubelet을 구성하기 때문에 `kubelet.conf` 는 위 목록에 포함되어 있지 않다.
+`kubelet.conf` 는 위 목록에 포함되어 있지 않은데, 이는
+kubeadm이 [자동 인증서 갱신](/ko/docs/tasks/tls/certificate-rotation/)을 위해
+`/var/lib/kubelet/pki`에 있는 갱신 가능한 인증서를 이용하여 kubelet을 구성하기 때문이다.
+만료된 kubelet 클라이언트 인증서를 갱신하려면
+[kubelet 클라이언트 갱신 실패](/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm/#kubelet-client-cert) 섹션을 확인한다.
{{< /note >}}
{{< warning >}}
@@ -157,7 +161,7 @@ HA 클러스터를 실행 중인 경우, 모든 컨트롤 플레인 노드에서
빌트인 서명자를 활성화하려면, `--cluster-signing-cert-file` 와 `--cluster-signing-key-file` 플래그를 전달해야 한다.
-새 클러스터를 생성하는 경우, kubeadm [구성 파일](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2)을 사용할 수 있다.
+새 클러스터를 생성하는 경우, kubeadm [구성 파일](/docs/reference/config-api/kubeadm-config.v1beta2/)을 사용할 수 있다.
```yaml
apiVersion: kubeadm.k8s.io/v1beta2
@@ -238,7 +242,7 @@ serverTLSBootstrap: true
`serverTLSBootstrap: true` 필드는 kubelet 인증서를 이용한 부트스트랩을
`certificates.k8s.io` API에 요청함으로써 활성화할 것이다. 한 가지 알려진 제약은
이 인증서들에 대한 CSR(인증서 서명 요청)들이 kube-controller-manager -
-[`kubernetes.io/kubelet-serving`](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers)의
+[`kubernetes.io/kubelet-serving`](/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers)의
기본 서명자(default signer)에 의해서 자동으로 승인될 수 없다는 점이다.
이것은 사용자나 제 3의 컨트롤러의 액션을 필요로 할 것이다.
diff --git a/content/ko/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md b/content/ko/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md
index 2227c49c9e..c009339acc 100644
--- a/content/ko/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md
+++ b/content/ko/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md
@@ -38,7 +38,7 @@ weight: 20
### 추가 정보
- kubelet 마이너 버전을 업그레이드하기 전에 [노드 드레이닝(draining)](/docs/tasks/administer-cluster/safely-drain-node/)이
- 필요하다. 컨트롤 플레인 노드의 경우 CoreNDS 파드 또는 기타 중요한 워크로드를 실행할 수 있다.
+ 필요하다. 컨트롤 플레인 노드의 경우 CoreDNS 파드 또는 기타 중요한 워크로드를 실행할 수 있다.
- 컨테이너 사양 해시 값이 변경되므로, 업그레이드 후 모든 컨테이너가 다시 시작된다.
diff --git a/content/ko/docs/tasks/configmap-secret/_index.md b/content/ko/docs/tasks/configmap-secret/_index.md
new file mode 100644
index 0000000000..e63c605924
--- /dev/null
+++ b/content/ko/docs/tasks/configmap-secret/_index.md
@@ -0,0 +1,6 @@
+---
+title: "시크릿(Secret) 관리"
+weight: 28
+description: 시크릿을 사용하여 기밀 설정 데이터 관리.
+---
+
diff --git a/content/ko/docs/tasks/configmap-secret/managing-secret-using-config-file.md b/content/ko/docs/tasks/configmap-secret/managing-secret-using-config-file.md
new file mode 100644
index 0000000000..3248328907
--- /dev/null
+++ b/content/ko/docs/tasks/configmap-secret/managing-secret-using-config-file.md
@@ -0,0 +1,198 @@
+---
+title: 환경 설정 파일을 사용하여 시크릿을 관리
+content_type: task
+weight: 20
+description: 환경 설정 파일을 사용하여 시크릿 오브젝트를 생성.
+---
+
+
+
+## {{% heading "prerequisites" %}}
+
+{{< include "task-tutorial-prereqs.md" >}}
+
+
+
+## 환경 설정 파일 생성
+
+먼저 새 파일에 JSON 이나 YAML 형식으로 시크릿(Secret)에 대한 상세 사항을 기록하고,
+이 파일을 이용하여 해당 시크릿 오브젝트를 생성할 수 있다. 이
+[시크릿](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#secret-v1-core)
+리소스에는 `data` 와 `stringData` 의 두 가지 맵이 포함되어 있다.
+`data` 필드는 base64로 인코딩된 임의의 데이터를 기입하는 데 사용된다.
+`stringData` 필드는 편의를 위해 제공되며, 이를 사용해 시크릿 데이터를 인코딩되지 않은 문자열로
+기입할 수 있다.
+`data` 및 `stringData`은 영숫자,
+`-`, `_` 그리고 `.`로 구성되어야 한다.
+
+예를 들어 시크릿에 `data` 필드를 사용하여 두 개의 문자열을 저장하려면 다음과 같이
+문자열을 base64로 변환한다.
+
+```shell
+echo -n 'admin' | base64
+```
+
+출력은 다음과 유사하다.
+
+```
+YWRtaW4=
+```
+
+```shell
+echo -n '1f2d1e2e67df' | base64
+```
+
+출력은 다음과 유사하다.
+
+```
+MWYyZDFlMmU2N2Rm
+```
+
+다음과 같이 시크릿 구성 파일을 작성한다.
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: mysecret
+type: Opaque
+data:
+ username: YWRtaW4=
+ password: MWYyZDFlMmU2N2Rm
+```
+
+시크릿 오브젝트의 이름은 유효한
+[DNS 서브도메인 이름](/ko/docs/concepts/overview/working-with-objects/names/#dns-서브도메인-이름)이어야 한다.
+
+{{< note >}}
+시크릿 데이터의 직렬화된(serialized) JSON 및 YAML 값은 base64 문자열로 인코딩된다.
+이러한 문자열에는 개행(newline)을 사용할 수 없으므로 생략해야 한다.
+Darwin/macOS에서 `base64` 도구를 사용할 경우, 사용자는 긴 줄을 분할하는 `-b` 옵션을 사용해서는 안 된다.
+반대로, 리눅스 사용자는 `-w` 옵션을 사용할 수 없는 경우
+`base64` 명령어 또는 `base64 | tr -d '\n'` 파이프라인에
+`-w 0` 옵션을 *추가해야 한다*.
+{{< /note >}}
+
+특정 시나리오의 경우 `stringData` 필드를 대신 사용할 수 있다. 이
+필드를 사용하면 base64로 인코딩되지 않은 문자열을 시크릿에 직접 넣을 수 있으며,
+시크릿이 생성되거나 업데이트될 때 문자열이 인코딩된다.
+
+이에 대한 실제적인 예로,
+시크릿을 사용하여 구성 파일을 저장하는 애플리케이션을 배포하면서,
+배포 프로세스 중에 해당 구성 파일의 일부를 채우려는 경우를 들 수 있다.
+
+예를 들어 애플리케이션에서 다음 구성 파일을 사용하는 경우:
+
+```yaml
+apiUrl: "https://my.api.com/api/v1"
+username: ""
+password: ""
+```
+
+다음 정의를 사용하여 이를 시크릿에 저장할 수 있다.
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: mysecret
+type: Opaque
+stringData:
+ config.yaml: |
+ apiUrl: "https://my.api.com/api/v1"
+ username:
+ password:
+```
+
+## 시크릿 오브젝트 생성
+
+[`kubectl apply`](/docs/reference/generated/kubectl/kubectl-commands#apply)를 이용하여 시크릿 오브젝트를 생성한다.
+
+```shell
+kubectl apply -f ./secret.yaml
+```
+
+출력은 다음과 유사하다.
+
+```
+secret/mysecret created
+```
+
+## 시크릿 확인
+
+`stringData` 필드는 쓰기 전용 편의 필드이다. 시크릿을 조회할 때 절대 출력되지 않는다.
+예를 들어 다음 명령을 실행하는 경우:
+
+```shell
+kubectl get secret mysecret -o yaml
+```
+
+출력은 다음과 유사하다.
+
+```yaml
+apiVersion: v1
+data:
+ config.yaml: YXBpVXJsOiAiaHR0cHM6Ly9teS5hcGkuY29tL2FwaS92MSIKdXNlcm5hbWU6IHt7dXNlcm5hbWV9fQpwYXNzd29yZDoge3twYXNzd29yZH19
+kind: Secret
+metadata:
+ creationTimestamp: 2018-11-15T20:40:59Z
+ name: mysecret
+ namespace: default
+ resourceVersion: "7225"
+ uid: c280ad2e-e916-11e8-98f2-025000000001
+type: Opaque
+```
+
+`kubectl get` 및 `kubectl describe` 명령은 기본적으로 `시크릿`의 내용을 표시하지 않는다.
+이는 `시크릿`이 실수로 구경꾼에게 노출되거나
+터미널 로그에 저장되는 것을 방지하기 위한 것이다.
+인코딩된 데이터의 실제 내용을 확인하려면 다음을 참조한다.
+[시크릿 디코딩](/ko/docs/tasks/configmap-secret/managing-secret-using-kubectl/#decoding-secret).
+
+하나의 필드(예: `username`)가 `data`와 `stringData`에 모두 명시되면, `stringData`에 명시된 값이 사용된다.
+예를 들어 다음과 같은 시크릿인 경우:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: mysecret
+type: Opaque
+data:
+ username: YWRtaW4=
+stringData:
+ username: administrator
+```
+
+결과는 다음과 같은 시크릿이다.
+
+```yaml
+apiVersion: v1
+data:
+ username: YWRtaW5pc3RyYXRvcg==
+kind: Secret
+metadata:
+ creationTimestamp: 2018-11-15T20:46:46Z
+ name: mysecret
+ namespace: default
+ resourceVersion: "7579"
+ uid: 91460ecb-e917-11e8-98f2-025000000001
+type: Opaque
+```
+
+여기서 `YWRtaW5pc3RyYXRvcg==`는 `administrator`으로 디코딩된다.
+
+## 삭제
+
+생성한 시크릿을 삭제하려면 다음 명령을 실행한다.
+
+```shell
+kubectl delete secret mysecret
+```
+
+## {{% heading "whatsnext" %}}
+
+- [시크릿 개념](/ko/docs/concepts/configuration/secret/)에 대해 자세히 알아보기
+- [`kubectl` 커맨드를 사용하여 시크릿을 관리](/ko/docs/tasks/configmap-secret/managing-secret-using-kubectl/)하는 방법 알아보기
+- [kustomize를 사용하여 시크릿을 관리](/ko/docs/tasks/configmap-secret/managing-secret-using-kustomize/)하는 방법 알아보기
+
diff --git a/content/ko/docs/tasks/configmap-secret/managing-secret-using-kubectl.md b/content/ko/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
new file mode 100644
index 0000000000..8b3f62217e
--- /dev/null
+++ b/content/ko/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
@@ -0,0 +1,156 @@
+---
+title: kubectl을 사용한 시크릿 관리
+content_type: task
+weight: 10
+description: kubectl 커맨드를 사용하여 시크릿 오브젝트를 생성.
+---
+
+
+
+## {{% heading "prerequisites" %}}
+
+{{< include "task-tutorial-prereqs.md" >}}
+
+
+
+## 시크릿 생성
+
+`시크릿`에는 파드가 데이터베이스에 접근하는 데 필요한 사용자 자격 증명이 포함될 수 있다.
+예를 들어 데이터베이스 연결 문자열은 사용자 이름과 암호로 구성된다.
+사용자 이름은 로컬 컴퓨터의 `./username.txt` 파일에, 비밀번호는
+`./password.txt` 파일에 저장할 수 있다.
+
+```shell
+echo -n 'admin' > ./username.txt
+echo -n '1f2d1e2e67df' > ./password.txt
+```
+이 명령에서 `-n` 플래그는 생성된 파일의
+텍스트 끝에 추가 개행 문자가 포함되지 않도록 해 준다. 이는 `kubectl`이 파일을 읽고
+내용을 base64 문자열로 인코딩할 때 개행 문자도 함께 인코딩될 수 있기 때문에
+중요하다.
+
+`kubectl create secret` 명령은 이러한 파일들을 시크릿으로 패키징하고
+API 서버에 오브젝트를 생성한다.
+
+```shell
+kubectl create secret generic db-user-pass \
+ --from-file=./username.txt \
+ --from-file=./password.txt
+```
+
+출력은 다음과 유사하다.
+
+```
+secret/db-user-pass created
+```
+
+기본 키 이름은 파일 이름이다. 선택적으로 `--from-file=[key=]source`를 사용하여 키 이름을 설정할 수 있다.
+예제:
+
+```shell
+kubectl create secret generic db-user-pass \
+ --from-file=username=./username.txt \
+ --from-file=password=./password.txt
+```
+
+파일에 포함하는 암호 문자열에서
+특수 문자를 이스케이프하지 않아도 된다.
+
+`--from-literal==` 태그를 사용하여 시크릿 데이터를 제공할 수도 있다.
+이 태그는 여러 키-값 쌍을 제공하기 위해 두 번 이상 지정할 수 있다.
+`$`, `\`, `*`, `=` 및 `!`와 같은 특수 문자는
+[shell](https://en.wikipedia.org/wiki/Shell_(computing))에 해석하고 처리하기 때문에
+이스케이프할 필요가 있다.
+
+대부분의 셸에서 암호를 이스케이프하는 가장 쉬운 방법은 암호를 작은따옴표(`'`)로 둘러싸는 것이다.
+예를 들어, 비밀번호가 `S!B\*d$zDsb=`인 경우,
+다음 커맨드를 실행한다.
+
+```shell
+kubectl create secret generic dev-db-secret \
+ --from-literal=username=devuser \
+ --from-literal=password='S!B\*d$zDsb='
+```
+
+## 시크릿 확인
+
+시크릿이 생성되었는지 확인한다.
+
+```shell
+kubectl get secrets
+```
+
+출력은 다음과 유사하다.
+
+```
+NAME TYPE DATA AGE
+db-user-pass Opaque 2 51s
+```
+
+다음 명령을 실행하여 `시크릿`에 대한 상세 사항을 볼 수 있다.
+
+```shell
+kubectl describe secrets/db-user-pass
+```
+
+출력은 다음과 유사하다.
+
+```
+Name: db-user-pass
+Namespace: default
+Labels:
+Annotations:
+
+Type: Opaque
+
+Data
+====
+password: 12 bytes
+username: 5 bytes
+```
+
+`kubectl get` 및 `kubectl describe` 명령은
+기본적으로 `시크릿`의 내용을 표시하지 않는다. 이는 `시크릿`이 실수로 노출되거나
+터미널 로그에 저장되는 것을 방지하기 위한 것이다.
+
+## 시크릿 디코딩 {#decoding-secret}
+
+생성한 시크릿을 보려면 다음 명령을 실행한다.
+
+```shell
+kubectl get secret db-user-pass -o jsonpath='{.data}'
+```
+
+출력은 다음과 유사하다.
+
+```json
+{"password":"MWYyZDFlMmU2N2Rm","username":"YWRtaW4="}
+```
+
+이제 `password` 데이터를 디코딩할 수 있다.
+
+```shell
+echo 'MWYyZDFlMmU2N2Rm' | base64 --decode
+```
+
+출력은 다음과 유사하다.
+
+```
+1f2d1e2e67df
+```
+
+## 삭제
+
+생성한 시크릿을 삭제하려면 다음 명령을 실행한다.
+
+```shell
+kubectl delete secret db-user-pass
+```
+
+
+
+## {{% heading "whatsnext" %}}
+
+- [시크릿 개념](/ko/docs/concepts/configuration/secret/)에 대해 자세히 알아보기
+- [환경 설정 파일을 사용하여 시크릿을 관리](/ko/docs/tasks/configmap-secret/managing-secret-using-config-file/)하는 방법 알아보기
+- [kustomize를 사용하여 시크릿을 관리](/ko/docs/tasks/configmap-secret/managing-secret-using-kustomize/)하는 방법 알아보기
diff --git a/content/ko/docs/tasks/configmap-secret/managing-secret-using-kustomize.md b/content/ko/docs/tasks/configmap-secret/managing-secret-using-kustomize.md
new file mode 100644
index 0000000000..2198903885
--- /dev/null
+++ b/content/ko/docs/tasks/configmap-secret/managing-secret-using-kustomize.md
@@ -0,0 +1,139 @@
+---
+title: kustomize를 사용하여 시크릿 관리
+content_type: task
+weight: 30
+description: kustomization.yaml 파일을 사용하여 시크릿 오브젝트 생성.
+---
+
+
+
+쿠버네티스 v1.14부터 `kubectl`은
+[Kustomize를 이용한 쿠버네티스 오브젝트의 선언형 관리](/ko/docs/tasks/manage-kubernetes-objects/kustomization/)를 지원한다.
+Kustomize는 시크릿 및 컨피그맵을 생성하기 위한 리소스 생성기를 제공한다.
+Kustomize 생성기는 디렉토리 내의 `kustomization.yaml` 파일에 지정되어야 한다.
+시크릿 생성 후 `kubectl apply`를 통해 API
+서버에 시크릿을 생성할 수 있다.
+
+## {{% heading "prerequisites" %}}
+
+{{< include "task-tutorial-prereqs.md" >}}
+
+
+
+## Kustomization 파일 생성
+
+`kustomization.yaml` 파일에 다른 기존 파일을 참조하는
+`secretGenerator`를 정의하여 시크릿을 생성할 수 있다.
+예를 들어 다음 kustomization 파일은
+`./username.txt` 및 `./password.txt` 파일을 참조한다.
+
+```yaml
+secretGenerator:
+- name: db-user-pass
+ files:
+ - username.txt
+ - password.txt
+```
+
+`kustomization.yaml` 파일에 리터럴을 명시하여 `secretGenerator`를
+정의할 수도 있다.
+예를 들어 다음 `kustomization.yaml` 파일에는
+각각 `username`과 `password`에 대한 두 개의 리터럴이 포함되어 있다.
+
+```yaml
+secretGenerator:
+- name: db-user-pass
+ literals:
+ - username=admin
+ - password=1f2d1e2e67df
+```
+
+`kustomization.yaml` 파일에 `.env` 파일을 명시하여
+`secretGenerator`를 정의할 수도 있다.
+예를 들어 다음 `kustomization.yaml` 파일은
+`.env.secret` 파일에서 데이터를 가져온다.
+
+```yaml
+secretGenerator:
+- name: db-user-pass
+ envs:
+ - .env.secret
+```
+
+모든 경우에 대해, 값을 base64로 인코딩하지 않아도 된다.
+
+## 시크릿 생성
+
+다음 명령을 실행하여 시크릿을 생성한다.
+
+```shell
+kubectl apply -k .
+```
+
+출력은 다음과 유사하다.
+
+```
+secret/db-user-pass-96mffmfh4k created
+```
+
+시크릿이 생성되면 시크릿 데이터를 해싱하고
+이름에 해시 값을 추가하여 시크릿 이름이 생성된다. 이렇게 함으로써
+데이터가 수정될 때마다 시크릿이 새롭게 생성된다.
+
+## 생성된 시크릿 확인
+
+시크릿이 생성된 것을 확인할 수 있다.
+
+```shell
+kubectl get secrets
+```
+
+출력은 다음과 유사하다.
+
+```
+NAME TYPE DATA AGE
+db-user-pass-96mffmfh4k Opaque 2 51s
+```
+
+다음 명령을 실행하여 시크릿에 대한 상세 사항을 볼 수 있다.
+
+```shell
+kubectl describe secrets/db-user-pass-96mffmfh4k
+```
+
+출력은 다음과 유사하다.
+
+```
+Name: db-user-pass-96mffmfh4k
+Namespace: default
+Labels:
+Annotations:
+
+Type: Opaque
+
+Data
+====
+password.txt: 12 bytes
+username.txt: 5 bytes
+```
+
+`kubectl get` 및 `kubectl describe` 명령은 기본적으로 `시크릿`의 내용을 표시하지 않는다.
+이는 `시크릿`이 실수로 구경꾼에게 노출되는 것을 방지하기 위한 것으로,
+또는 터미널 로그에 저장되지 않는다.
+인코딩된 데이터의 실제 내용을 확인하려면 다음을 참조한다.
+[시크릿 디코딩](/ko/docs/tasks/configmap-secret/managing-secret-using-kubectl/#decoding-secret).
+
+## 삭제
+
+생성한 시크릿을 삭제하려면 다음 명령을 실행한다.
+
+```shell
+kubectl delete secret db-user-pass-96mffmfh4k
+```
+
+
+## {{% heading "whatsnext" %}}
+
+- [시크릿 개념](/ko/docs/concepts/configuration/secret/)에 대해 자세히 알아보기
+- [`kubectl` 커맨드을 사용하여 시크릿 관리](/ko/docs/tasks/configmap-secret/managing-secret-using-kubectl/) 방법 알아보기
+- [환경 설정 파일을 사용하여 시크릿을 관리](/ko/docs/tasks/configmap-secret/managing-secret-using-config-file/)하는 방법 알아보기
diff --git a/content/ko/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md b/content/ko/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md
index dc4acf8411..3461c57061 100644
--- a/content/ko/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md
+++ b/content/ko/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md
@@ -28,7 +28,7 @@ weight: 60
* 사용자는 노드가 단 하나만 있는 쿠버네티스 클러스터가 필요하고,
{{< glossary_tooltip text="kubectl" term_id="kubectl" >}}
커맨드라인 툴이 사용자의 클러스터와 통신할 수 있도록 설정되어 있어야 한다. 만약 사용자가
-아직 단일 노드 클러스터를 가지고 있지 않다면, [Minikube](/ko/docs/setup/learning-environment/minikube/)를
+아직 단일 노드 클러스터를 가지고 있지 않다면, [Minikube](/ko/docs/tasks/tools/#minikube)를
사용하여 클러스터 하나를 생성할 수 있다.
* [퍼시스턴트 볼륨](https://minikube.sigs.k8s.io/docs/)의
diff --git a/content/ko/docs/tasks/configure-pod-container/pull-image-private-registry.md b/content/ko/docs/tasks/configure-pod-container/pull-image-private-registry.md
index 5a8295aff2..2188ced539 100644
--- a/content/ko/docs/tasks/configure-pod-container/pull-image-private-registry.md
+++ b/content/ko/docs/tasks/configure-pod-container/pull-image-private-registry.md
@@ -55,7 +55,7 @@ cat ~/.docker/config.json
## 기존의 도커 자격 증명을 기반으로 시크릿 생성하기 {#registry-secret-existing-credentials}
쿠버네티스 클러스터는 프라이빗 이미지를 받아올 때, 컨테이너 레지스트리에 인증하기 위하여
-`docker-registry` 타입의 시크릿을 사용한다.
+`kubernetes.io/dockerconfigjson` 타입의 시크릿을 사용한다.
만약 이미 `docker login` 을 수행하였다면, 이 때 생성된 자격 증명을 쿠버네티스 클러스터로 복사할 수 있다.
diff --git a/content/ko/docs/tasks/configure-pod-container/quality-service-pod.md b/content/ko/docs/tasks/configure-pod-container/quality-service-pod.md
index 57e0a94b40..c644a8aff1 100644
--- a/content/ko/docs/tasks/configure-pod-container/quality-service-pod.md
+++ b/content/ko/docs/tasks/configure-pod-container/quality-service-pod.md
@@ -45,10 +45,14 @@ kubectl create namespace qos-example
파드에 Guaranteed QoS 클래스 할당을 위한 전제 조건은 다음과 같다.
-* 파드의 초기화 컨테이너를 포함한 모든 컨테이너는 메모리 상한과 메모리 요청량을 가지고 있어야 하며, 이는 동일해야 한다.
-* 파드의 초기화 컨테이너를 포함한 모든 컨테이너는 CPU 상한과 CPU 요청량을 가지고 있어야 하며, 이는 동일해야 한다.
+* 파드 내 모든 컨테이너는 메모리 상한과 메모리 요청량을 가지고 있어야 한다.
+* 파드 내 모든 컨테이너의 메모리 상한이 메모리 요청량과 일치해야 한다.
+* 파드 내 모든 컨테이너는 CPU 상한과 CPU 요청량을 가지고 있어야 한다.
+* 파드 내 모든 컨테이너의 CPU 상한이 CPU 요청량과 일치해야 한다.
-이것은 하나의 컨테이너를 갖는 파드의 구성 파일이다. 해당 컨테이너는 메모리 상한과
+이러한 제약은 초기화 컨테이너와 앱 컨테이너 모두에 동일하게 적용된다.
+
+다음은 하나의 컨테이너를 갖는 파드의 구성 파일이다. 해당 컨테이너는 메모리 상한과
메모리 요청량을 갖고 있고, 200MiB로 동일하다. 해당 컨테이너는 CPU 상한과 CPU 요청량을 가지며, 700 milliCPU로 동일하다.
{{< codenew file="pods/qos/qos-pod.yaml" >}}
diff --git a/content/ko/docs/tasks/debug-application-cluster/_index.md b/content/ko/docs/tasks/debug-application-cluster/_index.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md b/content/ko/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
index 3c8df08ede..4dde485c13 100644
--- a/content/ko/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
+++ b/content/ko/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
@@ -41,7 +41,7 @@ content_type: task
kubectl apply -f https://k8s.io/examples/debug/termination.yaml
- YAML 파일에 있는 `cmd` 와 `args` 필드에서 컨테이너가 10초 간 잠든 뒤에
+ YAML 파일에 있는 `command` 와 `args` 필드에서 컨테이너가 10초 간 잠든 뒤에
"Sleep expired" 문자열을 `/dev/termination-log` 파일에 기록하는
것을 확인할 수 있다. 컨테이너는 "Sleep expired" 메시지를
기록한 후에 종료된다.
diff --git a/content/ko/docs/tasks/manage-daemon/update-daemon-set.md b/content/ko/docs/tasks/manage-daemon/update-daemon-set.md
index ec29259de7..50a3a6ad2b 100644
--- a/content/ko/docs/tasks/manage-daemon/update-daemon-set.md
+++ b/content/ko/docs/tasks/manage-daemon/update-daemon-set.md
@@ -1,41 +1,42 @@
---
+
+
title: 데몬셋(DaemonSet)에서 롤링 업데이트 수행
content_type: task
weight: 10
---
-
-
-
이 페이지는 데몬셋에서 롤링 업데이트를 수행하는 방법을 보여준다.
## {{% heading "prerequisites" %}}
-* 데몬셋 롤링 업데이트 기능은 쿠버네티스 버전 1.6 이상에서만 지원된다.
-
## 데몬셋 업데이트 전략
데몬셋에는 두 가지 업데이트 전략 유형이 있다.
-* OnDelete: `OnDelete` 업데이트 전략을 사용하여, 데몬셋 템플릿을 업데이트한 후,
+* `OnDelete`: `OnDelete` 업데이트 전략을 사용하여, 데몬셋 템플릿을 업데이트한 후,
이전 데몬셋 파드를 수동으로 삭제할 때 *만* 새 데몬셋 파드가
생성된다. 이것은 쿠버네티스 버전 1.5 이하에서의 데몬셋의 동작과
동일하다.
-* RollingUpdate: 기본 업데이트 전략이다.
+* `RollingUpdate`: 기본 업데이트 전략이다.
`RollingUpdate` 업데이트 전략을 사용하여, 데몬셋 템플릿을
업데이트한 후, 오래된 데몬셋 파드가 종료되고, 새로운 데몬셋 파드는
- 제어 방식으로 자동 생성된다. 전체 업데이트 프로세스 동안 데몬셋의 최대 하나의 파드가 각 노드에서 실행된다.
+ 제어 방식으로 자동 생성된다. 전체 업데이트 프로세스 동안
+ 데몬셋의 최대 하나의 파드가 각 노드에서 실행된다.
## 롤링 업데이트 수행
데몬셋의 롤링 업데이트 기능을 사용하려면,
`.spec.updateStrategy.type` 에 `RollingUpdate` 를 설정해야 한다.
-[`.spec.updateStrategy.rollingUpdate.maxUnavailable`](/ko/docs/concepts/workloads/controllers/deployment/#최대-불가max-unavailable)(기본값은 1)과
-[`.spec.minReadySeconds`](/ko/docs/concepts/workloads/controllers/deployment/#최소-대기-시간초)(기본값은 0)으로 설정할 수도 있다.
+[`.spec.updateStrategy.rollingUpdate.maxUnavailable`](/ko/docs/concepts/workloads/controllers/deployment/#최대-불가max-unavailable)
+(기본값은 1)과
+[`.spec.minReadySeconds`](/ko/docs/concepts/workloads/controllers/deployment/#최소-대기-시간초)
+(기본값은 0)으로
+설정할 수도 있다.
### `RollingUpdate` 업데이트 전략으로 데몬셋 생성
@@ -142,7 +143,7 @@ daemonset "fluentd-elasticsearch" successfully rolled out
#### 일부 노드에 리소스가 부족하다
적어도 하나의 노드에서 새 데몬셋 파드를 스케줄링할 수 없어서 롤아웃이
-중단되었다. 노드에 [리소스가 부족](/docs/tasks/administer-cluster/out-of-resource/)할 때
+중단되었다. 노드에 [리소스가 부족](/docs/concepts/scheduling-eviction/node-pressure-eviction/)할 때
발생할 수 있다.
이 경우, `kubectl get nodes` 의 출력 결과와 다음의 출력 결과를 비교하여
@@ -184,12 +185,7 @@ kubectl get pods -l name=fluentd-elasticsearch -o wide -n kube-system
kubectl delete ds fluentd-elasticsearch -n kube-system
```
-
-
-
## {{% heading "whatsnext" %}}
-
-* [태스크: 데몬셋에서 롤백
- 수행](/ko/docs/tasks/manage-daemon/rollback-daemon-set/)을 참고한다.
-* [개념: 기존 데몬셋 파드를 채택하기 위한 데몬셋 생성](/ko/docs/concepts/workloads/controllers/daemonset/)을 참고한다.
+* [데몬셋에서 롤백 수행](/ko/docs/tasks/manage-daemon/rollback-daemon-set/)을 참고한다.
+* [기존 데몬셋 파드를 채택하기 위한 데몬셋 생성](/ko/docs/concepts/workloads/controllers/daemonset/)을 참고한다.
diff --git a/content/ko/docs/tasks/manage-kubernetes-objects/kustomization.md b/content/ko/docs/tasks/manage-kubernetes-objects/kustomization.md
index ab442ebafd..9484882f30 100644
--- a/content/ko/docs/tasks/manage-kubernetes-objects/kustomization.md
+++ b/content/ko/docs/tasks/manage-kubernetes-objects/kustomization.md
@@ -180,7 +180,7 @@ spec:
containers:
- name: app
image: my-app
- volumeMount:
+ volumeMounts:
- name: config
mountPath: /config
volumes:
@@ -234,7 +234,7 @@ spec:
containers:
- image: my-app
name: app
- volumeMount:
+ volumeMounts:
- mountPath: /config
name: config
volumes:
@@ -327,7 +327,7 @@ spec:
containers:
- name: app
image: my-app
- volumeMount:
+ volumeMounts:
- name: password
mountPath: /secrets
volumes:
diff --git a/content/ko/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases.md b/content/ko/docs/tasks/network/customize-hosts-file-for-pods.md
similarity index 98%
rename from content/ko/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases.md
rename to content/ko/docs/tasks/network/customize-hosts-file-for-pods.md
index be39f13f21..1901f16726 100644
--- a/content/ko/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases.md
+++ b/content/ko/docs/tasks/network/customize-hosts-file-for-pods.md
@@ -1,6 +1,6 @@
---
title: HostAliases로 파드의 /etc/hosts 항목 추가하기
-content_type: concept
+content_type: task
weight: 60
min-kubernetes-server-version: 1.7
---
@@ -13,7 +13,7 @@ min-kubernetes-server-version: 1.7
HostAliases를 사용하지 않은 수정은 권장하지 않는데, 이는 호스트 파일이 kubelet에 의해 관리되고, 파드 생성/재시작 중에 덮어쓰여질 수 있기 때문이다.
-
+
## 기본 호스트 파일 내용
diff --git a/content/ko/docs/tasks/run-application/horizontal-pod-autoscale.md b/content/ko/docs/tasks/run-application/horizontal-pod-autoscale.md
index b4cc1b3be5..90d151e768 100644
--- a/content/ko/docs/tasks/run-application/horizontal-pod-autoscale.md
+++ b/content/ko/docs/tasks/run-application/horizontal-pod-autoscale.md
@@ -77,7 +77,7 @@ HorizontalPodAutoscaler는 보통 일련의 API 집합(`metrics.k8s.io`,
힙스터에서 메트릭 가져오기는 Kubernetes 1.11에서 사용 중단(deprecated)됨.
{{< /note >}}
-자세한 사항은 [메트릭 API를 위한 지원](#메트릭-API를-위한-지원)을 참조한다.
+자세한 사항은 [메트릭 API를 위한 지원](#메트릭-api를-위한-지원)을 참조한다.
오토스케일러는 스케일 하위 리소스를 사용하여 상응하는 확장 가능 컨트롤러(예: 레플리케이션 컨트롤러, 디플로이먼트, 레플리케이션 셋)에 접근한다.
스케일은 레플리카의 개수를 동적으로 설정하고 각 현재 상태를 검사 할 수 있게 해주는 인터페이스이다.
diff --git a/content/ko/docs/tasks/tls/certificate-rotation.md b/content/ko/docs/tasks/tls/certificate-rotation.md
index 037f99d87a..eadec87b4f 100644
--- a/content/ko/docs/tasks/tls/certificate-rotation.md
+++ b/content/ko/docs/tasks/tls/certificate-rotation.md
@@ -27,10 +27,10 @@ kubelet은 쿠버네티스 API 인증을 위해 인증서를 사용한다.
기본적으로 이러한 인증서는 1년 만기로 발급되므로
너무 자주 갱신할 필요는 없다.
-쿠버네티스 1.8은 [kubelet 인증서
+쿠버네티스는 [kubelet 인증서
갱신](/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/)을 포함하며,
이 기능은 현재 인증서의 만료 시한이 임박한 경우,
-새로운 키를 자동으로 생성하고 쿠버네티스 API에서 새로운 인증서를 요청하는 베타 기능이다.
+새로운 키를 자동으로 생성하고 쿠버네티스 API에서 새로운 인증서를 요청하는 기능이다.
새로운 인증서를 사용할 수 있게 되면
쿠버네티스 API에 대한 연결을 인증하는데 사용된다.
diff --git a/content/ko/docs/tasks/tools/_index.md b/content/ko/docs/tasks/tools/_index.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/tasks/tools/included/install-kubectl-gcloud.md b/content/ko/docs/tasks/tools/included/install-kubectl-gcloud.md
deleted file mode 100644
index f3deae981c..0000000000
--- a/content/ko/docs/tasks/tools/included/install-kubectl-gcloud.md
+++ /dev/null
@@ -1,21 +0,0 @@
----
-title: "gcloud kubectl install"
-description: "gcloud를 이용하여 kubectl을 설치하는 방법을 각 OS별 탭에 포함하기 위한 스니펫."
-headless: true
----
-
-Google Cloud SDK를 사용하여 kubectl을 설치할 수 있다.
-
-1. [Google Cloud SDK](https://cloud.google.com/sdk/)를 설치한다.
-
-1. `kubectl` 설치 명령을 실행한다.
-
- ```shell
- gcloud components install kubectl
- ```
-
-1. 설치한 버전이 최신 버전인지 확인한다.
-
- ```shell
- kubectl version --client
- ```
\ No newline at end of file
diff --git a/content/ko/docs/tasks/tools/included/kubectl-convert-overview.md b/content/ko/docs/tasks/tools/included/kubectl-convert-overview.md
new file mode 100644
index 0000000000..cec8b3f55b
--- /dev/null
+++ b/content/ko/docs/tasks/tools/included/kubectl-convert-overview.md
@@ -0,0 +1,11 @@
+---
+title: "kubectl-convert 개요"
+description: >-
+ 특정 버전의 쿠버네티스 API로 작성된 매니페스트를 다른 버전으로 변환하는
+ kubectl 플러그인.
+headless: true
+---
+
+이것은 쿠버네티스 커맨드 라인 도구인 `kubectl`의 플러그인으로서, 특정 버전의 쿠버네티스 API로 작성된 매니페스트를 다른 버전으로
+변환할 수 있도록 한다. 이것은 매니페스트를 최신 쿠버네티스 릴리스의 사용 중단되지 않은 API로 마이그레이션하는 데 특히 유용하다.
+더 많은 정보는 다음의 [사용 중단되지 않은 API로 마이그레이션](/docs/reference/using-api/deprecation-guide/#migrate-to-non-deprecated-apis)을 참고한다.
diff --git a/content/ko/docs/tasks/tools/install-kubectl-linux.md b/content/ko/docs/tasks/tools/install-kubectl-linux.md
index 39c442c939..77717372d1 100644
--- a/content/ko/docs/tasks/tools/install-kubectl-linux.md
+++ b/content/ko/docs/tasks/tools/install-kubectl-linux.md
@@ -22,7 +22,6 @@ card:
- [리눅스에 curl을 사용하여 kubectl 바이너리 설치](#install-kubectl-binary-with-curl-on-linux)
- [기본 패키지 관리 도구를 사용하여 설치](#install-using-native-package-management)
- [다른 패키지 관리 도구를 사용하여 설치](#install-using-other-package-management)
-- [리눅스에 Google Cloud SDK를 사용하여 설치](#install-on-linux-as-part-of-the-google-cloud-sdk)
### 리눅스에서 curl을 사용하여 kubectl 바이너리 설치 {#install-kubectl-binary-with-curl-on-linux}
@@ -83,6 +82,7 @@ card:
대상 시스템에 root 접근 권한을 가지고 있지 않더라도, `~/.local/bin` 디렉터리에 kubectl을 설치할 수 있다.
```bash
+ chmod +x kubectl
mkdir -p ~/.local/bin/kubectl
mv ./kubectl ~/.local/bin/kubectl
# 그리고 ~/.local/bin/kubectl을 $PATH에 추가
@@ -168,15 +168,11 @@ kubectl version --client
{{< /tabs >}}
-### 리눅스에 Google Cloud SDK를 사용하여 설치 {#install-on-linux-as-part-of-the-google-cloud-sdk}
-
-{{< include "included/install-kubectl-gcloud.md" >}}
-
## kubectl 구성 확인
{{< include "included/verify-kubectl.md" >}}
-## 선택적 kubectl 구성
+## 선택적 kubectl 구성 및 플러그인
### 셸 자동 완성 활성화
@@ -189,6 +185,61 @@ kubectl은 Bash 및 Zsh에 대한 자동 완성 지원을 제공하므로 입력
{{< tab name="Zsh" include="included/optional-kubectl-configs-zsh.md" />}}
{{< /tabs >}}
+### `kubectl convert` 플러그인 설치
+
+{{< include "included/kubectl-convert-overview.md" >}}
+
+1. 다음 명령으로 최신 릴리스를 다운로드한다.
+
+ ```bash
+ curl -LO https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl-convert
+ ```
+
+1. 바이너리를 검증한다. (선택 사항)
+
+ kubectl-convert 체크섬(checksum) 파일을 다운로드한다.
+
+ ```bash
+ curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl-convert.sha256"
+ ```
+
+ kubectl-convert 바이너리를 체크섬 파일을 통해 검증한다.
+
+ ```bash
+ echo "$(}}
+ 동일한 버전의 바이너리와 체크섬을 다운로드한다.
+ {{< /note >}}
+
+1. kubectl-convert 설치
+
+ ```bash
+ sudo install -o root -g root -m 0755 kubectl-convert /usr/local/bin/kubectl-convert
+ ```
+
+1. 플러그인이 정상적으로 설치되었는지 확인한다.
+
+ ```shell
+ kubectl convert --help
+ ```
+
+ 에러가 출력되지 않는다면, 플러그인이 정상적으로 설치된 것이다.
+
## {{% heading "whatsnext" %}}
{{< include "included/kubectl-whats-next.md" >}}
diff --git a/content/ko/docs/tasks/tools/install-kubectl-macos.md b/content/ko/docs/tasks/tools/install-kubectl-macos.md
index 614134da8a..90fefb0c3a 100644
--- a/content/ko/docs/tasks/tools/install-kubectl-macos.md
+++ b/content/ko/docs/tasks/tools/install-kubectl-macos.md
@@ -22,7 +22,6 @@ card:
- [macOS에서 curl을 사용하여 kubectl 바이너리 설치](#install-kubectl-binary-with-curl-on-macos)
- [macOS에서 Homebrew를 사용하여 설치](#install-with-homebrew-on-macos)
- [macOS에서 Macports를 사용하여 설치](#install-with-macports-on-macos)
-- [macOS에서 Google Cloud SDK를 사용하여 설치](#install-on-macos-as-part-of-the-google-cloud-sdk)
### macOS에서 curl을 사용하여 kubectl 바이너리 설치 {#install-kubectl-binary-with-curl-on-macos}
@@ -99,10 +98,14 @@ card:
1. kubectl 바이너리를 시스템 `PATH` 의 파일 위치로 옮긴다.
```bash
- sudo mv ./kubectl /usr/local/bin/kubectl && \
+ sudo mv ./kubectl /usr/local/bin/kubectl
sudo chown root: /usr/local/bin/kubectl
```
+ {{< note >}}
+ `PATH` 환경 변수 안에 `/usr/local/bin` 이 있는지 확인한다.
+ {{< /note >}}
+
1. 설치한 버전이 최신 버전인지 확인한다.
```bash
@@ -148,16 +151,11 @@ macOS에서 [Macports](https://macports.org/) 패키지 관리자를 사용하
kubectl version --client
```
-
-### Google Cloud SDK를 사용하여 설치 {#install-on-macos-as-part-of-the-google-cloud-sdk}
-
-{{< include "included/install-kubectl-gcloud.md" >}}
-
## kubectl 구성 확인
{{< include "included/verify-kubectl.md" >}}
-## 선택적 kubectl 구성
+## 선택적 kubectl 구성 및 플러그인
### 셸 자동 완성 활성화
@@ -170,6 +168,82 @@ kubectl은 Bash 및 Zsh에 대한 자동 완성 지원을 제공하므로 입력
{{< tab name="Zsh" include="included/optional-kubectl-configs-zsh.md" />}}
{{< /tabs >}}
+### `kubectl convert` 플러그인 설치
+
+{{< include "included/kubectl-convert-overview.md" >}}
+
+1. 다음 명령으로 최신 릴리스를 다운로드한다.
+
+ {{< tabs name="download_convert_binary_macos" >}}
+ {{< tab name="Intel" codelang="bash" >}}
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl-convert"
+ {{< /tab >}}
+ {{< tab name="Apple Silicon" codelang="bash" >}}
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/arm64/kubectl-convert"
+ {{< /tab >}}
+ {{< /tabs >}}
+
+1. 바이너리를 검증한다. (선택 사항)
+
+ kubectl-convert 체크섬(checksum) 파일을 다운로드한다.
+
+ {{< tabs name="download_convert_checksum_macos" >}}
+ {{< tab name="Intel" codelang="bash" >}}
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl-convert.sha256"
+ {{< /tab >}}
+ {{< tab name="Apple Silicon" codelang="bash" >}}
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/arm64/kubectl-convert.sha256"
+ {{< /tab >}}
+ {{< /tabs >}}
+
+ kubectl-convert 바이너리를 체크섬 파일을 통해 검증한다.
+
+ ```bash
+ echo "$(}}
+ 동일한 버전의 바이너리와 체크섬을 다운로드한다.
+ {{< /note >}}
+
+1. kubectl-convert 바이너리를 실행 가능하게 한다.
+
+ ```bash
+ chmod +x ./kubectl-convert
+ ```
+
+1. kubectl-convert 바이너리를 시스템 `PATH` 의 파일 위치로 옮긴다.
+
+ ```bash
+ sudo mv ./kubectl /usr/local/bin/kubectl-convert
+ sudo chown root: /usr/local/bin/kubectl-convert
+ ```
+
+ {{< note >}}
+ `PATH` 환경 변수 안에 `/usr/local/bin` 이 있는지 확인한다.
+ {{< /note >}}
+
+1. 플러그인이 정상적으로 설치되었는지 확인한다.
+
+ ```shell
+ kubectl convert --help
+ ```
+
+ 에러가 출력되지 않는다면, 플러그인이 정상적으로 설치된 것이다.
+
## {{% heading "whatsnext" %}}
{{< include "included/kubectl-whats-next.md" >}}
diff --git a/content/ko/docs/tasks/tools/install-kubectl-windows.md b/content/ko/docs/tasks/tools/install-kubectl-windows.md
index 23b16e3da6..ab5e7ca05d 100644
--- a/content/ko/docs/tasks/tools/install-kubectl-windows.md
+++ b/content/ko/docs/tasks/tools/install-kubectl-windows.md
@@ -21,7 +21,6 @@ card:
- [윈도우에서 curl을 사용하여 kubectl 바이너리 설치](#install-kubectl-binary-with-curl-on-windows)
- [Chocolatey 또는 Scoop을 사용하여 윈도우에 설치](#install-on-windows-using-chocolatey-or-scoop)
-- [윈도우에서 Google Cloud SDK를 사용하여 설치](#install-on-windows-as-part-of-the-google-cloud-sdk)
### 윈도우에서 curl을 사용하여 kubectl 바이너리 설치 {#install-kubectl-binary-with-curl-on-windows}
@@ -31,7 +30,7 @@ card:
또는 `curl` 을 설치한 경우, 다음 명령을 사용한다.
```powershell
- curl -LO https://dl.k8s.io/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe
+ curl -LO "https://dl.k8s.io/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe"
```
{{< note >}}
@@ -43,7 +42,7 @@ card:
kubectl 체크섬 파일을 다운로드한다.
```powershell
- curl -LO https://dl.k8s.io/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe.sha256
+ curl -LO "https://dl.k8s.io/{{< param "fullversion" >}}/bin/windows/amd64/kubectl.exe.sha256"
```
kubectl 바이너리를 체크섬 파일을 통해 검증한다.
@@ -127,15 +126,11 @@ card:
메모장과 같은 텍스트 편집기를 선택하여 구성 파일을 편집한다.
{{< /note >}}
-### 윈도우에서 Google Cloud SDK를 사용하여 설치 {#install-on-windows-as-part-of-the-google-cloud-sdk}
-
-{{< include "included/install-kubectl-gcloud.md" >}}
-
## kubectl 구성 확인
{{< include "included/verify-kubectl.md" >}}
-## 선택적 kubectl 구성
+## 선택적 kubectl 구성 및 플러그인
### 셸 자동 완성 활성화
@@ -145,6 +140,49 @@ kubectl은 Bash 및 Zsh에 대한 자동 완성 지원을 제공하므로 입력
{{< include "included/optional-kubectl-configs-zsh.md" >}}
+### `kubectl convert` 플러그인 설치
+
+{{< include "included/kubectl-convert-overview.md" >}}
+
+1. 다음 명령으로 최신 릴리스를 다운로드한다.
+
+ ```powershell
+ curl -LO "https://dl.k8s.io/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl-convert.exe"
+ ```
+
+1. 바이너리를 검증한다. (선택 사항)
+
+ kubectl-convert 체크섬(checksum) 파일을 다운로드한다.
+
+ ```powershell
+ curl -LO "https://dl.k8s.io/{{< param "fullversion" >}}/bin/windows/amd64/kubectl-convert.exe.sha256"
+ ```
+
+ kubectl-convert 바이너리를 체크섬 파일을 통해 검증한다.
+
+ - 수동으로 `CertUtil` 의 출력과 다운로드한 체크섬 파일을 비교하기 위해서 커맨드 프롬프트를 사용한다.
+
+ ```cmd
+ CertUtil -hashfile kubectl-convert.exe SHA256
+ type kubectl-convert.exe.sha256
+ ```
+
+ - `-eq` 연산자를 통해 `True` 또는 `False` 결과를 얻는 자동 검증을 위해서 PowerShell을 사용한다.
+
+ ```powershell
+ $($(CertUtil -hashfile .\kubectl-convert.exe SHA256)[1] -replace " ", "") -eq $(type .\kubectl-convert.exe.sha256)
+ ```
+
+1. 바이너리를 `PATH` 가 설정된 디렉터리에 추가한다.
+
+1. 플러그인이 정상적으로 설치되었는지 확인한다.
+
+ ```shell
+ kubectl convert --help
+ ```
+
+ 에러가 출력되지 않는다면, 플러그인이 정상적으로 설치된 것이다.
+
## {{% heading "whatsnext" %}}
{{< include "included/kubectl-whats-next.md" >}}
diff --git a/content/ko/docs/tutorials/_index.md b/content/ko/docs/tutorials/_index.md
index 8d3fd54010..093208f22d 100644
--- a/content/ko/docs/tutorials/_index.md
+++ b/content/ko/docs/tutorials/_index.md
@@ -35,7 +35,7 @@ content_type: concept
* [외부 IP 주소를 노출하여 클러스터의 애플리케이션에 접속하기](/ko/docs/tutorials/stateless-application/expose-external-ip-address/)
-* [예시: MongoDB를 사용한 PHP 방명록 애플리케이션 배포하기](/ko/docs/tutorials/stateless-application/guestbook/)
+* [예시: Redis를 사용한 PHP 방명록 애플리케이션 배포하기](/ko/docs/tutorials/stateless-application/guestbook/)
## 상태 유지가 필요한(stateful) 애플리케이션
diff --git a/content/ko/docs/tutorials/configuration/_index.md b/content/ko/docs/tutorials/configuration/_index.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/tutorials/configuration/configure-redis-using-configmap.md b/content/ko/docs/tutorials/configuration/configure-redis-using-configmap.md
index c1b21d1404..fb1ac922fc 100644
--- a/content/ko/docs/tutorials/configuration/configure-redis-using-configmap.md
+++ b/content/ko/docs/tutorials/configuration/configure-redis-using-configmap.md
@@ -55,7 +55,7 @@ EOF
```shell
kubectl apply -f example-redis-config.yaml
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/pods/config/redis-pod.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/pods/config/redis-pod.yaml
```
Redis 파드 매니페스트의 내용을 검토하고 다음의 사항을 염두에 둔다.
@@ -206,7 +206,7 @@ kubectl exec -it redis -- redis-cli
```shell
kubectl delete pod redis
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/pods/config/redis-pod.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/pods/config/redis-pod.yaml
```
이제 마지막으로 설정값을 다시 확인해 본다.
diff --git a/content/ko/docs/tutorials/hello-minikube.md b/content/ko/docs/tutorials/hello-minikube.md
index eaa81c3809..091a1c684f 100644
--- a/content/ko/docs/tutorials/hello-minikube.md
+++ b/content/ko/docs/tutorials/hello-minikube.md
@@ -217,7 +217,7 @@ minikube 툴은 활성화하거나 비활성화할 수 있고 로컬 쿠버네
storage-provisioner-gluster: disabled
```
-2. 한 애드온을 활성화 한다. 예를 들어 `metrics-server`
+2. 애드온을 활성화 한다. 여기서는 `metrics-server`를 예시로 사용한다.
```shell
minikube addons enable metrics-server
@@ -226,7 +226,7 @@ minikube 툴은 활성화하거나 비활성화할 수 있고 로컬 쿠버네
다음과 유사하게 출력된다.
```
- metrics-server was successfully enabled
+ The 'metrics-server' addon is enabled
```
3. 생성한 파드와 서비스를 확인한다.
diff --git a/content/ko/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html b/content/ko/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
index d9d621d867..fcad9b42b3 100644
--- a/content/ko/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
+++ b/content/ko/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
@@ -25,8 +25,8 @@ weight: 20
파드는 언제나 노드 상에서 동작한다. 노드는 쿠버네티스에서 워커 머신을 말하며 클러스터에 따라 가상 또는 물리 머신일 수 있다. 각 노드는 마스터에 의해 관리된다. 하나의 노드는 여러 개의 파드를 가질 수 있고, 쿠버네티스 마스터는 클러스터 내 노드를 통해서 파드에 대한 스케쥴링을 자동으로 처리한다.
+
파드는 언제나 노드 상에서 동작한다. 노드는 쿠버네티스에서 워커 머신을 말하며 클러스터에 따라 가상 또는 물리 머신일 수 있다. 각 노드는 컨트롤 플레인에 의해 관리된다. 하나의 노드는 여러 개의 파드를 가질 수 있고, 쿠버네티스 컨트롤 플레인은 클러스터 내 노드를 통해서 파드에 대한 스케쥴링을 자동으로 처리한다. 컨트롤 플레인의 자동 스케줄링은 각 노드의 사용 가능한 리소스를 모두 고려합니다.
모든 쿠버네티스 노드는 최소한 다음과 같이 동작한다.
-
Kubelet은, 쿠버네티스 마스터와 노드 간 통신을 책임지는 프로세스이며, 하나의 머신 상에서 동작하는 파드와 컨테이너를 관리한다.
+
Kubelet은, 쿠버네티스 컨트롤 플레인과 노드 간 통신을 책임지는 프로세스이며, 하나의 머신 상에서 동작하는 파드와 컨테이너를 관리한다.
컨테이너 런타임(도커와 같은)은 레지스트리에서 컨테이너 이미지를 가져와 묶여 있는 것을 풀고 애플리케이션을 동작시키는 책임을 맡는다.
diff --git a/content/ko/docs/tutorials/services/source-ip.md b/content/ko/docs/tutorials/services/source-ip.md
index 6874d6669b..7300b06615 100644
--- a/content/ko/docs/tutorials/services/source-ip.md
+++ b/content/ko/docs/tutorials/services/source-ip.md
@@ -6,10 +6,10 @@ min-kubernetes-server-version: v1.5
-쿠버네티스 클러스터에서 실행 중인 애플리케이션은 서로 간에 외부 세계와
-서비스 추상화를 통해 찾고 통신한다. 이 문서는
-다른 종류의 서비스로 보내진 패킷의 소스 IP 주소에 어떤 일이 벌어지는지와
-이 동작을 요구에 따라 토글할 수 있는지 설명한다.
+쿠버네티스 클러스터에서 실행 중인 애플리케이션은 서비스 추상화를 통해서
+서로를, 그리고 외부 세계를 찾고 통신한다. 이 문서는
+다른 종류의 서비스로 전송된 패킷의 소스 IP에 어떤 일이 벌어지는지와
+이 동작을 필요에 따라 어떻게 전환할 수 있는지 설명한다.
@@ -29,16 +29,16 @@ min-kubernetes-server-version: v1.5
: 네트워크 주소 변환
[소스 NAT](https://en.wikipedia.org/wiki/Network_address_translation#SNAT)
-: 패킷 상의 소스 IP 주소를 변경함, 보통 노드의 IP 주소
+: 패킷 상의 소스 IP 주소를 변경하는 것. 이 페이지에서는 일반적으로 노드 IP 주소로의 변경을 의미함.
[대상 NAT](https://en.wikipedia.org/wiki/Network_address_translation#DNAT)
-: 패킷 상의 대상 IP 주소를 변경함, 보통 파드의 IP 주소
+: 패킷 상의 대상 IP 주소를 변경하는 것. 이 페이지에서는 일반적으로 {{< glossary_tooltip term_id="pod" text="파드" >}} IP 주소로의 변경을 의미함.
[VIP](/ko/docs/concepts/services-networking/service/#가상-ip와-서비스-프록시)
-: 가상 IP 주소, 모든 쿠버네티스 서비스에 할당된 것 같은
+: 쿠버네티스의 모든 {{< glossary_tooltip text="서비스" term_id="service" >}}에 할당되어 있는 것과 같은, 가상 IP 주소.
[Kube-proxy](/ko/docs/concepts/services-networking/service/#가상-ip와-서비스-프록시)
-: 네트워크 데몬으로 모든 노드에서 서비스 VIP 관리를 관리한다.
+: 모든 노드에서 서비스 VIP 관리를 조율하는 네트워크 데몬.
### 전제 조건
@@ -80,7 +80,7 @@ deployment.apps/source-ip-app created
```console
kubectl get nodes
```
-출력은 다음과 유사하다
+출력은 다음과 유사하다.
```
NAME STATUS ROLES AGE VERSION
kubernetes-node-6jst Ready 2h v1.13.0
@@ -220,7 +220,6 @@ graph LR;
class client plain;
{{}}
-
이를 피하기 위해 쿠버네티스는
[클라이언트 소스 IP 주소를 보존](/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip)하는 기능이 있다.
`service.spec.externalTrafficPolicy` 의 값을 `Local` 로 하면
@@ -439,5 +438,5 @@ kubectl delete deployment source-ip-app
## {{% heading "whatsnext" %}}
-* [서비스를 통한 애플리케이션 연결하기](/ko/docs/concepts/services-networking/connect-applications-service/)에 더 자세히 본다.
-* 어떻게 [외부 로드밸런서 생성](/docs/tasks/access-application-cluster/create-external-load-balancer/)하는지 본다.
+* [서비스를 통한 애플리케이션 연결하기](/ko/docs/concepts/services-networking/connect-applications-service/)를 더 자세히 본다.
+* [외부 로드밸런서 생성](/docs/tasks/access-application-cluster/create-external-load-balancer/) 방법을 본다.
diff --git a/content/ko/docs/tutorials/stateful-application/basic-stateful-set.md b/content/ko/docs/tutorials/stateful-application/basic-stateful-set.md
index 8b0a258ae6..ee7cccb70d 100644
--- a/content/ko/docs/tutorials/stateful-application/basic-stateful-set.md
+++ b/content/ko/docs/tutorials/stateful-application/basic-stateful-set.md
@@ -16,7 +16,7 @@ weight: 10
튜토리얼을 시작하기 전에 다음의 쿠버네티스 컨셉에 대해
익숙해야 한다.
-* [파드](/docs/user-guide/pods/single-container/)
+* [파드](/ko/docs/concepts/workloads/pods/)
* [클러스터 DNS(Cluster DNS)](/ko/docs/concepts/services-networking/dns-pod-service/)
* [헤드리스 서비스(Headless Services)](/ko/docs/concepts/services-networking/service/#헤드리스-headless-서비스)
* [퍼시스턴트볼륨(PersistentVolumes)](/ko/docs/concepts/storage/persistent-volumes/)
@@ -833,11 +833,11 @@ kubectl get pods -w -l app=nginx
다른 터미널에서는 스테이트풀셋을 지우기 위해
[`kubectl delete`](/docs/reference/generated/kubectl/kubectl-commands/#delete) 명령어를 이용하자.
-이 명령어에 `--cascade=false` 파라미터가 추가되었다.
+이 명령어에 `--cascade=orphan` 파라미터가 추가되었다.
이 파라미터는 쿠버네티스에 스테이트풀셋만 삭제하고 그에 속한 파드는 지우지 않도록 요청한다.
```shell
-kubectl delete statefulset web --cascade=false
+kubectl delete statefulset web --cascade=orphan
```
```
statefulset.apps "web" deleted
@@ -953,7 +953,7 @@ kubectl get pods -w -l app=nginx
```
다른 터미널창에서 스테이트풀셋을 다시 지우자. 이번에는
-`--cascade=false` 파라미터를 생략하자.
+`--cascade=orphan` 파라미터를 생략하자.
```shell
kubectl delete statefulset web
diff --git a/content/ko/docs/tutorials/stateful-application/cassandra.md b/content/ko/docs/tutorials/stateful-application/cassandra.md
index 7b1888a15e..3ebb7ec387 100644
--- a/content/ko/docs/tutorials/stateful-application/cassandra.md
+++ b/content/ko/docs/tutorials/stateful-application/cassandra.md
@@ -7,7 +7,7 @@ weight: 30
-이 튜토리얼은 쿠버네티스에서 [아파치 카산드라](http://cassandra.apache.org/)를 실행하는 방법을 소개한다.
+이 튜토리얼은 쿠버네티스에서 [아파치 카산드라](https://cassandra.apache.org/)를 실행하는 방법을 소개한다.
데이터베이스인 카산드라는 데이터 내구성을 제공하기 위해 퍼시스턴트 스토리지가 필요하다(애플리케이션 _상태_).
이 예제에서 사용자 지정 카산드라 시드 공급자는 카산드라가 클러스터에 가입할 때 카산드라가 인스턴스를 검색할 수 있도록 한다.
@@ -266,7 +266,7 @@ kubectl apply -f cassandra-statefulset.yaml
이 튜토리얼의 *파드* 는 구글의 [컨테이너 레지스트리](https://cloud.google.com/container-registry/docs/)에
[`gcr.io/google-samples/cassandra:v13`](https://github.com/kubernetes/examples/blob/master/cassandra/image/Dockerfile) 이미지를 이용한다.
-이 도커 이미지는 [debian-base](https://github.com/kubernetes/kubernetes/tree/master/build/debian-base)에
+이 도커 이미지는 [debian-base](https://github.com/kubernetes/release/tree/master/images/build/debian-base)에
기반하였고 OpenJDK 8을 포함한다.
이 이미지는 아파치 데비안 리포의 표준 카산드라 설치본을 포함한다.
diff --git a/content/ko/docs/tutorials/stateless-application/_index.md b/content/ko/docs/tutorials/stateless-application/_index.md
old mode 100755
new mode 100644
diff --git a/content/ko/docs/tutorials/stateless-application/guestbook.md b/content/ko/docs/tutorials/stateless-application/guestbook.md
index 1a984319d8..1a5e4a6079 100644
--- a/content/ko/docs/tutorials/stateless-application/guestbook.md
+++ b/content/ko/docs/tutorials/stateless-application/guestbook.md
@@ -1,5 +1,6 @@
---
-title: "예시: MongoDB를 사용한 PHP 방명록 애플리케이션 배포하기"
+title: "예시: Redis를 사용한 PHP 방명록 애플리케이션 배포하기"
+
content_type: tutorial
@@ -7,310 +8,411 @@ weight: 20
card:
name: tutorials
weight: 30
- title: "상태를 유지하지 않는 예제: MongoDB를 사용한 PHP 방명록"
+ title: "상태를 유지하지 않는 예제: Redis를 사용한 PHP 방명록"
min-kubernetes-server-version: v1.14
+source: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
---
-이 튜토리얼에서는 쿠버네티스와 [Docker](https://www.docker.com/)를 사용하여 간단한 _(운영 준비가 아닌)_ 멀티 티어 웹 애플리케이션을 빌드하고 배포하는 방법을 보여준다. 이 예제는 다음과 같은 구성으로 이루어져 있다.
+이 튜토리얼에서는 쿠버네티스와 [Docker](https://www.docker.com/)를 사용하여 간단한
+_(운영 수준이 아닌)_ 멀티 티어 웹 애플리케이션을 빌드하고 배포하는 방법을 보여준다.
+이 예제는 다음과 같은 구성으로
+이루어져 있다.
-* 방명록을 저장하는 단일 인스턴스 [MongoDB](https://www.mongodb.com/)
+* 방명록 항목을 저장하기 위한 단일 인스턴스 [Redis](https://www.redis.com/)
* 여러 개의 웹 프론트엔드 인스턴스
## {{% heading "objectives" %}}
-* Mongo 데이터베이스를 시작
-* 방명록 프론트엔드를 시작
+* Redis 리더를 실행
+* 2개의 Redis 팔로워를 실행
+* 방명록 프론트엔드를 실행
* 프론트엔드 서비스를 노출하고 확인
-* 정리 하기
-
+* 정리하기
## {{% heading "prerequisites" %}}
-
{{< include "task-tutorial-prereqs.md" >}}
{{< version-check >}}
-
-
-## Mongo 데이터베이스를 실행
+## Redis 데이터베이스를 실행
-방명록 애플리케이션은 MongoDB를 사용해서 데이터를 저장한다.
+방명록 애플리케이션은 Redis를 사용하여 데이터를 저장한다.
-### Mongo 디플로이먼트를 생성하기
+### Redis 디플로이먼트를 생성하기
-아래의 매니페스트 파일은 단일 복제본 Mongo 파드를 실행하는 디플로이먼트 컨트롤러를 지정한다.
+아래의 매니페스트 파일은 단일 복제본 Redis 파드를 실행하는 디플로이먼트 컨트롤러에 대한 명세를 담고 있다.
-{{< codenew file="application/guestbook/mongo-deployment.yaml" >}}
+{{< codenew file="application/guestbook/redis-leader-deployment.yaml" >}}
1. 매니페스트 파일을 다운로드한 디렉터리에서 터미널 창을 시작한다.
-1. `mongo-deployment.yaml` 파일을 통해 MongoDB 디플로이먼트에 적용한다.
+1. `redis-leader-deployment.yaml` 파일을 이용하여 Redis 디플로이먼트를 생성한다.
-
+
- ```shell
- kubectl apply -f https://k8s.io/examples/application/guestbook/mongo-deployment.yaml
- ```
+ ```shell
+ kubectl apply -f https://k8s.io/examples/application/guestbook/redis-leader-deployment.yaml
+ ```
+1. 파드의 목록을 질의하여 Redis 파드가 실행 중인지 확인한다.
-1. 파드의 목록을 질의하여 MongoDB 파드가 실행 중인지 확인한다.
+ ```shell
+ kubectl get pods
+ ```
- ```shell
- kubectl get pods
- ```
+ 결과는 아래와 같은 형태로 나타난다.
- 결과는 아래와 같은 형태로 나타난다.
+ ```
+ NAME READY STATUS RESTARTS AGE
+ redis-leader-fb76b4755-xjr2n 1/1 Running 0 13s
+ ```
- ```shell
- NAME READY STATUS RESTARTS AGE
- mongo-5cfd459dd4-lrcjb 1/1 Running 0 28s
- ```
+2. Redis 리더 파드의 로그를 보려면 다음 명령어를 실행한다.
-2. MongoDB 파드에서 로그를 보려면 다음 명령어를 실행한다.
+ ```shell
+ kubectl logs -f deployment/redis-leader
+ ```
- ```shell
- kubectl logs -f deployment/mongo
- ```
+### Redis 리더 서비스 생성하기
-### MongoDB 서비스 생성하기
+방명록 애플리케이션에서 데이터를 쓰려면 Redis와 통신해야 한다.
+Redis 파드로 트래픽을 프록시하려면 [서비스](/ko/docs/concepts/services-networking/service/)를 생성해야 한다.
+서비스는 파드에 접근하기 위한 정책을
+정의한다.
-방명록 애플리케이션에서 데이터를 쓰려면 MongoDB와 통신해야 한다. MongoDB 파드로 트래픽을 프록시하려면 [서비스](/ko/docs/concepts/services-networking/service/)를 적용해야 한다. 서비스는 파드에 접근하기 위한 정책을 정의한다.
+{{< codenew file="application/guestbook/redis-leader-service.yaml" >}}
-{{< codenew file="application/guestbook/mongo-service.yaml" >}}
+1. `redis-leader-service.yaml` 파일을 이용하여 Redis 서비스를 실행한다.
-1. `mongo-service.yaml` 파일을 통해 MongoDB 서비스에 적용한다.
+
-
+ ```shell
+ kubectl apply -f https://k8s.io/examples/application/guestbook/redis-leader-service.yaml
+ ```
- ```shell
- kubectl apply -f https://k8s.io/examples/application/guestbook/mongo-service.yaml
- ```
+1. 서비스의 목록을 질의하여 Redis 서비스가 실행 중인지 확인한다.
+ ```shell
+ kubectl get service
+ ```
-1. 서비스의 목록을 질의하여 MongoDB 서비스가 실행 중인지 확인한다.
+ 결과는 아래와 같은 형태로 나타난다.
- ```shell
- kubectl get service
- ```
-
- 결과는 아래와 같은 형태로 나타난다.
-
- ```shell
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- kubernetes ClusterIP 10.0.0.1 443/TCP 1m
- mongo ClusterIP 10.0.0.151 27017/TCP 8s
- ```
+ ```
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ kubernetes ClusterIP 10.0.0.1 443/TCP 1m
+ redis-leader ClusterIP 10.103.78.24 6379/TCP 16s
+ ```
{{< note >}}
-이 매니페스트 파일은 이전에 정의된 레이블과 일치하는 레이블 집합을 가진 `mongo`라는 서비스를 생성하므로, 서비스는 네트워크 트래픽을 MongoDB 파드로 라우팅한다.
+이 매니페스트 파일은 이전에 정의된 레이블과 일치하는 레이블 집합을 가진
+`redis-leader`라는 서비스를 생성하므로, 서비스는 네트워크 트래픽을
+Redis 파드로 라우팅한다.
{{< /note >}}
+### Redis 팔로워 구성하기
+
+Redis 리더는 단일 파드이지만, 몇 개의 Redis 팔로워 또는 복제본을 추가하여
+가용성을 높이고 트래픽 요구를 충족할 수 있다.
+
+{{< codenew file="application/guestbook/redis-follower-deployment.yaml" >}}
+
+1. `redis-follower-deployment.yaml` 파일을 이용하여 Redis 서비스를 실행한다.
+
+
+
+ ```shell
+ kubectl apply -f https://k8s.io/examples/application/guestbook/redis-follower-deployment.yaml
+ ```
+
+1. 파드의 목록을 질의하여 2개의 Redis 팔로워 레플리카가 실행 중인지 확인한다.
+
+ ```shell
+ kubectl get pods
+ ```
+
+ 결과는 아래와 같은 형태로 나타난다.
+
+ ```
+ NAME READY STATUS RESTARTS AGE
+ redis-follower-dddfbdcc9-82sfr 1/1 Running 0 37s
+ redis-follower-dddfbdcc9-qrt5k 1/1 Running 0 38s
+ redis-leader-fb76b4755-xjr2n 1/1 Running 0 11m
+ ```
+
+### Redis 팔로워 서비스 생성하기
+
+방명록 애플리케이션이 데이터를 읽으려면 Redis 팔로워와 통신해야 한다.
+Redis 팔로워를 발견 가능(discoverable)하게 만드려면, 새로운
+[서비스](/ko/docs/concepts/services-networking/service/)를 구성해야 한다.
+
+{{< codenew file="application/guestbook/redis-follower-service.yaml" >}}
+
+1. `redis-follower-service.yaml` 파일을 이용하여 Redis 서비스를 실행한다.
+
+
+
+ ```shell
+ kubectl apply -f https://k8s.io/examples/application/guestbook/redis-follower-service.yaml
+ ```
+
+1. 서비스의 목록을 질의하여 Redis 서비스가 실행 중인지 확인한다.
+
+ ```shell
+ kubectl get service
+ ```
+
+ 결과는 아래와 같은 형태로 나타난다.
+
+ ```
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ kubernetes ClusterIP 10.96.0.1 443/TCP 3d19h
+ redis-follower ClusterIP 10.110.162.42 6379/TCP 9s
+ redis-leader ClusterIP 10.103.78.24 6379/TCP 6m10s
+ ```
+
+{{< note >}}
+이 매니페스트 파일은 이전에 정의된 레이블과 일치하는 레이블 집합을 가진
+`redis-follower`라는 서비스를 생성하므로, 서비스는 네트워크 트래픽을
+Redis 파드로 라우팅한다.
+{{< /note >}}
## 방명록 프론트엔드를 설정하고 노출하기
-방명록 애플리케이션에는 PHP로 작성된 HTTP 요청을 처리하는 웹 프론트엔드가 있다. 방명록 항목들을 저장하기 위해 `mongo` 서비스에 연결하도록 구성 한다.
+방명록을 위한 Redis 저장소를 구성하고 실행했으므로, 이제 방명록 웹 서버를 실행한다.
+Redis 팔로워와 마찬가지로, 프론트엔드는 쿠버네티스 디플로이먼트(Deployment)를
+사용하여 배포된다.
+
+방명록 앱은 PHP 프론트엔드를 사용한다. DB에 대한 요청이 읽기인지 쓰기인지에 따라,
+Redis 팔로워 또는 리더 서비스와 통신하도록 구성된다. 프론트엔드는 JSON 인터페이스를
+노출하고,
+jQuery-Ajax 기반 UX를 제공한다.
### 방명록 프론트엔드의 디플로이먼트 생성하기
{{< codenew file="application/guestbook/frontend-deployment.yaml" >}}
-1. `frontend-deployment.yaml` 파일을 통해 프론트엔드의 디플로이먼트에 적용한다.
+1. `frontend-deployment.yaml` 파일을 이용하여 프론트엔드 디플로이먼트를 생성한다.
-
-
- ```shell
- kubectl apply -f https://k8s.io/examples/application/guestbook/frontend-deployment.yaml
- ```
+
+ ```shell
+ kubectl apply -f https://k8s.io/examples/application/guestbook/frontend-deployment.yaml
+ ```
1. 파드의 목록을 질의하여 세 개의 프론트엔드 복제본이 실행되고 있는지 확인한다.
- ```shell
- kubectl get pods -l app.kubernetes.io/name=guestbook -l app.kubernetes.io/component=frontend
- ```
+ ```shell
+ kubectl get pods -l app=guestbook -l tier=frontend
+ ```
- 결과는 아래와 같은 형태로 나타난다.
+ 결과는 아래와 같은 형태로 나타난다.
- ```
- NAME READY STATUS RESTARTS AGE
- frontend-3823415956-dsvc5 1/1 Running 0 54s
- frontend-3823415956-k22zn 1/1 Running 0 54s
- frontend-3823415956-w9gbt 1/1 Running 0 54s
- ```
+ ```
+ NAME READY STATUS RESTARTS AGE
+ frontend-85595f5bf9-5tqhb 1/1 Running 0 47s
+ frontend-85595f5bf9-qbzwm 1/1 Running 0 47s
+ frontend-85595f5bf9-zchwc 1/1 Running 0 47s
+ ```
### 프론트엔드 서비스 생성하기
-서비스의 기본 유형은 [ClusterIP](/ko/docs/concepts/services-networking/service/#publishing-services-service-types)이기 때문에 적용한 `mongo` 서비스는 컨테이너 클러스터 내에서만 접근할 수 있다. `ClusterIP`는 서비스가 가리키는 파드 집합에 대한 단일 IP 주소를 제공한다. 이 IP 주소는 클러스터 내에서만 접근할 수 있다.
+서비스의 기본 유형은
+[ClusterIP](/ko/docs/concepts/services-networking/service/#publishing-services-service-types)
+이기 때문에 생성한 `Redis` 서비스는 컨테이너 클러스터 내에서만 접근할 수 있다.
+`ClusterIP`는 서비스가 가리키는 파드 집합에 대한
+단일 IP 주소를 제공한다. 이 IP 주소는 클러스터 내에서만 접근할 수 있다.
-게스트가 방명록에 접근할 수 있도록 하려면, 외부에서 볼 수 있도록 프론트엔드 서비스를 구성해야 한다. 그렇게 하면 클라이언트가 쿠버네티스 클러스터 외부에서 서비스를 요청할 수 있다. 그러나 쿠버네티스 사용자는 `ClusterIP`를 사용하더라도 `kubectl port-forward`를 사용해서 서비스에 접근할 수 있다.
+게스트가 방명록에 접근할 수 있도록 하려면, 외부에서 볼 수 있도록 프론트엔드
+서비스를 구성해야 한다. 그렇게 하면 클라이언트가 쿠버네티스 클러스터 외부에서
+서비스를 요청할 수 있다. 그러나 쿠버네티스 사용자는 `ClusterIP`를
+사용하더라도 `kubectl port-forward`를 사용해서 서비스에
+접근할 수 있다.
{{< note >}}
-Google Compute Engine 또는 Google Kubernetes Engine과 같은 일부 클라우드 공급자는 외부 로드 밸런서를 지원한다. 클라우드 공급자가 로드 밸런서를 지원하고 이를 사용하려면 `type : LoadBalancer`의 주석을 제거해야 한다.
+Google Compute Engine 또는 Google Kubernetes Engine
+과 같은 일부 클라우드 공급자는 외부 로드 밸런서를 지원한다. 클라우드 공급자가 로드
+밸런서를 지원하고 이를 사용하려면 `type : LoadBalancer`의 주석을 제거해야 한다.
{{< /note >}}
{{< codenew file="application/guestbook/frontend-service.yaml" >}}
-1. `frontend-service.yaml` 파일을 통해 프론트엔드 서비스에 적용시킨다.
+1. `frontend-service.yaml` 파일을 이용하여 프론트엔드 서비스를 실행한다.
-
-
- ```shell
- kubectl apply -f https://k8s.io/examples/application/guestbook/frontend-service.yaml
- ```
+
+ ```shell
+ kubectl apply -f https://k8s.io/examples/application/guestbook/frontend-service.yaml
+ ```
1. 서비스의 목록을 질의하여 프론트엔드 서비스가 실행 중인지 확인한다.
- ```shell
- kubectl get services
- ```
+ ```shell
+ kubectl get services
+ ```
- 결과는 아래와 같은 형태로 나타난다.
+ 결과는 아래와 같은 형태로 나타난다.
- ```
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- frontend ClusterIP 10.0.0.112 80/TCP 6s
- kubernetes ClusterIP 10.0.0.1 443/TCP 4m
- mongo ClusterIP 10.0.0.151 6379/TCP 2m
- ```
+ ```
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ frontend ClusterIP 10.97.28.230 80/TCP 19s
+ kubernetes ClusterIP 10.96.0.1 443/TCP 3d19h
+ redis-follower ClusterIP 10.110.162.42 6379/TCP 5m48s
+ redis-leader ClusterIP 10.103.78.24 6379/TCP 11m
+ ```
### `kubectl port-forward`를 통해 프론트엔드 서비스 확인하기
1. 다음 명령어를 실행해서 로컬 머신의 `8080` 포트를 서비스의 `80` 포트로 전달한다.
- ```shell
- kubectl port-forward svc/frontend 8080:80
- ```
+ ```shell
+ kubectl port-forward svc/frontend 8080:80
+ ```
- 결과는 아래와 같은 형태로 나타난다.
+ 결과는 아래와 같은 형태로 나타난다.
- ```
- Forwarding from 127.0.0.1:8080 -> 80
- Forwarding from [::1]:8080 -> 80
- ```
+ ```
+ Forwarding from 127.0.0.1:8080 -> 80
+ Forwarding from [::1]:8080 -> 80
+ ```
-1. 방명록을 보기위해 브라우저에서 [http://localhost:8080](http://localhost:8080) 페이지를 로드한다.
+1. 방명록을 보기 위해 브라우저에서 [http://localhost:8080](http://localhost:8080) 페이지를 로드한다.
### `LoadBalancer`를 통해 프론트엔드 서비스 확인하기
-`frontend-service.yaml` 매니페스트를 `LoadBalancer`와 함께 배포한 경우, 방명록을 보기 위해 IP 주소를 찾아야 한다.
+`frontend-service.yaml` 매니페스트를 `LoadBalancer`와 함께 배포한 경우,
+방명록을 보기 위해 IP 주소를 찾아야 한다.
1. 프론트엔드 서비스의 IP 주소를 얻기 위해 아래 명령어를 실행한다.
- ```shell
- kubectl get service frontend
- ```
+ ```shell
+ kubectl get service frontend
+ ```
- 결과는 아래와 같은 형태로 나타난다.
+ 결과는 아래와 같은 형태로 나타난다.
- ```
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- frontend LoadBalancer 10.51.242.136 109.197.92.229 80:32372/TCP 1m
- ```
+ ```
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ frontend LoadBalancer 10.51.242.136 109.197.92.229 80:32372/TCP 1m
+ ```
1. IP 주소를 복사하고, 방명록을 보기 위해 브라우저에서 페이지를 로드한다.
+{{< note >}}
+메시지를 입력하고 'Submit'을 클릭하여 방명록에 글을 작성해 본다.
+입력한 메시지가 프론트엔드에 나타난다. 이 메시지는 앞서 생성한 서비스를
+통해 데이터가 Redis에 성공적으로 입력되었음을 나타낸다.
+{{< /note >}}
+
## 웹 프론트엔드 확장하기
-서버가 디플로이먼트 컨르롤러를 사용하는 서비스로 정의되어 있기에 필요에 따라 확장 또는 축소할 수 있다.
+서버가 디플로이먼트 컨트롤러를 사용하는 서비스로 정의되어 있으므로
+필요에 따라 확장 또는 축소할 수 있다.
1. 프론트엔드 파드의 수를 확장하기 위해 아래 명령어를 실행한다.
- ```shell
- kubectl scale deployment frontend --replicas=5
- ```
+ ```shell
+ kubectl scale deployment frontend --replicas=5
+ ```
1. 파드의 목록을 질의하여 실행 중인 프론트엔드 파드의 수를 확인한다.
- ```shell
- kubectl get pods
- ```
+ ```shell
+ kubectl get pods
+ ```
- 결과는 아래와 같은 형태로 나타난다.
+ 결과는 아래와 같은 형태로 나타난다.
- ```
- NAME READY STATUS RESTARTS AGE
- frontend-3823415956-70qj5 1/1 Running 0 5s
- frontend-3823415956-dsvc5 1/1 Running 0 54m
- frontend-3823415956-k22zn 1/1 Running 0 54m
- frontend-3823415956-w9gbt 1/1 Running 0 54m
- frontend-3823415956-x2pld 1/1 Running 0 5s
- mongo-1068406935-3lswp 1/1 Running 0 56m
- ```
+ ```
+ NAME READY STATUS RESTARTS AGE
+ frontend-85595f5bf9-5df5m 1/1 Running 0 83s
+ frontend-85595f5bf9-7zmg5 1/1 Running 0 83s
+ frontend-85595f5bf9-cpskg 1/1 Running 0 15m
+ frontend-85595f5bf9-l2l54 1/1 Running 0 14m
+ frontend-85595f5bf9-l9c8z 1/1 Running 0 14m
+ redis-follower-dddfbdcc9-82sfr 1/1 Running 0 97m
+ redis-follower-dddfbdcc9-qrt5k 1/1 Running 0 97m
+ redis-leader-fb76b4755-xjr2n 1/1 Running 0 108m
+ ```
1. 프론트엔드 파드의 수를 축소하기 위해 아래 명령어를 실행한다.
- ```shell
- kubectl scale deployment frontend --replicas=2
- ```
+ ```shell
+ kubectl scale deployment frontend --replicas=2
+ ```
1. 파드의 목록을 질의하여 실행 중인 프론트엔드 파드의 수를 확인한다.
- ```shell
- kubectl get pods
- ```
-
- 결과는 아래와 같은 형태로 나타난다.
-
- ```
- NAME READY STATUS RESTARTS AGE
- frontend-3823415956-k22zn 1/1 Running 0 1h
- frontend-3823415956-w9gbt 1/1 Running 0 1h
- mongo-1068406935-3lswp 1/1 Running 0 1h
- ```
+ ```shell
+ kubectl get pods
+ ```
+ 결과는 아래와 같은 형태로 나타난다.
+ ```
+ NAME READY STATUS RESTARTS AGE
+ frontend-85595f5bf9-cpskg 1/1 Running 0 16m
+ frontend-85595f5bf9-l9c8z 1/1 Running 0 15m
+ redis-follower-dddfbdcc9-82sfr 1/1 Running 0 98m
+ redis-follower-dddfbdcc9-qrt5k 1/1 Running 0 98m
+ redis-leader-fb76b4755-xjr2n 1/1 Running 0 109m
+ ```
## {{% heading "cleanup" %}}
-디플로이먼트 및 서비스를 삭제하면 실행 중인 모든 파드도 삭제된다. 레이블을 사용하여 하나의 명령어로 여러 자원을 삭제해보자.
+디플로이먼트 및 서비스를 삭제하면 실행 중인 모든 파드도 삭제된다.
+레이블을 사용하여 하나의 명령어로 여러 자원을 삭제해보자.
1. 모든 파드, 디플로이먼트, 서비스를 삭제하기 위해 아래 명령어를 실행한다.
- ```shell
- kubectl delete deployment -l app.kubernetes.io/name=mongo
- kubectl delete service -l app.kubernetes.io/name=mongo
- kubectl delete deployment -l app.kubernetes.io/name=guestbook
- kubectl delete service -l app.kubernetes.io/name=guestbook
- ```
+ ```shell
+ kubectl delete deployment -l app=redis
+ kubectl delete service -l app=redis
+ kubectl delete deployment frontend
+ kubectl delete service frontend
+ ```
- 결과는 아래와 같은 형태로 나타난다.
+ 결과는 아래와 같은 형태로 나타난다.
- ```
- deployment.apps "mongo" deleted
- service "mongo" deleted
- deployment.apps "frontend" deleted
- service "frontend" deleted
- ```
+ ```
+ deployment.apps "redis-follower" deleted
+ deployment.apps "redis-leader" deleted
+ deployment.apps "frontend" deleted
+ service "frontend" deleted
+ ```
1. 파드의 목록을 질의하여 실행 중인 파드가 없는지 확인한다.
- ```shell
- kubectl get pods
- ```
-
- 결과는 아래와 같은 형태로 나타난다.
-
- ```
- No resources found.
- ```
+ ```shell
+ kubectl get pods
+ ```
+ 결과는 아래와 같은 형태로 나타난다.
+ ```
+ No resources found in default namespace.
+ ```
## {{% heading "whatsnext" %}}
diff --git a/content/ko/examples/application/guestbook/frontend-deployment.yaml b/content/ko/examples/application/guestbook/frontend-deployment.yaml
index 613c654aa9..f97f20dab6 100644
--- a/content/ko/examples/application/guestbook/frontend-deployment.yaml
+++ b/content/ko/examples/application/guestbook/frontend-deployment.yaml
@@ -1,32 +1,29 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
- labels:
- app.kubernetes.io/name: guestbook
- app.kubernetes.io/component: frontend
spec:
+ replicas: 3
selector:
matchLabels:
- app.kubernetes.io/name: guestbook
- app.kubernetes.io/component: frontend
- replicas: 3
+ app: guestbook
+ tier: frontend
template:
metadata:
labels:
- app.kubernetes.io/name: guestbook
- app.kubernetes.io/component: frontend
+ app: guestbook
+ tier: frontend
spec:
containers:
- - name: guestbook
- image: paulczar/gb-frontend:v5
- # image: gcr.io/google-samples/gb-frontend:v4
+ - name: php-redis
+ image: gcr.io/google_samples/gb-frontend:v5
+ env:
+ - name: GET_HOSTS_FROM
+ value: "dns"
resources:
requests:
cpu: 100m
memory: 100Mi
- env:
- - name: GET_HOSTS_FROM
- value: dns
ports:
- - containerPort: 80
+ - containerPort: 80
\ No newline at end of file
diff --git a/content/ko/examples/application/guestbook/frontend-service.yaml b/content/ko/examples/application/guestbook/frontend-service.yaml
index 34ad3771d7..410c6bbaf2 100644
--- a/content/ko/examples/application/guestbook/frontend-service.yaml
+++ b/content/ko/examples/application/guestbook/frontend-service.yaml
@@ -1,16 +1,19 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
apiVersion: v1
kind: Service
metadata:
name: frontend
labels:
- app.kubernetes.io/name: guestbook
- app.kubernetes.io/component: frontend
+ app: guestbook
+ tier: frontend
spec:
# if your cluster supports it, uncomment the following to automatically create
# an external load-balanced IP for the frontend service.
# type: LoadBalancer
+ #type: LoadBalancer
ports:
+ # the port that this service should serve on
- port: 80
selector:
- app.kubernetes.io/name: guestbook
- app.kubernetes.io/component: frontend
+ app: guestbook
+ tier: frontend
\ No newline at end of file
diff --git a/content/ko/examples/application/guestbook/mongo-deployment.yaml b/content/ko/examples/application/guestbook/mongo-deployment.yaml
deleted file mode 100644
index 04908ce25b..0000000000
--- a/content/ko/examples/application/guestbook/mongo-deployment.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: mongo
- labels:
- app.kubernetes.io/name: mongo
- app.kubernetes.io/component: backend
-spec:
- selector:
- matchLabels:
- app.kubernetes.io/name: mongo
- app.kubernetes.io/component: backend
- replicas: 1
- template:
- metadata:
- labels:
- app.kubernetes.io/name: mongo
- app.kubernetes.io/component: backend
- spec:
- containers:
- - name: mongo
- image: mongo:4.2
- args:
- - --bind_ip
- - 0.0.0.0
- resources:
- requests:
- cpu: 100m
- memory: 100Mi
- ports:
- - containerPort: 27017
diff --git a/content/ko/examples/application/guestbook/mongo-service.yaml b/content/ko/examples/application/guestbook/mongo-service.yaml
deleted file mode 100644
index b9cef607bc..0000000000
--- a/content/ko/examples/application/guestbook/mongo-service.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: mongo
- labels:
- app.kubernetes.io/name: mongo
- app.kubernetes.io/component: backend
-spec:
- ports:
- - port: 27017
- targetPort: 27017
- selector:
- app.kubernetes.io/name: mongo
- app.kubernetes.io/component: backend
diff --git a/content/ko/examples/application/guestbook/redis-follower-deployment.yaml b/content/ko/examples/application/guestbook/redis-follower-deployment.yaml
new file mode 100644
index 0000000000..c418cf7364
--- /dev/null
+++ b/content/ko/examples/application/guestbook/redis-follower-deployment.yaml
@@ -0,0 +1,30 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: redis-follower
+ labels:
+ app: redis
+ role: follower
+ tier: backend
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app: redis
+ template:
+ metadata:
+ labels:
+ app: redis
+ role: follower
+ tier: backend
+ spec:
+ containers:
+ - name: follower
+ image: gcr.io/google_samples/gb-redis-follower:v2
+ resources:
+ requests:
+ cpu: 100m
+ memory: 100Mi
+ ports:
+ - containerPort: 6379
\ No newline at end of file
diff --git a/content/ko/examples/application/guestbook/redis-follower-service.yaml b/content/ko/examples/application/guestbook/redis-follower-service.yaml
new file mode 100644
index 0000000000..53283d35c4
--- /dev/null
+++ b/content/ko/examples/application/guestbook/redis-follower-service.yaml
@@ -0,0 +1,17 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: v1
+kind: Service
+metadata:
+ name: redis-follower
+ labels:
+ app: redis
+ role: follower
+ tier: backend
+spec:
+ ports:
+ # the port that this service should serve on
+ - port: 6379
+ selector:
+ app: redis
+ role: follower
+ tier: backend
\ No newline at end of file
diff --git a/content/ko/examples/application/guestbook/redis-leader-deployment.yaml b/content/ko/examples/application/guestbook/redis-leader-deployment.yaml
new file mode 100644
index 0000000000..9c7547291c
--- /dev/null
+++ b/content/ko/examples/application/guestbook/redis-leader-deployment.yaml
@@ -0,0 +1,30 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: redis-leader
+ labels:
+ app: redis
+ role: leader
+ tier: backend
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: redis
+ template:
+ metadata:
+ labels:
+ app: redis
+ role: leader
+ tier: backend
+ spec:
+ containers:
+ - name: leader
+ image: "docker.io/redis:6.0.5"
+ resources:
+ requests:
+ cpu: 100m
+ memory: 100Mi
+ ports:
+ - containerPort: 6379
\ No newline at end of file
diff --git a/content/ko/examples/application/guestbook/redis-leader-service.yaml b/content/ko/examples/application/guestbook/redis-leader-service.yaml
new file mode 100644
index 0000000000..e04cc183d0
--- /dev/null
+++ b/content/ko/examples/application/guestbook/redis-leader-service.yaml
@@ -0,0 +1,17 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: v1
+kind: Service
+metadata:
+ name: redis-leader
+ labels:
+ app: redis
+ role: leader
+ tier: backend
+spec:
+ ports:
+ - port: 6379
+ targetPort: 6379
+ selector:
+ app: redis
+ role: leader
+ tier: backend
\ No newline at end of file
diff --git a/content/ko/examples/policy/baseline-psp.yaml b/content/ko/examples/policy/baseline-psp.yaml
new file mode 100644
index 0000000000..679b780096
--- /dev/null
+++ b/content/ko/examples/policy/baseline-psp.yaml
@@ -0,0 +1,74 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: baseline
+ annotations:
+ # 선택 사항: 기본 AppArmor 프로파일을 활성화한다. 이 경우 기본값을 설정해야 한다.
+ apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+ apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
+ seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+spec:
+ privileged: false
+ # Moby의 기본 캐퍼빌리티 집합(NET_RAW는 제외되었음)
+ allowedCapabilities:
+ - 'CHOWN'
+ - 'DAC_OVERRIDE'
+ - 'FSETID'
+ - 'FOWNER'
+ - 'MKNOD'
+ - 'SETGID'
+ - 'SETUID'
+ - 'SETFCAP'
+ - 'SETPCAP'
+ - 'NET_BIND_SERVICE'
+ - 'SYS_CHROOT'
+ - 'KILL'
+ - 'AUDIT_WRITE'
+ # hostpath를 제외한 모든 볼륨 타입을 허용
+ volumes:
+ # '코어' 볼륨 타입
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'secret'
+ - 'downwardAPI'
+ # 클러스터 관리자에 의해 구성된 휘발성 CSI 드라이버와 퍼시스턴트볼륨(PersistentVolume)은 사용하기에 안전하다고 가정한다.
+ - 'csi'
+ - 'persistentVolumeClaim'
+ - 'ephemeral'
+ # hostpath 타입이 아닌 다른 모든 볼륨 타입을 허용
+ - 'awsElasticBlockStore'
+ - 'azureDisk'
+ - 'azureFile'
+ - 'cephFS'
+ - 'cinder'
+ - 'fc'
+ - 'flexVolume'
+ - 'flocker'
+ - 'gcePersistentDisk'
+ - 'gitRepo'
+ - 'glusterfs'
+ - 'iscsi'
+ - 'nfs'
+ - 'photonPersistentDisk'
+ - 'portworxVolume'
+ - 'quobyte'
+ - 'rbd'
+ - 'scaleIO'
+ - 'storageos'
+ - 'vsphereVolume'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ readOnlyRootFilesystem: false
+ runAsUser:
+ rule: 'RunAsAny'
+ seLinux:
+ # 이 파드시큐리티폴리시는 노드가 SELinux가 아닌 AppArmor를 사용하고 있다고 가정한다.
+ # 파드시큐리티폴리시 SELinux API는 SELinux 파드 보안 표준을 표현할 수 없으므로,
+ # SELinux를 사용하는 경우 더 제한적인 기본값을 선택해야 한다.
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'RunAsAny'
+ fsGroup:
+ rule: 'RunAsAny'
diff --git a/content/ko/examples/policy/restricted-psp.yaml b/content/ko/examples/policy/restricted-psp.yaml
index cbaf2758c0..4cdc12639a 100644
--- a/content/ko/examples/policy/restricted-psp.yaml
+++ b/content/ko/examples/policy/restricted-psp.yaml
@@ -5,14 +5,11 @@ metadata:
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
- seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
spec:
privileged: false
- # 루트로의 에스컬레이션을 방지하는데 필요하다.
+ # 루트로의 에스컬레이션을 방지하는 데 필요하다.
allowPrivilegeEscalation: false
- # 이것은 루트가 아닌 사용자 + 권한 에스컬레이션을 허용하지 않는 것으로 중복이지만,
- # 심층 방어를 위해 이를 제공한다.
requiredDropCapabilities:
- ALL
# 기본 볼륨 유형을 허용한다.
@@ -22,8 +19,10 @@ spec:
- 'projected'
- 'secret'
- 'downwardAPI'
- # 클러스터 관리자가 설정한 퍼시스턴트볼륨을 사용하는 것이 안전하다고 가정한다.
+ # 클러스터 관리자에 의해 구성된 휘발성 CSI 드라이버와 퍼시스턴트볼륨(PersistentVolume)의 사용은 안전하다고 가정한다.
+ - 'csi'
- 'persistentVolumeClaim'
+ - 'ephemeral'
hostNetwork: false
hostIPC: false
hostPID: false
diff --git a/content/ko/includes/task-tutorial-prereqs.md b/content/ko/includes/task-tutorial-prereqs.md
index 65651286bd..e27f4b99e4 100644
--- a/content/ko/includes/task-tutorial-prereqs.md
+++ b/content/ko/includes/task-tutorial-prereqs.md
@@ -5,4 +5,4 @@
다음의 쿠버네티스 플레이그라운드 중 하나를 사용할 수 있다.
* [Katacoda](https://www.katacoda.com/courses/kubernetes/playground)
-* [Play with Kubernetes](http://labs.play-with-k8s.com/)
+* [Play with Kubernetes](https://labs.play-with-k8s.com/)
diff --git a/content/ko/releases/version-skew-policy.md b/content/ko/releases/version-skew-policy.md
index 38052aa18d..dba98dcdf8 100644
--- a/content/ko/releases/version-skew-policy.md
+++ b/content/ko/releases/version-skew-policy.md
@@ -6,22 +6,21 @@
-title: 쿠버네티스 버전 및 버전 차이(skew) 지원 정책
-content_type: concept
-weight: 30
+title: 버전 차이(skew) 정책
+type: docs
+description: >
+ 다양한 쿠버네티스 구성 요소 간에 지원되는 최대 버전 차이
---
이 문서는 다양한 쿠버네티스 구성 요소 간에 지원되는 최대 버전 차이를 설명한다.
특정 클러스터 배포 도구는 버전 차이에 대한 추가적인 제한을 설정할 수 있다.
-
## 지원되는 버전
-쿠버네티스 버전은 **x.y.z** 로 표현되는데,
-여기서 **x** 는 메이저 버전, **y** 는 마이너 버전, **z** 는 패치 버전을 의미하며, 이는 [시맨틱 버전](https://semver.org/) 용어에 따른 것이다.
+쿠버네티스 버전은 **x.y.z** 로 표현되는데, 여기서 **x** 는 메이저 버전, **y** 는 마이너 버전, **z** 는 패치 버전을 의미하며, 이는 [시맨틱 버전](https://semver.org/) 용어에 따른 것이다.
자세한 내용은 [쿠버네티스 릴리스 버전](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/release/versioning.md#kubernetes-release-versioning)을 참조한다.
쿠버네티스 프로젝트는 최근 세 개의 마이너 릴리스 ({{< skew latestVersion >}}, {{< skew prevMinorVersion >}}, {{< skew oldestMinorVersion >}}) 에 대한 릴리스 분기를 유지한다. 쿠버네티스 1.19 이상은 약 1년간의 패치 지원을 받는다. 쿠버네티스 1.18 이상은 약 9개월의 패치 지원을 받는다.
diff --git a/content/pl/_index.html b/content/pl/_index.html
index 1096114700..03ec4a4c44 100644
--- a/content/pl/_index.html
+++ b/content/pl/_index.html
@@ -44,12 +44,12 @@ Kubernetes jako projekt open-source daje Ci wolność wyboru ⏤ skorzystaj z pr
diff --git a/content/pl/docs/concepts/overview/_index.md b/content/pl/docs/concepts/overview/_index.md
old mode 100755
new mode 100644
diff --git a/content/pl/docs/concepts/overview/components.md b/content/pl/docs/concepts/overview/components.md
index dba2d1e782..b6843e04db 100644
--- a/content/pl/docs/concepts/overview/components.md
+++ b/content/pl/docs/concepts/overview/components.md
@@ -27,7 +27,7 @@ Poniższy rysunek przedstawia klaster Kubernetes i powiązania pomiędzy jego r
Komponenty warstwy sterowania podejmują ogólne decyzje dotyczące klastra (np. zlecanie zadań), a także wykrywają i reagują na zdarzenia w klastrze (przykładowo, start nowego {{< glossary_tooltip text="poda" term_id="pod">}}, kiedy wartość `replicas` dla deploymentu nie zgadza się z faktyczną liczbą replik).
-Komponenty warstwy sterowania mogą być uruchomione na dowolnej maszynie w klastrze. Dla uproszczenia jednak skrypty instalacyjne zazwyczaj startują wszystkie składniki na tej samej maszynie i jednocześnie nie pozwalają na uruchamianie na niej kontenerów użytkowników. Na stronie [Tworzenie Wysoko Dostępnych Klastrów](/docs/admin/high-availability/) jest więcej informacji o konfiguracji typu *multi-master-VM*.
+Komponenty warstwy sterowania mogą być uruchomione na dowolnej maszynie w klastrze. Dla uproszczenia jednak skrypty instalacyjne zazwyczaj startują wszystkie składniki na tej samej maszynie i jednocześnie nie pozwalają na uruchamianie na niej kontenerów użytkowników. Na stronie [Creating Highly Available clusters with kubeadm](/docs/setup/production-environment/tools/kubeadm/high-availability/) znajdziesz opis konfiguracji warstwy sterowania działającej na wielu maszynach wirtualnych.
### kube-apiserver
@@ -45,10 +45,11 @@ Komponenty warstwy sterowania mogą być uruchomione na dowolnej maszynie w klas
{{< glossary_definition term_id="kube-controller-manager" length="all" >}}
-Kontrolerami są:
+Przykładowe kontrolery:
* Node controller: Odpowiada za rozpoznawanie i reagowanie na sytuacje, kiedy węzeł staje się z jakiegoś powodu niedostępny.
-* Replication controller: Odpowiada za utrzymanie prawidłowej liczby podów dla każdego obiektu typu *ReplicationController* w systemie.
+* Job controller: Czeka na obiekty typu *Job*, które definiują zadania uruchamiane jednorazowo
+ i startuje Pody, odpowiadające za ich wykonanie tych zadań.
* Endpoints controller: Dostarcza informacji do obiektów typu *Endpoints* (tzn. łączy ze sobą Serwisy i Pody).
* Service Account & Token controllers: Tworzy domyślne konta i tokeny dostępu API dla nowych przestrzeni nazw (*namespaces*).
diff --git a/content/pl/docs/concepts/overview/what-is-kubernetes.md b/content/pl/docs/concepts/overview/what-is-kubernetes.md
index d28c841553..7391ed6602 100644
--- a/content/pl/docs/concepts/overview/what-is-kubernetes.md
+++ b/content/pl/docs/concepts/overview/what-is-kubernetes.md
@@ -14,11 +14,10 @@ sitemap:
Na tej stronie znajdziesz ogólne informacje o Kubernetesie.
-
Kubernetes to przenośna, rozszerzalna platforma oprogramowania *open-source* służąca do zarządzania zadaniami i serwisami uruchamianymi w kontenerach, która umożliwia deklaratywną konfigurację i automatyzację. Ekosystem Kubernetesa jest duży i dynamicznie się rozwija. Serwisy Kubernetesa, wsparcie i narzędzia są szeroko dostępne.
-Nazwa Kubernetes pochodzi z greki i oznacza sternika albo pilota. Google otworzyło projekt Kubernetes publicznie w 2014. Kubernetes korzysta z [piętnastoletniego doświadczenia Google w uruchamianiu wielkoskalowych serwisów](/blog/2015/04/borg-predecessor-to-kubernetes/) i łączy je z najlepszymi pomysłami i praktykami wypracowanymi przez społeczność.
+Nazwa Kubernetes pochodzi z greki i oznacza sternika albo pilota. Skrót K8s powstał poprzez zastąpienie ośmiu liter pomiędzy "K" i "s" .Google otworzyło projekt Kubernetes publicznie w 2014. Kubernetes korzysta z [piętnastoletniego doświadczenia Google w uruchamianiu wielkoskalowych serwisów](/blog/2015/04/borg-predecessor-to-kubernetes/) i łączy je z najlepszymi pomysłami i praktykami wypracowanymi przez społeczność.
## Trochę historii
diff --git a/content/pl/docs/reference/glossary/cloud-controller-manager.md b/content/pl/docs/reference/glossary/cloud-controller-manager.md
old mode 100755
new mode 100644
diff --git a/content/pl/docs/reference/glossary/cluster.md b/content/pl/docs/reference/glossary/cluster.md
old mode 100755
new mode 100644
diff --git a/content/pl/docs/reference/glossary/etcd.md b/content/pl/docs/reference/glossary/etcd.md
old mode 100755
new mode 100644
diff --git a/content/pl/docs/reference/glossary/index.md b/content/pl/docs/reference/glossary/index.md
old mode 100755
new mode 100644
diff --git a/content/pl/docs/reference/glossary/kube-apiserver.md b/content/pl/docs/reference/glossary/kube-apiserver.md
old mode 100755
new mode 100644
diff --git a/content/pl/docs/reference/glossary/kube-controller-manager.md b/content/pl/docs/reference/glossary/kube-controller-manager.md
old mode 100755
new mode 100644
diff --git a/content/pl/docs/reference/glossary/kube-proxy.md b/content/pl/docs/reference/glossary/kube-proxy.md
old mode 100755
new mode 100644
diff --git a/content/pl/docs/reference/glossary/kube-scheduler.md b/content/pl/docs/reference/glossary/kube-scheduler.md
old mode 100755
new mode 100644
diff --git a/content/pl/docs/reference/glossary/kubelet.md b/content/pl/docs/reference/glossary/kubelet.md
old mode 100755
new mode 100644
diff --git a/content/pl/docs/reference/tools.md b/content/pl/docs/reference/tools.md
deleted file mode 100644
index 2ec66964ed..0000000000
--- a/content/pl/docs/reference/tools.md
+++ /dev/null
@@ -1,48 +0,0 @@
----
-title: Narzędzia
-content_type: concept
----
-
-
-Kubernetes zawiera różne wbudowane narzędzia służące do pracy z systemem:
-
-
-
-## Kubectl
-
-[`kubectl`](/docs/tasks/tools/install-kubectl/) to narzędzie tekstowe (linii poleceń) do Kubernetes. Służy do zarządzania klastrem Kubernetes.
-
-## Kubeadm
-
-[`kubeadm`](/docs/setup/production-environment/tools/kubeadm/install-kubeadm/) to narzędzie tekstowe do łatwej instalacji klastra Kubernetes w bezpiecznej konfiguracji, uruchamianego na infrastrukturze serwerów fizycznych, serwerów w chmurze bądź na maszynach wirtualnych (aktualnie w fazie rozwojowej alfa).
-
-## Minikube
-
-[`minikube`](https://minikube.sigs.k8s.io/docs/) to narzędzie do uruchamiania jednowęzłowego klastra Kubernetes na twojej stacji roboczej na potrzeby rozwoju oprogramowania lub prowadzenia testów.
-
-## Pulpit *(Dashboard)*
-
-[`Dashboard`](/docs/tasks/access-application-cluster/web-ui-dashboard/) - graficzny interfejs użytkownika w przeglądarce web, który umożliwia instalację aplikacji w kontenerach na klastrze Kubernetes, rozwiązywanie problemów z nimi związanych oraz zarządzanie samym klastrem i jego zasobami.
-
-## Helm
-
-[`Kubernetes Helm`](https://github.com/kubernetes/helm) — narzędzie do zarządzania pakietami wstępnie skonfigurowanych zasobów Kubernetes (nazywanych *Kubernetes charts*).
-
-Helm-a można używać do:
-
-* Wyszukiwania i instalowania popularnego oprogramowania dystrybuowanego jako Kubernetes *charts*
-* Udostępniania własnych aplikacji w postaci pakietów Kubernetes *charts*
-* Definiowania powtarzalnych instalacji aplikacji na Kubernetes
-* Inteligentnego zarządzania plikami list (*manifests*) Kubernetes
-* Zarządzaniem kolejnymi wydaniami pakietów Helm
-
-## Kompose
-
-[`Kompose`](https://github.com/kubernetes/kompose) to narzędzie, które ma pomóc użytkownikom Docker Compose przenieść się na Kubernetes.
-
-Kompose można używać do:
-
-* Tłumaczenia plików Docker Compose na obiekty Kubernetes
-* Zmiany sposóbu zarządzania twoimi aplikacjami z lokalnego środowiska Docker na system Kubernetes
-* Zamiany plików `yaml` Docker Compose v1 lub v2 oraz [Distributed Application Bundles](https://docs.docker.com/compose/bundles/)
-
diff --git a/content/pl/docs/setup/_index.md b/content/pl/docs/setup/_index.md
index 6107fe0f03..a2908369f7 100644
--- a/content/pl/docs/setup/_index.md
+++ b/content/pl/docs/setup/_index.md
@@ -1,9 +1,9 @@
---
-no_issue: true
title: Od czego zacząć
main_menu: true
weight: 20
content_type: concept
+no_list: true
card:
name: setup
weight: 20
@@ -19,16 +19,44 @@ card:
Ten rozdział poświęcony jest różnym metodom konfiguracji i uruchomienia Kubernetesa.
Instalując Kubernetesa, przy wyborze platformy kieruj się: łatwością w utrzymaniu, spełnianymi wymogami bezpieczeństwa, poziomem sterowania, dostępnością zasobów oraz doświadczeniem wymaganym do zarządzania klastrem.
-Klaster Kubernetes możesz zainstalować na lokalnym komputerze, w chmurze czy w prywatnym centrum obliczeniowym albo skorzystać z klastra Kubernetes udostępnianego jako usługa. Inną możliwością jest budowa własnego systemu opartego o różnych dostawców usług chmurowych, bądź bazującego bezpośrednio na sprzęcie fizycznym.
+Możesz [pobrać Kubernetesa](/releases/download/), aby zainstalować klaster
+na lokalnym komputerze, w chmurze czy w prywatnym centrum obliczeniowym.
+
+Jeśli nie chcesz zarządzać klastrem Kubernetesa samodzielnie, możesz wybrać serwis zarządzany przez zewnętrznego dostawcę,
+wybierając na przykład spośród [certyfikowanych platform](/docs/setup/production-environment/turnkey-solutions/).
+Dostępne są także inne standardowe i specjalizowane rozwiązania dla różnych środowisk chmurowych
+bądź bazujące bezpośrednio na sprzęcie fizycznym.
## Środowisko do nauki {#srodowisko-do-nauki}
-Do nauki Kubernetesa wykorzystaj narzędzia wspierane przez społeczność Kubernetesa lub inne narzędzia dostępne w ekosystemie, aby uruchomić klaster Kubernetesa na swoim komputerze lokalnym.
+Do nauki Kubernetesa wykorzystaj narzędzia wspierane przez społeczność Kubernetesa
+lub inne narzędzia dostępne w ekosystemie, aby uruchomić klaster Kubernetesa na swoim komputerze lokalnym.
+Zapoznaj się z [narzędziami instalacyjnymi](/docs/tasks/tools/).
## Środowisko produkcyjne {#srodowisko-produkcyjne}
-Wybierając rozwiązanie dla środowiska produkcyjnego musisz zdecydować, którymi poziomami zarządzania klastrem (_abstrakcjami_) chcesz zajmować się sam, a które będą realizowane po stronie zewnętrznego operatora.
+Wybierając rozwiązanie dla
+[środowiska produkcyjnego](/docs/setup/production-environment/) musisz zdecydować,
+którymi poziomami zarządzania klastrem (_abstrakcjami_) chcesz zajmować się sam,
+a które będą realizowane po stronie zewnętrznego operatora.
-Na stronie [Partnerzy Kubernetes](https://kubernetes.io/partners/#conformance) znajdziesz listę dostawców posiadających [certyfikację Kubernetes](https://github.com/cncf/k8s-conformance/#certified-kubernetes).
+Do instalacji klastra Kubernetesa zarządzanego samodzielnie oficjalnym narzędziem
+jest [kubeadm](/docs/setup/production-environment/tools/kubeadm/).
+
+## {{% heading "whatsnext" %}}
+
+- [Pobierz Kubernetesa](/releases/download/)
+- Pobierz i [zainstaluj narzędzia](/docs/tasks/tools/), w tym `kubectl`
+- Wybierz [środowisko uruchomieniowe dla kontenerów](/docs/setup/production-environment/container-runtimes/) w nowym klastrze
+- Naucz się [najlepszych praktyk](/docs/setup/best-practices/) przy konfigurowaniu klastra
+
+Na stronie [Partnerów Kubernetesa](https://kubernetes.io/partners/#conformance) znajdziesz listę dostawców posiadających
+[certyfikację Kubernetes](https://github.com/cncf/k8s-conformance/#certified-kubernetes).
+
+Kubernetes zaprojektowano w ten sposób, że {{< glossary_tooltip term_id="control-plane" text="warstwa sterowania" >}}
+wymaga do działania systemu Linux. W ramach klastra aplikacje mogą być uruchamiane na systemie Linux i innych,
+w tym Windows.
+
+- Naucz się, [jak zbudować klaster z węzłami Windows](/docs/setup/production-environment/windows/)
diff --git a/content/pl/docs/setup/release/_index.md b/content/pl/docs/setup/release/_index.md
deleted file mode 100755
index 2783105198..0000000000
--- a/content/pl/docs/setup/release/_index.md
+++ /dev/null
@@ -1,4 +0,0 @@
----
-title: "Informacje o wydaniach i dozwolonych różnicach wersji"
-weight: 10
----
diff --git a/content/pl/docs/tutorials/kubernetes-basics/_index.html b/content/pl/docs/tutorials/kubernetes-basics/_index.html
index e27a3ad6bf..0996edc64b 100644
--- a/content/pl/docs/tutorials/kubernetes-basics/_index.html
+++ b/content/pl/docs/tutorials/kubernetes-basics/_index.html
@@ -11,7 +11,7 @@ card:
-
+
diff --git a/content/pl/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html b/content/pl/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
index 12211e42b6..72409e9238 100644
--- a/content/pl/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
+++ b/content/pl/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive.html
@@ -5,7 +5,7 @@ weight: 20
-
+
diff --git a/content/pl/docs/tutorials/kubernetes-basics/create-cluster/cluster-intro.html b/content/pl/docs/tutorials/kubernetes-basics/create-cluster/cluster-intro.html
index 3955e557c4..c5eddaf5f9 100644
--- a/content/pl/docs/tutorials/kubernetes-basics/create-cluster/cluster-intro.html
+++ b/content/pl/docs/tutorials/kubernetes-basics/create-cluster/cluster-intro.html
@@ -5,7 +5,7 @@ weight: 10
-
+
diff --git a/content/pl/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html b/content/pl/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html
index 64c1a0a9a1..954bad22b3 100644
--- a/content/pl/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html
+++ b/content/pl/docs/tutorials/kubernetes-basics/deploy-app/deploy-interactive.html
@@ -5,7 +5,7 @@ weight: 20
-
+
diff --git a/content/pl/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html b/content/pl/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html
index c879aa82b9..f4b893d60b 100644
--- a/content/pl/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html
+++ b/content/pl/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro.html
@@ -5,7 +5,7 @@ weight: 10
-
+
diff --git a/content/pl/docs/tutorials/kubernetes-basics/explore/explore-interactive.html b/content/pl/docs/tutorials/kubernetes-basics/explore/explore-interactive.html
index 1ae1e88382..14afae5a3d 100644
--- a/content/pl/docs/tutorials/kubernetes-basics/explore/explore-interactive.html
+++ b/content/pl/docs/tutorials/kubernetes-basics/explore/explore-interactive.html
@@ -5,7 +5,7 @@ weight: 20
-
+
diff --git a/content/pl/docs/tutorials/kubernetes-basics/explore/explore-intro.html b/content/pl/docs/tutorials/kubernetes-basics/explore/explore-intro.html
index edfff527e6..f62563e1cd 100644
--- a/content/pl/docs/tutorials/kubernetes-basics/explore/explore-intro.html
+++ b/content/pl/docs/tutorials/kubernetes-basics/explore/explore-intro.html
@@ -5,7 +5,7 @@ weight: 10
-
+
diff --git a/content/pl/docs/tutorials/kubernetes-basics/expose/expose-interactive.html b/content/pl/docs/tutorials/kubernetes-basics/expose/expose-interactive.html
index a1aca99ce3..1aefa3e793 100644
--- a/content/pl/docs/tutorials/kubernetes-basics/expose/expose-interactive.html
+++ b/content/pl/docs/tutorials/kubernetes-basics/expose/expose-interactive.html
@@ -5,7 +5,7 @@ weight: 20
-
+
diff --git a/content/pl/docs/tutorials/kubernetes-basics/expose/expose-intro.html b/content/pl/docs/tutorials/kubernetes-basics/expose/expose-intro.html
index f9f9134e4a..199ab9dfe7 100644
--- a/content/pl/docs/tutorials/kubernetes-basics/expose/expose-intro.html
+++ b/content/pl/docs/tutorials/kubernetes-basics/expose/expose-intro.html
@@ -5,7 +5,7 @@ weight: 10
-
+
diff --git a/content/pl/docs/tutorials/kubernetes-basics/scale/scale-interactive.html b/content/pl/docs/tutorials/kubernetes-basics/scale/scale-interactive.html
index e8017f5ad6..7990fbd1a6 100644
--- a/content/pl/docs/tutorials/kubernetes-basics/scale/scale-interactive.html
+++ b/content/pl/docs/tutorials/kubernetes-basics/scale/scale-interactive.html
@@ -5,7 +5,7 @@ weight: 20
-
+
diff --git a/content/pl/docs/tutorials/kubernetes-basics/scale/scale-intro.html b/content/pl/docs/tutorials/kubernetes-basics/scale/scale-intro.html
index 91eb10eb6d..bb2c40ffee 100644
--- a/content/pl/docs/tutorials/kubernetes-basics/scale/scale-intro.html
+++ b/content/pl/docs/tutorials/kubernetes-basics/scale/scale-intro.html
@@ -5,7 +5,7 @@ weight: 10
-
+
diff --git a/content/pl/docs/tutorials/kubernetes-basics/update/update-interactive.html b/content/pl/docs/tutorials/kubernetes-basics/update/update-interactive.html
index 07731b5849..5664abc0e6 100644
--- a/content/pl/docs/tutorials/kubernetes-basics/update/update-interactive.html
+++ b/content/pl/docs/tutorials/kubernetes-basics/update/update-interactive.html
@@ -5,7 +5,7 @@ weight: 20
-
+
diff --git a/content/pl/docs/tutorials/kubernetes-basics/update/update-intro.html b/content/pl/docs/tutorials/kubernetes-basics/update/update-intro.html
index b51779237d..2c42eee6d6 100644
--- a/content/pl/docs/tutorials/kubernetes-basics/update/update-intro.html
+++ b/content/pl/docs/tutorials/kubernetes-basics/update/update-intro.html
@@ -5,7 +5,7 @@ weight: 10
-
+
diff --git a/content/pl/releases/_index.md b/content/pl/releases/_index.md
new file mode 100644
index 0000000000..46c2a7659f
--- /dev/null
+++ b/content/pl/releases/_index.md
@@ -0,0 +1,27 @@
+---
+linktitle: Historia wydań
+title: Wydania
+type: docs
+---
+
+
+
+
+Projekt Kubernetes zapewnia wsparcie dla trzech ostatnich wydań _minor_ ({{< skew latestVersion >}}, {{< skew prevMinorVersion >}}, {{< skew oldestMinorVersion >}}). Poprawki do wydania 1.19 i nowszych będą publikowane przez około rok. Kuberetes w wersji 1.18 i wcześniejszych będzie otrzymywał poprawki przez 9 miesięcy.
+
+Wersje Kubernetesa oznaczane są jako **x.y.z**,
+gdzie **x** jest oznaczeniem wersji głównej (_major_), **y** — podwersji (_minor_), a **z** — numer poprawki (_patch_), zgodnie z terminologią [Semantic Versioning](https://semver.org/).
+
+Więcej informacji można z znaleźć w dokumencie [version skew policy](/releases/version-skew-policy/).
+
+
+
+## Historia wydań
+
+{{< release-data >}}
+
+## Nadchodzące wydania
+
+Zajrzyj na [harmonogram](https://github.com/kubernetes/sig-release/tree/master/releases/release-{{< skew nextMinorVersion >}}) nadchodzącego wydania Kubernetesa numer **{{< skew nextMinorVersion >}}**!
+
+## Przydatne zasoby
diff --git a/content/pl/training/_index.html b/content/pl/training/_index.html
index 2dd7ed433e..0fd093af3d 100644
--- a/content/pl/training/_index.html
+++ b/content/pl/training/_index.html
@@ -70,7 +70,7 @@ class: training
Nauka z Linux Foundation
-
Linux Foundation oferuje szkolenia prowadzone przez instruktora oraz szkolenia samodzielne obejmujące wszystkie aspekty rozwijania i zarządzania aplikacjami na Kubrnetesie.
+
Linux Foundation oferuje szkolenia prowadzone przez instruktora oraz szkolenia samodzielne obejmujące wszystkie aspekty rozwijania i zarządzania aplikacjami na Kubernetesie.
diff --git a/content/pt-br/docs/_index.md b/content/pt-br/docs/_index.md
index 1d1529975c..6e34880dd2 100644
--- a/content/pt-br/docs/_index.md
+++ b/content/pt-br/docs/_index.md
@@ -16,7 +16,7 @@ Como você pode ver, a maior parte da documentação ainda está disponível ape
-Se você quiser participar, você pode entrar no canal Slack [#kubernets-docs-pt](http://slack.kubernetes.io/) e fazer parte da equipe por trás da tradução.
+Se você quiser participar, você pode entrar no canal Slack [#kubernetes-docs-pt](http://slack.kubernetes.io/) e fazer parte da equipe por trás da tradução.
Você também pode acessar o canal para solicitar a tradução de uma página específica ou relatar qualquer erro que possa ter sido encontrado. Qualquer contribuição será bem recebida!
diff --git a/content/pt-br/docs/concepts/architecture/_index.md b/content/pt-br/docs/concepts/architecture/_index.md
old mode 100755
new mode 100644
diff --git a/content/pt-br/docs/concepts/cluster-administration/_index.md b/content/pt-br/docs/concepts/cluster-administration/_index.md
old mode 100755
new mode 100644
diff --git a/content/pt-br/docs/concepts/cluster-administration/addons.md b/content/pt-br/docs/concepts/cluster-administration/addons.md
index 0a50c96190..79b62bf832 100644
--- a/content/pt-br/docs/concepts/cluster-administration/addons.md
+++ b/content/pt-br/docs/concepts/cluster-administration/addons.md
@@ -1,58 +1,54 @@
---
-title: Instalando Addons
+title: Instalando Complementos
content_type: concept
---
+{{% thirdparty-content %}}
-Addons estendem a funcionalidade do Kubernetes.
-
-Esta página lista alguns dos add-ons e links com suas respectivas instruções de instalação.
-
-Os Add-ons de cada sessão são classificados em ordem alfabética - a ordem não implica qualquer status preferencial.
-
-
+Complementos estendem as funcionalidades do Kubernetes.
+Esta página lista alguns dos complementos disponíveis e links com suas respectivas instruções de instalação.
## Rede e Política de Rede
-
* [ACI](https://www.github.com/noironetworks/aci-containers) fornece rede integrada de contêineres e segurança de rede com a Cisco ACI.
-* [Calico](https://docs.projectcalico.org/latest/getting-started/kubernetes/) é um provedor de políticas de rede e rede L3 seguro.
+* [Antrea](https://antrea.io/) opera nas camadas 3 e 4 do modelo de rede OSI para fornecer serviços de rede e de segurança para o Kubernetes, aproveitando o Open vSwitch como camada de dados de rede.
+* [Calico](https://docs.projectcalico.org/latest/introduction/) é um provedor de serviços de rede e de políticas de rede. Este complemento suporta um conjunto flexível de opções de rede, de modo a permitir a escolha da opção mais eficiente para um dado caso de uso, incluindo redes _overlay_ (sobrepostas) e não-_overlay_, com ou sem o uso do protocolo BGP. Calico usa o mesmo mecanismo para aplicar políticas de rede a hosts, pods, e aplicações na camada de _service mesh_ (quando Istio e Envoy estão instalados).
* [Canal](https://github.com/tigera/canal/tree/master/k8s-install) une Flannel e Calico, fornecendo rede e política de rede.
-* [Cilium](https://github.com/cilium/cilium) é um plug-in de políticas de rede e rede L3 que pode impor políticas de HTTP / API / L7 de forma transparente. Tanto o modo de roteamento quanto o de sobreposição / encapsulamento são suportados.
-* [CNI-Genie](https://github.com/Huawei-PaaS/CNI-Genie) permite que o Kubernetes se conecte facilmente a uma variedade de plugins CNI, como Calico, Canal, Flannel, Romana ou Weave.
-* [Contiv](http://contiv.github.io) fornece um rede configurável (L3 nativa usando BGP, sobreposição usando vxlan, L2 clássico e Cisco-SDN / ACI) para vários casos de uso e uma estrutura rica de políticas de rede. O projeto Contiv é totalmente [open source](http://github.com/contiv). O script de [instalação](http://github.com/contiv/install) fornece opções de instalação com ou sem kubeadm.
-* [Contrail](http://www.juniper.net/us/en/products-services/sdn/contrail/contrail-networking/), baseado no [Tungsten Fabric](https://tungsten.io), é um projeto open source, multi-cloud com uma rede virtualizada e com uma plataforma de gerenciamento de políticas de rede. O Contrail e o Tungsten Fabric estão integrados a sistemas de orquestração, como Kubernetes, OpenShift, OpenStack e Mesos, e fornecem modos de isolamento para máquinas virtuais, containers / pods e cargas em servidores físicos.
-* [Flannel](https://github.com/coreos/flannel/blob/master/Documentation/kubernetes.md) é um provedor de rede de sobreposição que pode ser usado com o Kubernetes.
-* [Knitter](https://github.com/ZTE/Knitter/) é uma solução de rede que suporta múltiplas redes no Kubernetes.
-* [Multus](https://github.com/Intel-Corp/multus-cni) é um plugin Multi para suporte a várias redes no Kubernetes para suportar todos os plugins CNI (por exemplo, Calico, Cilium, Contiv, Flannel), além das cargas de trabalho baseadas em SRIOV, DPDK, OVS-DPDK e VPP no Kubernetes.
-* [NSX-T](https://docs.vmware.com/en/VMware-NSX-T/2.0/nsxt_20_ncp_kubernetes.pdf) O Plugin de contêiner (NCP) fornece integração entre o VMware NSX-T e orquestradores de contêineres como o Kubernetes, além da integração entre o NSX-T e as plataformas CaaS / PaaS baseadas em contêiner, como Pivotal Container Service (PKS) e OpenShift.
-* [Nuage](https://github.com/nuagenetworks/nuage-kubernetes/blob/v5.1.1-1/docs/kubernetes-1-installation.rst) é uma plataforma SDN que fornece uma rede baseada em políticas entre os Pods Kubernetes e os ambientes não-Kubernetes, com visibilidade e monitoramento de segurança.
-* [Romana](http://romana.io) é uma solução de rede Camada 3 para redes de pods que também suporta [NetworkPolicy API](/docs/concepts/services-networking/network-policies/). Detalhes da instalação do add-on Kubeadm disponíveis [aqui](https://github.com/romana/romana/tree/master/containerize).
-* [Weave Net](https://www.weave.works/docs/net/latest/kube-addon/) fornece rede e política de rede, continuará trabalhando em ambos os lados de uma partição de rede e não requer um banco de dados externo.
+* [Cilium](https://github.com/cilium/cilium) é um plug-in de rede de camada 3 e de políticas de rede que pode aplicar políticas HTTP/API/camada 7 de forma transparente. Tanto o modo de roteamento quanto o de sobreposição/encapsulamento são suportados. Este plug-in também consegue operar no topo de outros plug-ins CNI.
+* [CNI-Genie](https://github.com/Huawei-PaaS/CNI-Genie) permite que o Kubernetes se conecte facilmente a uma variedade de plug-ins CNI, como Calico, Canal, Flannel, Romana ou Weave.
+* [Contiv](http://contiv.github.io) oferece serviços de rede configuráveis para diferentes casos de uso (camada 3 nativa usando BGP, _overlay_ (sobreposição) usando vxlan, camada 2 clássica e Cisco-SDN/ACI) e também um _framework_ rico de políticas de rede. O projeto Contiv é totalmente [open source](http://github.com/contiv). O [instalador](http://github.com/contiv/install) fornece opções de instalação com ou sem kubeadm.
+* [Contrail](http://www.juniper.net/us/en/products-services/sdn/contrail/contrail-networking/) é uma plataforma open source baseada no [Tungsten Fabric](https://tungsten.io) que oferece virtualização de rede multi-nuvem e gerenciamento de políticas de rede. O Contrail e o Tungsten Fabric são integrados a sistemas de orquestração de contêineres, como Kubernetes, OpenShift, OpenStack e Mesos, e fornecem modos de isolamento para cargas de trabalho executando em máquinas virtuais, contêineres/pods e servidores físicos.
+* [Flannel](https://github.com/flannel-io/flannel#deploying-flannel-manually) é um provedor de redes _overlay_ (sobrepostas) que pode ser usado com o Kubernetes.
+* [Knitter](https://github.com/ZTE/Knitter/) é um plug-in para suporte de múltiplas interfaces de rede em Pods do Kubernetes.
+* [Multus](https://github.com/Intel-Corp/multus-cni) é um plugin para suporte a várias interfaces de rede em Pods no Kubernetes. Este plug-in pode agir como um "meta-plug-in", ou um plug-in CNI que se comunica com múltiplos outros plug-ins CNI (por exemplo, Calico, Cilium, Contiv, Flannel), além das cargas de trabalho baseadas em SRIOV, DPDK, OVS-DPDK e VPP no Kubernetes.
+* [NSX-T](https://docs.vmware.com/en/VMware-NSX-T/2.0/nsxt_20_ncp_kubernetes.pdf) Container Plug-in (NCP) fornece integração entre o VMware NSX-T e sistemas de orquestração de contêineres como o Kubernetes. Além disso, oferece também integração entre o NSX-T e as plataformas CaaS/PaaS baseadas em contêiner, como o Pivotal Container Service (PKS) e o OpenShift.
+* [Nuage](https://github.com/nuagenetworks/nuage-kubernetes/blob/v5.1.1-1/docs/kubernetes-1-installation.rst) é uma plataforma de rede definida por software que fornece serviços de rede baseados em políticas entre os Pods do Kubernetes e os ambientes não-Kubernetes, com visibilidade e monitoramento de segurança.
+* [OVN-Kubernetes](https://github.com/ovn-org/ovn-kubernetes/) é um provedor de rede para o Kubernetes baseado no [OVN (Open Virtual Network)](https://github.com/ovn-org/ovn/), uma implementação de redes virtuais que surgiu através do projeto Open vSwitch (OVS). O OVN-Kubernetes fornece uma implementação de rede baseada em _overlay_ (sobreposição) para o Kubernetes, incluindo uma implementação baseada em OVS para serviços de balanceamento de carga e políticas de rede.
+* [OVN4NFV-K8S-Plugin](https://github.com/opnfv/ovn4nfv-k8s-plugin) é um plug-in controlador CNI baseado no OVN (Open Virtual Network) que fornece serviços de rede _cloud native_, como _Service Function Chaining_ (SFC), redes _overlay_ (sobrepostas) OVN múltiplas, criação dinâmica de subredes, criação dinâmica de redes virtuais, provedor de rede VLAN e provedor de rede direto, e é plugável a outros plug-ins multi-rede. Ideal para cargas de trabalho que utilizam computação de borda _cloud native_ em redes multi-cluster.
+* [Romana](http://romana.io) é uma solução de rede de camada 3 para redes de pods que também suporta a [API NetworkPolicy](/docs/concepts/services-networking/network-policies/). Detalhes da instalação do complemento Kubeadm disponíveis [aqui](https://github.com/romana/romana/tree/master/containerize).
+* [Weave Net](https://www.weave.works/docs/net/latest/kube-addon/) fornece rede e política de rede, funciona em ambos os lados de uma partição de rede e não requer um banco de dados externo.
## Descoberta de Serviço
-* [CoreDNS](https://coredns.io) é um servidor DNS flexível e extensível que pode ser [instalado](https://github.com/coredns/deployment/tree/master/kubernetes) como DNS dentro do cluster para ser utilizado por pods.
+* [CoreDNS](https://coredns.io) é um servidor DNS flexível e extensível que pode ser [instalado](https://github.com/coredns/deployment/tree/master/kubernetes) como o serviço de DNS dentro do cluster para ser utilizado por pods.
## Visualização & Controle
* [Dashboard](https://github.com/kubernetes/dashboard#kubernetes-dashboard) é uma interface web para gestão do Kubernetes.
-* [Weave Scope](https://www.weave.works/documentation/scope-latest-installing/#k8s) é uma ferramenta gráfica para visualizar contêineres, pods, serviços etc. Use-o em conjunto com o [Weave Cloud account](https://cloud.weave.works/) ou hospede você mesmo a interface do usuário.
+* [Weave Scope](https://www.weave.works/documentation/scope-latest-installing/#k8s) é uma ferramenta gráfica para visualizar contêineres, pods, serviços, entre outros objetos do cluster. Pode ser utilizado com uma [conta Weave Cloud](https://cloud.weave.works/). Como alternativa, é possível hospedar a interface do usuário por conta própria.
-## A infraestrutura
+## Infraestrutura
-* [KubeVirt](https://kubevirt.io/user-guide/docs/latest/administration/intro.html#cluster-side-add-on-deployment) é um add-on para executar máquinas virtuais no Kubernetes. É geralmente executado em clusters em maquina fisica.
+* [KubeVirt](https://kubevirt.io/user-guide/#/installation/installation) é um complemento para executar máquinas virtuais no Kubernetes. É geralmente executado em clusters em máquina física.
-## Add-ons Legado
-
-Existem vários outros complementos documentados no diretório não mais ultilizados [cluster/addons](https://git.k8s.io/kubernetes/cluster/addons).
-
-Projetos bem mantidos deveriam ser linkados aqui. PRs são bem vindas!
+## Complementos Legados
+Existem vários outros complementos documentados no diretório [cluster/addons](https://git.k8s.io/kubernetes/cluster/addons) que não são mais utilizados.
+Projetos bem mantidos devem ser listados aqui. PRs são bem-vindos!
diff --git a/content/pt-br/docs/concepts/cluster-administration/system-logs.md b/content/pt-br/docs/concepts/cluster-administration/system-logs.md
new file mode 100644
index 0000000000..fb79360821
--- /dev/null
+++ b/content/pt-br/docs/concepts/cluster-administration/system-logs.md
@@ -0,0 +1,132 @@
+---
+title: Logs de Sistema
+content_type: concept
+weight: 60
+---
+
+
+
+Logs de componentes do sistema armazenam eventos que acontecem no cluster, sendo muito úteis para depuração. Seus níveis de detalhe podem ser ajustados para mais ou para menos. Podendo se ater, por exemplo, a mostrar apenas os erros que ocorrem no componente, ou chegando a mostrar cada passo de um evento. (Como acessos HTTP, mudanças no estado dos pods, ações dos controllers, ou decisões do scheduler).
+
+
+
+## Klog
+
+[Klog](https://github.com/kubernetes/klog) é a biblioteca de logs do Kubernetes. Responsável por gerar as mensagens de log para os componentes do sistema.
+
+Para mais informações acerca da sua configuração, veja a documentação da [ferramenta de linha de comando](https://kubernetes.io/docs/reference/command-line-tools-reference/).
+
+Um exemplo do formato padrão dos logs da biblioteca:
+```
+I1025 00:15:15.525108 1 httplog.go:79] GET /api/v1/namespaces/kube-system/pods/metrics-server-v0.3.1-57c75779f-9p8wg: (1.512ms) 200 [pod_nanny/v0.0.0 (linux/amd64) kubernetes/$Format 10.56.1.19:51756]
+```
+
+### Logs Estruturados
+
+{{< feature-state for_k8s_version="v1.19" state="alpha" >}}
+
+{{< warning >}}
+A migração pro formato de logs estruturados é um processo em andamento. Nem todos os logs estão dessa forma na versão atual. Sendo assim, para realizar o processamento de arquivos de log, você também precisa lidar com logs não estruturados.
+
+A formatação e serialização dos logs ainda estão sujeitas a alterações.
+{{< /warning>}}
+
+A estruturação dos logs trás uma estrutura uniforme para as mensagens de log, permitindo a extração programática de informações. Logs estruturados podem ser armazenados e processados com menos esforço e custo. Esse formato é totalmente retrocompatível e é habilitado por padrão.
+
+Formato dos logs estruturados:
+
+```ini
+ "" ="" ="" ...
+```
+
+Exemplo:
+
+```ini
+I1025 00:15:15.525108 1 controller_utils.go:116] "Pod status updated" pod="kube-system/kubedns" status="ready"
+```
+
+
+### Logs em formato JSON
+
+{{< feature-state for_k8s_version="v1.19" state="alpha" >}}
+
+{{}}
+Algumas opções da biblioteca klog ainda não funcionam com os logs em formato JSON. Para ver uma lista completa de quais são estas, veja a documentação da [ferramenta de linha de comando](/docs/reference/command-line-tools-reference/).
+
+Nem todos os logs estarão garantidamente em formato JSON (como por exemplo durante o início de processos). Sendo assim, se você pretende realizar o processamento dos logs, seu código deverá saber tratar também linhas que não são JSON.
+
+O nome dos campos e a serialização JSON ainda estão sujeitos a mudanças.
+{{< /warning >}}
+
+A opção `--logging-format=json` muda o formato dos logs, do formato padrão da klog para JSON. Abaixo segue um exemplo de um log em formato JSON (identado):
+```json
+{
+ "ts": 1580306777.04728,
+ "v": 4,
+ "msg": "Pod status updated",
+ "pod":{
+ "name": "nginx-1",
+ "namespace": "default"
+ },
+ "status": "ready"
+}
+```
+
+Chaves com significados especiais:
+* `ts` - Data e hora no formato Unix (obrigatório, float)
+* `v` - Nível de detalhe (obrigatório, int, padrão 0)
+* `err` - Mensagem de erro (opcional, string)
+* `msg` - Mensagem (obrigatório, string)
+
+Lista dos componentes que suportam o formato JSON atualmente:
+* {{< glossary_tooltip term_id="kube-controller-manager" text="kube-controller-manager" >}}
+* {{< glossary_tooltip term_id="kube-apiserver" text="kube-apiserver" >}}
+* {{< glossary_tooltip term_id="kube-scheduler" text="kube-scheduler" >}}
+* {{< glossary_tooltip term_id="kubelet" text="kubelet" >}}
+
+### Limpeza dos Logs
+
+{{< feature-state for_k8s_version="v1.20" state="alpha" >}}
+
+{{}}
+A funcionalidade de limpeza dos logs pode causar impactos significativos na performance, sendo portanto contraindicada em produção.
+{{< /warning >}}
+
+A opção `--experimental-logging-sanitization` habilita o filtro de limpeza dos logs.
+Quando habilitado, esse filtro inspeciona todos os argumentos dos logs, procurando por campos contendo dados sensíveis (como senhas, chaves e tokens). Tais campos não serão expostos nas mensagens de log.
+
+Lista dos componentes que suportam a limpeza de logs atualmente:
+* {{< glossary_tooltip term_id="kube-controller-manager" text="kube-controller-manager" >}}
+* {{< glossary_tooltip term_id="kube-apiserver" text="kube-apiserver" >}}
+* {{< glossary_tooltip term_id="kube-scheduler" text="kube-scheduler" >}}
+* {{< glossary_tooltip term_id="kubelet" text="kubelet" >}}
+
+{{< note >}}
+O filtro de limpeza dos logs não impede a exposição de dados sensíveis nos logs das aplicações em execução.
+{{< /note >}}
+
+### Nível de detalhe dos logs
+
+A opção `-v` controla o nível de detalhe dos logs. Um valor maior aumenta o número de eventos registrados, começando a registrar também os eventos menos importantes. Similarmente, um valor menor restringe os logs apenas aos eventos mais importantes. O valor padrão 0 registra apenas eventos críticos.
+
+### Localização dos Logs
+
+Existem dois tipos de componentes do sistema: aqueles que são executados em um contêiner e aqueles que não são. Por exemplo:
+
+* O [Kubernetes scheduler](https://kubernetes.io/pt-br/docs/concepts/overview/components/#kube-scheduler) e o [kube-proxy](https://kubernetes.io/pt-br/docs/concepts/overview/components/#kube-proxy) são executados em um contêiner.
+* O [kubelet](https://kubernetes.io/pt-br/docs/concepts/overview/components/#kubelet) e os [agentes de execução](https://kubernetes.io/pt-br/docs/concepts/overview/components/#container-runtime), como o Docker por exemplo, não são executados em contêineres.
+
+Em máquinas com systemd, o kubelet e os agentes de execução gravam os logs no journald.
+Em outros casos, eles escrevem os logs em arquivos `.log` no diretório `/var/log`.
+Já os componentes executados dentro de contêineres, sempre irão escrever os logs em arquivos `.log`
+no diretório `/var/log`, ignorando o mecanismo padrão de log.
+
+De forma similar aos logs de contêiner, os logs de componentes do sistema no diretório `/var/log` devem ser rotacionados.
+Nos clusters Kubernetes criados com o script `kube-up.sh`, a rotação dos logs é configurada pela ferramenta `logrotate`. Essa ferramenta rotaciona os logs diariamente
+ou quando o tamanho do arquivo excede 100MB.
+
+## {{% heading "whatsnext" %}}
+
+* Leia sobre [Arquitetura de Logs do Kubernetes](/pt-br/docs/concepts/cluster-administration/logging/)
+* Leia sobre [Logs Estruturados](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/1602-structured-logging)
+* Leia sobre [Convenções sobre os níveis de logs](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md)
diff --git a/content/pt-br/docs/concepts/configuration/overview.md b/content/pt-br/docs/concepts/configuration/overview.md
new file mode 100644
index 0000000000..66f369c03b
--- /dev/null
+++ b/content/pt-br/docs/concepts/configuration/overview.md
@@ -0,0 +1,126 @@
+---
+title: Melhores Práticas de Configuração
+content_type: concept
+weight: 10
+---
+
+
+Esse documento destaca e consolida as melhores práticas de configuração apresentadas em todo o guia de usuário,
+na documentação de introdução e nos exemplos.
+
+Este é um documento vivo. Se você pensar em algo que não está nesta lista, mas pode ser útil para outras pessoas,
+não hesite em criar uma *issue* ou submeter um PR.
+
+
+
+## Dicas Gerais de Configuração
+
+- Ao definir configurações, especifique a versão mais recente estável da API.
+
+- Os arquivos de configuração devem ser armazenados em um sistema de controle antes de serem enviados ao cluster.
+Isso permite que você reverta rapidamente uma alteração de configuração, caso necessário. Isso também auxilia na recriação e restauração do cluster.
+
+- Escreva seus arquivos de configuração usando YAML ao invés de JSON. Embora esses formatos possam ser usados alternadamente em quase todos os cenários, YAML tende a ser mais amigável.
+
+- Agrupe objetos relacionados em um único arquivo sempre que fizer sentido. Geralmente, um arquivo é mais fácil de
+gerenciar do que vários. Veja o [guestbook-all-in-one.yaml](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/all-in-one/guestbook-all-in-one.yaml) como exemplo dessa sintaxe.
+
+- Observe também que vários comandos `kubectl` podem ser chamados em um diretório. Por exemplo, você pode chamar
+`kubectl apply` em um diretório de arquivos de configuração.
+
+- Não especifique valores padrões desnecessariamente: configurações simples e mínimas diminuem a possibilidade de erros.
+
+- Coloque descrições de objetos nas anotações para permitir uma melhor análise.
+
+
+## "Naked" Pods comparados a ReplicaSets, Deployments, e Jobs {#naked-pods-vs-replicasets-deployments-and-jobs}
+
+- Se você puder evitar, não use "naked" Pods (ou seja, se você puder evitar, pods não vinculados a um [ReplicaSet](/docs/concepts/workloads/controllers/replicaset/) ou [Deployment](/docs/concepts/workloads/controllers/deployment/)).
+Os "naked" pods não serão reconfigurados em caso de falha de um nó.
+
+ Criar um Deployment, que cria um ReplicaSet para garantir que o número desejado de Pods esteja disponível e especifica uma estratégia para substituir os Pods (como [RollingUpdate](/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment)), é quase sempre preferível do que criar Pods diretamente, exceto para alguns cenários explícitos de restartPolicy:Never. Um Job também pode ser apropriado.
+
+
+## Services
+
+- Crie o [Service](/docs/concepts/services-networking/service/) antes de suas cargas de trabalho de backend correspondentes (Deployments ou ReplicaSets) e antes de quaisquer cargas de trabalho que precisem acessá-lo. Quando o
+Kubernetes inicia um contêiner, ele fornece variáveis de ambiente apontando para todos os Services que estavam em execução quando o contêiner foi iniciado. Por exemplo, se um Service chamado `foo` existe, todos os contêineres vão
+receber as seguintes variáveis em seu ambiente inicial:
+
+ ```shell
+ FOO_SERVICE_HOST=
+ FOO_SERVICE_PORT=
+ ```
+
+*Isso implica em um requisito de pedido* - qualquer `Service` que um `Pod` quer acessar precisa ser criado antes do `Pod` em si, ou então as variáveis de ambiente não serão populadas. O DNS não possui essa restrição.
+
+- Um [cluster add-on](/docs/concepts/cluster-administration/addons/) opcional (embora fortemente recomendado) é um servidor DNS. O
+servidor DNS monitora a API do Kubernetes buscando novos `Services` e cria um conjunto de DNS para cada um. Se o DNS foi habilitado em todo o cluster, então todos os `Pods` devem ser capazes de fazer a resolução de `Services` automaticamente.
+
+- Não especifique um `hostPort` para um Pod a menos que isso seja absolutamente necessário. Quando você vincula um Pod a um `hostPort`, isso limita o número de lugares em que o Pod pode ser agendado, porque cada
+combinação de <`hostIP`, `hostPort`, `protocol`> deve ser única. Se você não especificar o `hostIP` e `protocol` explicitamente, o Kubernetes vai usar `0.0.0.0` como o `hostIP` padrão e `TCP` como `protocol` padrão.
+
+ Se você precisa de acesso a porta apenas para fins de depuração, pode usar o [apiserver proxy](/docs/tasks/access-application-cluster/access-cluster/#manually-constructing-apiserver-proxy-urls) ou o [`kubectl port-forward`](/docs/tasks/access-application-cluster/port-forward-access-application-cluster/).
+
+ Se você precisa expor explicitamente a porta de um Pod no nó, considere usar um Service do tipo [NodePort](/docs/concepts/services-networking/service/#nodeport) antes de recorrer a `hostPort`.
+
+- Evite usar `hostNetwork` pelos mesmos motivos do `hostPort`.
+
+- Use [headless Services](/docs/concepts/services-networking/service/#headless-services) (que tem um `ClusterIP` ou `None`) para descoberta de serviço quando você não precisar de um balanceador de carga `kube-proxy`.
+## Usando Labels
+
+- Defina e use [labels](/docs/concepts/overview/working-with-objects/labels/) que identifiquem _atributos semânticos_ da sua aplicação ou Deployment, como `{ app: myapp, tier: frontend, phase: test, deployment: v3 }`. Você pode usar essas labels para selecionar os Pods apropriados para outros recursos; por exemplo, um Service que seleciona todos os Pods `tier: frontend`, ou todos
+os componentes de `app: myapp`. Veja o app [guestbook](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/guestbook/) para exemplos dessa abordagem.
+
+Um Service pode ser feito para abranger vários Deployments, omitindo labels específicas de lançamento de seu seletor. Quando você
+precisar atualizar um serviço em execução sem _downtime_, use um [Deployment](/docs/concepts/workloads/controllers/deployment/).
+
+Um estado desejado de um objeto é descrito por um Deployment, e se as alterações nesse _spec_ forem _aplicadas_ o controlador
+do Deployment altera o estado real para o estado desejado em uma taxa controlada.
+
+- Use as [labels comuns do Kubernetes](/docs/concepts/overview/working-with-objects/common-labels/) para casos de uso comuns.
+Essas labels padronizadas enriquecem os metadados de uma forma que permite que ferramentas, incluindo `kubectl` e a [dashboard](/docs/tasks/access-application-cluster/web-ui-dashboard), funcionem de uma forma interoperável.
+
+- Você pode manipular labels para depuração. Como os controladores do Kubernetes (como ReplicaSet) e Services se relacionam com os Pods usando seletor de labels, remover as labels relevantes de um Pod impedirá que ele seja considerado por um controlador ou que
+seja atendido pelo tráfego de um Service. Se você remover as labels de um Pod existente, seu controlador criará um novo Pod para
+substituí-lo. Essa é uma maneira útil de depurar um Pod anteriormente "ativo" em um ambiente de "quarentena". Para remover ou
+alterar labels interativamente, use [`kubectl label`](/docs/reference/generated/kubectl/kubectl-commands#label).
+
+
+## Imagens de Contêiner
+
+A [imagePullPolicy](/docs/concepts/containers/images/#updating-images) e tag da imagem afetam quando o [kubelet](/docs/reference/command-line-tools-reference/kubelet/) tenta puxar a imagem especificada.
+
+- `imagePullPolicy: IfNotPresent`: a imagem é puxada apenas se ainda não estiver presente localmente.
+
+- `imagePullPolicy: Always`: sempre que o kubelet inicia um contêiner, ele consulta o *registry* da imagem do contêiner para verificar o resumo de assinatura da imagem. Se o kubelet tiver uma imagem do contêiner com o mesmo resumo de assinatura
+armazenado em cache localmente, o kubelet usará a imagem em cache, caso contrário, o kubelet baixa(*pulls*) a imagem com o resumo de assinatura resolvido, e usa essa imagem para iniciar o contêiner.
+
+- `imagePullPolicy` é omitido se a tag da imagem é `:latest` ou se `imagePullPolicy` é omitido é automaticamente definido como `Always`. Observe que _não_ será utilizado para `ifNotPresent`se o valor da tag mudar.
+
+- `imagePullPolicy` é omitido se uma tag da imagem existe mas não `:latest`: `imagePullPolicy` é automaticamente definido como `ifNotPresent`. Observe que isto _não_ será atualizado para `Always` se a tag for removida ou alterada para `:latest`.
+
+- `imagePullPolicy: Never`: presume-se que a imagem exista localmente. Não é feita nenhuma tentativa de puxar a imagem.
+
+{{< note >}}
+Para garantir que seu contêiner sempre use a mesma versão de uma imagem, você pode especificar seu [resumo de assinatura](https://docs.docker.com/engine/reference/commandline/pull/#pull-an-image-by-digest-immutable-identifier);
+substitua `:` por `@` (por exemplo, `image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2`). Esse resumo de assinatura identifica exclusivamente uma versão
+específica de uma imagem, então isso nunca vai ser atualizado pelo Kubernetes a menos que você mude o valor do resumo de assinatura da imagem.
+{{< /note >}}
+
+{{< note >}}
+Você deve evitar o uso da tag `:latest` em produção, pois é mais difícil rastrear qual versão da imagem está sendo executada e mais difícil reverter adequadamente.
+{{< /note >}}
+
+{{< note >}}
+A semântica de cache do provedor de imagem subjacente torna até mesmo `imagePullPolicy: Always` eficiente, contanto que o registro esteja acessível de forma confiável. Com o Docker, por exemplo, se a imagem já existe, a tentativa de baixar(pull) é rápida porque todas as camadas da imagem são armazenadas em cache e nenhum download de imagem é necessário.
+{{< /note >}}
+
+## Usando kubectl
+
+- Use `kubectl apply -f `. Isso procura por configurações do Kubernetes em todos os arquivos `.yaml`, `.yml` em `` e passa isso para `apply`.
+
+- Use *labels selectors* para operações `get` e `delete` em vez de nomes de objetos específicos. Consulte as seções sobre [label selectors](/docs/concepts/overview/working-with-objects/labels/#label-selectors)
+e [usando Labels efetivamente](/docs/concepts/cluster-administration/manage-deployment/#using-labels-effectively).
+
+- Use `kubectl create deployment` e `kubectl expose` para criar rapidamente Deployments e Services de um único contêiner. Consulte [Use um Service para acessar uma aplicação em um cluster](/docs/tasks/access-application-cluster/service-access-application-cluster/) para obter um exemplo.
diff --git a/content/pt-br/docs/concepts/extend-kubernetes/operator.md b/content/pt-br/docs/concepts/extend-kubernetes/operator.md
index ba20161490..627bcbfbb8 100644
--- a/content/pt-br/docs/concepts/extend-kubernetes/operator.md
+++ b/content/pt-br/docs/concepts/extend-kubernetes/operator.md
@@ -52,7 +52,7 @@ Algumas das coisas que um operador pode ser usado para automatizar incluem:
como esquemas de base de dados ou definições de configuração extra
* publicar um *Service* para aplicações que não suportam a APIs do Kubernetes
para as descobrir
-* simular una falha em todo ou parte do cluster de forma a testar a resiliência
+* simular uma falha em todo ou parte do cluster de forma a testar a resiliência
* escolher um lider para uma aplicação distribuída sem um processo
de eleição de membro interno
@@ -128,7 +128,7 @@ que pode atuar como um [cliente da API do Kubernetes](/docs/reference/using-api/
* Use ferramentes existentes para escrever os seus Operadores:
* usando [KUDO](https://kudo.dev/) (Kubernetes Universal Declarative Operator)
* usando [kubebuilder](https://book.kubebuilder.io/)
- * usando [Metacontroller](https://metacontroller.app/) juntamente com WebHooks que
+ * usando [Metacontroller](https://metacontroller.github.io/metacontroller/intro.html) juntamente com WebHooks que
implementa você mesmo
* usando o [Operator Framework](https://github.com/operator-framework/getting-started)
* [Publique](https://operatorhub.io/) o seu operador para que outras pessoas o possam usar
diff --git a/content/pt-br/docs/concepts/overview/what-is-kubernetes.md b/content/pt-br/docs/concepts/overview/what-is-kubernetes.md
index 29473a7f75..4a072c01d2 100644
--- a/content/pt-br/docs/concepts/overview/what-is-kubernetes.md
+++ b/content/pt-br/docs/concepts/overview/what-is-kubernetes.md
@@ -90,5 +90,5 @@ Kubernetes:
## {{% heading "whatsnext" %}}
-* Dê uma olhada em [Componentes do Kubernetes](/docs/concepts/overview/components/).
+* Dê uma olhada em [Componentes do Kubernetes](/pt-br/docs/concepts/overview/components/).
* Pronto para [Iniciar](/docs/setup/)?
diff --git a/content/pt-br/docs/concepts/overview/working-with-objects/_index.md b/content/pt-br/docs/concepts/overview/working-with-objects/_index.md
old mode 100755
new mode 100644
diff --git a/content/pt-br/docs/concepts/services-networking/_index.md b/content/pt-br/docs/concepts/services-networking/_index.md
new file mode 100755
index 0000000000..cbe38ae33a
--- /dev/null
+++ b/content/pt-br/docs/concepts/services-networking/_index.md
@@ -0,0 +1,14 @@
+---
+title: "Serviços, balanceamento de carga e conectividade"
+weight: 60
+description: >
+ Conceitos e recursos por trás da conectividade no Kubernetes.
+---
+
+A conectividade do Kubernetes trata quatro preocupações:
+- Contêineres em um Pod se comunicam via interface _loopback_.
+- A conectividade do cluster provê a comunicação entre diferentes Pods.
+- O recurso de _Service_ permite a você expor uma aplicação executando em um Pod,
+de forma a ser alcançável de fora de seu cluster.
+- Você também pode usar os _Services_ para publicar serviços de consumo interno do
+seu cluster.
diff --git a/content/pt-br/docs/concepts/services-networking/network-policies.md b/content/pt-br/docs/concepts/services-networking/network-policies.md
new file mode 100644
index 0000000000..2c45902e40
--- /dev/null
+++ b/content/pt-br/docs/concepts/services-networking/network-policies.md
@@ -0,0 +1,345 @@
+---
+title: Políticas de rede
+content_type: concept
+weight: 50
+---
+
+
+
+Se você deseja controlar o fluxo do tráfego de rede no nível do endereço IP ou de portas TCP e UDP
+(camadas OSI 3 e 4) então você deve considerar usar Políticas de rede (`NetworkPolicies`) do Kubernetes para aplicações
+no seu cluster. `NetworkPolicy` é um objeto focado em aplicações/experiência do desenvolvedor
+que permite especificar como é permitido a um {{< glossary_tooltip text="pod" term_id="pod">}}
+comunicar-se com várias "entidades" de rede.
+
+As entidades que um Pod pode se comunicar são identificadas através de uma combinação dos 3
+identificadores à seguir:
+
+1. Outros pods que são permitidos (exceção: um pod não pode bloquear a si próprio)
+2. Namespaces que são permitidos
+3. Blocos de IP (exceção: o tráfego de e para o nó que um Pod está executando sempre é permitido,
+independentemente do endereço IP do Pod ou do Nó)
+
+Quando definimos uma política de rede baseada em pod ou namespace, utiliza-se um {{< glossary_tooltip text="selector" term_id="selector">}}
+para especificar qual tráfego é permitido de e para o(s) Pod(s) que correspondem ao seletor.
+
+Quando uma política de redes baseada em IP é criada, nós definimos a política baseada em blocos de IP (faixas CIDR).
+
+
+## Pré requisitos
+
+As políticas de rede são implementadas pelo [plugin de redes](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/). Para usar
+uma política de redes, você deve usar uma solução de redes que suporte o objeto `NetworkPolicy`.
+A criação de um objeto `NetworkPolicy` sem um controlador que implemente essas regras não tem efeito.
+
+## Pods isolados e não isolados
+
+Por padrão, pods não são isolados; eles aceitam tráfego de qualquer origem.
+
+Os pods tornam-se isolados ao existir uma `NetworkPolicy` que selecione eles. Uma vez que
+exista qualquer `NetworkPolicy` no namespace selecionando um pod em específico, aquele pod
+irá rejeitar qualquer conexão não permitida por qualquer `NetworkPolicy`. (Outros pod no mesmo
+namespace que não são selecionados por nenhuma outra `NetworkPolicy` irão continuar aceitando
+todo tráfego de rede.)
+
+As políticas de rede não conflitam; elas são aditivas. Se qualquer política selecionar um pod,
+o pod torna-se restrito ao que é permitido pela união das regras de entrada/saída de tráfego definidas
+nas políticas. Assim, a ordem de avaliação não afeta o resultado da política.
+
+Para o fluxo de rede entre dois pods ser permitido, tanto a política de saída no pod de origem
+e a política de entrada no pod de destino devem permitir o tráfego. Se a política de saída na
+origem, ou a política de entrada no destino negar o tráfego, o tráfego será bloqueado.
+
+## O recurso NetworkPolicy {#networkpolicy-resource}
+
+Veja a referência [NetworkPolicy](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#networkpolicy-v1-networking-k8s-io) para uma definição completa do recurso.
+
+Uma `NetworkPolicy` de exemplo é similar ao abaixo:
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: test-network-policy
+ namespace: default
+spec:
+ podSelector:
+ matchLabels:
+ role: db
+ policyTypes:
+ - Ingress
+ - Egress
+ ingress:
+ - from:
+ - ipBlock:
+ cidr: 172.17.0.0/16
+ except:
+ - 172.17.1.0/24
+ - namespaceSelector:
+ matchLabels:
+ project: myproject
+ - podSelector:
+ matchLabels:
+ role: frontend
+ ports:
+ - protocol: TCP
+ port: 6379
+ egress:
+ - to:
+ - ipBlock:
+ cidr: 10.0.0.0/24
+ ports:
+ - protocol: TCP
+ port: 5978
+```
+
+{{< note >}}
+Criar esse objeto no seu cluster não terá efeito a não ser que você escolha uma
+solução de redes que suporte políticas de rede.
+{{< /note >}}
+
+__Campos obrigatórios__: Assim como todas as outras configurações do Kubernetes, uma `NetworkPolicy`
+necessita dos campos `apiVersion`, `kind` e `metadata`. Para maiores informações sobre
+trabalhar com arquivos de configuração, veja
+[Configurando containeres usando ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/),
+e [Gerenciamento de objetos](/docs/concepts/overview/working-with-objects/object-management).
+
+__spec__: A [spec](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status) contém todas as informações necessárias
+para definir uma política de redes em um namespace.
+
+__podSelector__: Cada `NetworkPolicy` inclui um `podSelector` que seleciona o grupo de pods
+que a política se aplica. A política acima seleciona os pods com a _label_ "role=db". Um `podSelector`
+vazio seleciona todos os pods no namespace.
+
+__policyTypes__: Cada `NetworkPolicy` inclui uma lista de `policyTypes` que pode incluir `Ingress`,
+`Egress` ou ambos. O campo `policyTypes` indica se a política se aplica ao tráfego de entrada
+com destino aos pods selecionados, o tráfego de saída com origem dos pods selecionados ou ambos.
+Se nenhum `policyType` for definido então por padrão o tipo `Ingress` será sempre utilizado, e o
+tipo `Egress` será configurado apenas se o objeto contiver alguma regra de saída. (campo `egress` a seguir).
+
+__ingress__: Cada `NetworkPolicy` pode incluir uma lista de regras de entrada permitidas através do campo `ingress`.
+Cada regra permite o tráfego que corresponde simultaneamente às sessões `from` (de) e `ports` (portas).
+A política de exemplo acima contém uma regra simples, que corresponde ao tráfego em uma única porta,
+de uma das três origens definidas, sendo a primeira definida via `ipBlock`, a segunda via `namespaceSelector` e
+a terceira via `podSelector`.
+
+__egress__: Cada política pode incluir uma lista de regras de regras de saída permitidas através do campo `egress`.
+Cada regra permite o tráfego que corresponde simultaneamente às sessões `to` (para) e `ports` (portas).
+A política de exemplo acima contém uma regra simples, que corresponde ao tráfego destinado a uma
+porta em qualquer destino pertencente à faixa de IPs em `10.0.0.0/24`.
+
+Então a `NetworkPolicy` acima:
+
+1. Isola os pods no namespace "default" com a _label_ "role=db" para ambos os tráfegos de entrada
+e saída (se eles ainda não estavam isolados)
+2. (Regras de entrada/ingress) permite conexões para todos os pods no namespace "default" com a _label_ "role=db" na porta TCP 6379 de:
+
+ * qualquer pod no namespace "default" com a _label_ "role=frontend"
+ * qualquer pod em um namespace que tenha a _label_ "project=myproject" (aqui cabe ressaltar que o namespace que deve ter a _label_ e não os pods dentro desse namespace)
+ * IPs dentro das faixas 172.17.0.0–172.17.0.255 e 172.17.2.0–172.17.255.255 (ex.:, toda 172.17.0.0/16 exceto 172.17.1.0/24)
+
+3. (Regras de saída/egress) permite conexões de qualquer pod no namespace "default" com a _label_
+"role=db" para a faixa de destino 10.0.0.0/24 na porta TCP 5978.
+
+Veja o tutorial [Declarando uma política de redes](/docs/tasks/administer-cluster/declare-network-policy/) para mais exemplos.
+
+## Comportamento dos seletores `to` e `from`
+
+Existem quatro tipos de seletores que podem ser especificados nas sessões `ingress.from` ou
+`egress.to`:
+
+__podSelector__: Seleciona Pods no mesmo namespace que a política de rede foi criada, e que deve
+ser permitido origens no tráfego de entrada ou destinos no tráfego de saída.
+
+__namespaceSelector__: Seleciona namespaces para o qual todos os Pods devem ser permitidos como
+origens no caso de tráfego de entrada ou destino no tráfego de saída.
+
+__namespaceSelector__ *e* __podSelector__: Uma entrada `to`/`from` única que permite especificar
+ambos `namespaceSelector` e `podSelector` e seleciona um conjunto de Pods dentro de um namespace.
+Seja cuidadoso em utilizar a sintaxe YAML correta; essa política:
+
+```yaml
+ ...
+ ingress:
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ user: alice
+ podSelector:
+ matchLabels:
+ role: client
+ ...
+```
+contém um único elemento `from` permitindo conexões de Pods com a label `role=client` em
+namespaces com a _label_ `user=alice`. Mas *essa* política:
+
+```yaml
+ ...
+ ingress:
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ user: alice
+ - podSelector:
+ matchLabels:
+ role: client
+ ...
+```
+
+contém dois elementos no conjunto `from` e permite conexões de Pods no namespace local com
+a _label_ `role=client`, *OU* de qualquer outro Pod em qualquer outro namespace que tenha
+a label `user=alice`.
+
+Quando estiver em dúvida, utilize o comando `kubectl describe` para verificar como o
+Kubernetes interpretou a política.
+
+__ipBlock__: Isso seleciona um conjunto particular de faixas de IP a serem permitidos como
+origens no caso de entrada ou destinos no caso de saída. Devem ser considerados IPs externos
+ao cluster, uma vez que os IPs dos Pods são efêmeros e imprevisíveis.
+
+Os mecanismos de entrada e saída do cluster geralmente requerem que os IPs de origem ou destino
+sejam reescritos. Em casos em que isso aconteça, não é definido se deve acontecer antes ou
+depois do processamento da `NetworkPolicy` que corresponde a esse tráfego, e o comportamento
+pode ser diferente para cada plugin de rede, provedor de nuvem, implementação de `Service`, etc.
+
+No caso de tráfego de entrada, isso significa que em alguns casos você pode filtrar os pacotes
+de entrada baseado no IP de origem atual, enquanto que em outros casos o IP de origem que
+a `NetworkPolicy` atua pode ser o IP de um `LoadBalancer` ou do Nó em que o Pod está executando.
+
+No caso de tráfego de saída, isso significa que conexões de Pods para `Services` que são reescritos
+para IPs externos ao cluster podem ou não estar sujeitos a políticas baseadas no campo `ipBlock`.
+
+## Políticas padrão
+
+Por padrão, se nenhuma política existir no namespace, então todo o tráfego de entrada e saída é
+permitido de e para os pods nesse namespace. Os exemplos a seguir permitem a você mudar o
+comportamento padrão nesse namespace.
+
+### Bloqueio padrão de todo tráfego de entrada
+
+Você pode criar uma política padrão de isolamento para um namespace criando um objeto `NetworkPolicy`
+que seleciona todos os pods mas não permite o tráfego de entrada para esses pods.
+
+{{< codenew file="service/networking/network-policy-default-deny-ingress.yaml" >}}
+
+Isso garante que mesmo pods que não são selecionados por nenhuma outra política de rede ainda
+serão isolados. Essa política não muda o comportamento padrão de isolamento de tráfego de saída
+nesse namespace.
+
+### Permitir por padrão todo tráfego de entrada
+
+Se você deseja permitir todo o tráfego de todos os pods em um namespace (mesmo que políticas que
+sejam adicionadas faça com que alguns pods sejam tratados como "isolados"), você pode criar
+uma política que permite explicitamente todo o tráfego naquele namespace.
+
+{{< codenew file="service/networking/network-policy-allow-all-ingress.yaml" >}}
+
+### Bloqueio padrão de todo tráfego de saída
+
+Você pode criar uma política de isolamento de saída padrão para um namespace criando uma
+política de redes que selecione todos os pods, mas não permita o tráfego de saída a partir
+de nenhum desses pods.
+
+{{< codenew file="service/networking/network-policy-default-deny-egress.yaml" >}}
+
+Isso garante que mesmo pods que não são selecionados por outra política de rede não seja permitido
+tráfego de saída. Essa política não muda o comportamento padrão de tráfego de entrada.
+
+### Permitir por padrão todo tráfego de saída
+
+Caso você queira permitir todo o tráfego de todos os pods em um namespace (mesmo que políticas sejam
+adicionadas e cause com que alguns pods sejam tratados como "isolados"), você pode criar uma
+política explicita que permite todo o tráfego de saída no namespace.
+
+{{< codenew file="service/networking/network-policy-allow-all-egress.yaml" >}}
+
+### Bloqueio padrão de todo tráfego de entrada e saída
+
+Você pode criar uma política padrão em um namespace que previne todo o tráfego de entrada
+E saída criando a política a seguir no namespace.
+
+{{< codenew file="service/networking/network-policy-default-deny-all.yaml" >}}
+
+Isso garante que mesmo pods que não são selecionados por nenhuma outra política de redes não
+possuam permissão de tráfego de entrada ou saída.
+
+## Selecionando uma faixa de portas
+
+{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+
+Ao escrever uma política de redes, você pode selecionar uma faixa de portas ao invés de uma
+porta única, utilizando-se do campo `endPort` conforme a seguir:
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: multi-port-egress
+ namespace: default
+spec:
+ podSelector:
+ matchLabels:
+ role: db
+ policyTypes:
+ - Egress
+ egress:
+ - to:
+ - ipBlock:
+ cidr: 10.0.0.0/24
+ ports:
+ - protocol: TCP
+ port: 32000
+ endPort: 32768
+```
+
+A regra acima permite a qualquer Pod com a _label_ "role=db" no namespace `default` de se comunicar
+com qualquer IP na faixa `10.0.0.0/24` através de protocolo TCP, desde que a porta de destino
+esteja na faixa entre 32000 e 32768.
+
+As seguintes restrições aplicam-se ao se utilizar esse campo:
+
+* Por ser uma funcionalidade "alpha", ela é desativada por padrão. Para habilitar o campo `endPort`
+no cluster, você (ou o seu administrador do cluster) deve habilitar o [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) `NetworkPolicyEndPort` no `kube-apiserver` com a flag `--feature-gates=NetworkPolicyEndPort=true,...`.
+* O valor de `endPort` deve ser igual ou maior ao valor do campo `port`.
+* O campo `endPort` só pode ser definido se o campo `port` também for definido.
+* Ambos os campos `port` e `endPort` devem ser números.
+
+{{< note >}}
+Seu cluster deve utilizar um plugin {{< glossary_tooltip text="CNI" term_id="cni" >}}
+que suporte o campo `endPort` na especificação da política de redes.
+{{< /note >}}
+
+## Selecionando um Namespace pelo seu nome
+
+{{< feature-state state="beta" for_k8s_version="1.21" >}}
+
+A camada de gerenciamento do Kubernetes configura uma _label_ imutável `kubernetes.io/metadata.name` em
+todos os namespaces, uma vez que o [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) esteja habilitado por padrão.
+O valor dessa _label_ é o nome do namespace.
+
+Enquanto que um objeto `NetworkPolicy` não pode selecionar um namespace pelo seu nome através de
+um campo específico, você pode utilizar essa _label_ padrão para selecionar um namespace pelo seu nome.
+
+## O que você não pode fazer com `NetworkPolicies` (ao menos por enquanto!)
+Por enquanto no Kubernetes {{< skew latestVersion >}} as funcionalidades a seguir não existem
+mas você pode conseguir implementar de forma alternativa utilizando componentes do Sistema Operacional
+(como SELinux, OpenVSwitch, IPtables, etc) ou tecnologias da camada 7 OSI (Ingress controllers, implementações de service mesh) ou ainda _admission controllers_.
+No caso do assunto "segurança de redes no Kubernetes" ser novo para você, vale notar que as
+histórias de usuário a seguir ainda não podem ser implementadas:
+
+- Forçar o tráfego interno do cluster passar por um gateway comum (pode ser implementado via service mesh ou outros proxies)
+- Qualquer coisa relacionada a TLS/mTLS (use um service mesh ou ingress controller para isso)
+- Políticas específicas a nível do nó kubernetes (você pode utilizar as notações de IP CIDR para isso, mas não pode selecionar nós Kubernetes por suas identidades)
+- Selecionar `Services` pelo seu nome (você pode, contudo, selecionar pods e namespaces por seus {{< glossary_tooltip text="labels" term_id="label" >}} o que torna-se uma solução de contorno viável).
+- Criação ou gerenciamento
+- Políticas padrão que são aplicadas a todos os namespaces e pods (existem alguns plugins externos do Kubernetes e projetos que podem fazer isso, e a comunidade está trabalhando nessa especificação).
+- Ferramental de testes para validação de políticas de redes.
+- Possibilidade de logar eventos de segurança de redes (conexões bloqueadas, aceitas). Existem plugins CNI que conseguem fazer isso à parte.
+- Possibilidade de explicitamente negar políticas de rede (o modelo das `NetworkPolicies` são "negar por padrão e conforme a necessidade, deve-se adicionar regras que permitam o tráfego).
+- Bloquear o tráfego que venha da interface de loopback/localhost ou que venham do nó em que o Pod se encontre.
+
+## {{% heading "whatsnext" %}}
+
+
+- Veja o tutorial [Declarando políticas de redes](/docs/tasks/administer-cluster/declare-network-policy/) para mais exemplos.
+- Veja mais [cenários comuns e exemplos](https://github.com/ahmetb/kubernetes-network-policy-recipes) de políticas de redes.
diff --git a/content/pt-br/docs/concepts/storage/persistent-volumes.md b/content/pt-br/docs/concepts/storage/persistent-volumes.md
new file mode 100644
index 0000000000..65396a3c37
--- /dev/null
+++ b/content/pt-br/docs/concepts/storage/persistent-volumes.md
@@ -0,0 +1,738 @@
+---
+reviewers:
+- jsafrane
+- saad-ali
+- thockin
+- msau42
+- xing-yang
+title: Volumes Persistentes
+feature:
+ title: Orquestração de Armazenamento
+ description: >
+ Montar automaticamente o armazenamento de sua escolha, seja de um armazenamento local, de um provedor de cloud pública, como GCP ou AWS, ou um armazenameto de rede, como NFS, iSCSI, Gluster, Ceph, Cinder ou Flocker.
+
+content_type: conceito
+weight: 20
+---
+
+
+
+Esse documento descreve o estado atual dos _volumes persistentes_ no Kubernetes. Sugerimos que esteja familiarizado com [volumes](/docs/concepts/storage/volumes/).
+
+
+
+## Introdução
+
+
+O gerenciamento de armazenamento é uma questão bem diferente do gerenciamento de instâncias computacionais. O subsistema PersistentVolume provê uma API para usuários e administradores que mostra de forma detalhada de como o armazenamento é provido e como ele é consumido. Para isso, nós introduzimos duas novas APIs: PersistentVolume e PersistentVolumeClaim.
+
+Um _PersistentVolume_ (PV) é uma parte do armazenamento dentro do cluster que tenha sido provisionada por um administrador, ou dinamicamente utilizando [Classes de Armazenamento](/docs/concepts/storage/storage-classes/). Isso é um recurso dentro do cluster da mesma forma que um nó também é. PVs são plugins de volume da mesma forma que Volumes, porém eles têm um ciclo de vida independente de qualquer Pod que utilize um PV. Essa API tem por objetivo mostrar os detalhes da implementação do armazenamento, seja ele NFS, iSCSI, ou um armazenamento específico de um provedor de cloud pública.
+
+Uma_PersistentVolumeClaim_ (PVC) é uma requisição para armazenamento por um usuário. É similar a um Pod. Pods utilizam recursos do nó e PVCs utilizam recursos do PV. Pods podem solicitar níveis específicos de recursos (CPU e Memória). Claims podem solicitar tamanho e modos de acesso específicos (exemplo: montagem como ReadWriteOnce, ReadOnlyMany ou ReadWriteMany, veja [Modos de Acesso](#modos-de-acesso)).
+
+Enquanto as PersistentVolumeClaims permitem que um usuário utilize recursos de armazenamento de forma limitada, é comum que usuários precisem de PersistentVolumes com diversas propriedades, como desempenho, para problemas diversos. Os administradores de cluster precisam estar aptos a oferecer uma variedade de PersistentVolumes que difiram em tamanho e modo de acesso, sem expor os usuários a detalhes de como esses volumes são implementados. Para necessidades como essas, temos o recurso de _StorageClass_.
+
+Veja os [exemplos de passo a passo de forma detalhada](/docs/tasks/configure-pod-container/configure-persistent-volume-storage/).
+
+## Requisição e ciclo de vida de um volume
+
+PVs são recursos dentro um cluster. PVCs são requisições para esses recursos e também atuam como uma validação da solicitação desses recursos. O ciclo de vida da interação entre PVs e PVCs funcionam da seguinte forma:
+
+### Provisionamento
+
+Existem duas formas de provisionar um PV: estaticamente ou dinamicamente.
+
+#### Estático
+
+O administrador do cluster cria uma determinada quantidade de PVs. Eles possuem todos os detalhes do armazenamento os quais estão atrelados, que neste caso fica disponível para utilização por um usuário dentro do cluster. Eles estão presentes na API do Kubernetes e disponíveis para utilização.
+
+#### Dinâmico
+
+Quando nenhum dos PVs estáticos, que foram criados anteriormente pelo administrador, satisfazem os critérios de uma PersistentVolumeClaim enviado por um usuário, o cluster pode tentar realizar um provisionamento dinâmico para atender a essa PVC. Esse provisionamento é baseado em StorageClasses: a PVC deve solicitar uma [classe de armazenamento](/docs/concepts/storage/storage-classes/) e o administrador deve ter previamente criado e configurado essa classe para que o provisionamento dinâmico possa ocorrer. Requisições que solicitam a classe `""` efetivamente desabilitam o provisionamento dinâmico para elas mesmas.
+
+Para habilitar o provisionamento de armazenamento dinâmico baseado em classe de armazenamento, o administrador do cluster precisa habilitar o [controle de admissão](/docs/reference/access-authn-authz/admission-controllers/#defaultstorageclass) `DefaultStorageClass` no servidor da API. Isso pode ser feito, por exemplo, garantindo que `DefaultStorageClass` esteja entre aspas simples, ordenado por uma lista de valores para a flag `--enable-admission-plugins`, componente do servidor da API. Para mais informações sobre os comandos das flags do servidor da API, consulte a documentação [kube-apiserver](/docs/admin/kube-apiserver/).
+
+### Binding
+
+Um usuário cria, ou em caso de um provisionamento dinâmico já ter criado, uma PersistentVolumeClaim solicitando uma quantidade específica de armazenamento e um determinado modo de acesso. Um controle de loop no master monitora por novas PVCs, encontra um PV (se possível) que satisfaça os requisitos e realiza o bind. Se o PV foi provisionado dinamicamente por uma PVC, o loop sempre vai fazer o bind desse PV com essa PVC em específico. Caso contrário, o usuário vai receber no mínimo o que ele havia solicitado, porém, o volume possa exceder em relação à solicitação inicial. Uma vez realizado esse processo, PersistentVolumeClaim sempre vai ter um bind exclusivo, sem levar em conta como o isso aconteceu. Um bind entre uma PVC e um PV é um mapeamento de um para um, utilizando o ClaimRef que é um bind bidirecional entre o PersistentVolume e o PersistentVolumeClaim.
+
+As requisições permanecerão sem bind se o volume solicitado não existir. O bind ocorrerá somente se os requisitos forem atendidos exatamente da mesma forma como solicitado. Por exemplo, um bind de uma PVC de 100 GB não ocorrerá num cluster que foi provisionado com vários PVs de 50 GB. O bind ocorrerá somente no momento em que um PV de 100 GB for adicionado.
+
+### Utilização
+
+Pods utilizam requisições como volumes. O cluster inspeciona a requisição para encontrar o volume atrelado a ela e monta esse volume para um Pod. Para volumes que suportam múltiplos modos de acesso, o usuário especifica qual o modo desejado quando utiliza essas requisições.
+
+Uma vez que o usuário tem a requisição atrelada a um PV, ele pertence ao usuário pelo tempo que ele precisar. Usuários agendam Pods e acessam seus PVs requisitados através da seção `persistentVolumeClaim` no bloco `volumes` do Pod. Para mais detalhes sobre isso, veja [Requisições como Volumes](#requisições-como-volumes).
+
+### Proteção de Uso de um Objeto de Armazenamento
+
+O propósito da funcionalidade do Objeto de Armazenamento em Proteção de Uso é garantir que as PersistentVolumeClaims (PVCs) que estejam sendo utilizadas por um Pod e PersistentVolume (PVs) que pertençam aos PVCs não sejam removidos do sistema, pois isso pode resultar numa perda de dados.
+
+{{< note >}}
+Uma PVC está sendo utilizada por um Pod quando existe um Pod que está usando essa PVC.
+{{< /note >}}
+
+Se um usuário deleta uma PVC que está sendo utilizada por um Pod, esta PVC não é removida imediatamente. A remoção da PVC é adiada até que a PVC não esteja mais sendo utilizado por nenhum Pod. Se um administrador deleta um PV que está atrelado a uma PVC, o PV não é removido imediatamente também. A remoção do PV é adiada até que o PV não esteja mais atrelado à PVC.
+
+Note que uma PVC é protegida quando o status da PVC é `Terminating` e a lista `Finalizers` contém `kubernetes.io/pvc-protection`:
+
+```shell
+kubectl describe pvc hostpath
+Name: hostpath
+Namespace: default
+StorageClass: example-hostpath
+Status: Terminating
+Volume:
+Labels:
+Annotations: volume.beta.kubernetes.io/storage-class=example-hostpath
+ volume.beta.kubernetes.io/storage-provisioner=example.com/hostpath
+Finalizers: [kubernetes.io/pvc-protection]
+...
+```
+
+Note que um PV é protegido quando o status da PVC é `Terminating` e a lista `Finalizers` contém `kubernetes.io/pv-protection` também:
+
+```shell
+kubectl describe pv task-pv-volume
+Name: task-pv-volume
+Labels: type=local
+Annotations:
+Finalizers: [kubernetes.io/pv-protection]
+StorageClass: standard
+Status: Terminating
+Claim:
+Reclaim Policy: Delete
+Access Modes: RWO
+Capacity: 1Gi
+Message:
+Source:
+ Type: HostPath (bare host directory volume)
+ Path: /tmp/data
+ HostPathType:
+Events:
+```
+
+### Recuperação
+
+Quando um usuário não precisar mais utilizar um volume, ele pode deletar a PVC pela API, que, permite a recuperação do recurso. A política de recuperação para um PersistentVolume diz ao cluster o que fazer com o volume após ele ter sido liberado da sua requisição. Atualmente, volumes podem ser Retidos, Reciclados ou Deletados.
+
+#### Retenção
+
+A política `Retain` permite a recuperação de forma manual do recurso. Quando a PersistentVolumeClaim é deletada, ela continua existindo e o volume é considerado "livre". Mas ele ainda não está disponível para outra requisição porque os dados da requisição anterior ainda permanecem no volume. Um administrador pode manualmente recuperar o volume executando os seguintes passos:
+
+
+1. Deletar o PersistentVolume. O armazenamento associado à infraestrutura externa (AWS EBS, GCE PD, Azure Disk ou Cinder volume) ainda continuará existindo após o PV ser deletado.
+1. Limpar os dados de forma manual no armazenamento associado.
+1. Deletar manualmente o armazenamento associado. Caso você queira utilizar o mesmo armazenamento, crie um novo PersistentVolume com esse armazenamento.
+
+#### Deletar
+
+Para plugins de volume que suportam a política de recuperação `Delete`, a deleção vai remover o tanto o PersistentVolume do Kubernetes, quanto o armazenamento associado à infraestrutura externa, como AWS EBS, GCE PD, Azure Disk, ou Cinder volume. Volumes que foram provisionados dinamicamente herdam a [política de retenção da sua StorageClass](#política-de-retenção), que por padrão é `Delete`. O administrador precisa configurar a StorageClass de acordo com as necessidades dos usuários. Caso contrário, o PV deve ser editado ou reparado após sua criação. Veja [Alterar a política de retenção de um PersistentVolume](/docs/tasks/administer-cluster/change-pv-reclaim-policy/).
+
+#### Reciclar
+
+{{< warning >}}
+A política de retenção `Recycle` está depreciada. Ao invés disso, recomendamos a utilização de provisionamento dinâmico.
+{{< /warning >}}
+
+Em caso do volume plugin ter suporte a essa operação, a política de retenção `Recycle` faz uma limpeza básica (`rm -rf /thevolume/*`) no volume e torna ele disponível novamente para outra requisição.
+
+Contudo, um administrador pode configurar um template personalizado de um Pod reciclador utilizando a linha de comando do gerenciamento de controle do Kubernetes como descrito em [referência](/docs/reference/command-line-tools-reference/kube-controller-manager/).
+O Pod reciclador personalizado deve conter a spec `volume` como é mostrado no exemplo abaixo:
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+ name: pv-recycler
+ namespace: default
+spec:
+ restartPolicy: Never
+ volumes:
+ - name: vol
+ hostPath:
+ path: /any/path/it/will/be/replaced
+ containers:
+ - name: pv-recycler
+ image: "k8s.gcr.io/busybox"
+ command: ["/bin/sh", "-c", "test -e /scrub && rm -rf /scrub/..?* /scrub/.[!.]* /scrub/* && test -z \"$(ls -A /scrub)\" || exit 1"]
+ volumeMounts:
+ - name: vol
+ mountPath: /scrub
+```
+
+Contudo, o caminho especificado no Pod reciclador personalizado em `volumes` é substituído pelo caminho do volume que está sendo reciclado.
+
+### Reservando um PersistentVolume
+
+A camada de gerenciamento pode [fazer o bind de um PersistentVolumeClaims com PersistentVolumes equivalentes](#binding) no cluster. Contudo, se você quer que uma PVC faça um bind com um PV específico, é preciso fazer o pré-bind deles.
+
+Especificando um PersistentVolume na PersistentVolumeClaim, você declara um bind entre uma PVC e um PV específico. O bind ocorrerá se o PersistentVolume existir e não estiver reservado por uma PersistentVolumeClaims através do seu campo `claimRef`.
+
+O bind ocorre independentemente se algum volume atender ao critério, incluindo afinidade de nó. A camada de gerenciamento verifica se a [classe de armazenamento](/docs/concepts/storage/storage-classes/), modo de acesso e tamanho do armazenamento solicitado ainda são válidos.
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: foo-pvc
+ namespace: foo
+spec:
+ storageClassName: "" # Empty string must be explicitly set otherwise default StorageClass will be set
+ volumeName: foo-pv
+ ...
+```
+
+Esse método não garante nenhum privilégio de bind no PersistentVolume. Para evitar que alguma outra PersistentVolumeClaims possa usar o PV que você especificar, você precisa primeiro reservar esse volume de armazenamento. Especifique sua PersistentVolumeClaim no campo `claimRef` do PV para que outras PVCs não façam bind nele.
+
+```yaml
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: foo-pv
+spec:
+ storageClassName: ""
+ claimRef:
+ name: foo-pvc
+ namespace: foo
+ ...
+```
+
+Isso é útil se você deseja utilizar PersistentVolumes que possuem suas `claimPolicy` configuradas para `Retain`, incluindo situações onde você estiver reutilizando um PV existente.
+
+### Expandindo Requisições de Volumes Persistentes
+
+{{< feature-state for_k8s_version="v1.11" state="beta" >}}
+
+Agora, o suporte à expansão de PersistentVolumeClaims (PVCs) já é habilitado por padrão. Você pode expandir os tipos de volumes abaixo:
+
+* gcePersistentDisk
+* awsElasticBlockStore
+* Cinder
+* glusterfs
+* rbd
+* Azure File
+* Azure Disk
+* Portworx
+* FlexVolumes
+* {{< glossary_tooltip text="CSI" term_id="csi" >}}
+
+Você só pode expandir uma PVC se o campo da classe de armazenamento `allowVolumeExpansion` é `true`.
+
+``` yaml
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: gluster-vol-default
+provisioner: kubernetes.io/glusterfs
+parameters:
+ resturl: "http://192.168.10.100:8080"
+ restusuário: ""
+ secretNamespace: ""
+ secretName: ""
+allowVolumeExpansion: true
+```
+
+Para solicitar um volume maior para uma PVC, edite a PVC e especifique um tamanho maior. Isso irá fazer com o que volume atrelado ao respectivo PersistentVolume seja expandido. Nunca um PersistentVolume é criado para satisfazer a requisição. Ao invés disso, um volume existente é redimensionado.
+
+#### Expansão de volume CSI
+
+{{< feature-state for_k8s_version="v1.16" state="beta" >}}
+
+O suporte à expansão de volumes CSI é habilitada por padrão, porém é necessário um driver CSI específico para suportar a expansão do volume. Verifique a documentação do driver CSI específico para mais informações.
+
+#### Redimensionando um volume que contém um sistema de arquivo
+
+Só podem ser redimensionados os volumes que contém os seguintes sistemas de arquivo: XFS, Ext3 ou Ext4.
+
+Quando um volume contém um sistema de arquivo, o sistema de arquivo somente é redimensionado quando um novo Pod está utilizando a PersistentVolumeClaim no modo `ReadWrite`. A expansão de sistema de arquivo é feita quando um Pod estiver inicializando ou quando um Pod estiver em execução e o respectivo sistema de arquivo tenha suporte para expansão a quente.
+
+FlexVolumes permitem redimensionamento se o `RequiresFSResize` do drive é configurado como `true`. O FlexVolume pode ser redimensionado na reinicialização do Pod.
+
+#### Redimensionamento de uma PersistentVolumeClaim em uso
+
+{{< feature-state for_k8s_version="v1.15" state="beta" >}}
+
+{{< note >}}
+A Expansão de PVCs em uso está disponível como beta desde o Kubernetes 1.15, e como alpha desde a versão 1.11. A funcionalidade `ExpandInUsePersistentVolumes` precisa ser habilitada, o que já está automático para vários clusters que possuem funcionalidades beta. Verifique a documentação [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) para mais informações.
+{{< /note >}}
+
+Neste caso, você não precisa deletar e recriar um Pod ou um deployment que está sendo utilizado por uma PVC existente.
+Automaticamente, qualquer PVC em uso fica disponível para o Pod assim que o sistema de arquivo for expandido.
+Essa funcionalidade não tem efeito em PVCs que não estão em uso por um Pod ou deployment. Você deve criar um Pod que utilize a PVC antes que a expansão seja completada.
+
+Da mesma forma que outros tipos de volumes - volumes FlexVolume também podem ser expandidos quando estiverem em uso por um Pod.
+
+{{< note >}}
+Redimensionamento de FlexVolume somente é possível quando o respectivo driver suportar essa operação.
+{{< /note >}}
+
+{{< note >}}
+Expandir volumes do tipo EBS é uma operação que toma muito tempo. Além disso, só é possível fazer uma modificação por volume a cada 6 horas.
+{{< /note >}}
+
+#### Recuperação em caso de falha na expansão de volumes
+
+Se a expansão do respectivo armazenamento falhar, o administrador do cluster pode recuperar manualmente o estado da Persistent Volume Claim (PVC) e cancelar as solicitações de redimensionamento. Caso contrário, as tentativas de solicitação de redimensionamento ocorrerão de forma contínua pelo controlador sem nenhuma intervenção do administrador.
+
+1. Marque o PersistentVolume(PV) que estiver atrelado à PersistentVolumeClaim(PVC) com a política de recuperação `Retain`.
+2. Delete a PVC. Desde que o PV tenha a política de recuperação `Retain` - nenhum dado será perdido quando a PVC for recriada.
+3. Delete a entrada `claimRef` da especificação do PV para que uma PVC possa fazer bind com ele. Isso deve tornar o PV `Available`.
+4. Recrie a PVC com um tamanho menor que o PV e configure o campo `volumeName` da PCV com o nome do PV. Isso deve fazer o bind de uma nova PVC a um PV existente.
+5. Não esqueça de restaurar a política de recuperação do PV.
+
+## Tipos de volumes persistentes
+
+Tipos de PersistentVolume são implementados como plugins. Atualmente o Kubernetes suporta os plugins abaixo:
+
+* [`awsElasticBlockStore`](/docs/concepts/storage/volumes/#awselasticblockstore) - AWS Elastic Block Store (EBS)
+* [`azureDisk`](/docs/concepts/storage/volumes/#azuredisk) - Azure Disk
+* [`azureFile`](/docs/concepts/storage/volumes/#azurefile) - Azure File
+* [`cephfs`](/docs/concepts/storage/volumes/#cephfs) - CephFS volume
+* [`cinder`](/docs/concepts/storage/volumes/#cinder) - Cinder (OpenStack block storage)
+ (**depreciado**)
+* [`csi`](/docs/concepts/storage/volumes/#csi) - Container Storage Interface (CSI)
+* [`fc`](/docs/concepts/storage/volumes/#fc) - Fibre Channel (FC) storage
+* [`flexVolume`](/docs/concepts/storage/volumes/#flexVolume) - FlexVolume
+* [`flocker`](/docs/concepts/storage/volumes/#flocker) - Flocker storage
+* [`gcePersistentDisk`](/docs/concepts/storage/volumes/#gcepersistentdisk) - GCE Persistent Disk
+* [`glusterfs`](/docs/concepts/storage/volumes/#glusterfs) - Glusterfs volume
+* [`hostPath`](/docs/concepts/storage/volumes/#hostpath) - HostPath volume
+ (somente para teste de nó único; ISSO NÃO FUNCIONARÁ num cluster multi-nós; ao invés disso, considere a utilização de volume `local`.)
+* [`iscsi`](/docs/concepts/storage/volumes/#iscsi) - iSCSI (SCSI over IP) storage
+* [`local`](/docs/concepts/storage/volumes/#local) - storage local montados nos nós.
+* [`nfs`](/docs/concepts/storage/volumes/#nfs) - Network File System (NFS) storage
+* `photonPersistentDisk` - Controlador Photon para disco persistente.
+ (Esse tipo de volume não funciona mais desde a removação do provedor de cloud correspondente.)
+* [`portworxVolume`](/docs/concepts/storage/volumes/#portworxvolume) - Volume Portworx
+* [`quobyte`](/docs/concepts/storage/volumes/#quobyte) - Volume Quobyte
+* [`rbd`](/docs/concepts/storage/volumes/#rbd) - Volume Rados Block Device (RBD)
+* [`scaleIO`](/docs/concepts/storage/volumes/#scaleio) - Volume ScaleIO
+ (**depreciado**)
+* [`storageos`](/docs/concepts/storage/volumes/#storageos) - Volume StorageOS
+* [`vsphereVolume`](/docs/concepts/storage/volumes/#vspherevolume) - Volume vSphere VMDK
+
+## Volumes Persistentes
+
+Cada PV contém uma `spec` e um status, que é a especificação e o status do volume. O nome do PersistentVolume deve ser um [DNS](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names) válido.
+
+```yaml
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: pv0003
+spec:
+ capacity:
+ storage: 5Gi
+ volumeMode: Filesystem
+ accessModes:
+ - ReadWriteOnce
+ persistentVolumeReclaimPolicy: Retain
+ storageClassName: slow
+ mountOptions:
+ - hard
+ - nfsvers=4.1
+ nfs:
+ path: /tmp
+ server: 172.17.0.2
+```
+
+{{< note >}}
+Talvez sejam necessários programas auxiliares para um determinado tipo de volume utilizar um PersistentVolume no cluster. Neste exemplo, o PersistentVolume é do tipo NFS e o programa auxiliar _/sbin/mount.nfs_ é necessário para suportar a montagem dos sistemas de arquivos NFS.
+{{< /note >}}
+
+### Capacidade
+
+Geralmente, um PV terá uma capacidade de armazenamento específica. Isso é configurado usando o atributo `capacity` do PV. Veja o [Modelo de Recurso](https://git.k8s.io/community/contributors/design-proposals/scheduling/resources.md) do Kubernetes para entender as unidades aceitas pelo atributo `capacity`.
+
+Atualmente, o tamanho do armazenamento é o único recurso que pode ser configurado ou solicitado. Os futuros atributos podem incluir IOPS, throughput, etc.
+
+### Modo do Volume
+
+{{< feature-state for_k8s_version="v1.18" state="stable" >}}
+
+O Kubernetes suporta dois `volumeModes` de PersistentVolumes: `Filesystem` e `Block`.
+
+`volumeMode` é um parâmetro opcional da API.
+`Filesystem` é o modo padrão utilizado quando o parâmetro `volumeMode` é omitido.
+
+Um volume com `volumeMode: Filesystem` é *montado* em um diretório nos Pods. Se o volume for de um dispositivo de bloco e ele estiver vazio, o Kubernetes cria o sistema de arquivo no dispositivo antes de fazer a montagem pela primeira vez.
+
+Você pode configurar o valor do `volumeMode` para `Block` para utilizar um disco bruto como volume. Esse volume é apresentado num Pod como um dispositivo de bloco, sem nenhum sistema de arquivo. Esse modo é útil para prover ao Pod a forma mais rápida para acessar um volume, sem nenhuma camada de sistema de arquivo entre o Pod e o volume. Por outro lado, a aplicação que estiver rodando no Pod deverá saber como tratar um dispositivo de bloco. Veja [Suporte a Volume de Bloco Bruto](#raw-block-volume-support) para um exemplo de como utilizar o volume como `volumeMode: Block` num Pod.
+
+### Modos de Acesso
+
+Um PersistentVolume pode ser montado num host das mais variadas formas suportadas pelo provedor. Como mostrado na tabela abaixo, os provedores terão diferentes capacidades e cada modo de acesso do PV são configurados nos modos específicos suportados para cada volume em particular. Por exemplo, o NFS pode suportar múltiplos clientes read/write, mas um PV NFS específico pode ser exportado no server como read-only. Cada PV recebe seu próprio modo de acesso que descreve suas capacidades específicas.
+
+Os modos de acesso são:
+
+* ReadWriteOnce -- o volume pode ser montado como leitura-escrita por um nó único
+* ReadOnlyMany -- o volume pode ser montado como somente-leitura por vários nós
+* ReadWriteMany -- o volume pode ser montado como leitura-escrita por vários nós
+
+Na linha de comando, os modos de acesso ficam abreviados:
+
+* RWO - ReadWriteOnce
+* ROX - ReadOnlyMany
+* RWX - ReadWriteMany
+
+> __Importante!__ Um volume somente pode ser montado utilizando um único modo de acesso por vez, independente se ele suportar mais de um. Por exemplo, um GCEPersistentDisk pode ser montado como ReadWriteOnce por um único nó ou ReadOnlyMany por vários nós, porém não simultaneamente.
+
+
+| Plugin de Volume | ReadWriteOnce | ReadOnlyMany | ReadWriteMany|
+| :--- | :---: | :---: | :---: |
+| AWSElasticBlockStore | ✓ | - | - |
+| AzureFile | ✓ | ✓ | ✓ |
+| AzureDisk | ✓ | - | - |
+| CephFS | ✓ | ✓ | ✓ |
+| Cinder | ✓ | - | - |
+| CSI | depende do driver | depende do driver | depende do driver |
+| FC | ✓ | ✓ | - |
+| FlexVolume | ✓ | ✓ | depende do driver |
+| Flocker | ✓ | - | - |
+| GCEPersistentDisk | ✓ | ✓ | - |
+| Glusterfs | ✓ | ✓ | ✓ |
+| HostPath | ✓ | - | - |
+| iSCSI | ✓ | ✓ | - |
+| Quobyte | ✓ | ✓ | ✓ |
+| NFS | ✓ | ✓ | ✓ |
+| RBD | ✓ | ✓ | - |
+| VsphereVolume | ✓ | - | (funcionam quando os Pods são do tipo collocated) |
+| PortworxVolume | ✓ | - | ✓ |
+| ScaleIO | ✓ | ✓ | - |
+| StorageOS | ✓ | - | - |
+
+### Classe
+
+Um PV pode ter uma classe, que é especificada na configuração do atributo `storageClassName` com o nome da [StorageClass](/docs/concepts/storage/storage-classes/). Um PV de uma classe específica só pode ser atrelado a requisições PVCs dessa mesma classe. Um PV sem `storageClassName` não possui nenhuma classe e pode ser montado somente a PVCs que não solicitem nenhuma classe em específico.
+
+No passado, a notação `volume.beta.kubernetes.io/storage-class` era utilizada no lugar do atributo `storageClassName`. Essa notação ainda funciona. Contudo, ela será totalmente depreciada numa futura versão do Kubernetes.
+
+### Política de Retenção
+
+Atualmente as políticas de retenção são:
+
+* Retain -- recuperação manual
+* Recycle -- limpeza básica (`rm -rf /thevolume/*`)
+* Delete -- o volume de armazenamento associado, como AWS EBS, GCE PD, Azure Disk ou OpenStack Cinder é deletado
+
+Atualmente, somente NFS e HostPath suportam reciclagem. Volumes AWS EBS, GCE PD, Azure Disk e Cinder suportam delete.
+
+### Opções de Montagem
+
+Um administrador do Kubernetes pode especificar opções de montagem adicionais quando um Volume Persistente é montado num nó.
+
+{{< note >}}
+Nem todos os tipos de Volume Persistente suportam opções de montagem.
+{{< /note >}}
+
+Seguem os tipos de volumes que suportam opções de montagem.
+
+* AWSElasticBlockStore
+* AzureDisk
+* AzureFile
+* CephFS
+* Cinder (OpenStack block storage)
+* GCEPersistentDisk
+* Glusterfs
+* NFS
+* Quobyte Volumes
+* RBD (Ceph Block Device)
+* StorageOS
+* VsphereVolume
+* iSCSI
+
+Não há validação em relação às opções de montagem. A montagem irá falhar se houver alguma opção inválida.
+
+No passado, a notação `volume.beta.kubernetes.io/mount-options` era usada no lugar do atributo `mountOptions`. Essa notação ainda funciona. Contudo, ela será totalmente depreciada numa futura versão do Kubernetes.
+
+### Afinidade de Nó
+
+{{< note >}}
+Para a maioria dos tipos de volume, a configuração desse campo não se faz necessária. Isso é automaticamente populado pelos seguintes volumes de bloco do tipo: [AWS EBS](/docs/concepts/storage/volumes/#awselasticblockstore), [GCE PD](/docs/concepts/storage/volumes/#gcepersistentdisk) e [Azure Disk](/docs/concepts/storage/volumes/#azuredisk). Você precisa deixar isso configurado para volumes do tipo [local](/docs/concepts/storage/volumes/#local).
+{{< /note >}}
+
+Um PV pode especificar uma [afinidade de nó](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#volumenodeaffinity-v1-core) para definir restrições em relação ao limite de nós que podem acessar esse volume. Pods que utilizam um PV serão somente reservados para nós selecionados pela afinidade de nó.
+
+### Estado
+
+Um volume sempre estará em um dos seguintes estados:
+
+* Available -- um recurso que está livre e ainda não foi atrelado a nenhuma requisição
+* Bound -- um volume atrelado a uma requisição
+* Released -- a requisição foi deletada, mas o curso ainda não foi recuperado pelo cluster
+* Failed -- o volume fracassou na sua recuperação automática
+
+
+A CLI mostrará o nome do PV que foi atrelado à PVC
+
+## PersistentVolumeClaims
+
+Cada PVC contém uma `spec` e um status, que é a especificação e estado de uma requisição. O nome de um objeto PersistentVolumeClaim precisa ser um [DNS](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names) válido.
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: myclaim
+spec:
+ accessModes:
+ - ReadWriteOnce
+ volumeMode: Filesystem
+ resources:
+ requests:
+ storage: 8Gi
+ storageClassName: slow
+ selector:
+ matchLabels:
+ release: "stable"
+ matchExpressions:
+ - {key: environment, operator: In, values: [dev]}
+```
+
+### Modos de Acesso
+
+As requisições usam as mesmas convenções que os volumes quando eles solicitam um armazenamento com um modo de acesso específico.
+
+### Modos de Volume
+
+As requisições usam as mesmas convenções que os volumes quando eles indicam o tipo de volume, seja ele um sistema de arquivo ou dispositivo de bloco.
+
+### Recursos
+
+
+Assim como Pods, as requisições podem solicitar quantidades específicas de recurso. Neste caso, a solicitação é por armazenamento. O mesmo [modelo de recurso](https://git.k8s.io/community/contributors/design-proposals/scheduling/resources.md) vale para volumes e requisições.
+
+### Seletor
+
+Requisições podem especifiar um [seletor de rótulo](/docs/concepts/overview/working-with-objects/labels/#label-selectors) para posteriormente filtrar um grupo de volumes. Somente os volumes que possuam rótulos que satisfaçam os critérios do seletor podem ser atrelados à requisição. O seletor pode conter dois campos:
+
+* `matchLabels` - o volume deve ter um rótulo com esse valor
+* `matchExpressions` - uma lista de requisitos, como chave, lista de valores e operador relacionado aos valores e chaves. São operadores válidos: In, NotIn, Exists e DoesNotExist.
+
+Todos os requisitos de `matchLabels` e `matchExpressions`, são do tipo AND - todos eles juntos devem ser atendidos.
+
+### Classe
+
+Uma requisição pode solicitar uma classe específica através da [StorageClass](/docs/concepts/storage/storage-classes/) utilizando o atributo `storageClassName`. Neste caso o bind ocorrerá somente com os PVs que possuírem a mesma classe do `storageClassName` dos PVCs.
+
+As PVCs não precisam necessariamente solicitar uma classe. Uma PVC com sua `storageClassName` configurada como `""` sempre solicitará um PV sem classe, dessa forma ela sempre será atrelada a um PV sem classe (que não tenha nenhuma notação, ou seja, igual a `""`). Uma PVC sem `storageClassName` não é a mesma coisa e será tratada pelo cluster de forma diferente, porém isso dependerá se o [puglin de admissão](/docs/reference/access-authn-authz/admission-controllers/#defaultstorageclass) `DefaultStorageClass` estiver habilitado.
+
+* Se o plugin de admissão estiver habilitado, o administrador poderá especificar a StorageClass padrão. Todas as PVCs que não tiverem `storageClassName` podem ser atreladas somente a PVs que atendam a esse padrão. A especificação de uma StorageClass padrão é feita através da notação `storageclass.kubernetes.io/is-default-class` recebendo o valor `true` no objeto da StorageClass. Se o administrador não especificar nenhum padrão, o cluster vai tratar a criação de uma PVC como se o plugin de admissão estivesse desabilitado. Se mais de um valor padrão for especificado, o plugin de admissão proíbe a criação de todas as PVCs.
+* Se o plugin de admissão estiver desabilitado, não haverá nenhuma notação para a StorageClass padrão. Todas as PVCs que não tiverem `storageClassName` poderão ser atreladas somente aos PVs que não possuem classe. Neste caso, as PVCs que não tiverem `storageClassName` são tratadas da mesma forma como as PVCs que possuem suas `storageClassName` configuradas como `""`.
+
+Dependendo do modo de instalação, uma StorageClass padrão pode ser implantada num cluster Kubernetes durante a instalação pelo addon manager.
+
+Quando uma PVC especifica um `selector` para solicitar uma StorageClass, os requisitos são do tipo AND: somente um PV com a classe solicitada e com o rótulo requisitado pode ser atrelado à PVC.
+
+{{< note >}}
+Atualmente, uma PVC que tenha `selector` não pode ter um PV dinamicamente provisionado.
+{{< /note >}}
+
+No passado, a notação `volume.beta.kubernetes.io/storage-class` era usada no lugar do atributo `storageClassName` Essa notação ainda funciona. Contudo, ela será totalmente depreciada numa futura versão do Kubernetes.
+
+## Requisições como Volumes
+
+Os Pods podem ter acesso ao armazenamento utilizando a requisição como um volume. Para isso, a requisição tem que estar no mesmo namespace que o Pod. Ao localizar a requisição no namespace do Pod, o cluster passa o PersistentVolume para a requisição.
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+ name: mypod
+spec:
+ containers:
+ - name: myfrontend
+ image: nginx
+ volumeMounts:
+ - mountPath: "/var/www/html"
+ name: mypd
+ volumes:
+ - name: mypd
+ persistentVolumeClaim:
+ claimName: myclaim
+```
+
+### Sobre Namespaces
+
+Os binds dos PersistentVolumes são exclusivos e, desde que as PersistentVolumeClaims são objetos do namespace, fazer a montagem das requisições com "Muitos" nós (`ROX`, `RWX`) é possível somente para um namespace.
+
+### PersistentVolumes do tipo `hostPath`
+
+Um PersistentVolume do tipo `hostPath` utiliza um arquivo ou diretório no nó para emular um network-attached storage (NAS). Veja [um exemplo de volume do tipo `hostPath`](/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolume).
+
+## Suporte a Volume de Bloco Bruto
+
+{{< feature-state for_k8s_version="v1.18" state="stable" >}}
+
+Os plugins de volume abaixo suportam volumes de bloco bruto, incluindo provisionamento dinâmico onde for aplicável:
+
+* AWSElasticBlockStore
+* AzureDisk
+* CSI
+* FC (Fibre Channel)
+* GCEPersistentDisk
+* iSCSI
+* Local volume
+* OpenStack Cinder
+* RBD (Ceph Block Device)
+* VsphereVolume
+
+### Utilização de PersistentVolume com Volume de Bloco Bruto {#persistent-volume-using-a-raw-block-volume}
+
+```yaml
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: block-pv
+spec:
+ capacity:
+ storage: 10Gi
+ accessModes:
+ - ReadWriteOnce
+ volumeMode: Block
+ persistentVolumeReclaimPolicy: Retain
+ fc:
+ targetWWNs: ["50060e801049cfd1"]
+ lun: 0
+ readOnly: false
+```
+
+### Requisição de PersistentVolumeClaim com Volume de Bloco Bruto {#persistent-volume-claim-requesting-a-raw-block-volume}
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: block-pvc
+spec:
+ accessModes:
+ - ReadWriteOnce
+ volumeMode: Block
+ resources:
+ requests:
+ storage: 10Gi
+```
+
+### Especificação de Pod com Dispositivo de Bloco Bruto no contêiner
+
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+ name: pod-with-block-volume
+spec:
+ containers:
+ - name: fc-container
+ image: fedora:26
+ command: ["/bin/sh", "-c"]
+ args: [ "tail -f /dev/null" ]
+ volumeDevices:
+ - name: data
+ devicePath: /dev/xvda
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: block-pvc
+```
+
+{{< note >}}
+Quando adicionar um dispositivo de bloco bruto num Pod, você especifica o caminho do dispositivo no contêiner ao invés de um ponto de montagem.
+{{< /note >}}
+
+### Bind de Volumes de Bloco
+
+Se um usuário solicita um volume de bloco bruto através do campo `volumeMode` na `spec` da PersistentVolumeClaim, as regras de bind agora têm uma pequena diferença em relação às versões anteriores que não consideravam esse modo como parte da `spec`.
+A tabela abaixo mostra as possíveis combinações que um usuário e um administrador pode especificar para requisitar um dispositivo de bloco bruto. A tabela indica se o volume será ou não atrelado com base nas combinações:
+Matriz de bind de volume para provisionamento estático de volumes:
+
+| PV volumeMode | PVC volumeMode | Result |
+| --------------|:---------------:| ----------------:|
+| unspecified | unspecified | BIND |
+| unspecified | Block | NO BIND |
+| unspecified | Filesystem | BIND |
+| Block | unspecified | NO BIND |
+| Block | Block | BIND |
+| Block | Filesystem | NO BIND |
+| Filesystem | Filesystem | BIND |
+| Filesystem | Block | NO BIND |
+| Filesystem | unspecified | BIND |
+
+{{< note >}}
+O provisionamento estático de volumes é suportado somente na versão alpha. Os administradores devem tomar cuidado ao considerar esses valores quando estiverem trabalhando com dispositivos de bloco bruto.
+{{< /note >}}
+
+## Snapshot de Volume e Restauração de Volume a partir de um Snapshot
+
+{{< feature-state for_k8s_version="v1.20" state="stable" >}}
+
+O snapshot de volume é suportado somente pelo plugin de volume CSI. Veja [Snapshot de Volume](/docs/concepts/storage/volume-snapshots/) para mais detalhes.
+Plugins de volume in-tree estão depreciados. Você pode consultar sobre os plugins de volume depreciados em [Perguntas Frequentes sobre Plugins de Volume](https://github.com/kubernetes/community/blob/master/sig-storage/volume-plugin-faq.md).
+
+### Criar uma PersistentVolumeClaim a partir de um Snapshot de Volume {#create-persistent-volume-claim-from-volume-snapshot}
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: restore-pvc
+spec:
+ storageClassName: csi-hostpath-sc
+ dataSource:
+ name: new-snapshot-test
+ kind: VolumeSnapshot
+ apiGroup: snapshot.storage.k8s.io
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Gi
+```
+
+## Clonagem de Volume
+
+A [Clonagem de Volume](/docs/concepts/storage/volume-pvc-datasource/) é possível somente com plugins de volume CSI.
+
+### Criação de PersistentVolumeClaim a partir de uma PVC já existente {#create-persistent-volume-claim-from-an-existing-pvc}
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: cloned-pvc
+spec:
+ storageClassName: my-csi-plugin
+ dataSource:
+ name: existing-src-pvc-name
+ kind: PersistentVolumeClaim
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Gi
+```
+
+## Boas Práticas de Configuração
+
+
+Se você está criando templates ou exemplos que rodam numa grande quantidade de clusters e que precisam de armazenamento persistente, recomendamos que utilize o padrão abaixo:
+
+- Inclua objetos PersistentVolumeClaim em seu pacote de configuração (com Deployments, ConfigMaps, etc.).
+- Não inclua objetos PersistentVolume na configuração, pois o usuário que irá instanciar a configuração talvez não tenha permissão para criar PersistentVolume.
+- Dê ao usuário a opção dele informar o nome de uma classe de armazenamento quando instanciar o template.
+ - Se o usuário informar o nome de uma classe de armazenamento, coloque esse valor no campo `persistentVolumeClaim.storageClassName`. Isso fará com que a PVC encontre a classe de armazenamento correta se o cluster tiver a StorageClasses habilitado pelo administrador.
+ - Se o usuário não informar o nome da classe de armazenamento, deixe o campo `persistentVolumeClaim.storageClassName` sem nenhum valor (vazio). Isso fará com que o PV seja provisionado automaticamente no cluster para o usuário com o StorageClass padrão. Muitos ambientes de cluster já possuem uma StorageClass padrão, ou então os administradores podem criar suas StorageClass de acordo com seus critérios.
+- Durante suas tarefas de administração, busque por PVCs que após um tempo não estão sendo atreladas, pois, isso talvez indique que o cluster não tem provisionamento dinâmico (onde o usuário deveria criar um PV que satisfaça os critérios da PVC) ou cluster não tem um sistema de armazenamento (onde usuário não pode realizar um deploy solicitando PVCs).
+
+ ## {{% heading "whatsnext" %}}
+
+
+* Saiba mais sobre [Criando um PersistentVolume](/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolume).
+* Saiba mais sobre [Criando um PersistentVolumeClaim](/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolumeclaim).
+* Leia a [documentação sobre planejamento de Armazenamento Persistente](https://git.k8s.io/community/contributors/design-proposals/storage/persistent-storage.md).
+
+### Referência
+
+* [PersistentVolume](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolume-v1-core)
+* [PersistentVolumeSpec](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolumespec-v1-core)
+* [PersistentVolumeClaim](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#persistentvolumeclaim-v1-core)
diff --git a/content/pt-br/docs/concepts/workloads/controllers/_index.md b/content/pt-br/docs/concepts/workloads/controllers/_index.md
old mode 100755
new mode 100644
diff --git a/content/pt-br/docs/concepts/workloads/controllers/cron-jobs.md b/content/pt-br/docs/concepts/workloads/controllers/cron-jobs.md
index 669d3276d4..19c7cd8604 100644
--- a/content/pt-br/docs/concepts/workloads/controllers/cron-jobs.md
+++ b/content/pt-br/docs/concepts/workloads/controllers/cron-jobs.md
@@ -1,54 +1,109 @@
---
-reviewers:
- - erictune
- - soltysh
- - janetkuo
title: CronJob
content_type: concept
weight: 80
---
-
+
-{{< feature-state for_k8s_version="v1.8" state="beta" >}}
+{{< feature-state for_k8s_version="v1.21" state="stable" >}}
-Um _Cron Job_ cria [Jobs](/docs/concepts/workloads/controllers/jobs-run-to-completion/) em um cronograma baseado em tempo.
+Um _CronJob_ cria {{< glossary_tooltip term_id="job" text="Jobs" >}} em um cronograma recorrente.
-Um objeto CronJob é como um arquivo _crontab_ (tabela cron). Executa um job periodicamente em um determinado horário, escrito no formato [Cron](https://en.wikipedia.org/wiki/Cron).
+Um objeto CronJob é como uma linha em um arquivo _crontab_ (tabela cron). Executa uma tarefa periodicamente em um determinado cronograma, escrito no formato [Cron](https://en.wikipedia.org/wiki/Cron).
-{{< note >}}
-Todos os **CronJob** `schedule (horários):` são indicados em UTC.
-{{< /note >}}
+{{< caution >}}
-Ao criar o manifesto para um recurso CronJob, verifique se o nome que você fornece é um [nome de subdomínio DNS](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names) válido.
-O nome não deve ter mais que 52 caracteres. Isso ocorre porque o controlador do CronJob anexará automaticamente 11 caracteres ao nome da tarefa fornecido e há uma restrição de que o comprimento máximo de um nome da tarefa não pode ultrapassar 63 caracteres.
+Todos os horários da propriedade `schedule:` do *CronJob* são baseadas no fuso horário do {{< glossary_tooltip term_id="kube-controller-manager" >}}.
-Para obter instruções sobre como criar e trabalhar com tarefas cron, e para obter um exemplo de arquivo de especificação para uma tarefa cron, consulte [Executando tarefas automatizadas com tarefas cron](/docs/tasks/job/automated-tasks-with-cron-jobs).
+Se a camada de gerenciamento do cluster executa o kube-controller-manager em Pods ou contêineres avulsos, o fuso horário configurado para o contêiner executando o kube-controller-manager determina o fuso horário que o controlador dos objetos CronJob utiliza.
+{{< /caution >}}
+Ao criar o manifesto para um objeto CronJob, verifique se o nome que você forneceu é um [nome de subdomínio DNS](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names) válido.
+O nome não pode ter mais que 52 caracteres. Esta limitação existe porque o controlador do CronJob adicionará automaticamente 11 caracteres ao final do nome escolhido para a tarefa, e o tamanho máximo de um nome de tarefa não pode ultrapassar 63 caracteres.
-## Limitações do Cron Job
+## CronJob
-Um trabalho cron cria um objeto de trabalho _about_ uma vez por tempo de execução de seu planejamento, Dizemos "about" porque há certas circunstâncias em que duas tarefas podem ser criadas ou nenhum trabalho pode ser criado. Tentamos torná-los únicos, mas não os impedimos completamente. Portanto, os trabalhos devem ser _idempotente_.
+CronJobs são úteis para criar tarefas periódicas e recorrentes, como a execução de _backups_ ou o envio de mensagens de e-mail. CronJobs também permitem o agendamento de tarefas individuais para um horário específico, como por exemplo uma tarefa que é executada em um período maior de ociosidade do cluster.
-Se `startingDeadlineSeconds` estiver definido como um valor grande ou não definido (o padrão) e se `concurrencyPolicy` estiver definido como `Allow(Permitir)` os trabalhos sempre serão executados pelo menos uma vez.
+### Exemplo
-Para cada CronJob, o CronJob {{< glossary_tooltip term_id="controller" >}} verifica quantas agendas faltou na duração, desde o último horário agendado até agora. Se houver mais de 100 agendamentos perdidos, ele não iniciará o trabalho e registrará o erro
+Este manifesto de CronJob de exemplo imprime a data e horário atuais, seguidos da mensagem "Hello from the Kubernetes cluster", uma vez por minuto:
+
+{{< codenew file="application/job/cronjob.yaml" >}}
+
+(O artigo [Running Automated Tasks with a CronJob](/docs/tasks/job/automated-tasks-with-cron-jobs/) demonstra este exemplo com maiores detalhes).
+
+### Sintaxe do cronograma cron
+
+```
+# ┌───────────── minuto (0 - 59)
+# │ ┌───────────── hora (0 - 23)
+# │ │ ┌───────────── dia do mês (1 - 31)
+# │ │ │ ┌───────────── mês (1 - 12)
+# │ │ │ │ ┌───────────── dia da semana (0 - 6) (domingo a sábado;
+# │ │ │ │ │ 7 também representa domingo em alguns sistemas operacionais)
+# │ │ │ │ │
+# │ │ │ │ │
+# * * * * *
+```
+
+| Expressão | Descrição | Equivalente a |
+| ------------- | ------------- |------------- |
+| @yearly (ou @annually) | Executa uma vez por ano, à meia-noite de 1º de janeiro | 0 0 1 1 * |
+| @monthly | Executa uma vez por mês, à meia-noite do primeiro dia do mês| 0 0 1 * * |
+| @weekly | Executa uma vez por semana, à meia-noite de domingo | 0 0 * * 0 |
+| @daily (ou @midnight) | Executa uma vez por dia, à meia-noite | 0 0 * * * |
+| @hourly | Executa uma vez por hora, no minuto zero | 0 * * * * |
+
+Por exemplo, a linha abaixo determina que a tarefa deve iniciar toda sexta-feira à meia-noite, bem como em todo dia 13 do mês à meia-noite:
+
+`0 0 13 * 5`
+
+É também possível gerar expressões de cronograma para CronJobs utilizando ferramentas da _web_ como o [crontab.guru](https://crontab.guru/).
+
+## Limitações do CronJob
+
+Um CronJob cria uma tarefa _aproximadamente_ uma vez por tempo de execução de seu cronograma. Dizemos "aproximadamente" porque existem circunstâncias em que duas tarefas podem ser criadas, e outras circunstâncias em que nenhuma tarefa será criada. Tentamos tornar estas situações raras, mas não é possível preveni-las completamente. Portanto, as tarefas devem ser _idempotentes_.
+
+Se o valor da propriedade `startingDeadlineSeconds` (limite de tempo de inicialização, em segundos) estiver definido como um valor grande, ou não definido (o padrão), e se a propriedade `concurrencyPolicy` (política de concorrência) estiver definido como `Allow` (permitir), as tarefas sempre serão executadas pelo menos uma vez.
+
+{{< caution >}}
+
+Se a propriedade `startingDeadlineSeconds` estiver definida com um valor menor que 10 segundos, a tarefa cron poderá não ser agendada. Isso ocorre porque o cronograma de execução do {{< glossary_tooltip term_id="controller" text="controlador" >}} do CronJob verifica tarefas a cada 10 segundos.
+
+{{< /caution >}}
+
+Para cada CronJob, o {{< glossary_tooltip term_id="controller" text="controlador" >}} do CronJob verifica quantos agendamentos foram perdidos no tempo entre o último horário agendado e o horário atual. Se houver mais de 100 agendamentos perdidos no período, o controlador não iniciará o trabalho e gerará a seguinte mensagem de erro:
```
Cannot determine if job needs to be started. Too many missed start time (> 100). Set or decrease .spec.startingDeadlineSeconds or check clock skew.
```
-É importante observar que, se o campo `startingDeadlineSeconds` estiver definido (não `nil`), o controlador contará quantas tarefas perdidas ocorreram a partir do valor de `startingDeadlineSeconds` até agora, e não do último horário programado até agora. Por exemplo, se `startingDeadlineSeconds` for `200`, o controlador contará quantas tarefas perdidas ocorreram nos últimos 200 segundos.
+É importante observar que, se o campo `startingDeadlineSeconds` estiver definido (não `nil`), o controlador contará quantas tarefas perdidas ocorreram a partir do valor de `startingDeadlineSeconds` até agora, e não do último horário agendado até agora. Por exemplo, se `startingDeadlineSeconds` for `200`, o controlador contará quantas tarefas perdidas ocorreram nos últimos 200 segundos.
-Um CronJob é contado como perdido se não tiver sido criado no horário agendado. Por exemplo, se `concurrencyPolicy` estiver definido como `Forbid` e um CronJob tiver sido tentado ser agendado quando havia um agendamento anterior ainda em execução, será contabilizado como perdido.
+Um CronJob é considerado perdido se não for criado no horário agendado. Por exemplo, se `concurrencyPolicy` estiver definido como `Forbid` (proibir) e uma tentativa de agendamento de um novo CronJob ocorreu quando havia um agendamento anterior ainda em execução, o novo agendamento será contabilizado como perdido.
-Por exemplo, suponha que um CronJob esteja definido para agendar um novo trabalho a cada minuto, começando em `08:30:00`, e seu campo `startingDeadlineSeconds` não esteja defindo. Se o controlador CronJob estiver baixo de `08:29:00` para `10:21:00`, o trabalho não será iniciado, pois o número de trabalhos perdidos que perderam o cronograma é maior que 100.
+Por exemplo, suponha que um CronJob esteja definido para agendar uma nova tarefa a cada minuto, começando às `08:30:00`, e seu campo `startingDeadlineSeconds` não esteja definido. Se o controlador do CronJob estiver inativo das `08:29:00` até as `10:21:00`, a tarefa não será iniciada, pois o número de tarefas que perderam seus horários agendados é maior que 100.
-Para ilustrar ainda mais esse conceito, suponha que um CronJob esteja definido para agendar um novo trabalho a cada minuto, começando em `08:30:00`, e seu `startingDeadlineSeconds` está definido em 200 segundos. Se o controlador CronJob estiver inativo no mesmo período do exemplo anterior (`08:29:00` a `10:21:00`), o trabalho ainda será iniciado às 10:22:00. Isso acontece pois o controlador agora verifica quantos agendamentos perdidos ocorreram nos últimos 200 segundos (ou seja, 3 agendamentos perdidos), em vez do último horário agendado até agora.
+Para ilustrar melhor este conceito, suponha que um CronJob esteja definido para agendar uma nova tarefa a cada minuto, começando às `08:30:00`, e seu `startingDeadlineSeconds` esteja definido em 200 segundos. Se o controlador do CronJob estiver inativo no mesmo período do exemplo anterior (das `08:29:00` às `10:21:00`), a tarefa ainda será iniciada às 10:22:00. Isso acontece pois o controlador agora verifica quantos agendamentos perdidos ocorreram nos últimos 200 segundos (ou seja, 3 agendamentos perdidos), ao invés de verificar o período entre o último horário agendado e o horário atual.
-O CronJob é responsável apenas pela criação de trabalhos que correspondem à sua programação, e o trabalho, por sua vez, é responsável pelo gerenciamento dos Pods que ele representa.
+O CronJob é responsável apenas pela criação das tarefas que correspondem à sua programação, e a tarefa, por sua vez, é responsável pelo gerenciamento dos Pods que ele representa.
+
+## Versão do controlador
+
+A partir da versão 1.21 do Kubernetes, a segunda versão do controlador do CronJob é a implementação ativada por padrão. Para desativar o controlador do CronJob padrão e utilizar a versão original do controlador do CronJob, é necessário adicionar o _flag_ de [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) `CronJobControllerV2` à chamada do {{< glossary_tooltip term_id="kube-controller-manager" >}} com o valor `false` (falso). Por exemplo:
+```
+--feature-gates="CronJobControllerV2=false"
+```
+## {{% heading "whatsnext" %}}
+
+A página [Cron expression format](https://en.wikipedia.org/wiki/Cron) documenta o formato dos campos de agendamento do CronJob.
+
+Para instruções sobre criação e utilização de tarefas cron, e para um exemplo de manifesto de CronJob, veja
+[Running automated tasks with cron jobs](/docs/tasks/job/automated-tasks-with-cron-jobs).
diff --git a/content/pt-br/docs/contribute/_index.md b/content/pt-br/docs/contribute/_index.md
index 86c4d92967..e5a227c2f1 100644
--- a/content/pt-br/docs/contribute/_index.md
+++ b/content/pt-br/docs/contribute/_index.md
@@ -1,31 +1,41 @@
---
content_type: concept
-title: Contribua com o Kubernetes docs
-linktitle: Contribute
+title: Contribua com a documentação do Kubernetes
+linktitle: Contribuir
main_menu: true
weight: 80
+no_list: true
+card:
+ name: contribuir
+ weight: 10
+ title: Comece a contribuir para o K8s
+---
---
-Caso você gostaria de contribuir com a documentação ou o site do Kubernetes,
-ficamos felizes em ter sua ajuda! Qualquer pessoa pode contribuir, seja você novo no
-projeto ou se você já esta no mercado há muito tempo. Além disso, Se você se identifica como
-desenvolvedor, usuário final ou alguém que simplesmente não suporta ver erros de digitação.
+*O Kubernetes agradece as melhorias de todos os contribuidores, novos e experientes!*
+{{< note >}}
+Para saber mais sobre como contribuir o Kubernetes em geral, veja a
+[documentação para contribuidor](https://www.kubernetes.dev/docs/).
+{{< /note >}}
+
+Este site é mantido pelo [Kubernetes SIG Docs](/docs/contribute/#get-involved-with-sig-docs).
+
+Contribuidores da documentação do Kubernetes podem:
+ - Melhorar o conteúdo existente
+ - Criar novo conteúdo
+ - Traduzir a documentação
+ - Gerenciar e publicar a documentação como parte do ciclo de lançamento do Kubernetes
## Começando
-Qualquer pessoa pode abrir uma issue descrevendo o problema ou melhorias desejadas com a documentação ou contribuir com uma alteração e uma solicitação de mudança (Pull Request - PR).
-Algumas tarefas exigem mais confiança e precisam de mais acesso na organização Kubernetes.
-Veja [Participando do SIG Docs](/docs/contribute/participating/) para mais detalhes sobre
-as funções e permissões.
-
-A documentação do Kubernetes reside em um repositório do GitHub. Nós damos as boas-vindas
-a todas as contribuições, mas você vai precisa estar familiarizado com o uso básico de git e GitHub para
-operar efetivamente na comunidade Kubernetes.
+Qualquer pessoa pode abrir uma issue sobre a documentação, ou contribuir com uma mudança por meio de um pull request (PR) para o [repositório do Github `kubernetes/website`](https://github.com/kubernetes/website).
+É recomendável que você se sinta confortável com [git](https://git-scm.com/) e
+[Github](https://lab.github.com/) para trabalhar efetivamente na comunidade Kubernetes.
Para se envolver com a documentação:
@@ -33,30 +43,42 @@ Para se envolver com a documentação:
2. Familiarize-se com o [repositório de documentação](https://github.com/kubernetes/website) e o [gerador de site estático](https://gohugo.io) hugo.
3. Certifique-se de entender os processos básicos para [melhorar o conteúdo](https://kubernetes.io/docs/contribute/start/#improve-existing-content) e [revisar alterações](https://kubernetes.io/docs/contribute/start/#review-docs-pull-requests).
-## Melhores Práticas recomendadas para contribuições
+Algumas tarefas requerem mais confiança e mais acessos na organização do Kubernetes.
+Veja [Participando no SIG Docs](/docs/contribute/participate/) para mais detalhes
+sobre funções e permissões.
-- Escreva mensagens GIT claras e significativas.
-- Certifique-se de incluir _Github Special Keywords_ que faz referência a issue e o fecha automaticamente quando o PR é mergeado.
-- Quando você faz uma pequena alteração em um PR, como corrigir um erro de digitação, qualquer alteração de estilo ou gramática, certifique-se de esmagar seus commits (squash) para não obter um grande número de commits por uma alteração relativamente pequena.
-- Certifique-se de incluir uma boa descrição de PR explicando as alterações no código, o motivo de alterar um trecho de código e garantir que haja informações suficientes para o revisor entender seu PR.
-- Leituras adicionais:
- - [chris.beams.io/posts/git-commit/](https://chris.beams.io/posts/git-commit/)
- - [github.com/blog/1506-closing-issues-via-pull-requests ](https://github.com/blog/1506-closing-issues-via-pull-requests )
- - [davidwalsh.name/squash-commits-git ](https://davidwalsh.name/squash-commits-git )
+## Sua primeira contribuição
+- Leia sobre [visão geral para contribuição](/docs/contribute/new-content/overview/) para saber mais sobre diferentes formas para você contribuir.
+- Veja a [lista de issues em `kubernetes/website`](https://github.com/kubernetes/website/issues/) para identificar issues que sejam um bom ponto de partida.
+- [Abra um pull request usando o Github](/docs/contribute/new-content/open-a-pr/#changes-using-github) para documentações existentes e aprenda mais sobre resolver issues no Github.
+- Leia sobre o [guia de conteúdo](/docs/contribute/style/content-guide/) e [guias de estilo](/docs/contribute/style/style-guide/).
+- Leia sobre [tipos de conteúdo de páginas](/docs/contribute/style/page-content-types/) e [shortcodes do Hugo](/docs/contribute/style/hugo-shortcodes/).
-## Outras maneiras de contribuir
+## Próximos passos
-- Para contribuir com a comunidade Kubernetes por meio de fóruns on-line, como Twitter ou Stack Overflow, ou aprender sobre encontros locais e eventos do Kubernetes, visite o a area de [comunidade Kubernetes](/community/).
-- Para contribuir com o desenvolvimento de novas funções, leia o [cheatsheet do colaborador](https://github.com/kubernetes/community/tree/master/contributors/guide/contributor-cheatsheet) para começar.
+ - Aprenda a [trabalhar com um clone local](/docs/contribute/new-content/open-a-pr/#fork-the-repo) de um repositório.
+ - Documente [funcionalidades em uma release](/docs/contribute/new-content/new-features/).
+ - Participe do [SIG Docs](/docs/contribute/participate/), e se torne um
+ [membro ou revisor](/docs/contribute/participate/roles-and-responsibilities/).
+ - Comece ou ajude com uma [localização](/docs/contribute/localization/).
+
+## Se envolva com o SIG Docs
+
+O [SIG Docs](/docs/contribute/participate/) é um grupo de contribuidores que publica e mantém
+a documentação e o site do Kubernetes. Se envolver com o SIG Docs é uma ótima forma de contribuidores Kubernetes (pessoas desenvolvedoras de features ou outros) terem um grande impacto dentro do projeto Kubernetes.
+
+A comunicação do SIG Docs é feita de diferentes formas:
+ - [Entre em `#sig-docs` no slack do Kubernetes](https://slack.k8s.io/).
+ - [Se inscreva na lista de email `kubernetes-dig-docs`](https://groups.google.com/forum/#!forum/kubernetes-sig-docs), onde acontecem discussões e
+ decisões oficiais são registradas.
+ - [Participe do encontro semanal do SIG Docs](https://github.com/kubernetes/community/tree/master/sig-docs). Os encontros são sempre anunciados no `#sig-docs` e adicionados ao [calendário de eventos de comunidade do Kubernetes](https://calendar.google.com/calendar/embed?src=cgnt364vd8s86hr2phapfjc6uk%40group.calendar.google.com&ctz=America/Los_Angeles). Você precisa baixar o [cliente do Zoom](https://zoom.us/download) ou usar um telefone.
+
+## Outras formas de contribuir
+
+- Para contribuir com a comunidade Kubernetes por meio de fóruns on-line, como Twitter ou Stack Overflow, ou aprender sobre encontros locais e eventos do Kubernetes, visite a area de [comunidade Kubernetes](/community/).
+- Para contribuir com o desenvolvimento de novas funcionalidades, leia o [cheatsheet do colaborador](https://github.com/kubernetes/community/tree/master/contributors/guide/contributor-cheatsheet) para começar.
+- Leia o [cheatsheet de contribuidor](https://github.com/kubernetes/community/tree/master/contributors/guide/contributor-cheatsheet) para saber mais sobre as funcionalidades de desenvolvimento do Kubernetes.
+- Submeta [um post de blog ou um caso de estudo](/docs/contribute/new-content/blogs-case-studies/).
-## {{% heading "whatsnext" %}}
-
-
-- Para obter mais informações sobre os conceitos básicos de contribuição para a documentação, leia [Comece a contribuir](/docs/contribute/start/).
-- Siga o [Guia de estilo de documentação do Kubernetes](/docs/contribute/style/style-guide/) ao propor mudanças.
-- Para mais informações sobre o SIG Docs, leia [Participando do SIG Docs](/docs/contribute/participating/).
-- Para mais informações sobre a localização de documentos do Kubernetes, leia [Localização da documentação do Kubernetes](/docs/contribute/localization/).
-
-
diff --git a/content/pt-br/docs/contribute/analytics.md b/content/pt-br/docs/contribute/analytics.md
new file mode 100644
index 0000000000..305e0804cc
--- /dev/null
+++ b/content/pt-br/docs/contribute/analytics.md
@@ -0,0 +1,28 @@
+---
+title: Visualizando Analytics do Site
+content_type: concept
+weight: 100
+card:
+ name: contribuir
+ weight: 100
+---
+
+
+
+Essa página contém informações sobre a dashboard de analystics do kubernetes.io.
+
+
+
+Essa [dashboard](https://datastudio.google.com/reporting/fede2672-b2fd-402a-91d2-7473bdb10f04) foi feita usando
+o Google Data Studio e possui informações coletadas do
+kubernetes.io usando o Google Analytics.
+
+### Usando a dashboard
+
+Por padrão, a dashboard mostra todos os analytics coletados nos últimos 30 dias. Use o seletor de data
+para ver dados de outros intervalos de data. Outras
+opções de filtros permitem que você veja dados baseados
+em localização do usuário para acessar o site, a tradução
+da documentação usada e outros.
+
+Se você identificar um problema com essa dashboard ou quer solicitar qualquer melhoria, [abra uma issue](https://github.com/kubernetes/website/issues/new/choose) no repositório.
diff --git a/content/pt-br/docs/reference/glossary/controller.md b/content/pt-br/docs/reference/glossary/controller.md
old mode 100755
new mode 100644
diff --git a/content/pt-br/docs/reference/glossary/customresourcedefinition.md b/content/pt-br/docs/reference/glossary/customresourcedefinition.md
old mode 100755
new mode 100644
diff --git a/content/pt-br/docs/reference/glossary/job.md b/content/pt-br/docs/reference/glossary/job.md
new file mode 100644
index 0000000000..47a5b451c2
--- /dev/null
+++ b/content/pt-br/docs/reference/glossary/job.md
@@ -0,0 +1,19 @@
+---
+title: Job
+id: job
+date: 2021-07-14
+full_link: /docs/concepts/workloads/controllers/job
+short_description: >
+ Uma tarefa finita ou em lotes que executa até finalizar.
+
+aka:
+tags:
+- fundamental
+- core-object
+- workload
+---
+Uma tarefa finita ou em lotes que executa até finalizar.
+
+
+
+Cria um ou mais objetos do tipo {{< glossary_tooltip term_id="pod" >}} e garante que um número determinado destes finaliza sua execução com sucesso. Conforme os Pods finalizam com sucesso, o Job observa as execuções bem-sucedidas.
diff --git a/content/pt-br/docs/reference/glossary/kubelet.md b/content/pt-br/docs/reference/glossary/kubelet.md
old mode 100755
new mode 100644
diff --git a/content/pt-br/docs/reference/glossary/node.md b/content/pt-br/docs/reference/glossary/node.md
old mode 100755
new mode 100644
diff --git a/content/pt-br/docs/reference/glossary/pod.md b/content/pt-br/docs/reference/glossary/pod.md
old mode 100755
new mode 100644
diff --git a/content/pt-br/docs/tasks/configmap-secret/_index.md b/content/pt-br/docs/tasks/configmap-secret/_index.md
new file mode 100755
index 0000000000..b12622f4fd
--- /dev/null
+++ b/content/pt-br/docs/tasks/configmap-secret/_index.md
@@ -0,0 +1,6 @@
+---
+title: "Gerenciando Secrets"
+weight: 28
+description: Gerenciando dados de configurações usando Secrets.
+---
+
diff --git a/content/pt-br/docs/tasks/configmap-secret/managing-secret-using-config-file.md b/content/pt-br/docs/tasks/configmap-secret/managing-secret-using-config-file.md
new file mode 100644
index 0000000000..0bac8410fa
--- /dev/null
+++ b/content/pt-br/docs/tasks/configmap-secret/managing-secret-using-config-file.md
@@ -0,0 +1,193 @@
+---
+title: Gerenciando Secret usando Arquivo de Configuração
+content_type: task
+weight: 20
+description: Criando objetos Secret usando arquivos de configuração de recursos.
+---
+
+
+
+## {{% heading "prerequisites" %}}
+
+{{< include "task-tutorial-prereqs.md" >}}
+
+
+
+## Crie o arquivo de configuração
+
+Você pode criar um Secret primeiramente em um arquivo, no formato JSON ou YAML, e depois
+criar o objeto. O recurso [Secret](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#secret-v1-core)
+contém dois mapas: `data` e `stringData`.
+O campo `data` é usado para armazenar dados arbitrários, codificados usando base64. O
+campo `stringData` é usado por conveniência, e permite que você use dados para um Secret
+como *strings* não codificadas.
+As chaves para `data` e `stringData` precisam ser compostas por caracteres alfanuméricos,
+`_`, `-` ou `.`.
+
+Por exemplo, para armazenar duas strings em um Secret usando o campo `data`, converta
+as strings para base64 da seguinte forma:
+
+```shell
+echo -n 'admin' | base64
+```
+A saída deve ser similar a:
+
+```
+YWRtaW4=
+```
+
+```shell
+echo -n '1f2d1e2e67df' | base64
+```
+
+A saída deve ser similar a:
+
+```
+MWYyZDFlMmU2N2Rm
+```
+
+Escreva o arquivo de configuração do Secret, que será parecido com:
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: mysecret
+type: Opaque
+data:
+ username: YWRtaW4=
+ password: MWYyZDFlMmU2N2Rm
+```
+
+Perceba que o nome do objeto Secret precisa ser um
+[nome de subdomínio DNS](/docs/concepts/overview/working-with-objects/names#dns-subdomain-name) válido.
+
+{{< note >}}
+Os valores serializados dos dados JSON e YAML de um Secret são codificados em strings
+base64. Novas linhas não são válidas com essas strings e devem ser omitidas. Quando
+usar o utilitário `base64` em Darwin/MacOS, os usuários devem evitar usar a opção `-b`
+para separar linhas grandes. Por outro lado, usuários de Linux *devem* adicionar a opção
+`-w 0` ao comando `base64` ou o *pipe* `base64 | tr -d '\n'` se a opção `w` não estiver disponível
+{{< /note >}}
+
+Para cenários específicos, você pode querer usar o campo `stringData` ao invés de `data`.
+Esse campo permite que você use strings não-base64 diretamente dentro do Secret,
+e a string vai ser codificada para você quando o Secret for criado ou atualizado.
+
+Um exemplo prático para isso pode ser quando você esteja fazendo *deploy* de uma aplicação
+que usa um Secret para armazenar um arquivo de configuração, e você quer popular partes desse
+arquivo de configuração durante o processo de implantação.
+
+Por exemplo, se sua aplicação usa o seguinte arquivo de configuração:
+
+```yaml
+apiUrl: "https://my.api.com/api/v1"
+username: ""
+password: ""
+```
+
+Você pode armazenar isso em um Secret usando a seguinte definição:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: mysecret
+type: Opaque
+stringData:
+ config.yaml: |
+ apiUrl: "https://my.api.com/api/v1"
+ username:
+ password:
+```
+
+## Crie o objeto Secret
+
+Agora, crie o Secret usando [`kubectl apply`](/docs/reference/generated/kubectl/kubectl-commands#apply):
+
+```shell
+kubectl apply -f ./secret.yaml
+```
+
+A saída deve ser similar a:
+
+```
+secret/mysecret created
+```
+
+## Verifique o Secret
+
+O campo `stringData` é um campo de conveniência apenas de leitura. Ele nunca vai ser exibido
+ao buscar um Secret. Por exemplo, se você executar o seguinte comando:
+
+```shell
+kubectl get secret mysecret -o yaml
+```
+
+A saída deve ser similar a:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ creationTimestamp: 2018-11-15T20:40:59Z
+ name: mysecret
+ namespace: default
+ resourceVersion: "7225"
+ uid: c280ad2e-e916-11e8-98f2-025000000001
+type: Opaque
+data:
+ config.yaml: YXBpVXJsOiAiaHR0cHM6Ly9teS5hcGkuY29tL2FwaS92MSIKdXNlcm5hbWU6IHt7dXNlcm5hbWV9fQpwYXNzd29yZDoge3twYXNzd29yZH19
+```
+
+Os comandos `kubectl get` e `kubectl describe` omitem o conteúdo de um `Secret` por padrão.
+Isso para proteger o `Secret` de ser exposto acidentalmente para uma pessoa não autorizada,
+ou ser armazenado em um log de terminal.
+Para verificar o conteúdo atual de um dado codificado, veja [decodificando secret](/docs/tasks/configmap-secret/managing-secret-using-kubectl/#decoding-secret).
+
+Se um campo, como `username`, é especificado em `data` e `stringData`,
+o valor de `stringData` é o usado. Por exemplo, dada a seguinte definição do Secret:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: mysecret
+type: Opaque
+data:
+ username: YWRtaW4=
+stringData:
+ username: administrator
+```
+
+Resulta no seguinte Secret:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ creationTimestamp: 2018-11-15T20:46:46Z
+ name: mysecret
+ namespace: default
+ resourceVersion: "7579"
+ uid: 91460ecb-e917-11e8-98f2-025000000001
+type: Opaque
+data:
+ username: YWRtaW5pc3RyYXRvcg==
+```
+
+Onde `YWRtaW5pc3RyYXRvcg==` é decodificado em `administrator`.
+
+## Limpeza
+
+Para apagar o Secret que você criou:
+
+```shell
+kubectl delete secret mysecret
+```
+
+## {{% heading "whatsnext" %}}
+
+- Leia mais sobre o [conceito do Secret](/docs/concepts/configuration/secret/)
+- Leia sobre como [gerenciar Secret com o comando `kubectl`](/docs/tasks/configmap-secret/managing-secret-using-kubectl/)
+- Leia sobre como [gerenciar Secret usando kustomize](/docs/tasks/configmap-secret/managing-secret-using-kustomize/)
+
diff --git a/content/pt-br/docs/tasks/configmap-secret/managing-secret-using-kubectl.md b/content/pt-br/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
new file mode 100644
index 0000000000..7e6ca6dc7c
--- /dev/null
+++ b/content/pt-br/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
@@ -0,0 +1,152 @@
+---
+title: Gerenciando Secret usando kubectl
+content_type: task
+weight: 10
+description: Criando objetos Secret usando a linha de comando kubectl.
+---
+
+
+
+## {{% heading "prerequisites" %}}
+
+{{< include "task-tutorial-prereqs.md" >}}
+
+
+
+## Criando um Secret
+
+Um `Secret` pode conter credenciais de usuário requeridas por Pods para acesso a um banco de dados.
+Por exemplo, uma string de conexão de banco de dados é composta por um usuário e senha.
+Você pode armazenar o usuário em um arquivo `./username.txt` e a senha em um
+arquivo `./password.txt` na sua máquina local.
+
+```shell
+echo -n 'admin' > ./username.txt
+echo -n '1f2d1e2e67df' > ./password.txt
+```
+
+A opção `-n` nos comandos acima garante que os arquivos criados não vão conter
+uma nova linha extra no final do arquivo de texto. Isso é importante porque
+quando o `kubectl` lê um arquivo e codifica o conteúdo em uma string base64,
+o caractere da nova linha extra também é codificado.
+
+O comando `kubectl create secret` empacota os arquivos em um Secret e cria um
+objeto no API server.
+
+
+```shell
+kubectl create secret generic db-user-pass \
+ --from-file=./username.txt \
+ --from-file=./password.txt
+```
+
+A saída deve ser similar a:
+
+```
+secret/db-user-pass created
+```
+
+O nome da chave padrão é o nome do arquivo. Opcionalmente, você pode definir
+o nome da chave usando `--from-file=[key=]source`. Por exemplo:
+
+```shell
+kubectl create secret generic db-user-pass \
+ --from-file=username=./username.txt \
+ --from-file=password=./password.txt
+```
+Você não precisa escapar o caractere especial em senhas a partir de arquivos (`--from-file`).
+
+Você também pode prover dados para Secret usando a tag `--from-literal==`.
+Essa tag pode ser especificada mais de uma vez para prover múltiplos pares de chave-valor.
+Observe que caracteres especiais como `$`, `\`, `*`, `=`, e `!` vão ser interpretados
+pelo seu [shell](https://en.wikipedia.org/wiki/Shell_(computing)) e precisam ser escapados.
+Na maioria dos shells, a forma mais fácil de escapar as senhas é usar aspas simples (`'`).
+Por exemplo, se sua senha atual é `S!B\*d$zDsb=`, você precisa executar o comando dessa forma:
+
+```shell
+kubectl create secret generic dev-db-secret \
+ --from-literal=username=devuser \
+ --from-literal=password='S!B\*d$zDsb='
+```
+
+## Verificando o Secret
+
+Você pode verificar se o secret foi criado:
+
+```shell
+kubectl get secrets
+```
+
+A saída deve ser similar a:
+
+```
+NAME TYPE DATA AGE
+db-user-pass Opaque 2 51s
+```
+
+Você pode ver a descrição do `Secret`:
+
+```shell
+kubectl describe secrets/db-user-pass
+```
+A saída deve ser similar a:
+
+```
+Name: db-user-pass
+Namespace: default
+Labels:
+Annotations:
+
+Type: Opaque
+
+Data
+====
+password: 12 bytes
+username: 5 bytes
+```
+
+Os comandos `kubectl get` e `kubectl describe` omitem o conteúdo de um `Secret` por padrão.
+Isso para proteger o `Secret` de ser exposto acidentalmente para uma pessoa não autorizada,
+ou ser armazenado em um log de terminal.
+
+## Decodificando o Secret {#decoding-secret}
+
+Para ver o conteúdo de um Secret que você criou, execute o seguinte comando:
+
+```shell
+kubectl get secret db-user-pass -o jsonpath='{.data}'
+```
+
+A saída deve ser similar a:
+
+```json
+{"password":"MWYyZDFlMmU2N2Rm","username":"YWRtaW4="}
+```
+
+Agora, você pode decodificar os dados de `password`:
+
+```shell
+echo 'MWYyZDFlMmU2N2Rm' | base64 --decode
+```
+
+A saída deve ser similar a:
+
+```
+1f2d1e2e67df
+```
+
+## Limpeza
+
+Para apagar o Secret que você criou:
+
+```shell
+kubectl delete secret db-user-pass
+```
+
+
+
+## {{% heading "whatsnext" %}}
+
+- Leia mais sobre o [conceito do Secret](/docs/concepts/configuration/secret/)
+- Leia sobre como [gerenciar Secret com o comando `kubectl`](/docs/tasks/configmap-secret/managing-secret-using-kubectl/)
+- Leia sobre como [gerenciar Secret usando kustomize](/docs/tasks/configmap-secret/managing-secret-using-kustomize/)
diff --git a/content/pt-br/docs/tasks/configmap-secret/managing-secret-using-kustomize.md b/content/pt-br/docs/tasks/configmap-secret/managing-secret-using-kustomize.md
new file mode 100644
index 0000000000..1658afc3de
--- /dev/null
+++ b/content/pt-br/docs/tasks/configmap-secret/managing-secret-using-kustomize.md
@@ -0,0 +1,122 @@
+---
+title: Gerenciando Secret usando Kustomize
+content_type: task
+weight: 30
+description: Criando objetos Secret usando o arquivo kustomization.yaml
+---
+
+
+
+Desde o Kubernetes v1.14, o `kubectl` provê suporte para [gerenciamento de objetos usando Kustomize](/docs/tasks/manage-kubernetes-objects/kustomization/).
+O Kustomize provê geradores de recursos para criar Secrets e ConfigMaps.
+Os geradores Kustomize devem ser especificados em um arquivo `kustomization.yaml` dentro
+de um diretório. Depois de gerar o Secret, você pode criar o Secret com `kubectl apply`.
+## {{% heading "prerequisites" %}}
+
+{{< include "task-tutorial-prereqs.md" >}}
+
+
+
+## Criando um arquivo de Kustomization
+Você pode criar um Secret definindo um `secretGenerator` em um
+arquivo `kustomization.yaml` que referencia outros arquivos existentes.
+Por exemplo, o seguinte arquivo kustomization referencia os
+arquivos `./username.txt` e `./password.txt`:
+
+```yaml
+secretGenerator:
+- name: db-user-pass
+ files:
+ - username.txt
+ - password.txt
+```
+
+Você também pode definir o `secretGenerator` no arquivo `kustomization.yaml`
+por meio de alguns *literais*.
+Por exemplo, o seguinte arquivo `kustomization.yaml` contém dois literais
+para `username` e `password` respectivamente:
+
+```yaml
+secretGenerator:
+- name: db-user-pass
+ literals:
+ - username=admin
+ - password=1f2d1e2e67df
+```
+
+Observe que nos dois casos, você não precisa codificar os valores em base64.
+
+## Criando o Secret
+
+Aplique o diretório que contém o arquivo `kustomization.yaml` para criar o Secret.
+
+```shell
+kubectl apply -k .
+```
+
+A saída deve ser similar a:
+
+```
+secret/db-user-pass-96mffmfh4k created
+```
+
+Observe que quando um Secret é gerado, o nome do segredo é criado usando o hash
+dos dados do Secret mais o valor do hash. Isso garante que
+um novo Secret é gerado cada vez que os dados são modificados.
+
+## Verifique o Secret criado
+
+Você pode verificar que o secret foi criado:
+
+```shell
+kubectl get secrets
+```
+
+A saída deve ser similar a:
+
+```
+NAME TYPE DATA AGE
+db-user-pass-96mffmfh4k Opaque 2 51s
+```
+
+Você pode ver a descrição de um secret:
+
+```shell
+kubectl describe secrets/db-user-pass-96mffmfh4k
+```
+A saída deve ser similar a:
+
+```
+Name: db-user-pass-96mffmfh4k
+Namespace: default
+Labels:
+Annotations:
+
+Type: Opaque
+
+Data
+====
+password.txt: 12 bytes
+username.txt: 5 bytes
+```
+
+Os comandos `kubectl get` e `kubectl describe` omitem o conteúdo de um `Secret` por padrão.
+Isso para proteger o `Secret` de ser exposto acidentalmente para uma pessoa não autorizada,
+ou ser armazenado em um log de terminal.
+Para verificar o conteúdo atual de um dado codificado, veja [decodificando secret](/docs/tasks/configmap-secret/managing-secret-using-kubectl/#decoding-secret).
+
+## Limpeza
+
+Para apagar o Secret que você criou:
+
+```shell
+kubectl delete secret db-user-pass-96mffmfh4k
+```
+
+
+## {{% heading "whatsnext" %}}
+
+- Leia mais sobre o [conceito do Secret](/docs/concepts/configuration/secret/)
+- Leia sobre como [gerenciar Secret com o comando `kubectl`](/docs/tasks/configmap-secret/managing-secret-using-kubectl/)
+- Leia sobre como [gerenciar Secret usando kustomize](/docs/tasks/configmap-secret/managing-secret-using-kustomize/)
+
diff --git a/content/pt-br/docs/tutorials/kubernetes-basics/_index.html b/content/pt-br/docs/tutorials/kubernetes-basics/_index.html
index b397afba37..10b721c3c7 100644
--- a/content/pt-br/docs/tutorials/kubernetes-basics/_index.html
+++ b/content/pt-br/docs/tutorials/kubernetes-basics/_index.html
@@ -27,10 +27,10 @@ card:
Este tutorial fornece instruções básicas sobre o sistema de orquestração de cluster do Kubernetes. Cada módulo contém algumas informações básicas sobre os principais recursos e conceitos do Kubernetes e inclui um tutorial online interativo. Esses tutoriais interativos permitem que você mesmo gerencie um cluster simples e seus aplicativos em contêineres.
Usando os tutoriais interativos, você pode aprender a:
-
Implante um aplicativo em contêiner em um cluster.
-
Dimensione a implantação.
-
Atualize o aplicativo em contêiner com uma nova versão do software.
-
Depure o aplicativo em contêiner.
+
Implantar um aplicativo em contêiner em um cluster.
+
Dimensionar a implantação.
+
Atualizar o aplicativo em contêiner com uma nova versão do software.
+
Depurar o aplicativo em contêiner.
Os tutoriais usam Katacoda para executar um terminal virtual em seu navegador da Web, executado em Minikube, uma implantação local em pequena escala do Kubernetes que pode ser executada em qualquer lugar. Não há necessidade de instalar nenhum software ou configurar nada; cada tutorial interativo é executado diretamente no navegador da web.
diff --git a/content/pt-br/examples/application/job/cronjob.yaml b/content/pt-br/examples/application/job/cronjob.yaml
new file mode 100644
index 0000000000..da905a9048
--- /dev/null
+++ b/content/pt-br/examples/application/job/cronjob.yaml
@@ -0,0 +1,19 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: hello
+spec:
+ schedule: "*/1 * * * *"
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ containers:
+ - name: hello
+ image: busybox
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/sh
+ - -c
+ - date; echo Hello from the Kubernetes cluster
+ restartPolicy: OnFailure
diff --git a/content/pt-br/examples/service/networking/network-policy-allow-all-egress.yaml b/content/pt-br/examples/service/networking/network-policy-allow-all-egress.yaml
new file mode 100644
index 0000000000..42b2a2a296
--- /dev/null
+++ b/content/pt-br/examples/service/networking/network-policy-allow-all-egress.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: allow-all-egress
+spec:
+ podSelector: {}
+ egress:
+ - {}
+ policyTypes:
+ - Egress
diff --git a/content/pt-br/examples/service/networking/network-policy-allow-all-ingress.yaml b/content/pt-br/examples/service/networking/network-policy-allow-all-ingress.yaml
new file mode 100644
index 0000000000..462912dae4
--- /dev/null
+++ b/content/pt-br/examples/service/networking/network-policy-allow-all-ingress.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: allow-all-ingress
+spec:
+ podSelector: {}
+ ingress:
+ - {}
+ policyTypes:
+ - Ingress
diff --git a/content/pt-br/examples/service/networking/network-policy-default-deny-all.yaml b/content/pt-br/examples/service/networking/network-policy-default-deny-all.yaml
new file mode 100644
index 0000000000..5c0086bd71
--- /dev/null
+++ b/content/pt-br/examples/service/networking/network-policy-default-deny-all.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: default-deny-all
+spec:
+ podSelector: {}
+ policyTypes:
+ - Ingress
+ - Egress
diff --git a/content/pt-br/examples/service/networking/network-policy-default-deny-egress.yaml b/content/pt-br/examples/service/networking/network-policy-default-deny-egress.yaml
new file mode 100644
index 0000000000..a4659e1417
--- /dev/null
+++ b/content/pt-br/examples/service/networking/network-policy-default-deny-egress.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: default-deny-egress
+spec:
+ podSelector: {}
+ policyTypes:
+ - Egress
diff --git a/content/pt-br/examples/service/networking/network-policy-default-deny-ingress.yaml b/content/pt-br/examples/service/networking/network-policy-default-deny-ingress.yaml
new file mode 100644
index 0000000000..e823802487
--- /dev/null
+++ b/content/pt-br/examples/service/networking/network-policy-default-deny-ingress.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: default-deny-ingress
+spec:
+ podSelector: {}
+ policyTypes:
+ - Ingress
diff --git a/content/pt-br/includes/task-tutorial-prereqs.md b/content/pt-br/includes/task-tutorial-prereqs.md
new file mode 100644
index 0000000000..eb4177b4fd
--- /dev/null
+++ b/content/pt-br/includes/task-tutorial-prereqs.md
@@ -0,0 +1,6 @@
+Você precisa de um cluster Kubernetes e a ferramenta de linha de comando kubectl
+precisa estar configurada para acessar o seu cluster. Se você ainda não tem um
+cluster, pode criar um usando o [minikube](/docs/tasks/tools/#minikube)
+ou você pode usar um dos seguintes ambientes:
+* [Katacoda](https://www.katacoda.com/courses/kubernetes/playground)
+* [Play with Kubernetes](http://labs.play-with-k8s.com/)
diff --git a/content/ru/_index.html b/content/ru/_index.html
index aaf9f136f5..a460376f12 100644
--- a/content/ru/_index.html
+++ b/content/ru/_index.html
@@ -41,12 +41,12 @@ Kubernetes — это проект с открытым исходным кодо
@@ -56,4 +56,4 @@ Kubernetes — это проект с открытым исходным кодо
{{< blocks/kubernetes-features >}}
-{{< blocks/case-studies >}}
\ No newline at end of file
+{{< blocks/case-studies >}}
diff --git a/content/ru/docs/concepts/architecture/cloud-controller.md b/content/ru/docs/concepts/architecture/cloud-controller.md
index 287afad287..5bb9c3d4fa 100644
--- a/content/ru/docs/concepts/architecture/cloud-controller.md
+++ b/content/ru/docs/concepts/architecture/cloud-controller.md
@@ -1,5 +1,5 @@
---
-title: Диспетчер облочных контроллеров
+title: Диспетчер облачных контроллеров
content_type: concept
weight: 40
---
@@ -8,11 +8,11 @@ weight: 40
{{< feature-state state="beta" for_k8s_version="v1.11" >}}
-Технологии облочной инфраструктуры позволяет запускать Kubernetes в общедоступных, частных и гибритных облоках. Kubernetes верит в автоматизированную,управляемую API инфраструктуру без жесткой связи между компонентами.
+Технологии облачной инфраструктуры позволяет запускать Kubernetes в общедоступных, частных и гибридных облаках. Kubernetes верит в автоматизированную, управляемую API инфраструктуру без жесткой связи между компонентами.
-{{< glossary_definition term_id="cloud-controller-manager" length="all" prepend="Диспетчер облочных контроллеров">}}
+{{< glossary_definition term_id="cloud-controller-manager" length="all" prepend="Диспетчер облачных контроллеров">}}
-Диспетчер облочных контроллеров структурирован с использованием механизма плагинов, которые позволяют различным облочным провайдерам интегрировать свои платформы с Kubernetes.
+Диспетчер облачных контроллеров спроектирован с использованием механизма плагинов, которые позволяют различным облачным провайдерам интегрировать свои платформы с Kubernetes.
@@ -22,44 +22,42 @@ weight: 40
-Диспетчер облочных контроллеров работает в панели управления как реплицированный набот процессов (обычно это контейнер в Pod-ах). Каждый диспетчер облочных контроллеров реализует многоразовые {{< glossary_tooltip text="контроллеры" term_id="controller" >}} в единственном процессе.
+Диспетчер облачных контроллеров работает в панели управления как реплицированный набор процессов (обычно это контейнер в Pod-ах). Каждый диспетчер облачных контроллеров реализует множество {{< glossary_tooltip text="контроллеров" term_id="controller" >}} в единственном процессе.
{{< note >}}
-Вы так же можете запустить диспетчер облочных контроллеров как {{< glossary_tooltip text="дополнение" term_id="addons" >}} Kubernetes, а некак часть панели управления.
+Вы также можете запустить диспетчер облачных контроллеров как {{< glossary_tooltip text="дополнение" term_id="addons" >}} Kubernetes, а не как часть панели управления.
{{< /note >}}
-## Функции диспетчера облочных контроллеров {#functions-of-the-ccm}
+## Функции диспетчера облачных контроллеров {#functions-of-the-ccm}
-Контроллеры внутри диспетчера облочных контроллеров включают в себя:
+Контроллеры внутри диспетчера облачных контроллеров включают в себя:
### Контролер узла
-Контроллер узла отвечает за создание объектов {{< glossary_tooltip text="узла" term_id="node" >}} при создании новых серверов в вашей облочной инфраструктуре. Контроллер узла получает информацию
-о работающих хостах внутри вашего арендуемого облочного провайдера.
+Контроллер узла отвечает за создание объектов {{< glossary_tooltip text="узла" term_id="node" >}} при создании новых серверов в вашей облачной инфраструктуре. Контроллер узла получает информацию о работающих хостах внутри вашей арендуемой инфраструктуры облачного провайдера.
Контроллер узла выполняет следующие функции:
-1. Инициализация объектов узла для каждого сервера, контроллер которого через API облочного провайдера.
-2. Аннотирование и маркировка объеко узла специфичной для облока информацией, такой как регион, в котором развернут узел и доступные ему ресурсы (процессор, память и т.д.).
+1. Инициализация объектов узла для каждого сервера, которые контроллер получает через API облачного провайдера.
+2. Аннотирование и маркировка объектов узла специфичной для облака информацией, такой как регион узла и доступные ему ресурсы (процессор, память и т.д.).
3. Получение имени хоста и сетевых адресов.
-4. Проверка работоспособности ущла. В случае, если узел перестает отвечать на запросы, этот контроллер проверяется с помощью API вашего облочного провайдера, был ли сервер деактевирован / удален / прекращен.
- Если узел был удален из облока, контроллер удлаяет объект узла из вашего Kubernetes кластера..
+4. Проверка работоспособности узла. В случае, если узел перестает отвечать на запросы, этот контроллер проверяет с помощью API вашего облачного провайдера, был ли сервер деактивирован / удален / прекращен. Если узел был удален из облака, контроллер удлаяет объект узла из вашего Kubernetes кластера.
-Некоторые облочные провайдеры реализуют его разделение на контроллер узла и отдельный контроллер жизненного цикла узла.
+Некоторые облачные провайдеры реализуют его разделение на контроллер узла и отдельный контроллер жизненного цикла узла.
### Контролер маршрута
-Контролер маршрута отвечае за соответствующую настройку маршрутов облоке, чтобы контейнеры на разных узлах кластера Kubernetes могли взаимодействовать друг с другом.
+Контролер маршрута отвечает за соответствующую настройку маршрутов в облаке, чтобы контейнеры на разных узлах кластера Kubernetes могли взаимодействовать друг с другом.
-В зависимости от облочного провайдера, контроллер маршрута способен также выделять блоки IP адресов для сети Pod.
+В зависимости от облачного провайдера, контроллер маршрута способен также выделять блоки IP-адресов для сети Pod-ов.
-### Сервисный контроллер
+### Контроллер сервисов
-{{< glossary_tooltip text="Службы" term_id="service" >}} интегрируются с компонентами облочной инфраструктуры, такими как управляемые балансировщики нагрузки, IP адреса, фильтрация сетевых пакетов и проверка работоспособности целевых объектов. Сервисный контроллер взаимодействует с API вашего облочного провайдера для настройки балансировщиков нагрузки и других компонентов инфраструктуры, когда вы объявляете ресурсные службы которые он требует.
+{{< glossary_tooltip text="Сервисы" term_id="service" >}} интегрируются с компонентами облачной инфраструктуры, такими как управляемые балансировщики нагрузки, IP-адреса, фильтрация сетевых пакетов и проверка работоспособности целевых объектов. Контроллер сервисов взаимодействует с API вашего облачного провайдера для настройки требуемых балансировщиков нагрузки и других компонентов инфраструктуры, когда вы объявляете ресурсы сервисов.
## Авторизация
-В этом разделе разбирается доступ, который нужен для управления облочным контроллером к различным объектам API для выполнения своих операций.
+В этом разделе разбирается доступ к различным объектам API, который нужен облачным контроллерам для выполнения своих операций.
### Контроллер узла {#authorization-node-controller}
@@ -77,19 +75,19 @@ weight: 40
### Контролер маршрута {#authorization-route-controller}
-Контролер маршрута прослушивает создание объектов узла и соответствующим образом настраивает маршруты. Для этого требуется получить доступ к объектам узла.
+Контролер маршрута прослушивает создание объектов узла и соответствующим образом настраивает маршруты. Для этого требуется получить доступ к объектам узла.
`v1/Node`:
- Get
-### Сервисный контроллер {#authorization-service-controller}
+### Контроллер сервисов {#authorization-service-controller}
-Сервисный контроллер прослушивает события Create, Update и Delete объектов службы, а затем соответствующим образом настраивает конечные точки для этих соответствующих сервисов.
+Контроллер сервисов прослушивает события Create, Update и Delete объектов служб, а затем соответствующим образом настраивает конечные точки для соответствующих сервисов.
-Для доступа к сервисам, требуется доступ к событиям List и Watch. Для обновления сервисов, требуется доступ к событиям Patch и Update.
+Для доступа к сервисам требуется доступ к событиям List и Watch. Для обновления сервисов требуется доступ к событиям Patch и Update.
-Чтобы настроить ресурсы конечных точек для сервисов, требуется доступ к событиям Create, List, Get, Watch, и Update.
+Чтобы настроить ресурсы конечных точек для сервисов, требуется доступ к событиям Create, List, Get, Watch и Update.
`v1/Service`:
@@ -101,7 +99,7 @@ weight: 40
### Другие {#authorization-miscellaneous}
-Реализация ядра диспетчера облочных контроллеров требует доступ для создания создания объектов события, а для обеспечения безопасной работы требуется доступ для создания учетных записей сервисов (ServiceAccounts).
+Реализация ядра диспетчера облачных контроллеров требует доступ для создания создания объектов событий, а для обеспечения безопасной работы требуется доступ к созданию сервисных учетных записей (ServiceAccounts).
`v1/Event`:
@@ -113,7 +111,7 @@ weight: 40
- Create
-The {{< glossary_tooltip term_id="rbac" text="RBAC" >}} ClusterRole для диспетчера облочных контроллеров выглядить так:
+The {{< glossary_tooltip term_id="rbac" text="RBAC" >}} ClusterRole для диспетчера облачных контроллеров выглядит так:
```yaml
apiVersion: rbac.authorization.k8s.io/v1
@@ -180,13 +178,13 @@ rules:
## {{% heading "whatsnext" %}}
-[Администрирование диспетчера облочных контроллеров](/docs/tasks/administer-cluster/running-cloud-controller/#cloud-controller-manager)
-содержить инструкции по запуску и управлению диспетером облочных контроллеров.
+[Администрирование диспетчера облачных контроллеров](/docs/tasks/administer-cluster/running-cloud-controller/#cloud-controller-manager)
+содержит инструкции по запуску и управлению диспетером облачных контроллеров.
-Хотите знать как реализовать свой собственный диспетчер облочных контроллеров или расширить проект?
+Хотите знать, как реализовать свой собственный диспетчер облачных контроллеров или расширить проект?
-Диспетчер облочных контроллеров использует интерфейс Go, который позволяет реализовать подключение из любого облока. В частности, он использует `CloudProvider` интерфейс, который определен в [`cloud.go`](https://github.com/kubernetes/cloud-provider/blob/release-1.17/cloud.go#L42-L62) из [kubernetes/cloud-provider](https://github.com/kubernetes/cloud-provider).
+Диспетчер облачных контроллеров использует интерфейсы Go, которые позволяют реализовать подключение из любого облака. В частности, он использует интерфейс `CloudProvider`, который определен в [`cloud.go`](https://github.com/kubernetes/cloud-provider/blob/release-1.21/cloud.go#L42-L69) из [kubernetes/cloud-provider](https://github.com/kubernetes/cloud-provider).
-Реализация общих контроллеров выделенных в этом документе (Node, Route, и Service),а так же некоторые возведения вместе с общим облочным провайдерским интерфейсом являются частью ядра Kubernetes. особые реализации, для облочных провайдеров находятся вне ядра Kubernetes и реализуют интерфейс `CloudProvider`.
+Реализация общих контроллеров, описанных в этом документе (Node, Route, и Service), а также некоторые другие вспомогательные конструкции, вместе с общим интерфейсом облачного провайдера являются частью ядра Kubernetes. Особые реализации для облачных провайдеров находятся вне ядра Kubernetes и реализуют интерфейс `CloudProvider`.
-Дополнительные сведения о разработке плагинов см. в разделе [Разработка диспетчера облочных контроллеров](/docs/tasks/administer-cluster/developing-cloud-controller-manager/).
+Дополнительные сведения о разработке плагинов см. в разделе [Разработка диспетчера облачных контроллеров](/docs/tasks/administer-cluster/developing-cloud-controller-manager/).
diff --git a/content/ru/docs/concepts/architecture/garbage-collection.md b/content/ru/docs/concepts/architecture/garbage-collection.md
new file mode 100644
index 0000000000..f7ded8b44e
--- /dev/null
+++ b/content/ru/docs/concepts/architecture/garbage-collection.md
@@ -0,0 +1,134 @@
+---
+title: Сборщик мусора
+content_type: concept
+weight: 50
+---
+
+
+{{}} Это позволить очистить ресурсы, такие как:
+
+ * [Неудачные pod-ы](/docs/concepts/workloads/pods/pod-lifecycle/#pod-garbage-collection)
+ * [Завершенные задания](/docs/concepts/workloads/controllers/ttlafterfinished/)
+ * [Объекты без ссылок на владельца Objects](#owners-dependents)
+ * [Не используемые контейнеры и образы контейнеров](#containers-images)
+ * [Dynamically provisioned PersistentVolumes with a StorageClass reclaim policy of Delete](/docs/concepts/storage/persistent-volumes/#delete)
+ * [Устаревшие или просроченные запросы подписания сертификатов (CSR)](/reference/access-authn-authz/certificate-signing-requests/#request-signing-process)
+ * {{}} удалено в следующих сценариях:
+ * В облаке, когда кластер использует [диспетчер облачных контроллеров](/docs/concepts/architecture/cloud-controller/)
+ * Локально когда кластер использует дополнение, аналогичное диспетчер облачных контроллеров
+ * [Объекты аренды узлов](/docs/concepts/architecture/nodes/#heartbeats)
+
+## Владельцы и зависимости {#owners-dependents}
+
+Многие объекты в Kubernetes ссылаются друг на друга через [*ссылки владельцев*](/docs/concepts/overview/working-with-objects/owners-dependents/).
+Ссылки владельцев сообщают плоскости управления какие объекты зависят от других.
+Kubernetes использует ссылки владельцев, чтобы предоставить плоскости управления и другим API
+клиентам, возможность очистить связанные ресурсы передудалением объекта. В большинстве случаев, Kubernetes автоматический управляет ссылками владельцев.
+
+Владелец отличается от [меток и селекторов](/docs/concepts/overview/working-with-objects/labels/)
+которые также используют некоторые ресурсы. Например, рассмотрим
+{{}} которая создает объект
+`EndpointSlice`. Служба использует *метки* чтобы позволить плоскости управления определить какие `EndpointSlice` объекты используются для этой службы. В дополнение
+к меткам, каждый `EndpointSlice` управляет ои имени службы, имеет
+ссылку владельца. Ссылки владельцев помогают различным частям Kubernetes избегать
+вмешательства в объекты, которые они не контролируют.
+
+{{< note >}}
+Ссылки на владельцев перекрестных пространств имен запрещены по дизайну.
+Зависимости пространства имен могут указывать на область действия кластера или владельцев пространства имен.
+Владелец пространства имен **должен** быть в том же пространстве имен что и зависимости.
+Если это не возможно, cсылка владельца считается отсутствующей и зависимый объект подлежит удалению, как только будет проверено отсутствие всех владельцев.
+
+Зависимости области действия кластер может указывать только владельцев области действия кластера.
+В версии v1.20+, если зависимость с областью действия кластера указывает на пространство имен как владелец,
+тогда он рассматривается как имеющий неразрешимую ссылку на владельца и не может быть обработан сборщиком мусора.
+
+В версии v1.20+, если сборщик мусора обнаружит недопустимое перекрестное пространство имен `ownerReference`,
+или зависящие от облости действия кластера `ownerReference` ссылка на тип пространства имен, предупреждающее событие с причиной `OwnerRefInvalidNamespace` и `involvedObject` сообщающеся о не действительной зависимости.
+Вы можете проверить наличие такого рода событий, выполнив `kubectl get events -A --field-selector=reason=OwnerRefInvalidNamespace`.
+{{< /note >}}
+
+## Каскадное удаление {#cascading-deletion}
+
+Kubernetes проверяет и удаляет объекты, на которые больше нет ссылок владельцев, так же как и pod-ов, оставленных после удаления ReplicaSet. Когда Вы удаляете объект, вы можете контролировать автоматический ли Kubernetes удаляет зависимые объекты автоматически в процессе вызова *каскадного удаления*. Существует два типа каскадного удаления, а именно:
+
+ * Каскадное удалени Foreground
+ * Каскадное удаление Background
+
+Вы так же можете управлять как и когда сборщик мусора удаляет ресурсы, на которые ссылаются владельцы с помощью Kubernetes {{}}.
+
+### Каскадное удалени Foreground {#foreground-deletion}
+
+В Каскадном удалени Foreground, объект владельца, который вы удаляете, сначало переходить в состояние *в процессе удаления*. В этом состоянии с объектом-владельцем происходить следующее:
+
+ * Сервер Kubernetes API устанавливает полю объекта `metadata.deletionTimestamp`
+ время, когда объект был помечен для удаления.
+ * Сервер Kubernetes API так же устанавливает метку `metadata.finalizers`для поля
+ `foregroundDeletion`.
+ * Объект остается видимым блогодоря Kubernetes API пока процесс удаления не завершиться
+
+После того, как владелец объекта переходит в состояние прогресса удаления, контроллер удаляет зависимые объекты. После удаления всех зависимых объектов, контроллер удаляет объект владельца. На этом этапе, объект больше не отображается в Kubernetes API.
+
+Во время каскадного удаления foreground, единственным зависимым, которые блокируют удаления владельца, являются те, у кого имеется поле `ownerReference.blockOwnerDeletion=true`.
+Чтобы узнать больше. Смотрите [Использование каскадного удаления foreground](/docs/tasks/administer-cluster/use-cascading-deletion/#use-foreground-cascading-deletion).
+
+### Каскадное удаление Background {#background-deletion}
+
+В каскадном удалении background, сервер Kubernetes API немедленно удаляет владельца объекта, а контроллер очищает зависимые объекты в фоновом режиме. По умолчанию, Kubernetes использует каскадное удаление background, если вы в ручную не используете удаление foreground или не решите отключить зависимые объекты.
+
+Чтобы узнать больше. Смотрите [Использование каскадного удаления background](/docs/tasks/administer-cluster/use-cascading-deletion/#use-background-cascading-deletion).
+
+### Осиротевшие зависимости
+
+Когда Kubernetes удаляет владельца объекта, оставшиеся зависимости называются *осиротевшыми* объектами. По умолчанию, Kubernetes удаляет зависимые объекты. Чтобы узнать, как переопределить это повидение смотрите [Удаление объектов владельца и осиротевших зависимостей](/docs/tasks/administer-cluster/use-cascading-deletion/#set-orphan-deletion-policy).
+
+## Сбор мусора из неиспользуемых контейнеров и изобробразов {#containers-images}
+
+{{}} выполняет сбор мусора для неиспользуемых образов каждые пять минут и для неиспользуемых контейнеров каждую минуту. Вам следует избегать использования внешних инструментов для сборки мусора, так как они могут
+нарушить поведение kubelet и удалить контейнеры, которые должны существовать.
+
+Чтобы настроить параметры для сборшика мусора для неиспользуемого контейнера и сборки мусора образа, подстройте
+kubelet использую [конфигурационный файл](/docs/tasks/administer-cluster/kubelet-config-file/)
+и измените параметры, связанные со сборшиком мусора используя тип ресурса
+[`KubeletConfiguration`](/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration).
+
+### Жизненный цикл контейнерных образов Container image lifecycle
+
+Kubernetes управляет жизненным циклом всех образов с помощью своего *менеджера образов*, которые являются частью kubelet, в сотрудничестве с cadvisor. При принятии решений о сборке мусора, kubelet учитывает следующие ограничения использования диска:
+
+ * `HighThresholdPercent`
+ * `LowThresholdPercent`
+
+Использование диска выше настроенного значения `HighThresholdPercent` запускает сборку мусора, которая удаляет образы в порядке основанном на последнем использовании, начиная с самого старого. kubelet удлаяет образы до тех пор, пока использование диска не достигнет значения `LowThresholdPercent`.
+
+### Сборщик мусора контейнерных образов {#container-image-garbage-collection}
+
+kubelet собирает не используемые контейнеры на основе следующих переменных, которые вы можете определить:
+
+ * `MinAge`: минимальный возраст, при котором kubelet может начать собирать мусор контейнеров. Отключить, установив значение `0`.
+ * `MaxPerPodContainer`: максимальное количество некативныз контейнеров, которое может быть у каджой пары Pod-ов. Отключить, установив значение меньше чем `0`.
+ * `MaxContainers`: максимальное количество не используемых контейнеров, которые могут быть в кластере. Отключить, установив значение меньше чем `0`.
+
+В дополнение к этим переменным, kubelet собирает неопознанные и удаленные контейнеры, обычно начиная с самого старого.
+
+`MaxPerPodContainer` и `MaxContainer` могут потенциально конфликтовать друг с другом в ситуациях, когда требуется максимальное количество контейнеров в Pod-е (`MaxPerPodContainer`) выйдет за пределы допустимого общего количества глобальных не используемых контейнеров (`MaxContainers`). В этой ситуации kubelet регулирует `MaxPodPerContainer` для устранения конфликта. наихудшим сценарием было бы понизить `MaxPerPodContainer` да `1` и изгнать самые старые контейнеры.
+Кроме того, владельцы контейнеров в pod-е могут быть удалены, как только они становятся старше чем `MinAge`.
+
+{{}}
+Kubelet собирает мусор только у контейнеров, которыми он управляет.
+{{}}
+
+## Настройка сборщик мусора {#configuring-gc}
+
+Вы можете настроить сборку мусора ресурсов, настроив параметры, специфичные для контроллеров, управляющих этими ресурсами. В последующих страницах показанно, как настроить сборку мусора:
+
+ * [Настройка каскадного удаления объектов Kubernetes](/docs/tasks/administer-cluster/use-cascading-deletion/)
+ * [Настройка очистки завершенных заданий](/docs/concepts/workloads/controllers/ttlafterfinished/)
+
+
+
+## {{% heading "whatsnext" %}}
+
+* Узнайте больше о [ownership of Kubernetes objects](/docs/concepts/overview/working-with-objects/owners-dependents/).
+* Узнайте больше о Kubernetes [finalizers](/docs/concepts/overview/working-with-objects/finalizers/).
+* Узнать о [TTL контроллере](/docs/concepts/workloads/controllers/ttlafterfinished/) (beta) that cleans up finished Jobs.
\ No newline at end of file
diff --git a/content/ru/docs/concepts/overview/working-with-objects/names.md b/content/ru/docs/concepts/overview/working-with-objects/names.md
index e73d436533..73477a1475 100644
--- a/content/ru/docs/concepts/overview/working-with-objects/names.md
+++ b/content/ru/docs/concepts/overview/working-with-objects/names.md
@@ -37,7 +37,7 @@ weight: 20
Некоторые типы ресурсов должны соответствовать стандарту меток DNS, который описан в [RFC 1123](https://tools.ietf.org/html/rfc1123). Таким образом, имя должно:
- содержать не более 63 символов
-- содержать только строчные буквенно-цифровые символы или '.'
+- содержать только строчные буквенно-цифровые символы или '-'
- начинаться с буквенно-цифрового символа
- заканчивается буквенно-цифровым символом
diff --git a/content/ru/docs/contribute/generate-ref-docs/contribute-upstream.md b/content/ru/docs/contribute/generate-ref-docs/contribute-upstream.md
index 223aba429f..0834caa522 100644
--- a/content/ru/docs/contribute/generate-ref-docs/contribute-upstream.md
+++ b/content/ru/docs/contribute/generate-ref-docs/contribute-upstream.md
@@ -113,7 +113,6 @@ On branch master
hack/update-generated-swagger-docs.sh
hack/update-openapi-spec.sh
hack/update-generated-protobuf.sh
-hack/update-api-reference-docs.sh
```
Выполните команду `git status`, чтобы посмотреть, какие файлы изменились.
@@ -122,8 +121,6 @@ hack/update-api-reference-docs.sh
On branch master
...
modified: api/openapi-spec/swagger.json
- modified: api/swagger-spec/apps_v1.json
- modified: docs/api-reference/apps/v1/definitions.html
modified: staging/src/k8s.io/api/apps/v1/generated.proto
modified: staging/src/k8s.io/api/apps/v1/types.go
modified: staging/src/k8s.io/api/apps/v1/types_swagger_doc_generated.go
diff --git a/content/ru/docs/contribute/generate-ref-docs/kubernetes-api.md b/content/ru/docs/contribute/generate-ref-docs/kubernetes-api.md
index 883fc8d16c..e96bc29ea7 100644
--- a/content/ru/docs/contribute/generate-ref-docs/kubernetes-api.md
+++ b/content/ru/docs/contribute/generate-ref-docs/kubernetes-api.md
@@ -82,8 +82,8 @@ git clone https://github.com/kubernetes/kubernetes $GOPATH/src/k8s.io/kubernetes
Примеры:
```shell
-export K8S_WEBROOT=$(GOPATH)/src/github.com//website
-export K8S_ROOT=$(GOPATH)/src/k8s.io/kubernetes
+export K8S_WEBROOT=${GOPATH}/src/github.com//website
+export K8S_ROOT=${GOPATH}/src/k8s.io/kubernetes
export K8S_RELEASE=1.17.0
```
diff --git a/content/ru/docs/reference/glossary/garbage-collection.md b/content/ru/docs/reference/glossary/garbage-collection.md
new file mode 100644
index 0000000000..defcd10476
--- /dev/null
+++ b/content/ru/docs/reference/glossary/garbage-collection.md
@@ -0,0 +1,23 @@
+---
+title: Сборшик мусора
+id: garbage-collection
+date: 2021-07-07
+full_link: /docs/concepts/workloads/controllers/garbage-collection/
+short_description: >
+ A collective term for the various mechanisms Kubernetes uses to clean up cluster
+ resources.
+
+aka:
+tags:
+- fundamental
+- operation
+---
+ Сборщик мусора - это собирательный термин для различных механизмов? используемых Kubernetes для очистки ресурсов кластера.
+
+
+
+Kubernetes использует сборку мусора для очистки таких ресурсов, как [неиспользуемые контейнеры и образы](/docs/concepts/workloads/controllers/garbage-collection/#containers-images),
+[неудачные Pod-ы](/docs/concepts/workloads/pods/pod-lifecycle/#pod-garbage-collection),
+[объекты, принадлежащие целевому ресурсу](/docs/concepts/overview/working-with-objects/owners-dependents/),
+[завершенные задачи](/docs/concepts/workloads/controllers/ttlafterfinished/), and resources
+that have expired or failed.
\ No newline at end of file
diff --git a/content/uk/_index.html b/content/uk/_index.html
index ae7873ea7a..ebf3f6ea18 100644
--- a/content/uk/_index.html
+++ b/content/uk/_index.html
@@ -62,12 +62,12 @@ Kubernetes - проект з відкритим вихідним кодом. В
@@ -104,11 +146,14 @@ If true and --cleanup is specified, kube-proxy will also flush IPVS rules, in ad
--cluster-cidr string
-
+
-集群中 Pod 的 CIDR 范围。配置后,将从该范围之外发送到服务集群 IP 的流量被伪装,从 Pod 发送到外部 LoadBalancer IP 的流量将被重定向到相应的集群 IP。
+集群中 Pod 的 CIDR 范围。配置后,将从该范围之外发送到服务集群 IP
+的流量被伪装,从 Pod 发送到外部 LoadBalancer IP 的流量将被重定向
+到相应的集群 IP。
+
@@ -116,96 +161,80 @@ The CIDR range of pods in the cluster. When configured, traffic sent to a Servic
--config string
-
+
配置文件的路径。
+
-
-
---config-sync-period duration 默认值: 15m0s
-
+
--config-sync-period duration 默认值:15m0s
-
+
来自 apiserver 的配置的刷新频率。必须大于 0。
+
-
-
---conntrack-max-per-core int32 默认值: 32768
-
+
--conntrack-max-per-core int32 默认值:32768
-
+
-每个 CPU 核跟踪的最大 NAT 连接数(0 表示保留原样限制并忽略 conntrack-min)。
+每个 CPU 核跟踪的最大 NAT 连接数(0 表示保留当前限制并忽略 conntrack-min 设置)。
+
diff --git a/content/zh/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping.md b/content/zh/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping.md
index 60f3772c07..4151e1bc99 100644
--- a/content/zh/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping.md
+++ b/content/zh/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping.md
@@ -299,8 +299,7 @@ A kubelet authenticating using bootstrap tokens is authenticated as a user in th
@@ -354,7 +353,7 @@ If you want to use bootstrap tokens, you must enable it on kube-apiserver with t
如果你希望使用启动引导令牌,你必须在 kube-apiserver 上使用下面的标志启用之:
-```
+```console
--enable-bootstrap-token-auth=true
```
@@ -373,7 +372,7 @@ kube-apiserver 能够将令牌视作身份认证依据。
至少 128 位混沌数据。这里的随机数生成器可以是现代 Linux 系统上的
`/dev/urandom`。生成令牌的方式有很多种。例如:
-```
+```shell
head -c 16 /dev/urandom | od -An -t x | tr -d ' '
```
@@ -388,7 +387,7 @@ values can be anything and the quoted group name should be as depicted:
令牌文件看起来是下面的例子这样,其中前面三个值可以是任何值,用引号括起来
的组名称则只能用例子中给的值。
-```
+```console
02b50b05283e98dd0fd71db496ef01e8,kubelet-bootstrap,10001,"system:bootstrappers"
```
@@ -406,9 +405,13 @@ further details.
### 授权 kubelet 创建 CSR {#authorize-kubelet-to-create-csr}
@@ -420,7 +423,7 @@ To do this, you just need to create a `ClusterRoleBinding` that binds the `syste
为了实现这一点,你只需要创建 `ClusterRoleBinding`,将 `system:bootstrappers`
组绑定到集群角色 `system:node-bootstrapper`。
-```
+```yaml
# 允许启动引导节点创建 CSR
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@@ -495,7 +498,7 @@ kubelet 身份认证,很重要的一点是为控制器管理器所提供的 CA
要将 Kubernetes CA 密钥和证书提供给 kube-controller-manager,可使用以下标志:
-```
+```shell
--cluster-signing-cert-file="/etc/path/to/kubernetes/ca/ca.crt" --cluster-signing-key-file="/etc/path/to/kubernetes/ca/ca.key"
```
@@ -504,7 +507,7 @@ For example:
-->
例如:
-```
+```shell
--cluster-signing-cert-file="/var/lib/kubernetes/ca.pem" --cluster-signing-key-file="/var/lib/kubernetes/ca-key.pem"
```
@@ -513,7 +516,7 @@ The validity duration of signed certificates can be configured with flag:
-->
所签名的证书的合法期限可以通过下面的标志来配置:
-```
+```shell
--cluster-signing-duration
```
@@ -602,7 +605,7 @@ collection.
-->
作为 [kube-controller-manager](/zh/docs/reference/generated/kube-controller-manager/)
的一部分的 `csrapproving` 控制器是自动被启用的。
-该控制器使用 [`SubjectAccessReview` API](/docs/reference/access-authn-authz/authorization/#checking-api-access)
+该控制器使用 [`SubjectAccessReview` API](/zh/docs/reference/access-authn-authz/authorization/#checking-api-access)
来确定是否某给定用户被授权请求 CSR,之后基于鉴权结果执行批复操作。
为了避免与其它批复组件发生冲突,内置的批复组件不会显式地拒绝任何 CSRs。
该组件仅是忽略未被授权的请求。
@@ -682,7 +685,7 @@ The important elements to note are:
diff --git a/content/zh/docs/reference/command-line-tools-reference/kubelet.md b/content/zh/docs/reference/command-line-tools-reference/kubelet.md
index 6d7d2e757a..f542978d01 100644
--- a/content/zh/docs/reference/command-line-tools-reference/kubelet.md
+++ b/content/zh/docs/reference/command-line-tools-reference/kubelet.md
@@ -8,13 +8,15 @@ weight: 28
kubelet 是在每个 Node 节点上运行的主要 “节点代理”。它可以使用以下之一向 apiserver 注册:
主机名(hostname);覆盖主机名的参数;某云驱动的特定逻辑。
kubelet 是基于 PodSpec 来工作的。每个 PodSpec 是一个描述 Pod 的 YAML 或 JSON 对象。
kubelet 接受通过各种机制(主要是通过 apiserver)提供的一组 PodSpec,并确保这些
@@ -431,9 +433,9 @@ kubelet 将从此标志所指的文件中加载其初始配置。此路径可以
{{< /table >}}
#### IPv4/IPv6 双栈支持 {#ipv4ipv6-dual-stack}
你可以通过使用 `IPv6DualStack`
[特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates/)
来为 `l2bridge` 网络启用 IPv4/IPv6 双栈联网支持。
-进一步的细节可参见[启用 IPv4/IPv6 双协议栈](/zh/docs/concepts/services-networking/dual-stack#enable-ipv4ipv6-dual-stack)。
+进一步的细节可参见
+[启用 IPv4/IPv6 双协议栈](/zh/docs/concepts/services-networking/dual-stack#enable-ipv4ipv6-dual-stack)。
对 Windows 而言,在 Kubernetes 中使用 IPv6 需要
-Windows Server vNext Insider Preview Build 19603 或更高版本。
+Windows Server 2004 (内核版本 10.0.19041.610)或更高版本。
目前 Windows 上的覆盖网络(VXLAN)还不支持双协议栈联网。
### 局限性 {#limitations}
-#### 控制面 {#control-plane}
-
在 Kubernetes 架构和节点阵列中仅支持将 Windows 作为工作节点使用。
这意味着 Kubernetes 集群必须总是包含 Linux 主控节点,零个或者多个 Linux
工作节点以及零个或者多个 Windows 工作节点。
-#### 计算 {#compute}
-
-##### 资源管理与进程隔离 {#resource-management-and-process-isolation}
+#### 资源处理 {#resource-handling}
Linux 上使用 Linux 控制组(CGroups)作为 Pod 的边界,以实现资源控制。
容器都创建于这一边界之内,从而实现网络、进程和文件系统的隔离。
@@ -587,16 +955,82 @@ Linux 上使用 Linux 控制组(CGroups)作为 Pod 的边界,以实现资
获得宿主系统上的任何身份标识。
-##### 操作系统限制 {#operating-system-restrictions}
+#### 资源预留 {#resource-reservations}
-Windows 有着严格的兼容性规则,宿主 OS 的版本必须与容器基准镜像 OS 的版本匹配。
-目前仅支持容器操作系统为 Windows Server 2019 的 Windows 容器。
-对于容器的 Hyper-V 隔离、允许一定程度上的 Windows 容器镜像版本向后兼容性等等,
-都是将来版本计划的一部分。
+##### 内存预留 {#memory-reservations}
+
+Windows 不像 Linux 一样有一个内存耗尽(Out-of-memory)进程杀手(Process
+Killer)机制。Windows 总是将用户态的内存分配视为虚拟请求,页面文件(Pagefile)
+是必需的。这一差异的直接结果是 Windows 不会像 Linux 那样出现内存耗尽的状况,
+系统会将进程内存页面写入磁盘而不会因内存耗尽而终止进程。
+当内存被过量使用且所有物理内存都被用光时,系统的换页行为会导致性能下降。
+
+
+使用 kubelet 参数 `--kubelet-reserve` 与/或 `-system-reserve` 可以统计
+节点上的内存用量(各容器之外),进而可能将内存用量限制在一个合理的范围,。
+这样做会减少节点可分配内存
+([NodeAllocatable](/zh/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable))。
+
+
+在你部署工作负载时,对容器使用资源限制(必须仅设置 limits 或者让 limits 等于
+requests 值)。这也会从 NodeAllocatable 中耗掉部分内存量,从而避免在节点
+负荷已满时调度器继续向节点添加 Pods。
+
+
+避免过量分配的最佳实践是为 kubelet 配置至少 2 GB 的系统预留内存,以供
+Windows、Docker 和 Kubernetes 进程使用。
+
+
+##### CPU 预留 {#cpu-reservations}
+
+为了统计 Windows、Docker 和其他 Kubernetes 宿主进程的 CPU 用量,建议
+预留一定比例的 CPU,以便对事件作出相应。此值需要根据 Windows 节点上
+CPU 核的个数来调整,要确定此百分比值,用户需要为其所有节点确定 Pod
+密度的上线,并监控系统服务的 CPU 用量,从而选择一个符合其负载需求的值。
+
+
+使用 kubelet 参数 `--kubelet-reserve` 与/或 `-system-reserve` 可以统计
+节点上的 CPU 用量(各容器之外),进而可能将 CPU 用量限制在一个合理的范围,。
+这样做会减少节点可分配 CPU
+([NodeAllocatable](/zh/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable))。
##### 功能特性限制 {#feature-restrictions}
@@ -621,48 +1058,36 @@ Windows 有着严格的兼容性规则,宿主 OS 的版本必须与容器基
* 并非支持共享名字空间的所有功能特性(参见 API 节以了解详细信息)
-##### 内存预留与处理 {#memory-reservations-and-handling}
+The behavior of the following kubelet flags is different on Windows nodes as described below:
-Windows 不像 Linux 一样有一个内存耗尽(Out-of-memory)进程杀手(Process
-Killer)机制。Windows 总是将用户态的内存分配视为虚拟请求,页面文件(Pagefile)
-是必需的。这一差异的直接结果是 Windows 不会像 Linux 那样出现内存耗尽的状况,
-系统会将进程内存页面写入磁盘而不会因内存耗尽而终止进程。
-当内存被过量使用且所有物理内存都被用光时,系统的换页行为会导致性能下降。
-
-
-通过一个两步的过程是有可能将内存用量限制在一个合理的范围的。
-首先,使用 kubelet 参数 `--kubelet-reserve` 与/或 `--system-reserve`
-来划分节点上的内存用量(各容器之外)。
-这样做会减少节点可分配内存
-([NodeAllocatable](/zh/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable))。
-在你部署工作负载时,对容器使用资源限制(必须仅设置 limits 或者让 limits 等于
-requests 值)。这也会从 NodeAllocatable 中耗掉部分内存量,从而避免在节点
-负荷已满时调度器继续向节点添加 Pods。
-
-避免过量分配的最佳实践是为 kubelet 配置至少 2 GB 的系统预留内存,以供
-Windows、Docker 和 Kubernetes 进程使用。
-
-
-参数的不同行为描述如下:
+#### 与 Linux 相比参数行为的差别
-* `--kubelet-reserve`、`--system-reserve` 和 `--eviction-hard` 标志会更新节点可分配内存量
+以下 kubelet 参数的行为在 Windows 节点上有些不同,描述如下:
+
+* `--kubelet-reserve`、`--system-reserve` 和 `--eviction-hard` 标志
+ 会更新节点可分配资源量
* 未实现通过使用 `--enforce-node-allocable` 来完成的 Pod 驱逐
* 未实现通过使用 `--eviction-hard` 和 `--eviction-soft` 来完成的 Pod 驱逐
* `MemoryPressure` 状况未实现
@@ -671,24 +1096,42 @@ The behavior of the flags behave differently as described below:
`--kubelet-reserve` 和 `--system-reserve` 不会为 kubelet 或宿主系统上运行
的进程设限。这意味着 kubelet 或宿主系统上的进程可能导致内存资源紧张,
而这一情况既不受节点可分配量影响,也不会被调度器感知。
+* 在 Windows 节点上存在一个额外的参数用来设置 kubelet 进程的优先级,称作
+ `--windows-priorityclass`。此参数允许 kubelet 进程获得与 Windows 宿主上
+ 其他进程相比更多的 CPU 时间片。
+ 关于可用参数值及其含义的进一步信息可参考
+ [Windows Priority Classes](https://docs.microsoft.com/en-us/windows/win32/procthread/scheduling-priorities#priority-class)。
+ 为了让 kubelet 总能够获得足够的 CPU 周期,建议将此参数设置为
+ `ABOVE_NORMAL_PRIORITY_CLASS` 或更高。
#### 存储 {#storage}
Windows 上包含一个分层的文件系统来挂载容器的分层,并会基于 NTFS 来创建一个
拷贝文件系统。容器中的所有文件路径都仅在该容器的上下文内完成解析。
-* 卷挂载仅可针对容器中的目录进行,不可针对独立的文件
-* 卷挂载无法将文件或目录投射回宿主文件系统
+* Docker 卷挂载仅可针对容器中的目录进行,不可针对独立的文件。
+ 这一限制不适用于 CRI-containerD。
+* 卷挂载无法将文件或目录投射回宿主文件系统。
* 不支持只读文件系统,因为 Windows 注册表和 SAM 数据库总是需要写访问权限。
不过,Windows 支持只读的卷。
* 不支持卷的用户掩码和访问许可,因为宿主与容器之间并不共享 SAM,二者之间不存在
@@ -708,25 +1151,27 @@ As a result, the following storage functionality is not supported on Windows nod
* NFS based storage/volume support
* Expanding the mounted volume (resizefs)
-->
-因此,Windows 节点上不支持以下存储功能:
+因此,Windows 节点上不支持以下存储功能特性:
* 卷的子路径挂载;只能在 Windows 容器上挂载整个卷。
-* 为 Secret 执行子路径挂载
-* 宿主挂载投射
-* 默认访问模式(因为该特性依赖 UID/GID)
-* 只读的根文件系统;映射的卷仍然支持 `readOnly`
-* 块设备映射
-* 将内存作为存储介质
-* 类似 UUID/GUID、每用户不同的 Linux 文件系统访问许可等文件系统特性
-* 基于 NFS 的存储和卷支持
-* 扩充已挂载卷(resizefs)
+* 为 Secret 执行子路径挂载;
+* 宿主挂载投射;
+* 默认访问模式 defaultMode(因为该特性依赖 UID/GID);
+* 只读的根文件系统;映射的卷仍然支持 `readOnly`;
+* 块设备映射;
+* 将内存作为存储介质;
+* 类似 UUID/GUID、每用户不同的 Linux 文件系统访问许可等文件系统特性;
+* 基于 NFS 的存储和卷支持;
+* 扩充已挂载卷(resizefs)。
-#### 联网 {#networking}
+#### 联网 {#networking-limitations}
Windows 容器联网与 Linux 联网有着非常重要的差别。
[Microsoft documentation for Windows Container Networking](https://docs.microsoft.com/en-us/virtualization/windowscontainers/container-networking/architecture)
@@ -757,35 +1202,67 @@ Windows 为容器提供的注册表与宿主系统的注册表是分离的,因
The following networking functionality is not supported on Windows nodes
* Host networking mode is not available for Windows pods
-* Local NodePort access from the node itself fails (works for other nodes or external clients)
-* Accessing service VIPs from nodes will be available with a future release of Windows Server
-* Overlay networking support in kube-proxy is an alpha release. In addition, it requires [KB4482887](https://support.microsoft.com/en-us/help/4482887/windows-10-update-kb4482887) to be installed on Windows Server 2019
-* Local Traffic Policy and DSR mode
-* Windows containers connected to l2bridge, l2tunnel, or overlay networks do not support communicating over the IPv6 stack. There is outstanding Windows platform work required to enable these network drivers to consume IPv6 addresses and subsequent Kubernetes work in kubelet, kube-proxy, and CNI plugins.
-* Outbound communication using the ICMP protocol via the win-overlay, win-bridge, and Azure-CNI plugin. Specifically, the Windows data plane ([VFP](https://www.microsoft.com/en-us/research/project/azure-virtual-filtering-platform/)) doesn't support ICMP packet transpositions. This means:
- * ICMP packets directed to destinations within the same network (e.g. pod to pod communication via ping) work as expected and without any limitations
- * TCP/UDP packets work as expected and without any limitations
- * ICMP packets directed to pass through a remote network (e.g. pod to external internet communication via ping) cannot be transposed and thus will not be routed back to their source
- * Since TCP/UDP packets can still be transposed, one can substitute `ping ` with `curl ` to be able to debug connectivity to the outside world.
+
+* Local NodePort access from the node itself fails (works for other nodes or
+ external clients)
+
+* Accessing service VIPs from nodes will be available with a future release of
+ Windows Server
+
+* A single service can only support up to 64 backend pods / unique destination IPs
+
+* Overlay networking support in kube-proxy is a beta feature. In addition, it
+ requires
+ [KB4482887](https://support.microsoft.com/en-us/help/4482887/windows-10-update-kb4482887)
+ to be installed on Windows Server 2019
+
+* Local Traffic Policy in non-DSR mode
+* Windows containers connected to overlay networks do not support
+ communicating over the IPv6 stack. There is outstanding Windows platform
+ work required to enable this network driver to consume IPv6 addresses and
+ subsequent Kubernetes work in kubelet, kube-proxy, and CNI plugins.
-->
Windows 节点不支持以下联网功能:
-* Windows Pod 不能使用宿主网络模式
+* Windows Pod 不能使用宿主网络模式;
* 从节点本地访问 NodePort 会失败(但从其他节点或外部客户端可访问)
-* Windows Server 的未来版本中会支持从节点访问服务的 VIPs
-* kube-proxy 的覆盖网络支持是 Alpha 特性。此外,它要求在 Windows Server 2019 上安装
- [KB4482887](https://support.microsoft.com/en-us/help/4482887/windows-10-update-kb4482887) 补丁
-* 本地流量策略和 DSR(保留目标地址)模式
-* 连接到 l2bridge、l2tunnel 或覆盖网络的 Windows 容器不支持使用 IPv6 协议栈通信。
- 要使得这些网络驱动能够支持 IPv6 地址需要在 Windows 平台上开展大量的工作,
+* Windows Server 的未来版本中会支持从节点访问服务的 VIP;
+* 每个服务最多支持 64 个后端 Pod 或独立的目标 IP 地址;
+* kube-proxy 的覆盖网络支持是 Beta 特性。此外,它要求在 Windows Server 2019 上安装
+ [KB4482887](https://support.microsoft.com/en-us/help/4482887/windows-10-update-kb4482887) 补丁;
+* 非 DSR(保留目标地址)模式下的本地流量策略;
+* 连接到覆盖网络的 Windows 容器不支持使用 IPv6 协议栈通信。
+ 要使得这一网络驱动支持 IPv6 地址需要在 Windows 平台上开展大量的工作,
还需要在 Kubernetes 侧修改 kubelet、kube-proxy 以及 CNI 插件。
+
* 通过 win-overlay、win-bridge 和 Azure-CNI 插件使用 ICMP 协议向集群外通信。
- 尤其是,Windows 数据面([VFP](https://www.microsoft.com/en-us/research/project/azure-virtual-filtering-platform/))
+ 尤其是,Windows 数据面
+ ([VFP](https://www.microsoft.com/en-us/research/project/azure-virtual-filtering-platform/))
不支持转换 ICMP 报文。这意味着:
- * 指向同一网络内目标地址的 ICMP 报文(例如 Pod 之间的 ping 通信)是可以工作的,没有局限性
- * TCP/UDP 报文可以正常工作,没有局限性
+
+ * 指向同一网络内目标地址的 ICMP 报文(例如 Pod 之间的 ping 通信)是可以工作的,
+ 没有局限性;
+ * TCP/UDP 报文可以正常工作,没有局限性;
* 指向远程网络的 ICMP 报文(例如,从 Pod 中 ping 外部互联网的通信)无法被转换,
- 因此也无法被路由回到其源点。
+ 因此也无法被路由回到其源点;
* 由于 TCP/UDP 包仍可被转换,用户可以将 `ping <目标>` 操作替换为 `curl <目标>`
以便能够调试与外部世界的网络连接。
@@ -801,17 +1278,25 @@ Kubernetes v1.15 中添加了以下功能特性:
##### CNI 插件 {#cni-plugins}
* Windows 参考网络插件 win-bridge 和 win-overlay 当前未实现
[CNI spec](https://github.com/containernetworking/cni/blob/master/SPEC.md) v0.4.0,
- 原因是缺少检查用(CHECK)的实现。
+ 原因是缺少检查(CHECK)用的实现。
+
* Windows 上的 Flannel VXLAN CNI 有以下局限性:
1. 其设计上不支持从节点到 Pod 的连接。
@@ -824,12 +1309,25 @@ Kubernetes v1.15 中添加了以下功能特性:
##### DNS {#dns-limitations}
* 不支持 DNS 的 ClusterFirstWithHostNet 配置。Windows 将所有包含 “.” 的名字
视为全限定域名(FQDN),因而不会对其执行部分限定域名(PQDN)解析。
+
* 在 Linux 上,你可以有一个 DNS 后缀列表供解析部分限定域名时使用。
在 Windows 上,我们只有一个 DNS 后缀,即与该 Pod 名字空间相关联的 DNS
后缀(例如 `mydns.svc.cluster.local`)。
@@ -838,12 +1336,17 @@ Kubernetes v1.15 中添加了以下功能特性:
`default.svc.cluster.local`。在 Windows Pod 中,你可以解析
`kubernetes.default.svc.cluster.local` 和 `kubernetes`,但无法解析二者
之间的形式,如 `kubernetes.default` 或 `kubernetes.default.svc`。
+
* 在 Windows 上,可以使用的 DNS 解析程序有很多。由于这些解析程序彼此之间
会有轻微的行为差别,建议使用 `Resolve-DNSName` 工具来完成名字查询解析。
##### IPv6
@@ -853,7 +1356,9 @@ Windows 上的 Kubernetes 不支持单协议栈的“只用 IPv6”联网选项
##### 会话亲和性 {#session-affinity}
@@ -863,10 +1368,12 @@ Windows 服务设置最大会话粘滞时间。
##### 安全性 {#security}
@@ -874,19 +1381,25 @@ Secret 以明文形式写入节点的卷中(而不是像 Linux 那样写入内
这意味着客户必须做以下两件事:
1. 使用文件访问控制列表来保护 Secret 文件所在的位置
-2. 使用 [BitLocker](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server)
+1. 使用 [BitLocker](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server)
来执行卷层面的加密
-Windows 上目前不支持 [`RunAsUser`](/zh/docs/concepts/policy/pod-security-policy/#users-and-groups)。
-一种替代方案是在为容器打包时创建本地账号。
-将来的版本中可能会添加对 `RunAsUser` 的支持。
+用户可以为 Windows Pods 或 Container 设置
+[`RunAsUserName`](/zh/docs/tasks/configure-pod-container/configure-runasusername)
+以便以非节点默认用户来执行容器中的进程。这大致等价于设置
+[`RunAsUser`](/zh/docs/concepts/policy/pod-security-policy/#users-and-groups)。
不支持特定于 Linux 的 Pod 安全上下文特权,例如 SELinux、AppArmor、Seccomp、
权能字(POSIX 权能字)等等。
@@ -896,7 +1409,11 @@ Windows 上目前不支持 [`RunAsUser`](/zh/docs/concepts/policy/pod-security-p
@@ -910,29 +1427,57 @@ At a high level, these OS concepts are different:
在较高层面,不同的 OS 概念有:
* 身份标识 - Linux 使用证书类型来表示用户 ID(UID)和组 ID(GID)。用户和组名
- 没有特定标准,它们仅是 `/etc/groups` 或 `/etc/passwd` 中的别名表项,会映射回
+ 没有特定标准,它们是 `/etc/groups` 或 `/etc/passwd` 中的别名表项,会映射回
UID+GID。Windows 使用一个更大的二进制安全标识符(SID),保存在 Windows
安全访问管理器(Security Access Manager,SAM)数据库中。此数据库并不在宿主系统
与容器间,或者任意两个容器之间共享。
+
* 文件许可 - Windows 使用基于 SID 的访问控制列表,而不是基于 UID+GID 的访问权限位掩码。
-* 文件路径 - Windows 上的习惯是使用 `\` 而非 `/`。Go 语言的 IO 库通常能够同时接受二者,
- 并做出正确判断。不过当你在指定要在容器内解析的路径或命令行时,可能需要使用 `\`。
-* 信号 - Windows 交互式应用以不同方式来处理终止事件,并可实现以下方式之一或组合:
- * UI 线程处理包含 WM_CLOSE 在内的良定的消息
- * 控制台应用使用控制处理程序来处理 Ctrl-C 或 Ctrl-Break
- * 服务会注册服务控制处理程序,接受 SERVICE_CONTROL_STOP 控制代码
+* 文件路径 - Windows 上的习惯是使用 `\` 而非 `/`。Go 语言的 IO
+ 库同时接受这两种文件路径分隔符。不过,当你在指定要在容器内解析的路径或命令行时,
+ 可能需要使用 `\`。
+
+* 信号(Signal) - Windows 交互式应用以不同方式来处理终止事件,并可实现以下方式之一或组合:
+
+ * UI 线程处理包含 `WM_CLOSE` 在内的良定的消息
+
+ * 控制台应用使用控制处理程序来处理 Ctrl-C 或 Ctrl-Break
+
+ * 服务会注册服务控制处理程序,接受 `SERVICE_CONTROL_STOP` 控制代码
+
+
退出代码遵从相同的习惯,0 表示成功,非 0 值表示失败。
特定的错误代码在 Windows 和 Linux 上可能会不同。不过,从 Kubernetes 组件
@@ -941,23 +1486,21 @@ Exit Codes follow the same convention where 0 is success, nonzero is failure. Th
-##### V1.Container
+* V1.Container.ResourceRequirements.limits.cpu and
+ V1.Container.ResourceRequirements.limits.memory - Windows doesn't use hard
+ limits for CPU allocations. Instead, a share system is used. The existing
+ fields based on millicores are scaled into relative shares that are followed
+ by the Windows scheduler.
+ See [kuberuntime/helpers_windows.go](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/kuberuntime/helpers_windows.go),
+ and [resource controls in Microsoft docs](https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/resource-controls)
-* `v1.Container.ResourceRequirements.limits.cpu` 和 `v1.Container.ResourceRequirements.limits.memory` - Windows
+ * Huge pages are not implemented in the Windows container runtime, and are
+ not available. They require
+ [asserting a user privilege](https://docs.microsoft.com/en-us/windows/desktop/Memory/large-page-support)
+ that's not configurable for containers.
+-->
+* `v1.Container.ResourceRequirements.limits.cpu` 和
+ `v1.Container.ResourceRequirements.limits.memory` - Windows
不对 CPU 分配设置硬性的限制。与之相反,Windows 使用一个份额(share)系统。
基于毫核(millicores)的现有字段值会被缩放为相对的份额值,供 Windows 调度器使用。
参见 [kuberuntime/helpers_windows.go](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/kuberuntime/helpers_windows.go) 和
@@ -967,22 +1510,75 @@ Exit Codes follow the same convention where 0 is success, nonzero is failure. Th
巨页支持需要[判定用户的特权](https://docs.microsoft.com/en-us/windows/desktop/Memory/large-page-support)
而这一特性无法在容器级别配置。
-* `v1.Container.ResourceRequirements.requests.cpu` 和 `v1.Container.ResourceRequirements.requests.memory` - 请求
+
+* `v1.Container.ResourceRequirements.requests.cpu` 和
+ `v1.Container.ResourceRequirements.requests.memory` - 请求
值会从节点可分配资源中扣除,从而可用来避免节点上的资源过量分配。
但是,它们无法用来在一个已经过量分配的节点上提供资源保障。
如果操作员希望彻底避免过量分配,作为最佳实践,他们就需要为所有容器设置资源请求值。
-* `v1.Container.SecurityContext.allowPrivilegeEscalation` - 在 Windows 上无法实现,对应的权能
- 无一可在 Windows 上生效。
+
+* `v1.Container.SecurityContext.allowPrivilegeEscalation` - 在 Windows
+ 上无法实现,对应的权能无一可在 Windows 上生效。
+
+
* `v1.Container.SecurityContext.Capabilities` - Windows 上未实现 POSIX 权能机制
* `v1.Container.SecurityContext.privileged` - Windows 不支持特权容器
* `v1.Container.SecurityContext.procMount` - Windows 不包含 `/proc` 文件系统
* `v1.Container.SecurityContext.readOnlyRootFilesystem` - 在 Windows 上无法实现,
要在容器内使用注册表或运行系统进程就必需写访问权限。
+
+
* `v1.Container.SecurityContext.runAsGroup` - 在 Windows 上无法实现,没有 GID 支持
+
* `v1.Container.SecurityContext.runAsNonRoot` - Windows 上没有 root 用户。
与之最接近的等价用户是 `ContainerAdministrator`,而该身份标识在节点上并不存在。
-* `v1.Container.SecurityContext.runAsUser` - 在 Windows 上无法实现,因为没有作为整数支持的 GID。
-* `v1.Container.SecurityContext.seLinuxOptions` - 在 Windows 上无法实现,因为没有 SELinux
+
+* `v1.Container.SecurityContext.runAsUser` - 在 Windows 上无法实现,
+ 因为没有作为整数支持的 GID。
+
+* `v1.Container.SecurityContext.seLinuxOptions` - 在 Windows 上无法实现,
+ 因为没有 SELinux
+
* `V1.Container.terminationMessagePath` - 因为 Windows 不支持单个文件的映射,这一功能
在 Windows 上也受限。默认值 `/dev/termination-log` 在 Windows 上也无法使用因为
对应路径在 Windows 上不存在。
@@ -991,15 +1587,18 @@ Exit Codes follow the same convention where 0 is success, nonzero is failure. Th
##### V1.Pod
* V1.Pod.hostIPC, v1.pod.hostpid - host namespace sharing is not possible on Windows
+
* V1.Pod.hostNetwork - There is no Windows OS support to share the host network
-* V1.Pod.dnsPolicy - ClusterFirstWithHostNet - is not supported because Host Networking is not supported on Windows.
+
+* V1.Pod.dnsPolicy - ClusterFirstWithHostNet - is not supported because Host
+ Networking is not supported on Windows.
+
* V1.Pod.podSecurityContext - see V1.PodSecurityContext below
-* V1.Pod.shareProcessNamespace - this is a beta feature, and depends on Linux namespaces which are not implemented on Windows. Windows cannot share process namespaces or the container's root filesystem. Only the network can be shared.
-* V1.Pod.terminationGracePeriodSeconds - this is not fully implemented in Docker on Windows, see: [reference](https://github.com/moby/moby/issues/25982). The behavior today is that the ENTRYPOINT process is sent CTRL_SHUTDOWN_EVENT, then Windows waits 5 seconds by default, and finally shuts down all processes using the normal Windows shutdown behavior. The 5 second default is actually in the Windows registry [inside the container](https://github.com/moby/moby/issues/25982#issuecomment-426441183), so it can be overridden when the container is built.
-* V1.Pod.volumeDevices - this is a beta feature, and is not implemented on Windows. Windows cannot attach raw block devices to pods.
-* V1.Pod.volumes - EmptyDir, Secret, ConfigMap, HostPath - all work and have tests in TestGrid
- * V1.emptyDirVolumeSource - the Node default medium is disk on Windows. Memory is not supported, as Windows does not have a built-in RAM disk.
-* V1.VolumeMount.mountPropagation - mount propagation is not supported on Windows.
+
+* V1.Pod.shareProcessNamespace - this is a beta feature, and depends on Linux
+ namespaces which are not implemented on Windows. Windows cannot share
+ process namespaces or the container's root filesystem. Only the network can be
+ shared.
-->
##### V1.Pod
@@ -1007,51 +1606,117 @@ Exit Codes follow the same convention where 0 is success, nonzero is failure. Th
* `v1.Pod.hostNetwork` - Windows 操作系统不支持共享宿主网络
* `v1.Pod.dnsPolicy` - 不支持 `ClusterFirstWithHostNet`,因为 Windows 不支持宿主网络
* `v1.Pod.podSecurityContext` - 参见下面的 `v1.PodSecurityContext`
-* `v1.Pod.shareProcessNamespace` - 此为 Beta 特性且依赖于 Windows 上未实现的 Linux
- 名字空间。Windows 无法共享进程名字空间或者容器的根文件系统。只能共享网络。
+* `v1.Pod.shareProcessNamespace` - 此为 Beta 特性且依赖于 Windows 上未实现
+ 的 Linux 名字空间。
+ Windows 无法共享进程名字空间或者容器的根文件系统。只能共享网络。
+
+
* `v1.Pod.terminationGracePeriodSeconds` - 这一特性未在 Windows 版本的 Docker 中完全实现。
参见[问题报告](https://github.com/moby/moby/issues/25982)。
- 目前实现的行为是向 ENTRYPOINT 进程发送 CTRL_SHUTDOWN_EVENT 时间,之后 Windows 默认
+ 目前实现的行为是向 `ENTRYPOINT` 进程发送 `CTRL_SHUTDOWN_EVENT` 事件,之后 Windows 默认
等待 5 秒钟,并最终使用正常的 Windows 关机行为关闭所有进程。
- 这里的 5 秒钟默认值实际上保存在[容器内](https://github.com/moby/moby/issues/25982#issuecomment-426441183)
+ 这里的 5 秒钟默认值实际上保存在
+ [容器内](https://github.com/moby/moby/issues/25982#issuecomment-426441183)
的 Windows 注册表中,因此可以在构造容器时重载。
+
* `v1.Pod.volumeDevices` - 此为 Beta 特性且未在 Windows 上实现。Windows 无法挂接
原生的块设备到 Pod 中。
-* `v1.Pod.volumes` - `emptyDir`、`secret`、`configMap` 和 `hostPath` 都可正常工作且在
- TestGrid 中测试。
- * `v1.emptyDir.volumeSource` - Windows 上节点的默认介质是磁盘。不支持将内存作为介质,
- 因为 Windows 不支持内置的 RAM 磁盘。
+
+
+* `v1.Pod.volumes` - `emptyDir`、`secret`、`configMap` 和 `hostPath`
+ 都可正常工作且在 TestGrid 中测试。
+
+ * `v1.emptyDir.volumeSource` - Windows 上节点的默认介质是磁盘。
+ 不支持将内存作为介质,因为 Windows 不支持内置的 RAM 磁盘。
+
* `v1.VolumeMount.mountPropagation` - Windows 上不支持挂载传播。
##### V1.PodSecurityContext
PodSecurityContext 的所有选项在 Windows 上都无法工作。这些选项列在下面仅供参考。
* `v1.PodSecurityContext.seLinuxOptions` - Windows 上无 SELinux
+
* `v1.PodSecurityContext.runAsUser` - 提供 UID;Windows 不支持
+
* `v1.PodSecurityContext.runAsGroup` - 提供 GID;Windows 不支持
+
* `v1.PodSecurityContext.runAsNonRoot` - Windows 上没有 root 用户
最接近的等价账号是 `ContainerAdministrator`,而该身份标识在节点上不存在
+
* `v1.PodSecurityContext.supplementalGroups` - 提供 GID;Windows 不支持
+
* `v1.PodSecurityContext.sysctls` - 这些是 Linux sysctl 接口的一部分;Windows 上
没有等价机制。
+
+#### 操作系统版本限制 {#operating-system-version-restrictions}
+
+Windows 有着严格的兼容性规则,宿主 OS 的版本必须与容器基准镜像 OS 的版本匹配。
+目前仅支持容器操作系统为 Windows Server 2019 的 Windows 容器。
+对于容器的 Hyper-V 隔离、允许一定程度上的 Windows 容器镜像版本向后兼容性等等,
+都是将来版本计划的一部分。
+
## 获取帮助和故障排查 {#troubleshooting}
@@ -1059,453 +1724,528 @@ Your main source of help for troubleshooting your Kubernetes cluster should star
[这份文档](/docs/tasks/debug-application-cluster/troubleshooting/)。
该文档中包含了一些额外的、特定于 Windows 系统的故障排查帮助信息。
Kubernetes 中日志是故障排查的一个重要元素。确保你在尝试从其他贡献者那里获得
-故障排查帮助时提供日志信息。
-你可以按照 SIG-Windows [贡献指南和收集日志](https://github.com/kubernetes/community/blob/master/sig-windows/CONTRIBUTING.md#gathering-logs)
+故障排查帮助时提供日志信息。你可以按照 SIG-Windows
+[贡献指南和收集日志](https://github.com/kubernetes/community/blob/master/sig-windows/CONTRIBUTING.md#gathering-logs)
所给的指令来操作。
-1. 我怎样知道 `start.ps1` 是否已成功完成?
+* 我怎样知道 `start.ps1` 是否已成功完成?
- 你应该能看到节点上运行的 kubelet、kube-proxy 和(如果你选择 Flannel
- 作为联网方案)flanneld 宿主代理进程,它们的运行日志显示在不同的
- PowerShell 窗口中。此外,你的 Windows 节点应该在你的 Kubernetes 集群
- 列举为 "Ready" 节点。
+ 你应该能看到节点上运行的 kubelet、kube-proxy 和(如果你选择 Flannel
+ 作为联网方案)flanneld 宿主代理进程,它们的运行日志显示在不同的
+ PowerShell 窗口中。此外,你的 Windows 节点应该在你的 Kubernetes 集群
+ 列举为 "Ready" 节点。
-2. 我可以将 Kubernetes 节点进程配置为服务运行在后台么?
+* 我可以将 Kubernetes 节点进程配置为服务运行在后台么?
- kubelet 和 kube-proxy 都已经被配置为以本地 Windows 服务运行,
- 并且在出现失效事件(例如进程意外结束)时通过自动重启服务来提供一定的弹性。
- 你有两种办法将这些节点组件配置为服务。
+ kubelet 和 kube-proxy 都已经被配置为以本地 Windows 服务运行,
+ 并且在出现失效事件(例如进程意外结束)时通过自动重启服务来提供一定的弹性。
+ 你有两种办法将这些节点组件配置为服务。
-
- 1. 以本地 Windows 服务的形式
-
- Kubelet 和 kube-proxy 可以用 `sc.exe` 以本地 Windows 服务的形式运行:
-
- ```powershell
- # 用两个单独的命令为 kubelet 和 kube-proxy 创建服务
- sc.exe create <组件名称> binPath= "<可执行文件路径> -service <其它参数>"
-
- # 请注意如果参数中包含空格,必须使用转义
- sc.exe create kubelet binPath= "C:\kubelet.exe --service --hostname-override 'minion' <其它参数>"
-
- # 启动服务
- Start-Service kubelet
- Start-Service kube-proxy
-
- # 停止服务
- Stop-Service kubelet (-Force)
- Stop-Service kube-proxy (-Force)
-
- # 查询服务状态
- Get-Service kubelet
- Get-Service kube-proxy
- ```
-
-
- 2. 使用 nssm.exe
-
- 你也总是可以使用替代的服务管理器,例如[nssm.exe](https://nssm.cc/),来为你在后台运行
- 这些进程(`flanneld`、`kubelet` 和 `kube-proxy`)。你可以使用这一
- [示例脚本](https://github.com/Microsoft/SDN/tree/master/Kubernetes/flannel/register-svc.ps1),
- 利用 `nssm.exe` 将 `kubelet`、`kube-proxy` 和 `flanneld.exe` 注册为要在后台运行的
- Windows 服务。
-
- ```powershell
- register-svc.ps1 -NetworkMode <网络模式> -ManagementIP -ClusterCIDR <集群子网> -KubeDnsServiceIP -LogDir <日志目录>
-
- # NetworkMode = 网络模式 l2bridge(flannel host-gw,也是默认值)或 overlay(flannel vxlan)选做网络方案
- # ManagementIP = 分配给 Windows 节点的 IP 地址。你可以使用 ipconfig 得到此值
- # ClusterCIDR = 集群子网范围(默认值为 10.244.0.0/16)
- # KubeDnsServiceIP = Kubernetes DNS 服务 IP(默认值为 10.96.0.10)
- # LogDir = kubelet 和 kube-proxy 的日志会被重定向到这一目录中的对应输出文件,默认值为 `C:\k`。
- ```
-
- 若以上所引用的脚本不适合,你可以使用下面的例子手动配置 `nssm.exe`。
-
- ```powershell
- # 注册 flanneld.exe
- nssm install flanneld C:\flannel\flanneld.exe
- nssm set flanneld AppParameters --kubeconfig-file=c:\k\config --iface= --ip-masq=1 --kube-subnet-mgr=1
- nssm set flanneld AppEnvironmentExtra NODE_NAME=<主机名>
- nssm set flanneld AppDirectory C:\flannel
- nssm start flanneld
-
- # 注册 kubelet.exe
- # Microsoft 在 mcr.microsoft.com/k8s/core/pause:1.2.0 发布其 pause 基础设施容器
- nssm install kubelet C:\k\kubelet.exe
- nssm set kubelet AppParameters --hostname-override= --v=6 --pod-infra-container-image=mcr.microsoft.com/k8s/core/pause:1.2.0 --resolv-conf="" --allow-privileged=true --enable-debugging-handlers --cluster-dns= --cluster-domain=cluster.local --kubeconfig=c:\k\config --hairpin-mode=promiscuous-bridge --image-pull-progress-deadline=20m --cgroups-per-qos=false --log-dir= --logtostderr=false --enforce-node-allocatable="" --network-plugin=cni --cni-bin-dir=c:\k\cni --cni-conf-dir=c:\k\cni\config
- nssm set kubelet AppDirectory C:\k
- nssm start kubelet
-
- # 注册 kube-proxy.exe (l2bridge / host-gw)
- nssm install kube-proxy C:\k\kube-proxy.exe
- nssm set kube-proxy AppDirectory c:\k
- nssm set kube-proxy AppParameters --v=4 --proxy-mode=kernelspace --hostname-override=<主机名>--kubeconfig=c:\k\config --enable-dsr=false --log-dir=<日志目录> --logtostderr=false
- nssm.exe set kube-proxy AppEnvironmentExtra KUBE_NETWORK=cbr0
- nssm set kube-proxy DependOnService kubelet
- nssm start kube-proxy
-
- # 注册 kube-proxy.exe (overlay / vxlan)
- nssm install kube-proxy C:\k\kube-proxy.exe
- nssm set kube-proxy AppDirectory c:\k
- nssm set kube-proxy AppParameters --v=4 --proxy-mode=kernelspace --feature-gates="WinOverlay=true" --hostname-override=<主机名> --kubeconfig=c:\k\config --network-name=vxlan0 --source-vip=<源端 VIP> --enable-dsr=false --log-dir=<日志目录> --logtostderr=false
- nssm set kube-proxy DependOnService kubelet
- nssm start kube-proxy
- ```
-
-
- 作为初始的故障排查操作,你可以使用在 [nssm.exe](https://nssm.cc/) 中使用下面的标志
- 以便将标准输出和标准错误输出重定向到一个输出文件:
-
- ```powershell
- nssm set <服务名称> AppStdout C:\k\mysvc.log
- nssm set <服务名称> AppStderr C:\k\mysvc.log
- ```
-
- 要了解更多的细节,可参见官方的 [nssm 用法](https://nssm.cc/usage)文档。
-
-
-3. 我的 Windows Pods 无发连接网络
-
- 如果你在使用虚拟机,请确保 VM 网络适配器均已开启 MAC 侦听(Spoofing)。
-
-
-4. 我的 Windows Pods 无法 ping 外部资源
-
- Windows Pods 目前没有为 ICMP 协议提供出站规则。不过 TCP/UDP 是支持的。
- 尝试与集群外资源连接时,可以将 `ping ` 命令替换为对应的 `curl ` 命令。
-
- 如果你还遇到问题,很可能你在
- [cni.conf](https://github.com/Microsoft/SDN/blob/master/Kubernetes/flannel/l2bridge/cni/config/cni.conf)
- 中的网络配置值得额外的注意。你总是可以编辑这一静态文件。
- 配置的更新会应用到所有新创建的 Kubernetes 资源上。
-
- Kubernetes 网络的需求之一(参见[Kubernetes 模型](/zh/docs/concepts/cluster-administration/networking/))
- 是集群内部无需网络地址转译(NAT)即可实现通信。为了符合这一要求,对所有我们不希望出站时发生 NAT
- 的通信都存在一个 [ExceptionList](https://github.com/Microsoft/SDN/blob/master/Kubernetes/flannel/l2bridge/cni/config/cni.conf#L20)。
- 然而这也意味着你需要将你要查询的外部 IP 从 ExceptionList 中移除。
- 只有这时,从你的 Windows Pod 发起的网络请求才会被正确地通过 SNAT 转换以接收到
- 来自外部世界的响应。
- 就此而言,你在 `cni.conf` 中的 `ExceptionList` 应该看起来像这样:
-
- ```conf
- "ExceptionList": [
- "10.244.0.0/16", # 集群子网
- "10.96.0.0/12", # 服务子网
- "10.127.130.0/24" # 管理(主机)子网
- ]
- ```
-
-
-5. 我的 Windows 节点无法访问 NodePort 服务
-
- 从节点自身发起的本地 NodePort 请求会失败。这是一个已知的局限。
- NodePort 服务的访问从其他节点或者外部客户端都可正常进行。
-
-
-6. 容器的 vNICs 和 HNS 端点被删除了
-
- 这一问题可能因为 `hostname-override` 参数未能传递给
- [kube-proxy](/docs/reference/command-line-tools-reference/kube-proxy/) 而导致。
- 解决这一问题时,用户需要按如下方式将主机名传递给 kube-proxy:
+ Kubelet & kube-proxy can be run as native Windows Services using `sc.exe`.
```powershell
- C:\k\kube-proxy.exe --hostname-override=$(hostname)
+ # Create the services for kubelet and kube-proxy in two separate commands
+ sc.exe create binPath= " -service "
+
+ # Please note that if the arguments contain spaces, they must be escaped.
+ sc.exe create kubelet binPath= "C:\kubelet.exe --service --hostname-override 'minion' "
+
+ # Start the services
+ Start-Service kubelet
+ Start-Service kube-proxy
+
+ # Stop the service
+ Stop-Service kubelet (-Force)
+ Stop-Service kube-proxy (-Force)
+
+ # Query the service status
+ Get-Service kubelet
+ Get-Service kube-proxy
```
+ -->
+ * 以本地 Windows 服务的形式
-
-7. 使用 Flannel 时,我的节点在重新加入集群时遇到问题
-
- 无论何时,当一个之前被删除的节点被重新添加到集群时,flannelD 都会将为节点分配
- 一个新的 Pod 子网。
- 用户需要将将下面路径中的老的 Pod 子网配置文件删除:
-
- ```powershell
- Remove-Item C:\k\SourceVip.json
- Remove-Item C:\k\SourceVipRequest.json
- ```
-
-
-8. 在启动了 `start.ps1` 之后,flanneld 一直停滞在 "Waiting for the Network to be created" 状态
+ # 用两个单独的命令为 kubelet 和 kube-proxy 创建服务
+ sc.exe create <组件名称> binPath="<可执行文件路径> -service <其它参数>"
- 关于这一[正在被分析的问题](https://github.com/coreos/flannel/issues/1066)有很多的报告;
- 最可能的一种原因是关于何时设置 Flannel 网络的管理 IP 的时间问题。
- 一种解决办法是重新启动 `start.ps1` 或者按如下方式手动重启之:
+ # 请注意如果参数中包含空格,必须使用转义
+ sc.exe create kubelet binPath= "C:\kubelet.exe --service --hostname-override 'minion' <其它参数>"
- ```powershell
- PS C:> [Environment]::SetEnvironmentVariable("NODE_NAME", "")
- PS C:> C:\flannel\flanneld.exe --kubeconfig-file=c:\k\config --iface= --ip-masq=1 --kube-subnet-mgr=1
- ```
+ # 启动服务
+ Start-Service kubelet
+ Start-Service kube-proxy
-
-9. 我的 Windows Pods 无法启动,因为缺少 `/run/flannel/subnet.env` 文件
-
- 这表明 Flannel 网络未能正确启动。你可以尝试重启 flanneld.exe 或者将文件手动地
- 从 Kubernetes 主控节点的 `/run/flannel/subnet.env` 路径复制到 Windows 工作
- 节点的 `C:\run\flannel\subnet.env` 路径,并将 `FLANNEL_SUBNET` 行改为一个
- 不同的数值。例如,如果期望节点子网为 `10.244.4.1/24`:
-
- ```env
- FLANNEL_NETWORK=10.244.0.0/16
- FLANNEL_SUBNET=10.244.4.1/24
- FLANNEL_MTU=1500
- FLANNEL_IPMASQ=true
+ # 查询服务状态
+ Get-Service kubelet
+ Get-Service kube-proxy
```
-
-10. 我的 Windows 节点无法使用服务 IP 访问我的服务
+ You can also always use alternative service managers like
+ [nssm.exe](https://nssm.cc/) to run these processes (flanneld, kubelet &
+ kube-proxy) in the background for you. You can use this [sample
+ script](https://github.com/Microsoft/SDN/tree/master/Kubernetes/flannel/register-svc.ps1),
+ leveraging `nssm.exe` to register kubelet, kube-proxy, and `flanneld.exe` to run
+ as Windows services in the background.
+ -->
+ * 使用 nssm.exe
- 这是 Windows 上当前网络协议栈的一个已知的限制。
- Windows Pods 能够访问服务 IP。
-
-
-11. 启动 kubelet 时找不到网络适配器
-
- Windows 网络堆栈需要一个虚拟的适配器,这样 Kubernetes 网络才能工作。
- 如果下面的命令(在管理员 Shell 中)没有任何返回结果,证明虚拟网络创建
- (kubelet 正常工作的必要前提之一)失败了:
+ 你也总是可以使用替代的服务管理器,例如[nssm.exe](https://nssm.cc/),来为你在后台运行
+ 这些进程(`flanneld`、`kubelet` 和 `kube-proxy`)。你可以使用这一
+ [示例脚本](https://github.com/Microsoft/SDN/tree/master/Kubernetes/flannel/register-svc.ps1),
+ 利用 `nssm.exe` 将 `kubelet`、`kube-proxy` 和 `flanneld.exe` 注册为要在后台运行的
+ Windows 服务。
+
+ ```powershell
+ register-svc.ps1 -NetworkMode <网络模式> -ManagementIP -ClusterCIDR <集群子网> -KubeDnsServiceIP -LogDir <日志目录>
```
- 当宿主系统的网络适配器名称不是 "Ethernet" 时,通常值得更改 `start.ps1` 脚本中的
- [InterfaceName](https://github.com/microsoft/SDN/blob/master/Kubernetes/flannel/start.ps1#L7)
- 参数来重试。否则可以查验 `start-kubelet.ps1` 的输出,看看是否在虚拟网络创建
- 过程中报告了其他错误。
+ 这里的参数解释如下:
-
+ - `NetworkMode`:网络模式 l2bridge(flannel host-gw,也是默认值)或
+ overlay(flannel vxlan)选做网络方案
+ - `ManagementIP`:分配给 Windows 节点的 IP 地址。你可以使用 ipconfig 得到此值
+ - `ClusterCIDR`:集群子网范围(默认值为 10.244.0.0/16)
+ - `KubeDnsServiceIP`:Kubernetes DNS 服务 IP(默认值为 10.96.0.10)
+ - `LogDir`:kubelet 和 kube-proxy 的日志会被重定向到这一目录中的对应输出文件,
+ 默认值为 `C:\k`。
- Check that your pause image is compatible with your OS version. The [instructions](https://docs.microsoft.com/en-us/virtualization/windowscontainers/kubernetes/deploying-resources) assume that both the OS and the containers are version 1803. If you have a later version of Windows, such as an Insider build, you need to adjust the images accordingly. Please refer to the Microsoft's [Docker repository](https://hub.docker.com/u/microsoft/) for images. Regardless, both the pause image Dockerfile and the sample service expect the image to be tagged as :latest.
+
-12. 我的 Pods 停滞在 "Container Creating" 状态或者反复重启
+ Register flanneld.exe:
+ -->
+ 若以上所引用的脚本不适合,你可以使用下面的例子手动配置 `nssm.exe`。
- 检查你的 pause 镜像是与你的 OS 版本兼容的。
- [这里的指令](https://docs.microsoft.com/en-us/virtualization/windowscontainers/kubernetes/deploying-resources)
- 假定你的 OS 和容器版本都是 1803。如果你安装的是更新版本的 Windows,比如说
- 某个 Insider 构造版本,你需要相应地调整要使用的镜像。
- 请参照 Microsoft 的 [Docker 仓库](https://hub.docker.com/u/microsoft/)
- 了解镜像。不管怎样,pause 镜像的 Dockerfile 和示例服务都期望镜像的标签
- 为 `:latest`。
+ 注册 flanneld.exe:
- 从 Kubernetes v1.14 版本起,Microsoft 开始在 `mcr.microsoft.com/k8s/core/pause:1.2.0`
- 发布其 pause 基础设施容器。
-
-
-13. DNS 解析无法正常工作
-
- 参阅 Windows 上 [DNS 相关的局限](#dns-limitations) 节。
-
-
-14. `kubectl port-forward` 失败,错误信息为 "unable to do port forwarding: wincat not found"
-
- 此功能是在 Kubernetes v1.15 中实现的,pause 基础设施容器为 `mcr.microsoft.com/k8s/core/pause:1.2.0`。
- 请确保你使用的是这些版本或者更新版本。
- 如果你想要自行构造你自己的 pause 基础设施容器,要确保其中包含了
- [wincat](https://github.com/kubernetes-sigs/sig-windows-tools/tree/master/cmd/wincat)
-
-
-15. 我的 Kubernetes 安装失败,因为我的 Windows Server 节点在防火墙后面
-
- 如果你处于防火墙之后,那么必须定义如下 PowerShell 环境变量:
-
- ```PowerShell
- [Environment]::SetEnvironmentVariable("HTTP_PROXY", "http://proxy.example.com:80/", [EnvironmentVariableTarget]::Machine)
- [Environment]::SetEnvironmentVariable("HTTPS_PROXY", "http://proxy.example.com:443/", [EnvironmentVariableTarget]::Machine)
+ ```powershell
+ nssm install flanneld C:\flannel\flanneld.exe
+ nssm set flanneld AppParameters --kubeconfig-file=c:\k\config --iface= --ip-masq=1 --kube-subnet-mgr=1
+ nssm set flanneld AppEnvironmentExtra NODE_NAME=
+ nssm set flanneld AppDirectory C:\flannel
+ nssm start flanneld
```
+
+ 注册 kubelet.exe:
+
+ ```powershell
+ nssm install kubelet C:\k\kubelet.exe
+ nssm set kubelet AppParameters --hostname-override= --v=6 --pod-infra-container-image=k8s.gcr.io/pause:3.5 --resolv-conf="" --allow-privileged=true --enable-debugging-handlers --cluster-dns= --cluster-domain=cluster.local --kubeconfig=c:\k\config --hairpin-mode=promiscuous-bridge --image-pull-progress-deadline=20m --cgroups-per-qos=false --log-dir= --logtostderr=false --enforce-node-allocatable="" --network-plugin=cni --cni-bin-dir=c:\k\cni --cni-conf-dir=c:\k\cni\config
+ nssm set kubelet AppDirectory C:\k
+ nssm start kubelet
+ ```
+
+
+ 注册 kube-proxy.exe(二层网桥模式和主机网关模式)
+
+ ```powershell
+ nssm install kube-proxy C:\k\kube-proxy.exe
+ nssm set kube-proxy AppDirectory c:\k
+ nssm set kube-proxy AppParameters --v=4 --proxy-mode=kernelspace --hostname-override=--kubeconfig=c:\k\config --enable-dsr=false --log-dir= --logtostderr=false
+ nssm.exe set kube-proxy AppEnvironmentExtra KUBE_NETWORK=cbr0
+ nssm set kube-proxy DependOnService kubelet
+ nssm start kube-proxy
+ ```
+
+
+ 注册 kube-proxy.exe(覆盖网络模式或 VxLAN 模式)
+
+ ```powershell
+ nssm install kube-proxy C:\k\kube-proxy.exe
+ nssm set kube-proxy AppDirectory c:\k
+ nssm set kube-proxy AppParameters --v=4 --proxy-mode=kernelspace --feature-gates="WinOverlay=true" --hostname-override= --kubeconfig=c:\k\config --network-name=vxlan0 --source-vip= --enable-dsr=false --log-dir= --logtostderr=false
+ nssm set kube-proxy DependOnService kubelet
+ nssm start kube-proxy
+ ```
+
+
+ 作为初始的故障排查操作,你可以使用在 [nssm.exe](https://nssm.cc/) 中使用下面的标志
+ 以便将标准输出和标准错误输出重定向到一个输出文件:
+
+ ```powershell
+ nssm set <服务名称> AppStdout C:\k\mysvc.log
+ nssm set <服务名称> AppStderr C:\k\mysvc.log
+ ```
+
+ 要了解更多的细节,可参见官方的 [nssm 用法](https://nssm.cc/usage)文档。
+
-15. `pause` 容器是什么?
+* 我的 Windows Pods 无发连接网络
- 在一个 Kubernetes Pod 中,一个基础设施容器,或称 "pause" 容器,会被首先创建出来,
- 用以托管容器端点。属于同一 Pod 的容器,包括基础设施容器和工作容器,会共享相同的
- 网络名字空间和端点(相同的 IP 和端口空间)。我们需要 pause 容器来工作容器崩溃或
- 重启的状况,以确保不会丢失任何网络配置。
+ 如果你在使用虚拟机,请确保 VM 网络适配器均已开启 MAC 侦听(Spoofing)。
- "pause" (基础设施)镜像托管在 Microsoft Container Registry (MCR) 上。
- 你可以使用 `docker pull mcr.microsoft.com/k8s/core/pause:1.2.0` 来访问它。
- 要了解进一步的细节,可参阅 [DOCKERFILE](https://github.com/kubernetes-sigs/sig-windows-tools/tree/master/cmd/wincat)。
+
+* 我的 Windows Pods 无法 ping 外部资源
+
+ Windows Pods 目前没有为 ICMP 协议提供出站规则。不过 TCP/UDP 是支持的。
+ 尝试与集群外资源连接时,可以将 `ping ` 命令替换为对应的 `curl ` 命令。
+
+
+ 如果你还遇到问题,很可能你在
+ [cni.conf](https://github.com/Microsoft/SDN/blob/master/Kubernetes/flannel/l2bridge/cni/config/cni.conf)
+ 中的网络配置值得额外的注意。你总是可以编辑这一静态文件。
+ 配置的更新会应用到所有新创建的 Kubernetes 资源上。
+
+
+ Kubernetes 网络的需求之一(参见
+ [Kubernetes 网络模型](/zh/docs/concepts/cluster-administration/networking/))
+ 是集群内部无需网络地址转译(NAT)即可实现通信。
+ 为了符合这一要求,对所有我们不希望出站时发生 NAT 的通信都存在一个
+ [ExceptionList](https://github.com/Microsoft/SDN/blob/master/Kubernetes/flannel/l2bridge/cni/config/cni.conf#L20)。
+ 然而这也意味着你需要将你要查询的外部 IP 从 ExceptionList 中移除。
+ 只有这时,从你的 Windows Pod 发起的网络请求才会被正确地通过 SNAT 转换以接收到
+ 来自外部世界的响应。
+ 就此而言,你在 `cni.conf` 中的 `ExceptionList` 应该看起来像这样:
+
+
+ ```conf
+ "ExceptionList": [
+ "10.244.0.0/16", # 集群子网
+ "10.96.0.0/12", # 服务子网
+ "10.127.130.0/24" # 管理(主机)子网
+ ]
+ ```
+
+
+* 我的 Windows 节点无法访问 NodePort 服务
+
+ 从节点自身发起的本地 NodePort 请求会失败。这是一个已知的局限。
+ NodePort 服务的访问从其他节点或者外部客户端都可正常进行。
+
+
+* 容器的 vNICs 和 HNS 端点被删除了
+
+ 这一问题可能因为 `hostname-override` 参数未能传递给
+ [kube-proxy](/zh/docs/reference/command-line-tools-reference/kube-proxy/)
+ 而导致。解决这一问题时,用户需要按如下方式将主机名传递给 kube-proxy:
+
+ ```powershell
+ C:\k\kube-proxy.exe --hostname-override=$(hostname)
+ ```
+
+
+* 使用 Flannel 时,我的节点在重新加入集群时遇到问题
+
+ 无论何时,当一个之前被删除的节点被重新添加到集群时,flannelD 都会将为节点分配
+ 一个新的 Pod 子网。
+ 用户需要将将下面路径中的老的 Pod 子网配置文件删除:
+
+ ```powershell
+ Remove-Item C:\k\SourceVip.json
+ Remove-Item C:\k\SourceVipRequest.json
+ ```
+
+
+* 在启动了 `start.ps1` 之后,flanneld 一直停滞在 "Waiting for the Network
+ to be created" 状态
+
+ 关于这一[问题](https://github.com/coreos/flannel/issues/1066)有很多的报告;
+ 最可能的一种原因是关于何时设置 Flannel 网络的管理 IP 的时间问题。
+ 一种解决办法是重新启动 `start.ps1` 或者按如下方式手动重启之:
+
+ ```powershell
+ [Environment]::SetEnvironmentVariable("NODE_NAME", "")
+ C:\flannel\flanneld.exe --kubeconfig-file=c:\k\config --iface= --ip-masq=1 --kube-subnet-mgr=1
+ ```
+
+
+* 我的 Windows Pods 无法启动,因为缺少 `/run/flannel/subnet.env` 文件
+
+ 这表明 Flannel 网络未能正确启动。你可以尝试重启 flanneld.exe 或者将文件手动地
+ 从 Kubernetes 主控节点的 `/run/flannel/subnet.env` 路径复制到 Windows 工作
+ 节点的 `C:\run\flannel\subnet.env` 路径,并将 `FLANNEL_SUBNET` 行改为一个
+ 不同的数值。例如,如果期望节点子网为 `10.244.4.1/24`:
+
+ ```none
+ FLANNEL_NETWORK=10.244.0.0/16
+ FLANNEL_SUBNET=10.244.4.1/24
+ FLANNEL_MTU=1500
+ FLANNEL_IPMASQ=true
+ ```
+
+* 我的 Windows 节点无法使用服务 IP 访问我的服务
+
+ 这是 Windows 上当前网络协议栈的一个已知的限制。
+ Windows Pods 能够访问服务 IP。
+
+
+* 启动 kubelet 时找不到网络适配器
+
+ Windows 网络堆栈需要一个虚拟的适配器,这样 Kubernetes 网络才能工作。
+ 如果下面的命令(在管理员 Shell 中)没有任何返回结果,证明虚拟网络创建
+ (kubelet 正常工作的必要前提之一)失败了:
+
+ ```powershell
+ Get-HnsNetwork | ? Name -ieq "cbr0"
+ Get-NetAdapter | ? Name -Like "vEthernet (Ethernet*"
+ ```
+
+
+ 当宿主系统的网络适配器名称不是 "Ethernet" 时,通常值得更改 `start.ps1` 脚本中的
+ [InterfaceName](https://github.com/microsoft/SDN/blob/master/Kubernetes/flannel/start.ps1#L7)
+ 参数来重试。否则可以查验 `start-kubelet.ps1` 的输出,看看是否在虚拟网络创建
+ 过程中报告了其他错误。
+
+
+* 我的 Pods 停滞在 "Container Creating" 状态或者反复重启
+
+ 检查你的 pause 镜像是与你的 OS 版本兼容的。
+ [这里的指令](https://docs.microsoft.com/en-us/virtualization/windowscontainers/kubernetes/deploying-resources)
+ 假定你的 OS 和容器版本都是 1803。如果你安装的是更新版本的 Windows,比如说
+ 某个 Insider 构造版本,你需要相应地调整要使用的镜像。
+ 请参照 Microsoft 的 [Docker 仓库](https://hub.docker.com/u/microsoft/)
+ 了解镜像。不管怎样,pause 镜像的 Dockerfile 和示例服务都期望镜像的标签
+ 为 `:latest`。
+
+
+* DNS 解析无法正常工作
+
+ 参阅 Windows 上 [DNS 相关的局限](#dns-limitations) 节。
+
+
+* `kubectl port-forward` 失败,错误信息为 "unable to do port forwarding: wincat not found"
+
+ 此功能是在 Kubernetes v1.15 中实现的,pause 基础设施容器
+ `mcr.microsoft.com/oss/kubernetes/pause:3.4.1` 中包含了 wincat.exe。
+ 请确保你使用的是这些版本或者更新版本。
+ 如果你想要自行构造你自己的 pause 基础设施容器,要确保其中包含了
+ [wincat](https://github.com/kubernetes-sigs/sig-windows-tools/tree/master/cmd/wincat)
+
+ Windows 的端口转发支持需要在 [pause 基础设施容器](#pause-image) 中提供 wincat.exe。
+ 确保你使用的是与你的 Windows 操作系统版本兼容的受支持镜像。
+ 如果你想构建自己的 pause 基础架构容器,请确保包含 [wincat](https://github.com/kubernetes/kubernetes/tree/master/build/pause/windows/wincat).。
+
+
+* 我的 Kubernetes 安装失败,因为我的 Windows Server 节点在防火墙后面
+
+ 如果你处于防火墙之后,那么必须定义如下 PowerShell 环境变量:
+
+ ```PowerShell
+ [Environment]::SetEnvironmentVariable("HTTP_PROXY", "http://proxy.example.com:80/", [EnvironmentVariableTarget]::Machine)
+ [Environment]::SetEnvironmentVariable("HTTPS_PROXY", "http://proxy.example.com:443/", [EnvironmentVariableTarget]::Machine)
+ ```
+
+
+* `pause` 容器是什么?
+
+ 在一个 Kubernetes Pod 中,一个基础设施容器,或称 "pause" 容器,会被首先创建出来,
+ 用以托管容器端点。属于同一 Pod 的容器,包括基础设施容器和工作容器,会共享相同的
+ 网络名字空间和端点(相同的 IP 和端口空间)。我们需要 pause 容器来工作容器崩溃或
+ 重启的状况,以确保不会丢失任何网络配置。
+
+ 请参阅 [pause 镜像](#pause-image) 部分以查找 pause 镜像的推荐版本。
### 进一步探究 {#further-investigation}
@@ -1520,7 +2260,15 @@ If these steps don't resolve your problem, you can get help running Windows cont
## 报告问题和功能需求 {#reporting-issues-and-feature-requests}
@@ -1533,13 +2281,16 @@ If you have what looks like a bug, or you would like to make a feature request,
生成新的 Ticket 之前对一些想法进行故障分析。
在登记软件缺陷时,请给出如何重现该问题的详细信息,例如:
@@ -1553,7 +2304,11 @@ If filing a bug, please include detailed information about how to reproduce the
## {{% heading "whatsnext" %}}
在我们的未来蓝图中包含很多功能特性(要实现)。下面是一个浓缩的简要列表,不过我们
鼓励你查看我们的 [roadmap 项目](https://github.com/orgs/kubernetes/projects/8)并
@@ -1563,11 +2318,16 @@ We have a lot of features in our roadmap. An abbreviated high level list is incl
### Hyper-V 隔离 {#hyper-v-isolation}
@@ -1575,52 +2335,20 @@ Hyper-V isolation is requried to enable the following use cases for Windows cont
要满足 Kubernetes 中 Windows 容器的如下用例,需要利用 Hyper-V 隔离:
* 在 Pod 之间实施基于监管程序(Hypervisor)的隔离,以增强安全性
-* 出于向后兼容需要,允许添加运行新 Windows Server 版本的节点时不必重新创建容器
+* 出于向后兼容需要,允许添加运行新 Windows Server 版本的节点时不必
+ 重新创建容器
* 为 Pod 设置特定的 CPU/NUMA 配置
* 实施内存隔离与预留
-
-现有的 Hyper-V 隔离支持是添加自 v1.10 版本的实验性功能特性,会在未来版本中弃用,
-向前文所提到的 CRI-ContainerD 和 RuntimeClass 特性倾斜。
-要使用当前的功能特性并创建 Hyper-V 隔离的容器,需要在启动 kubelet 时设置特性门控
-`HyperVContainer=true`,同时为 Pod 添加注解
-`experimental.windows.kubernetes.io/isolation-type=hyperv`。
-在实验性实现版本中,此功能特性限制每个 Pod 中只能包含一个容器。
-
-```yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: iis
-spec:
- selector:
- matchLabels:
- app: iis
- replicas: 3
- template:
- metadata:
- labels:
- app: iis
- annotations:
- experimental.windows.kubernetes.io/isolation-type: hyperv
- spec:
- containers:
- - name: iis
- image: microsoft/iis
- ports:
- - containerPort: 80
-```
-
### 使用 kubeadm 和 Cluster API 来部署 {#deployment-with-kubeadm-and-cluster-api}
@@ -1629,15 +2357,3 @@ kubeadm 对 Windows 节点的支持目前还在开发过程中,不过你可以
[指南](/zh/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes/)。
我们也在投入资源到 Cluster API,以确保 Windows 节点被正确配置。
-
-### 若干其他关键功能 {#a-few-other-key-features}
-
-* 为组管理的服务账号(Group Managed Service Accounts,GMSA)提供 Beta 支持
-* 添加更多的 CNI 支持
-* 实现更多的存储插件
-
diff --git a/content/zh/docs/setup/production-environment/windows/user-guide-windows-containers.md b/content/zh/docs/setup/production-environment/windows/user-guide-windows-containers.md
index 93eae4e7d6..88c23e548f 100644
--- a/content/zh/docs/setup/production-environment/windows/user-guide-windows-containers.md
+++ b/content/zh/docs/setup/production-environment/windows/user-guide-windows-containers.md
@@ -1,12 +1,14 @@
---
-title: Kubernetes 中调度 Windows 容器的指南
+title: Kubernetes 中 Windows 容器的调度指南
content_type: concept
weight: 75
---
Windows 应用程序构成了许多组织中运行的服务和应用程序的很大一部分。
本指南将引导您完成在 Kubernetes 中配置和部署 Windows 容器的步骤。
@@ -36,20 +39,28 @@ Windows 应用程序构成了许多组织中运行的服务和应用程序的很
## 在你开始之前
-* 创建一个 Kubernetes 集群,其中包括一个
- [运行 Windows 服务器的主节点和工作节点](/zh/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes/)
-* 重要的是要注意,对于 Linux 和 Windows 容器,在 Kubernetes 上创建和部署服务和工作负载的行为几乎相同。
- 与集群接口的 [Kubectl 命令](/zh/docs/reference/kubectl/overview/)相同。提供以下部分中的示例只是为了快速启动 Windows 容器的使用体验。
+* 创建一个 Kubernetes 集群,其中包括一个控制平面和
+ [运行 Windows 服务器的工作节点](/zh/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes/)
+* 重要的是要注意,对于 Linux 和 Windows 容器,在 Kubernetes
+ 上创建和部署服务和工作负载的行为几乎相同。
+ 与集群接口的 [kubectl 命令](/zh/docs/reference/kubectl/overview/)相同。
+ 提供以下部分中的示例只是为了快速启动 Windows 容器的使用体验。
## 入门:部署 Windows 容器
@@ -102,7 +113,8 @@ spec:
```
{{< note >}}
端口映射也是支持的,但为简单起见,在此示例中容器端口 80 直接暴露给服务。
@@ -127,12 +139,15 @@ Port mapping is also supported, but for simplicity in this example the container
1. Check that the deployment succeeded. To verify:
* Two containers per pod on the Windows node, use `docker ps`
- * Two pods listed from the Linux master, use `kubectl get pods`
- * Node-to-pod communication across the network, `curl` port 80 of your pod IPs from the Linux master to check for a web server response
- * Pod-to-pod communication, ping between pods (and across hosts, if you have more than one Windows node) using docker exec or kubectl exec
- * Service-to-pod communication, `curl` the virtual service IP (seen under `kubectl get services`) from the Linux master and from individual pods
+ * Two pods listed from the Linux control plane node, use `kubectl get pods`
+ * Node-to-pod communication across the network, `curl` port 80 of your pod IPs from the Linux control plane node
+ to check for a web server response
+ * Pod-to-pod communication, ping between pods (and across hosts, if you have more than one Windows node)
+ using docker exec or kubectl exec
+ * Service-to-pod communication, `curl` the virtual service IP (seen under `kubectl get services`)
+ from the Linux control plane node and from individual pods
* Service discovery, `curl` the service name with the Kubernetes [default DNS suffix](/docs/concepts/services-networking/dns-pod-service/#services)
- * Inbound connectivity, `curl` the NodePort from the Linux master or machines outside of the cluster
+ * Inbound connectivity, `curl` the NodePort from the Linux control plane node or machines outside of the cluster
* Outbound connectivity, `curl` external IPs from inside the pod using kubectl exec
-->
1. 检查所有节点是否健康:
@@ -153,36 +168,92 @@ Port mapping is also supported, but for simplicity in this example the container
1. 检查部署是否成功。验证:
* Windows 节点上每个 Pod 有两个容器,使用 `docker ps`
- * Linux 主机列出两个 Pod,使用 `kubectl get pods`
- * 跨网络的节点到 Pod 通信,从 Linux 主服务器 `curl` 您的 pod IPs 的端口80,以检查 Web 服务器响应
- * Pod 到 Pod 的通信,使用 docker exec 或 kubectl exec 在 pod 之间(以及跨主机,如果您有多个 Windows 节点)进行 ping 操作
- * 服务到 Pod 的通信,从 Linux 主服务器和各个 Pod 中 `curl` 虚拟服务 IP(在 `kubectl get services` 下可见)
- * 服务发现,使用 Kubernetes `curl` 服务名称[默认 DNS 后缀](/zh/docs/concepts/services-networking/dns-pod-service/#services)
- * 入站连接,从 Linux 主服务器或集群外部的计算机 `curl` NodePort
+ * Linux 控制平面节点列出两个 Pod,使用 `kubectl get pods`
+ * 跨网络的节点到 Pod 通信,从 Linux 控制平面节点 `curl` 您的 pod IPs 的端口80,以检查 Web 服务器响应
+ * Pod 到 Pod 的通信,使用 docker exec 或 kubectl exec 在 Pod 之间
+ (以及跨主机,如果你有多个 Windows 节点)进行 ping 操作
+ * 服务到 Pod 的通信,从 Linux 控制平面节点和各个 Pod 中 `curl` 虚拟服务 IP
+ (在 `kubectl get services` 下可见)
+ * 服务发现,使用 Kubernetes `curl` 服务名称
+ [默认 DNS 后缀](/zh/docs/concepts/services-networking/dns-pod-service/#services)
+ * 入站连接,从 Linux 控制平面节点或集群外部的计算机 `curl` NodePort
* 出站连接,使用 kubectl exec 从 Pod 内部 curl 外部 IP
{{< note >}}
由于当前平台对 Windows 网络堆栈的限制,Windows 容器主机无法访问在其上调度的服务的 IP。只有 Windows pods 才能访问服务 IP。
{{< /note >}}
+
+## 可观测性 {#observability}
+
+### 抓取来自工作负载的日志
+
+
+日志是可观测性的重要一环;使用日志用户可以获得对负载运行状况的洞察,
+因而日志是故障排查的一个重要手法。
+因为 Windows 容器中的 Windows 容器和负载与 Linux 容器的行为不同,
+用户很难收集日志,因此运行状态的可见性很受限。
+例如,Windows 工作负载通常被配置为将日志输出到 Windows 事件跟踪
+(Event Tracing for Windows,ETW),或者将日志条目推送到应用的事件日志中。
+[LogMonitor](https://github.com/microsoft/windows-container-tools/tree/master/LogMonitor)
+是 Microsoft 提供的一个开源工具,是监视 Windows 容器中所配置的日志源
+的推荐方式。
+LogMonitor 支持监视时间日志、ETW 提供者模块以及自定义的应用日志,
+并使用管道的方式将其输出到标准输出(stdout),以便 `kubectl logs `
+这类命令能够读取这些数据。
+
+
+请遵照 LogMonitor GitHub 页面上的指令,将其可执行文件和配置文件复制到
+你的所有容器中,并为其添加必要的入口点(Entrypoint),以便 LogMonitor
+能够将你的日志输出推送到标准输出(stdout)。
+
+
## 使用可配置的容器用户名
-从 Kubernetes v1.16 开始,可以为 Windows 容器配置与其镜像默认值不同的用户名来运行其入口点和进程。
+从 Kubernetes v1.16 开始,可以为 Windows 容器配置与其镜像默认值不同的用户名
+来运行其入口点和进程。
此能力的实现方式和 Linux 容器有些不同。
-在[此处](/zh/docs/tasks/configure-pod-container/configure-runasusername/)可了解更多信息。
+在[此处](/zh/docs/tasks/configure-pod-container/configure-runasusername/)
+可了解更多信息。
## 使用组托管服务帐户管理工作负载身份
@@ -190,7 +261,8 @@ Starting with Kubernetes v1.14, Windows container workloads can be configured to
组托管服务帐户是 Active Directory 帐户的一种特定类型,它提供自动密码管理,
简化的服务主体名称(SPN)管理以及将管理委派给跨多台服务器的其他管理员的功能。
配置了 GMSA 的容器可以访问外部 Active Directory 域资源,同时携带通过 GMSA 配置的身份。
-在[此处](/zh/docs/tasks/configure-pod-container/configure-gmsa/)了解有关为 Windows 容器配置和使用 GMSA 的更多信息。
+在[此处](/zh/docs/tasks/configure-pod-container/configure-gmsa/)了解有关为
+Windows 容器配置和使用 GMSA 的更多信息。
目前,用户需要将 Linux 和 Windows 工作负载运行在各自特定的操作系统的节点上,
因而需要结合使用污点和节点选择算符。 这可能仅给 Windows 用户造成不便。
@@ -210,7 +285,8 @@ Users today need to use some combination of taints and node selectors in order t
### 确保特定操作系统的工作负载落在适当的容器主机上
用户可以使用污点和容忍度确保 Windows 容器可以调度在适当的主机上。目前所有 Kubernetes 节点都具有以下默认标签:
@@ -218,7 +294,10 @@ Users can ensure Windows containers can be scheduled on the appropriate host usi
* kubernetes.io/arch = [amd64|arm64|...]
如果 Pod 规范未指定诸如 `"kubernetes.io/os": windows` 之类的 nodeSelector,则该 Pod
可能会被调度到任何主机(Windows 或 Linux)上。
@@ -226,7 +305,11 @@ If a Pod specification does not specify a nodeSelector like `"kubernetes.io/os":
最佳实践是使用 nodeSelector。
但是,我们了解到,在许多情况下,用户都有既存的大量的 Linux 容器部署,以及一个现成的配置生态系统,
例如社区 Helm charts,以及程序化 Pod 生成案例,例如 Operators。
@@ -239,11 +322,12 @@ For example: `--register-with-taints='os=windows:NoSchedule'`
例如:`--register-with-taints='os=windows:NoSchedule'`
向所有 Windows 节点添加污点后,Kubernetes 将不会在它们上调度任何负载(包括现有的 Linux Pod)。
-为了使某 Windows Pod 调度到 Windows 节点上,该 Pod 既需要 nodeSelector 选择 Windows,
-也需要合适的匹配的容忍度设置。
+为了使某 Windows Pod 调度到 Windows 节点上,该 Pod 需要 nodeSelector 和合适的匹配的容忍度设置来选择 Windows,
```yaml
nodeSelector:
@@ -266,18 +350,22 @@ The Windows Server version used by each pod must match that of the node. If you
Server versions in the same cluster, then you should set additional node labels and nodeSelectors.
-->
每个 Pod 使用的 Windows Server 版本必须与该节点的 Windows Server 版本相匹配。
-如果要在同一集群中使用多个 Windows Server 版本,则应该设置其他节点标签和 nodeSelector。
+如果要在同一集群中使用多个 Windows Server 版本,则应该设置其他节点标签和
+nodeSelector。
Kubernetes 1.17 自动添加了一个新标签 `node.kubernetes.io/windows-build` 来简化此操作。
如果您运行的是旧版本,则建议手动将此标签添加到 Windows 节点。
-此标签反映了需要兼容的 Windows 主要、次要和内部版本号。以下是当前每个 Windows Server 版本使用的值。
+此标签反映了需要兼容的 Windows 主要、次要和内部版本号。以下是当前每个
+Windows Server 版本使用的值。
| 产品名称 | 内部编号 |
|--------------------------------------|------------------------|
@@ -292,15 +380,19 @@ This label reflects the Windows major, minor, and build number that need to matc
### 使用 RuntimeClass 简化
-[RuntimeClass](/zh/docs/concepts/containers/runtime-class/) 可用于简化使用污点和容忍度的过程。
+[RuntimeClass](/zh/docs/concepts/containers/runtime-class/) 可用于
+简化使用污点和容忍度的过程。
集群管理员可以创建 `RuntimeClass` 对象,用于封装这些污点和容忍度。
-1. 将此文件保存到 `runtimeClasses.yml` 文件。它包括适用于 Windows 操作系统、体系结构和版本的 `nodeSelector`。
+1. 将此文件保存到 `runtimeClasses.yml` 文件。
+ 它包括适用于 Windows 操作系统、体系结构和版本的 `nodeSelector`。
```yaml
apiVersion: node.k8s.io/v1
@@ -324,7 +416,7 @@ This label reflects the Windows major, minor, and build number that need to matc
1. Run `kubectl create -f runtimeClasses.yml` using as a cluster administrator
1. Add `runtimeClassName: windows-2019` as appropriate to Pod specs
-->
-2. 集群管理员运行 `kubectl create -f runtimeClasses.yml` 操作
+2. 集群管理员执行 `kubectl create -f runtimeClasses.yml` 操作
3. 根据需要向 Pod 规约中添加 `runtimeClassName: windows-2019`
-
-# v1.18.0
-
-[Documentation](https://docs.k8s.io)
-
-## Downloads for v1.18.0
-
-filename | sha512 hash
--------- | -----------
-[kubernetes.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes.tar.gz) | `cd5b86a3947a4f2cea6d857743ab2009be127d782b6f2eb4d37d88918a5e433ad2c7ba34221c34089ba5ba13701f58b657f0711401e51c86f4007cb78744dee7`
-[kubernetes-src.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-src.tar.gz) | `fb42cf133355ef18f67c8c4bb555aa1f284906c06e21fa41646e086d34ece774e9d547773f201799c0c703ce48d4d0e62c6ba5b2a4d081e12a339a423e111e52`
-
-### Client Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-client-darwin-386.tar.gz) | `26df342ef65745df12fa52931358e7f744111b6fe1e0bddb8c3c6598faf73af997c00c8f9c509efcd7cd7e82a0341a718c08fbd96044bfb58e80d997a6ebd3c2`
-[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-client-darwin-amd64.tar.gz) | `803a0fed122ef6b85f7a120b5485723eaade765b7bc8306d0c0da03bd3df15d800699d15ea2270bb7797fa9ce6a81da90e730dc793ea4ed8c0149b63d26eca30`
-[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-client-linux-386.tar.gz) | `110844511b70f9f3ebb92c15105e6680a05a562cd83f79ce2d2e25c2dd70f0dbd91cae34433f61364ae1ce4bd573b635f2f632d52de8f72b54acdbc95a15e3f0`
-[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-client-linux-amd64.tar.gz) | `594ca3eadc7974ec4d9e4168453e36ca434812167ef8359086cd64d048df525b7bd46424e7cc9c41e65c72bda3117326ba1662d1c9d739567f10f5684fd85bee`
-[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-client-linux-arm.tar.gz) | `d3627b763606557a6c9a5766c34198ec00b3a3cd72a55bc2cb47731060d31c4af93543fb53f53791062bb5ace2f15cbaa8592ac29009641e41bd656b0983a079`
-[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-client-linux-arm64.tar.gz) | `ba9056eff1452cbdaef699efbf88f74f5309b3f7808d372ebf6918442d0c9fea1653c00b9db3b7626399a460eef9b1fa9e29b827b7784f34561cbc380554e2ea`
-[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-client-linux-ppc64le.tar.gz) | `f80fb3769358cb20820ff1a1ce9994de5ed194aabe6c73fb8b8048bffc394d1b926de82c204f0e565d53ffe7562faa87778e97a3ccaaaf770034a992015e3a86`
-[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-client-linux-s390x.tar.gz) | `a9b658108b6803d60fa3cd4e76d9e58bf75201017164fe54054b7ccadbb68c4ad7ba7800746940bc518d90475e6c0a96965a26fa50882f4f0e56df404f4ae586`
-[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-client-windows-386.tar.gz) | `18adffab5d1be146906fd8531f4eae7153576aac235150ce2da05aee5ae161f6bd527e8dec34ae6131396cd4b3771e0d54ce770c065244ad3175a1afa63c89e1`
-[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-client-windows-amd64.tar.gz) | `162396256429cef07154f817de2a6b67635c770311f414e38b1e2db25961443f05d7b8eb1f8da46dec8e31c5d1d2cd45f0c95dad1bc0e12a0a7278a62a0b9a6b`
-
-### Server Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-server-linux-amd64.tar.gz) | `a92f8d201973d5dfa44a398e95fcf6a7b4feeb1ef879ab3fee1c54370e21f59f725f27a9c09ace8c42c96ac202e297fd458e486c489e05f127a5cade53b8d7c4`
-[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-server-linux-arm.tar.gz) | `62fbff3256bc0a83f70244b09149a8d7870d19c2c4b6dee8ca2714fc7388da340876a0f540d2ae9bbd8b81fdedaf4b692c72d2840674db632ba2431d1df1a37d`
-[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-server-linux-arm64.tar.gz) | `842910a7013f61a60d670079716b207705750d55a9e4f1f93696d19d39e191644488170ac94d8740f8e3aa3f7f28f61a4347f69d7e93d149c69ac0efcf3688fe`
-[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-server-linux-ppc64le.tar.gz) | `95c5b952ac1c4127a5c3b519b664972ee1fb5e8e902551ce71c04e26ad44b39da727909e025614ac1158c258dc60f504b9a354c5ab7583c2ad769717b30b3836`
-[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-server-linux-s390x.tar.gz) | `a46522d2119a0fd58074564c1fa95dd8a929a79006b82ba3c4245611da8d2db9fd785c482e1b61a9aa361c5c9a6d73387b0e15e6a7a3d84fffb3f65db3b9deeb`
-
-### Node Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-node-linux-amd64.tar.gz) | `f714f80feecb0756410f27efb4cf4a1b5232be0444fbecec9f25cb85a7ccccdcb5be588cddee935294f460046c0726b90f7acc52b20eeb0c46a7200cf10e351a`
-[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-node-linux-arm.tar.gz) | `806000b5f6d723e24e2f12d19d1b9b3d16c74b855f51c7063284adf1fcc57a96554a3384f8c05a952c6f6b929a05ed12b69151b1e620c958f74c9600f3db0fcb`
-[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-node-linux-arm64.tar.gz) | `c207e9ab60587d135897b5366af79efe9d2833f33401e469b2a4e0d74ecd2cf6bb7d1e5bc18d80737acbe37555707f63dd581ccc6304091c1d98dafdd30130b7`
-[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-node-linux-ppc64le.tar.gz) | `a542ed5ed02722af44ef12d1602f363fcd4e93cf704da2ea5d99446382485679626835a40ae2ba47a4a26dce87089516faa54479a1cfdee2229e8e35aa1c17d7`
-[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-node-linux-s390x.tar.gz) | `651e0db73ee67869b2ae93cb0574168e4bd7918290fc5662a6b12b708fa628282e3f64be2b816690f5a2d0f4ff8078570f8187e65dee499a876580a7a63d1d19`
-[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0/kubernetes-node-windows-amd64.tar.gz) | `d726ed904f9f7fe7e8831df621dc9094b87e767410a129aa675ee08417b662ddec314e165f29ecb777110fbfec0dc2893962b6c71950897ba72baaa7eb6371ed`
-
-## Changelog since v1.17.0
-
-A complete changelog for the release notes is now hosted in a customizable
-format at [https://relnotes.k8s.io][1]. Check it out and please give us your
-feedback!
-
-[1]: https://relnotes.k8s.io/?releaseVersions=1.18.0
-
-## What’s New (Major Themes)
-
-### Kubernetes Topology Manager Moves to Beta - Align Up!
-
-A beta feature of Kubernetes in release 1.18, the [Topology Manager feature](https://github.com/nolancon/website/blob/f4200307260ea3234540ef13ed80de325e1a7267/content/en/docs/tasks/administer-cluster/topology-manager.md) enables NUMA alignment of CPU and devices (such as SR-IOV VFs) that will allow your workload to run in an environment optimized for low-latency. Prior to the introduction of the Topology Manager, the CPU and Device Manager would make resource allocation decisions independent of each other. This could result in undesirable allocations on multi-socket systems, causing degraded performance on latency critical applications.
-
-### Serverside Apply - Beta 2
-
-Server-side Apply was promoted to Beta in 1.16, but is now introducing a second Beta in 1.18. This new version will track and manage changes to fields of all new Kubernetes objects, allowing you to know what changed your resources and when.
-
-### Extending Ingress with and replacing a deprecated annotation with IngressClass
-
-In Kubernetes 1.18, there are two significant additions to Ingress: A new `pathType` field and a new `IngressClass` resource. The `pathType` field allows specifying how paths should be matched. In addition to the default `ImplementationSpecific` type, there are new `Exact` and `Prefix` path types.
-
-The `IngressClass` resource is used to describe a type of Ingress within a Kubernetes cluster. Ingresses can specify the class they are associated with by using a new `ingressClassName` field on Ingresses. This new resource and field replace the deprecated `kubernetes.io/ingress.class` annotation.
-
-### SIG CLI introduces kubectl debug
-
-SIG CLI was debating the need for a debug utility for quite some time already. With the development of [ephemeral containers](/zh/docs/concepts/workloads/pods/ephemeral-containers/), it became more obvious how we can support developers with tooling built on top of `kubectl exec`. The addition of the `kubectl debug` [command](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/20190805-kubectl-debug.md) (it is alpha but your feedback is more than welcome), allows developers to easily debug their Pods inside the cluster. We think this addition is invaluable. This command allows one to create a temporary container which runs next to the Pod one is trying to examine, but also attaches to the console for interactive troubleshooting.
-
-### Introducing Windows CSI support alpha for Kubernetes
-
-With the release of Kubernetes 1.18, an alpha version of CSI Proxy for Windows is getting released. CSI proxy enables non-privileged (pre-approved) containers to perform privileged storage operations on Windows. CSI drivers can now be supported in Windows by leveraging CSI proxy.
-SIG Storage made a lot of progress in the 1.18 release.
-In particular, the following storage features are moving to GA in Kubernetes 1.18:
-- Raw Block Support: Allow volumes to be surfaced as block devices inside containers instead of just mounted filesystems.
-- Volume Cloning: Duplicate a PersistentVolumeClaim and underlying storage volume using the Kubernetes API via CSI.
-- CSIDriver Kubernetes API Object: Simplifies CSI driver discovery and allows CSI Drivers to customize Kubernetes behavior.
-
-SIG Storage is also introducing the following new storage features as alpha in Kubernetes 1.18:
-- Windows CSI Support: Enabling containerized CSI node plugins in Windows via new [CSIProxy](https://github.com/kubernetes-csi/csi-proxy)
-- Recursive Volume Ownership OnRootMismatch Option: Add a new “OnRootMismatch” policy that can help shorten the mount time for volumes that require ownership change and have many directories and files.
-
-### Other notable announcements
-
-SIG Network is moving IPv6 to Beta in Kubernetes 1.18, after incrementing significantly the test coverage with new CI jobs.
-
-NodeLocal DNSCache is an add-on that runs a dnsCache pod as a daemonset to improve clusterDNS performance and reliability. The feature has been in Alpha since 1.13 release. The SIG Network is announcing the GA graduation of Node Local DNSCache [#1351](https://github.com/kubernetes/enhancements/pull/1351)
-
-## Known Issues
-
-No Known Issues Reported
-
-## Urgent Upgrade Notes
-
-### (No, really, you MUST read this before you upgrade)
-
-#### kube-apiserver:
-- in an `--encryption-provider-config` config file, an explicit `cacheSize: 0` parameter previously silently defaulted to caching 1000 keys. In Kubernetes 1.18, this now returns a config validation error. To disable caching, you can specify a negative cacheSize value in Kubernetes 1.18+.
-- consumers of the 'certificatesigningrequests/approval' API must now have permission to 'approve' CSRs for the specific signer requested by the CSR. More information on the new signerName field and the required authorization can be found at https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests#authorization ([#88246](https://github.com/kubernetes/kubernetes/pull/88246), [@munnerz](https://github.com/munnerz)) [SIG API Machinery, Apps, Auth, CLI, Node and Testing]
-- The following features are unconditionally enabled and the corresponding `--feature-gates` flags have been removed: `PodPriority`, `TaintNodesByCondition`, `ResourceQuotaScopeSelectors` and `ScheduleDaemonSetPods` ([#86210](https://github.com/kubernetes/kubernetes/pull/86210), [@draveness](https://github.com/draveness)) [SIG Apps and Scheduling]
-
-#### kubelet:
-- `--enable-cadvisor-endpoints` is now disabled by default. If you need access to the cAdvisor v1 Json API please enable it explicitly in the kubelet command line. Please note that this flag was deprecated in 1.15 and will be removed in 1.19. ([#87440](https://github.com/kubernetes/kubernetes/pull/87440), [@dims](https://github.com/dims)) [SIG Instrumentation, Node and Testing]
-- Promote CSIMigrationOpenStack to Beta (off by default since it requires installation of the OpenStack Cinder CSI Driver. The in-tree AWS OpenStack Cinder driver "kubernetes.io/cinder" was deprecated in 1.16 and will be removed in 1.20. Users should enable CSIMigration + CSIMigrationOpenStack features and install the OpenStack Cinder CSI Driver (https://github.com/kubernetes-sigs/cloud-provider-openstack) to avoid disruption to existing Pod and PVC objects at that time. Users should start using the OpenStack Cinder CSI Driver directly for any new volumes. ([#85637](https://github.com/kubernetes/kubernetes/pull/85637), [@dims](https://github.com/dims)) [SIG Cloud Provider]
-
-#### kubectl:
-- `kubectl` and k8s.io/client-go no longer default to a server address of `http://localhost:8080`. If you own one of these legacy clusters, you are *strongly* encouraged to secure your server. If you cannot secure your server, you can set the `$KUBERNETES_MASTER` environment variable to `http://localhost:8080` to continue defaulting the server address. `kubectl` users can also set the server address using the `--server` flag, or in a kubeconfig file specified via `--kubeconfig` or `$KUBECONFIG`. ([#86173](https://github.com/kubernetes/kubernetes/pull/86173), [@soltysh](https://github.com/soltysh)) [SIG API Machinery, CLI and Testing]
-- `kubectl run` has removed the previously deprecated generators, along with flags unrelated to creating pods. `kubectl run` now only creates pods. See specific `kubectl create` subcommands to create objects other than pods.
-([#87077](https://github.com/kubernetes/kubernetes/pull/87077), [@soltysh](https://github.com/soltysh)) [SIG Architecture, CLI and Testing]
-- The deprecated command `kubectl rolling-update` has been removed ([#88057](https://github.com/kubernetes/kubernetes/pull/88057), [@julianvmodesto](https://github.com/julianvmodesto)) [SIG Architecture, CLI and Testing]
-
-#### client-go:
-- Signatures on methods in generated clientsets, dynamic, metadata, and scale clients have been modified to accept `context.Context` as a first argument. Signatures of Create, Update, and Patch methods have been updated to accept CreateOptions, UpdateOptions and PatchOptions respectively. Signatures of Delete and DeleteCollection methods now accept DeleteOptions by value instead of by reference. Generated clientsets with the previous interface have been added in new "deprecated" packages to allow incremental migration to the new APIs. The deprecated packages will be removed in the 1.21 release. A tool is available at http://sigs.k8s.io/clientgofix to rewrite method invocations to the new signatures.
-
-- The following deprecated metrics are removed, please convert to the corresponding metrics:
- - The following replacement metrics are available from v1.14.0:
- - `rest_client_request_latency_seconds` -> `rest_client_request_duration_seconds`
- - `scheduler_scheduling_latency_seconds` -> `scheduler_scheduling_duration_seconds `
- - `docker_operations` -> `docker_operations_total`
- - `docker_operations_latency_microseconds` -> `docker_operations_duration_seconds`
- - `docker_operations_errors` -> `docker_operations_errors_total`
- - `docker_operations_timeout` -> `docker_operations_timeout_total`
- - `network_plugin_operations_latency_microseconds` -> `network_plugin_operations_duration_seconds`
- - `kubelet_pod_worker_latency_microseconds` -> `kubelet_pod_worker_duration_seconds`
- - `kubelet_pod_start_latency_microseconds` -> `kubelet_pod_start_duration_seconds`
- - `kubelet_cgroup_manager_latency_microseconds` -> `kubelet_cgroup_manager_duration_seconds`
- - `kubelet_pod_worker_start_latency_microseconds` -> `kubelet_pod_worker_start_duration_seconds`
- - `kubelet_pleg_relist_latency_microseconds` -> `kubelet_pleg_relist_duration_seconds`
- - `kubelet_pleg_relist_interval_microseconds` -> `kubelet_pleg_relist_interval_seconds`
- - `kubelet_eviction_stats_age_microseconds` -> `kubelet_eviction_stats_age_seconds`
- - `kubelet_runtime_operations` -> `kubelet_runtime_operations_total`
- - `kubelet_runtime_operations_latency_microseconds` -> `kubelet_runtime_operations_duration_seconds`
- - `kubelet_runtime_operations_errors` -> `kubelet_runtime_operations_errors_total`
- - `kubelet_device_plugin_registration_count` -> `kubelet_device_plugin_registration_total`
- - `kubelet_device_plugin_alloc_latency_microseconds` -> `kubelet_device_plugin_alloc_duration_seconds`
- - `scheduler_e2e_scheduling_latency_microseconds` -> `scheduler_e2e_scheduling_duration_seconds`
- - `scheduler_scheduling_algorithm_latency_microseconds` -> `scheduler_scheduling_algorithm_duration_seconds`
- - `scheduler_scheduling_algorithm_predicate_evaluation` -> `scheduler_scheduling_algorithm_predicate_evaluation_seconds`
- - `scheduler_scheduling_algorithm_priority_evaluation` -> `scheduler_scheduling_algorithm_priority_evaluation_seconds`
- - `scheduler_scheduling_algorithm_preemption_evaluation` -> `scheduler_scheduling_algorithm_preemption_evaluation_seconds`
- - `scheduler_binding_latency_microseconds` -> `scheduler_binding_duration_seconds`
- - `kubeproxy_sync_proxy_rules_latency_microseconds` -> `kubeproxy_sync_proxy_rules_duration_seconds`
- - `apiserver_request_latencies` -> `apiserver_request_duration_seconds`
- - `apiserver_dropped_requests` -> `apiserver_dropped_requests_total`
- - `etcd_request_latencies_summary` -> `etcd_request_duration_seconds`
- - `apiserver_storage_transformation_latencies_microseconds ` -> `apiserver_storage_transformation_duration_seconds`
- - `apiserver_storage_data_key_generation_latencies_microseconds` -> `apiserver_storage_data_key_generation_duration_seconds`
- - `apiserver_request_count` -> `apiserver_request_total`
- - `apiserver_request_latencies_summary`
- - The following replacement metrics are available from v1.15.0:
- - `apiserver_storage_transformation_failures_total` -> `apiserver_storage_transformation_operations_total` ([#76496](https://github.com/kubernetes/kubernetes/pull/76496), [@danielqsj](https://github.com/danielqsj)) [SIG API Machinery, Cluster Lifecycle, Instrumentation, Network, Node and Scheduling]
-
-## Changes by Kind
-
-### Deprecation
-
-#### kube-apiserver:
-- the following deprecated APIs can no longer be served:
- - All resources under `apps/v1beta1` and `apps/v1beta2` - use `apps/v1` instead
- - `daemonsets`, `deployments`, `replicasets` resources under `extensions/v1beta1` - use `apps/v1` instead
- - `networkpolicies` resources under `extensions/v1beta1` - use `networking.k8s.io/v1` instead
- - `podsecuritypolicies` resources under `extensions/v1beta1` - use `policy/v1beta1` instead ([#85903](https://github.com/kubernetes/kubernetes/pull/85903), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Apps, Cluster Lifecycle, Instrumentation and Testing]
-
-#### kube-controller-manager:
-- Azure service annotation service.beta.kubernetes.io/azure-load-balancer-disable-tcp-reset has been deprecated. Its support would be removed in a future release. ([#88462](https://github.com/kubernetes/kubernetes/pull/88462), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-
-#### kubelet:
-- The StreamingProxyRedirects feature and `--redirect-container-streaming` flag are deprecated, and will be removed in a future release. The default behavior (proxy streaming requests through the kubelet) will be the only supported option. If you are setting `--redirect-container-streaming=true`, then you must migrate off this configuration. The flag will no longer be able to be enabled starting in v1.20. If you are not setting the flag, no action is necessary. ([#88290](https://github.com/kubernetes/kubernetes/pull/88290), [@tallclair](https://github.com/tallclair)) [SIG API Machinery and Node]
-- resource metrics endpoint `/metrics/resource/v1alpha1` as well as all metrics under this endpoint have been deprecated. Please convert to the following metrics emitted by endpoint `/metrics/resource`:
- - scrape_error --> scrape_error
- - node_cpu_usage_seconds_total --> node_cpu_usage_seconds
- - node_memory_working_set_bytes --> node_memory_working_set_bytes
- - container_cpu_usage_seconds_total --> container_cpu_usage_seconds
- - container_memory_working_set_bytes --> container_memory_working_set_bytes
- - scrape_error --> scrape_error
- ([#86282](https://github.com/kubernetes/kubernetes/pull/86282), [@RainbowMango](https://github.com/RainbowMango)) [SIG Node]
-- In a future release, kubelet will no longer create the CSI NodePublishVolume target directory, in accordance with the CSI specification. CSI drivers may need to be updated accordingly to properly create and process the target path. ([#75535](https://github.com/kubernetes/kubernetes/issues/75535)) [SIG Storage]
-
-#### kube-proxy:
-- `--healthz-port` and `--metrics-port` flags are deprecated, please use `--healthz-bind-address` and `--metrics-bind-address` instead ([#88512](https://github.com/kubernetes/kubernetes/pull/88512), [@SataQiu](https://github.com/SataQiu)) [SIG Network]
-- a new `EndpointSliceProxying` feature gate has been added to control the use of EndpointSlices in kube-proxy. The EndpointSlice feature gate that used to control this behavior no longer affects kube-proxy. This feature has been disabled by default. ([#86137](https://github.com/kubernetes/kubernetes/pull/86137), [@robscott](https://github.com/robscott))
-
-#### kubeadm:
-- command line option "kubelet-version" for `kubeadm upgrade node` has been deprecated and will be removed in a future release. ([#87942](https://github.com/kubernetes/kubernetes/pull/87942), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
-- deprecate the usage of the experimental flag '--use-api' under the 'kubeadm alpha certs renew' command. ([#88827](https://github.com/kubernetes/kubernetes/pull/88827), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
-- kube-dns is deprecated and will not be supported in a future version ([#86574](https://github.com/kubernetes/kubernetes/pull/86574), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
-- the `ClusterStatus` struct present in the kubeadm-config ConfigMap is deprecated and will be removed in a future version. It is going to be maintained by kubeadm until it gets removed. The same information can be found on `etcd` and `kube-apiserver` pod annotations, `kubeadm.kubernetes.io/etcd.advertise-client-urls` and `kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint` respectively. ([#87656](https://github.com/kubernetes/kubernetes/pull/87656), [@ereslibre](https://github.com/ereslibre)) [SIG Cluster Lifecycle]
-
-#### kubectl:
-- the boolean and unset values for the --dry-run flag are deprecated and a value --dry-run=server|client|none will be required in a future version. ([#87580](https://github.com/kubernetes/kubernetes/pull/87580), [@julianvmodesto](https://github.com/julianvmodesto)) [SIG CLI]
-- `kubectl apply --server-dry-run` is deprecated and replaced with --dry-run=server ([#87580](https://github.com/kubernetes/kubernetes/pull/87580), [@julianvmodesto](https://github.com/julianvmodesto)) [SIG CLI]
-
-#### add-ons:
-- Remove cluster-monitoring addon ([#85512](https://github.com/kubernetes/kubernetes/pull/85512), [@serathius](https://github.com/serathius)) [SIG Cluster Lifecycle, Instrumentation, Scalability and Testing]
-
-#### kube-scheduler:
-- The `scheduling_duration_seconds` summary metric is deprecated ([#86586](https://github.com/kubernetes/kubernetes/pull/86586), [@xiaoanyunfei](https://github.com/xiaoanyunfei)) [SIG Scheduling]
-- The `scheduling_algorithm_predicate_evaluation_seconds` and
- `scheduling_algorithm_priority_evaluation_seconds` metrics are deprecated, replaced by `framework_extension_point_duration_seconds[extension_point="Filter"]` and `framework_extension_point_duration_seconds[extension_point="Score"]`. ([#86584](https://github.com/kubernetes/kubernetes/pull/86584), [@xiaoanyunfei](https://github.com/xiaoanyunfei)) [SIG Scheduling]
-- `AlwaysCheckAllPredicates` is deprecated in scheduler Policy API. ([#86369](https://github.com/kubernetes/kubernetes/pull/86369), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling]
-
-#### Other deprecations:
-- The k8s.io/node-api component is no longer updated. Instead, use the RuntimeClass types located within k8s.io/api, and the generated clients located within k8s.io/client-go ([#87503](https://github.com/kubernetes/kubernetes/pull/87503), [@liggitt](https://github.com/liggitt)) [SIG Node and Release]
-- Removed the 'client' label from apiserver_request_total. ([#87669](https://github.com/kubernetes/kubernetes/pull/87669), [@logicalhan](https://github.com/logicalhan)) [SIG API Machinery and Instrumentation]
-
-### API Change
-
-#### New API types/versions:
-- A new IngressClass resource has been added to enable better Ingress configuration. ([#88509](https://github.com/kubernetes/kubernetes/pull/88509), [@robscott](https://github.com/robscott)) [SIG API Machinery, Apps, CLI, Network, Node and Testing]
-- The CSIDriver API has graduated to storage.k8s.io/v1, and is now available for use. ([#84814](https://github.com/kubernetes/kubernetes/pull/84814), [@huffmanca](https://github.com/huffmanca)) [SIG Storage]
-
-#### New API fields:
-- autoscaling/v2beta2 HorizontalPodAutoscaler added a `spec.behavior` field that allows scale behavior to be configured. Behaviors are specified separately for scaling up and down. In each direction a stabilization window can be specified as well as a list of policies and how to select amongst them. Policies can limit the absolute number of pods added or removed, or the percentage of pods added or removed. ([#74525](https://github.com/kubernetes/kubernetes/pull/74525), [@gliush](https://github.com/gliush)) [SIG API Machinery, Apps, Autoscaling and CLI]
-- Ingress:
- - `spec.ingressClassName` replaces the deprecated `kubernetes.io/ingress.class` annotation, and allows associating an Ingress object with a particular controller.
- - path definitions added a `pathType` field to allow indicating how the specified path should be matched against incoming requests. Valid values are `Exact`, `Prefix`, and `ImplementationSpecific` ([#88587](https://github.com/kubernetes/kubernetes/pull/88587), [@cmluciano](https://github.com/cmluciano)) [SIG Apps, Cluster Lifecycle and Network]
-- The alpha feature `AnyVolumeDataSource` enables PersistentVolumeClaim objects to use the spec.dataSource field to reference a custom type as a data source ([#88636](https://github.com/kubernetes/kubernetes/pull/88636), [@bswartz](https://github.com/bswartz)) [SIG Apps and Storage]
-- The alpha feature `ConfigurableFSGroupPolicy` enables v1 Pods to specify a spec.securityContext.fsGroupChangePolicy policy to control how file permissions are applied to volumes mounted into the pod. ([#88488](https://github.com/kubernetes/kubernetes/pull/88488), [@gnufied](https://github.com/gnufied)) [SIG Storage]
-- The alpha feature `ServiceAppProtocol` enables setting an `appProtocol` field in ServicePort and EndpointPort definitions. ([#88503](https://github.com/kubernetes/kubernetes/pull/88503), [@robscott](https://github.com/robscott)) [SIG Apps and Network]
-- The alpha feature `ImmutableEphemeralVolumes` enables an `immutable` field in both Secret and ConfigMap objects to mark their contents as immutable. ([#86377](https://github.com/kubernetes/kubernetes/pull/86377), [@wojtek-t](https://github.com/wojtek-t)) [SIG Apps, CLI and Testing]
-
-#### Other API changes:
-- The beta feature `ServerSideApply` enables tracking and managing changed fields for all new objects, which means there will be `managedFields` in `metadata` with the list of managers and their owned fields.
-- The alpha feature `ServiceAccountIssuerDiscovery` enables publishing OIDC discovery information and service account token verification keys at `/.well-known/openid-configuration` and `/openid/v1/jwks` endpoints by API servers configured to issue service account tokens. ([#80724](https://github.com/kubernetes/kubernetes/pull/80724), [@cceckman](https://github.com/cceckman)) [SIG API Machinery, Auth, Cluster Lifecycle and Testing]
-- CustomResourceDefinition schemas that use `x-kubernetes-list-map-keys` to specify properties that uniquely identify list items must make those properties required or have a default value, to ensure those properties are present for all list items. See https://kubernetes.io/docs/reference/using-api/api-concepts/#merge-strategy for details. ([#88076](https://github.com/kubernetes/kubernetes/pull/88076), [@eloyekunle](https://github.com/eloyekunle)) [SIG API Machinery and Testing]
-- CustomResourceDefinition schemas that use `x-kubernetes-list-type: map` or `x-kubernetes-list-type: set` now enable validation that the list items in the corresponding custom resources are unique. ([#84920](https://github.com/kubernetes/kubernetes/pull/84920), [@sttts](https://github.com/sttts)) [SIG API Machinery]
-
-#### Configuration file changes:
-
-#### kube-apiserver:
-- The `--egress-selector-config-file` configuration file now accepts an apiserver.k8s.io/v1beta1 EgressSelectorConfiguration configuration object, and has been updated to allow specifying HTTP or GRPC connections to the network proxy ([#87179](https://github.com/kubernetes/kubernetes/pull/87179), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery, Cloud Provider and Cluster Lifecycle]
-
-#### kube-scheduler:
-- A kubescheduler.config.k8s.io/v1alpha2 configuration file version is now accepted, with support for multiple scheduling profiles ([#87628](https://github.com/kubernetes/kubernetes/pull/87628), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling]
- - HardPodAffinityWeight moved from a top level ComponentConfig parameter to a PluginConfig parameter of InterPodAffinity Plugin in `kubescheduler.config.k8s.io/v1alpha2` ([#88002](https://github.com/kubernetes/kubernetes/pull/88002), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling and Testing]
- - Kube-scheduler can run more than one scheduling profile. Given a pod, the profile is selected by using its `.spec.schedulerName`. ([#88285](https://github.com/kubernetes/kubernetes/pull/88285), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps, Scheduling and Testing]
- - Scheduler Extenders can now be configured in the v1alpha2 component config ([#88768](https://github.com/kubernetes/kubernetes/pull/88768), [@damemi](https://github.com/damemi)) [SIG Release, Scheduling and Testing]
- - The PostFilter of scheduler framework is renamed to PreScore in kubescheduler.config.k8s.io/v1alpha2. ([#87751](https://github.com/kubernetes/kubernetes/pull/87751), [@skilxn-go](https://github.com/skilxn-go)) [SIG Scheduling and Testing]
-
-#### kube-proxy:
-- Added kube-proxy flags `--ipvs-tcp-timeout`, `--ipvs-tcpfin-timeout`, `--ipvs-udp-timeout` to configure IPVS connection timeouts. ([#85517](https://github.com/kubernetes/kubernetes/pull/85517), [@andrewsykim](https://github.com/andrewsykim)) [SIG Cluster Lifecycle and Network]
-- Added optional `--detect-local-mode` flag to kube-proxy. Valid values are "ClusterCIDR" (default matching previous behavior) and "NodeCIDR" ([#87748](https://github.com/kubernetes/kubernetes/pull/87748), [@satyasm](https://github.com/satyasm)) [SIG Cluster Lifecycle, Network and Scheduling]
-- Kube-controller-manager and kube-scheduler expose profiling by default to match the kube-apiserver. Use `--enable-profiling=false` to disable. ([#88663](https://github.com/kubernetes/kubernetes/pull/88663), [@deads2k](https://github.com/deads2k)) [SIG API Machinery, Cloud Provider and Scheduling]
-- Kubelet pod resources API now provides the information about active pods only. ([#79409](https://github.com/kubernetes/kubernetes/pull/79409), [@takmatsu](https://github.com/takmatsu)) [SIG Node]
-- New flag `--endpointslice-updates-batch-period` in kube-controller-manager can be used to reduce the number of endpointslice updates generated by pod changes. ([#88745](https://github.com/kubernetes/kubernetes/pull/88745), [@mborsz](https://github.com/mborsz)) [SIG API Machinery, Apps and Network]
-- New flag `--show-hidden-metrics-for-version` in kube-proxy, kubelet, kube-controller-manager, and kube-scheduler can be used to show all hidden metrics that are deprecated in the previous minor release. ([#85279](https://github.com/kubernetes/kubernetes/pull/85279), [@RainbowMango](https://github.com/RainbowMango)) [SIG Cluster Lifecycle and Network]
-
-#### Features graduated to beta:
- - StartupProbe ([#83437](https://github.com/kubernetes/kubernetes/pull/83437), [@matthyx](https://github.com/matthyx)) [SIG Node, Scalability and Testing]
-
-#### Features graduated to GA:
- - VolumePVCDataSource ([#88686](https://github.com/kubernetes/kubernetes/pull/88686), [@j-griffith](https://github.com/j-griffith)) [SIG Storage]
- - TaintBasedEvictions ([#87487](https://github.com/kubernetes/kubernetes/pull/87487), [@skilxn-go](https://github.com/skilxn-go)) [SIG API Machinery, Apps, Node, Scheduling and Testing]
- - BlockVolume and CSIBlockVolume ([#88673](https://github.com/kubernetes/kubernetes/pull/88673), [@jsafrane](https://github.com/jsafrane)) [SIG Storage]
- - Windows RunAsUserName ([#87790](https://github.com/kubernetes/kubernetes/pull/87790), [@marosset](https://github.com/marosset)) [SIG Apps and Windows]
-- The following feature gates are removed, because the associated features were unconditionally enabled in previous releases: CustomResourceValidation, CustomResourceSubresources, CustomResourceWebhookConversion, CustomResourcePublishOpenAPI, CustomResourceDefaulting ([#87475](https://github.com/kubernetes/kubernetes/pull/87475), [@liggitt](https://github.com/liggitt)) [SIG API Machinery]
-
-### Feature
-
-- API request throttling (due to a high rate of requests) is now reported in client-go logs at log level 2. The messages are of the form:`Throttling request took 1.50705208s, request: GET:` The presence of these messages may indicate to the administrator the need to tune the cluster accordingly. ([#87740](https://github.com/kubernetes/kubernetes/pull/87740), [@jennybuckley](https://github.com/jennybuckley)) [SIG API Machinery]
-- Add support for mount options to the FC volume plugin ([#87499](https://github.com/kubernetes/kubernetes/pull/87499), [@ejweber](https://github.com/ejweber)) [SIG Storage]
-- Added a config-mode flag in azure auth module to enable getting AAD token without spn: prefix in audience claim. When it's not specified, the default behavior doesn't change. ([#87630](https://github.com/kubernetes/kubernetes/pull/87630), [@weinong](https://github.com/weinong)) [SIG API Machinery, Auth, CLI and Cloud Provider]
-- Allow for configuration of CoreDNS replica count ([#85837](https://github.com/kubernetes/kubernetes/pull/85837), [@pickledrick](https://github.com/pickledrick)) [SIG Cluster Lifecycle]
-- Allow user to specify resource using --filename flag when invoking kubectl exec ([#88460](https://github.com/kubernetes/kubernetes/pull/88460), [@soltysh](https://github.com/soltysh)) [SIG CLI and Testing]
-- Apiserver added a new flag --goaway-chance which is the fraction of requests that will be closed gracefully(GOAWAY) to prevent HTTP/2 clients from getting stuck on a single apiserver. ([#88567](https://github.com/kubernetes/kubernetes/pull/88567), [@answer1991](https://github.com/answer1991)) [SIG API Machinery]
-- Azure Cloud Provider now supports using Azure network resources (Virtual Network, Load Balancer, Public IP, Route Table, Network Security Group, etc.) in different AAD Tenant and Subscription than those for the Kubernetes cluster. To use the feature, please reference https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/docs/cloud-provider-config.md#host-network-resources-in-different-aad-tenant-and-subscription. ([#88384](https://github.com/kubernetes/kubernetes/pull/88384), [@bowen5](https://github.com/bowen5)) [SIG Cloud Provider]
-- Azure VMSS/VMSSVM clients now suppress requests on throttling ([#86740](https://github.com/kubernetes/kubernetes/pull/86740), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Azure cloud provider cache TTL is configurable, list of the azure cloud provider is as following:
- - "availabilitySetNodesCacheTTLInSeconds"
- - "vmssCacheTTLInSeconds"
- - "vmssVirtualMachinesCacheTTLInSeconds"
- - "vmCacheTTLInSeconds"
- - "loadBalancerCacheTTLInSeconds"
- - "nsgCacheTTLInSeconds"
- - "routeTableCacheTTLInSeconds"
- ([#86266](https://github.com/kubernetes/kubernetes/pull/86266), [@zqingqing1](https://github.com/zqingqing1)) [SIG Cloud Provider]
-- Azure global rate limit is switched to per-client. A set of new rate limit configure options are introduced, including routeRateLimit, SubnetsRateLimit, InterfaceRateLimit, RouteTableRateLimit, LoadBalancerRateLimit, PublicIPAddressRateLimit, SecurityGroupRateLimit, VirtualMachineRateLimit, StorageAccountRateLimit, DiskRateLimit, SnapshotRateLimit, VirtualMachineScaleSetRateLimit and VirtualMachineSizeRateLimit. The original rate limit options would be default values for those new client's rate limiter. ([#86515](https://github.com/kubernetes/kubernetes/pull/86515), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Azure network and VM clients now suppress requests on throttling ([#87122](https://github.com/kubernetes/kubernetes/pull/87122), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Azure storage clients now suppress requests on throttling ([#87306](https://github.com/kubernetes/kubernetes/pull/87306), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Azure: add support for single stack IPv6 ([#88448](https://github.com/kubernetes/kubernetes/pull/88448), [@aramase](https://github.com/aramase)) [SIG Cloud Provider]
-- DefaultConstraints can be specified for PodTopologySpread Plugin in the scheduler’s ComponentConfig ([#88671](https://github.com/kubernetes/kubernetes/pull/88671), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling]
-- DisableAvailabilitySetNodes is added to avoid VM list for VMSS clusters. It should only be used when vmType is "vmss" and all the nodes (including control plane nodes) are VMSS virtual machines. ([#87685](https://github.com/kubernetes/kubernetes/pull/87685), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Elasticsearch supports automatically setting the advertise address ([#85944](https://github.com/kubernetes/kubernetes/pull/85944), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle and Instrumentation]
-- EndpointSlices will now be enabled by default. A new `EndpointSliceProxying` feature gate determines if kube-proxy will use EndpointSlices, this is disabled by default. ([#86137](https://github.com/kubernetes/kubernetes/pull/86137), [@robscott](https://github.com/robscott)) [SIG Network]
-- Kube-proxy: Added dual-stack IPv4/IPv6 support to the iptables proxier. ([#82462](https://github.com/kubernetes/kubernetes/pull/82462), [@vllry](https://github.com/vllry)) [SIG Network]
-- Kubeadm now supports automatic calculations of dual-stack node cidr masks to kube-controller-manager. ([#85609](https://github.com/kubernetes/kubernetes/pull/85609), [@Arvinderpal](https://github.com/Arvinderpal)) [SIG Cluster Lifecycle]
-- Kubeadm: add a upgrade health check that deploys a Job ([#81319](https://github.com/kubernetes/kubernetes/pull/81319), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
-- Kubeadm: add the experimental feature gate PublicKeysECDSA that can be used to create a
- cluster with ECDSA certificates from "kubeadm init". Renewal of existing ECDSA certificates is also supported using "kubeadm alpha certs renew", but not switching between the RSA and ECDSA algorithms on the fly or during upgrades. ([#86953](https://github.com/kubernetes/kubernetes/pull/86953), [@rojkov](https://github.com/rojkov)) [SIG API Machinery, Auth and Cluster Lifecycle]
-- Kubeadm: implemented structured output of 'kubeadm config images list' command in JSON, YAML, Go template and JsonPath formats ([#86810](https://github.com/kubernetes/kubernetes/pull/86810), [@bart0sh](https://github.com/bart0sh)) [SIG Cluster Lifecycle]
-- Kubeadm: on kubeconfig certificate renewal, keep the embedded CA in sync with the one on disk ([#88052](https://github.com/kubernetes/kubernetes/pull/88052), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
-- Kubeadm: reject a node joining the cluster if a node with the same name already exists ([#81056](https://github.com/kubernetes/kubernetes/pull/81056), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
-- Kubeadm: support Windows specific kubelet flags in kubeadm-flags.env ([#88287](https://github.com/kubernetes/kubernetes/pull/88287), [@gab-satchi](https://github.com/gab-satchi)) [SIG Cluster Lifecycle and Windows]
-- Kubeadm: support automatic retry after failing to pull image ([#86899](https://github.com/kubernetes/kubernetes/pull/86899), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
-- Kubeadm: upgrade supports fallback to the nearest known etcd version if an unknown k8s version is passed ([#88373](https://github.com/kubernetes/kubernetes/pull/88373), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
-- Kubectl/drain: add disable-eviction option.Force drain to use delete, even if eviction is supported. This will bypass checking PodDisruptionBudgets, and should be used with caution. ([#85571](https://github.com/kubernetes/kubernetes/pull/85571), [@michaelgugino](https://github.com/michaelgugino)) [SIG CLI]
-- Kubectl/drain: add skip-wait-for-delete-timeout option. If a pod’s `DeletionTimestamp` is older than N seconds, skip waiting for the pod. Seconds must be greater than 0 to skip. ([#85577](https://github.com/kubernetes/kubernetes/pull/85577), [@michaelgugino](https://github.com/michaelgugino)) [SIG CLI]
-- Option `preConfiguredBackendPoolLoadBalancerTypes` is added to azure cloud provider for the pre-configured load balancers, possible values: `""`, `"internal"`, `"external"`,`"all"` ([#86338](https://github.com/kubernetes/kubernetes/pull/86338), [@gossion](https://github.com/gossion)) [SIG Cloud Provider]
-- PodTopologySpread plugin now excludes terminatingPods when making scheduling decisions. ([#87845](https://github.com/kubernetes/kubernetes/pull/87845), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling]
-- Provider/azure: Network security groups can now be in a separate resource group. ([#87035](https://github.com/kubernetes/kubernetes/pull/87035), [@CecileRobertMichon](https://github.com/CecileRobertMichon)) [SIG Cloud Provider]
-- SafeSysctlWhitelist: add net.ipv4.ping_group_range ([#85463](https://github.com/kubernetes/kubernetes/pull/85463), [@AkihiroSuda](https://github.com/AkihiroSuda)) [SIG Auth]
-- Scheduler framework permit plugins now run at the end of the scheduling cycle, after reserve plugins. Waiting on permit will remain in the beginning of the binding cycle. ([#88199](https://github.com/kubernetes/kubernetes/pull/88199), [@mateuszlitwin](https://github.com/mateuszlitwin)) [SIG Scheduling]
-- Scheduler: Add DefaultBinder plugin ([#87430](https://github.com/kubernetes/kubernetes/pull/87430), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling and Testing]
-- Skip default spreading scoring plugin for pods that define TopologySpreadConstraints ([#87566](https://github.com/kubernetes/kubernetes/pull/87566), [@skilxn-go](https://github.com/skilxn-go)) [SIG Scheduling]
-- The kubectl --dry-run flag now accepts the values 'client', 'server', and 'none', to support client-side and server-side dry-run strategies. The boolean and unset values for the --dry-run flag are deprecated and a value will be required in a future version. ([#87580](https://github.com/kubernetes/kubernetes/pull/87580), [@julianvmodesto](https://github.com/julianvmodesto)) [SIG CLI]
-- Support server-side dry-run in kubectl with --dry-run=server for commands including apply, patch, create, run, annotate, label, set, autoscale, drain, rollout undo, and expose. ([#87714](https://github.com/kubernetes/kubernetes/pull/87714), [@julianvmodesto](https://github.com/julianvmodesto)) [SIG API Machinery, CLI and Testing]
-- Add --dry-run=server|client to kubectl delete, taint, replace ([#88292](https://github.com/kubernetes/kubernetes/pull/88292), [@julianvmodesto](https://github.com/julianvmodesto)) [SIG CLI and Testing]
-- The feature PodTopologySpread (feature gate `EvenPodsSpread`) has been enabled by default in 1.18. ([#88105](https://github.com/kubernetes/kubernetes/pull/88105), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling and Testing]
-- The kubelet and the default docker runtime now support running ephemeral containers in the Linux process namespace of a target container. Other container runtimes must implement support for this feature before it will be available for that runtime. ([#84731](https://github.com/kubernetes/kubernetes/pull/84731), [@verb](https://github.com/verb)) [SIG Node]
-- The underlying format of the `CPUManager` state file has changed. Upgrades should be seamless, but any third-party tools that rely on reading the previous format need to be updated. ([#84462](https://github.com/kubernetes/kubernetes/pull/84462), [@klueska](https://github.com/klueska)) [SIG Node and Testing]
-- Update CNI version to v0.8.5 ([#78819](https://github.com/kubernetes/kubernetes/pull/78819), [@justaugustus](https://github.com/justaugustus)) [SIG API Machinery, Cluster Lifecycle, Network, Release and Testing]
-- Webhooks have alpha support for network proxy ([#85870](https://github.com/kubernetes/kubernetes/pull/85870), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery, Auth and Testing]
-- When client certificate files are provided, reload files for new connections, and close connections when a certificate changes. ([#79083](https://github.com/kubernetes/kubernetes/pull/79083), [@jackkleeman](https://github.com/jackkleeman)) [SIG API Machinery, Auth, Node and Testing]
-- When deleting objects using kubectl with the --force flag, you are no longer required to also specify --grace-period=0. ([#87776](https://github.com/kubernetes/kubernetes/pull/87776), [@brianpursley](https://github.com/brianpursley)) [SIG CLI]
-- Windows nodes on GCE can use virtual TPM-based authentication to the control plane. ([#85466](https://github.com/kubernetes/kubernetes/pull/85466), [@pjh](https://github.com/pjh)) [SIG Cluster Lifecycle]
-- You can now pass "--node-ip ::" to kubelet to indicate that it should autodetect an IPv6 address to use as the node's primary address. ([#85850](https://github.com/kubernetes/kubernetes/pull/85850), [@danwinship](https://github.com/danwinship)) [SIG Cloud Provider, Network and Node]
-- `kubectl` now contains a `kubectl alpha debug` command. This command allows attaching an ephemeral container to a running pod for the purposes of debugging. ([#88004](https://github.com/kubernetes/kubernetes/pull/88004), [@verb](https://github.com/verb)) [SIG CLI]
-- TLS Server Name overrides can now be specified in a kubeconfig file and via --tls-server-name in kubectl ([#88769](https://github.com/kubernetes/kubernetes/pull/88769), [@deads2k](https://github.com/deads2k)) [SIG API Machinery, Auth and CLI]
-
-#### Metrics:
-- Add `rest_client_rate_limiter_duration_seconds` metric to component-base to track client side rate limiter latency in seconds. Broken down by verb and URL. ([#88134](https://github.com/kubernetes/kubernetes/pull/88134), [@jennybuckley](https://github.com/jennybuckley)) [SIG API Machinery, Cluster Lifecycle and Instrumentation]
-- Added two client certificate metrics for exec auth:
- - `rest_client_certificate_expiration_seconds` a gauge reporting the lifetime of the current client certificate. Reports the time of expiry in seconds since January 1, 1970 UTC.
- - `rest_client_certificate_rotation_age` a histogram reporting the age of a just rotated client certificate in seconds. ([#84382](https://github.com/kubernetes/kubernetes/pull/84382), [@sambdavidson](https://github.com/sambdavidson)) [SIG API Machinery, Auth, Cluster Lifecycle and Instrumentation]
-- Controller manager serve workqueue metrics ([#87967](https://github.com/kubernetes/kubernetes/pull/87967), [@zhan849](https://github.com/zhan849)) [SIG API Machinery]
-- Following metrics have been turned off:
- - kubelet_pod_worker_latency_microseconds
- - kubelet_pod_start_latency_microseconds
- - kubelet_cgroup_manager_latency_microseconds
- - kubelet_pod_worker_start_latency_microseconds
- - kubelet_pleg_relist_latency_microseconds
- - kubelet_pleg_relist_interval_microseconds
- - kubelet_eviction_stats_age_microseconds
- - kubelet_runtime_operations
- - kubelet_runtime_operations_latency_microseconds
- - kubelet_runtime_operations_errors
- - kubelet_device_plugin_registration_count
- - kubelet_device_plugin_alloc_latency_microseconds
- - kubelet_docker_operations
- - kubelet_docker_operations_latency_microseconds
- - kubelet_docker_operations_errors
- - kubelet_docker_operations_timeout
- - network_plugin_operations_latency_microseconds ([#83841](https://github.com/kubernetes/kubernetes/pull/83841), [@RainbowMango](https://github.com/RainbowMango)) [SIG Network and Node]
-- Kube-apiserver metrics will now include request counts, latencies, and response sizes for /healthz, /livez, and /readyz requests. ([#83598](https://github.com/kubernetes/kubernetes/pull/83598), [@jktomer](https://github.com/jktomer)) [SIG API Machinery]
-- Kubelet now exports a `server_expiration_renew_failure` and `client_expiration_renew_failure` metric counter if the certificate rotations cannot be performed. ([#84614](https://github.com/kubernetes/kubernetes/pull/84614), [@rphillips](https://github.com/rphillips)) [SIG API Machinery, Auth, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Node and Release]
-- Kubelet: the metric process_start_time_seconds be marked as with the ALPHA stability level. ([#85446](https://github.com/kubernetes/kubernetes/pull/85446), [@RainbowMango](https://github.com/RainbowMango)) [SIG API Machinery, Cluster Lifecycle, Instrumentation and Node]
-- New metric `kubelet_pleg_last_seen_seconds` to aid diagnosis of PLEG not healthy issues. ([#86251](https://github.com/kubernetes/kubernetes/pull/86251), [@bboreham](https://github.com/bboreham)) [SIG Node]
-
-### Other (Bug, Cleanup or Flake)
-
-- Fixed a regression with clients prior to 1.15 not being able to update podIP in pod status, or podCIDR in node spec, against >= 1.16 API servers ([#88505](https://github.com/kubernetes/kubernetes/pull/88505), [@liggitt](https://github.com/liggitt)) [SIG Apps and Network]
-- Fixed "kubectl describe statefulsets.apps" printing garbage for rolling update partition ([#85846](https://github.com/kubernetes/kubernetes/pull/85846), [@phil9909](https://github.com/phil9909)) [SIG CLI]
-- Add a event to PV when filesystem on PV does not match actual filesystem on disk ([#86982](https://github.com/kubernetes/kubernetes/pull/86982), [@gnufied](https://github.com/gnufied)) [SIG Storage]
-- Add azure disk WriteAccelerator support ([#87945](https://github.com/kubernetes/kubernetes/pull/87945), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]
-- Add delays between goroutines for vm instance update ([#88094](https://github.com/kubernetes/kubernetes/pull/88094), [@aramase](https://github.com/aramase)) [SIG Cloud Provider]
-- Add init containers log to cluster dump info. ([#88324](https://github.com/kubernetes/kubernetes/pull/88324), [@zhouya0](https://github.com/zhouya0)) [SIG CLI]
-- Addons: elasticsearch discovery supports IPv6 ([#85543](https://github.com/kubernetes/kubernetes/pull/85543), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle and Instrumentation]
-- Adds "volume.beta.kubernetes.io/migrated-to" annotation to PV's and PVC's when they are migrated to signal external provisioners to pick up those objects for Provisioning and Deleting. ([#87098](https://github.com/kubernetes/kubernetes/pull/87098), [@davidz627](https://github.com/davidz627)) [SIG Storage]
-- All api-server log request lines in a more greppable format. ([#87203](https://github.com/kubernetes/kubernetes/pull/87203), [@lavalamp](https://github.com/lavalamp)) [SIG API Machinery]
-- Azure VMSS LoadBalancerBackendAddressPools updating has been improved with sequential-sync + concurrent-async requests. ([#88699](https://github.com/kubernetes/kubernetes/pull/88699), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Azure cloud provider now obtains AAD token who audience claim will not have spn: prefix ([#87590](https://github.com/kubernetes/kubernetes/pull/87590), [@weinong](https://github.com/weinong)) [SIG Cloud Provider]
-- AzureFile and CephFS use the new Mount library that prevents logging of sensitive mount options. ([#88684](https://github.com/kubernetes/kubernetes/pull/88684), [@saad-ali](https://github.com/saad-ali)) [SIG Storage]
-- Bind dns-horizontal containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes ([#83364](https://github.com/kubernetes/kubernetes/pull/83364), [@wawa0210](https://github.com/wawa0210)) [SIG Cluster Lifecycle and Windows]
-- Bind kube-dns containers to linux nodes to avoid Windows scheduling ([#83358](https://github.com/kubernetes/kubernetes/pull/83358), [@wawa0210](https://github.com/wawa0210)) [SIG Cluster Lifecycle and Windows]
-- Bind metadata-agent containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes ([#83363](https://github.com/kubernetes/kubernetes/pull/83363), [@wawa0210](https://github.com/wawa0210)) [SIG Cluster Lifecycle, Instrumentation and Windows]
-- Bind metrics-server containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes ([#83362](https://github.com/kubernetes/kubernetes/pull/83362), [@wawa0210](https://github.com/wawa0210)) [SIG Cluster Lifecycle, Instrumentation and Windows]
-- Bug fixes: Make sure we include latest packages node #351 (@caseydavenport) ([#84163](https://github.com/kubernetes/kubernetes/pull/84163), [@david-tigera](https://github.com/david-tigera)) [SIG Cluster Lifecycle]
-- CPU limits are now respected for Windows containers. If a node is over-provisioned, no weighting is used, only limits are respected. ([#86101](https://github.com/kubernetes/kubernetes/pull/86101), [@PatrickLang](https://github.com/PatrickLang)) [SIG Node, Testing and Windows]
-- Changed core_pattern on COS nodes to be an absolute path. ([#86329](https://github.com/kubernetes/kubernetes/pull/86329), [@mml](https://github.com/mml)) [SIG Cluster Lifecycle and Node]
-- Client-go certificate manager rotation gained the ability to preserve optional intermediate chains accompanying issued certificates ([#88744](https://github.com/kubernetes/kubernetes/pull/88744), [@jackkleeman](https://github.com/jackkleeman)) [SIG API Machinery and Auth]
-- Cloud provider config CloudProviderBackoffMode has been removed since it won't be used anymore. ([#88463](https://github.com/kubernetes/kubernetes/pull/88463), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Conformance image now depends on stretch-slim instead of debian-hyperkube-base as that image is being deprecated and removed. ([#88702](https://github.com/kubernetes/kubernetes/pull/88702), [@dims](https://github.com/dims)) [SIG Cluster Lifecycle, Release and Testing]
-- Deprecate --generator flag from kubectl create commands ([#88655](https://github.com/kubernetes/kubernetes/pull/88655), [@soltysh](https://github.com/soltysh)) [SIG CLI]
-- During initialization phase (preflight), kubeadm now verifies the presence of the conntrack executable ([#85857](https://github.com/kubernetes/kubernetes/pull/85857), [@hnanni](https://github.com/hnanni)) [SIG Cluster Lifecycle]
-- EndpointSlice should not contain endpoints for terminating pods ([#89056](https://github.com/kubernetes/kubernetes/pull/89056), [@andrewsykim](https://github.com/andrewsykim)) [SIG Apps and Network]
-- Evictions due to pods breaching their ephemeral storage limits are now recorded by the `kubelet_evictions` metric and can be alerted on. ([#87906](https://github.com/kubernetes/kubernetes/pull/87906), [@smarterclayton](https://github.com/smarterclayton)) [SIG Node]
-- Filter published OpenAPI schema by making nullable, required fields non-required in order to avoid kubectl to wrongly reject null values. ([#85722](https://github.com/kubernetes/kubernetes/pull/85722), [@sttts](https://github.com/sttts)) [SIG API Machinery]
-- Fix /readyz to return error immediately after a shutdown is initiated, before the --shutdown-delay-duration has elapsed. ([#88911](https://github.com/kubernetes/kubernetes/pull/88911), [@tkashem](https://github.com/tkashem)) [SIG API Machinery]
-- Fix API Server potential memory leak issue in processing watch request. ([#85410](https://github.com/kubernetes/kubernetes/pull/85410), [@answer1991](https://github.com/answer1991)) [SIG API Machinery]
-- Fix EndpointSlice controller race condition and ensure that it handles external changes to EndpointSlices. ([#85703](https://github.com/kubernetes/kubernetes/pull/85703), [@robscott](https://github.com/robscott)) [SIG Apps and Network]
-- Fix IPv6 addresses lost issue in pure ipv6 vsphere environment ([#86001](https://github.com/kubernetes/kubernetes/pull/86001), [@hubv](https://github.com/hubv)) [SIG Cloud Provider]
-- Fix LoadBalancer rule checking so that no unexpected LoadBalancer updates are made ([#85990](https://github.com/kubernetes/kubernetes/pull/85990), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Fix a bug in kube-proxy that caused it to crash when using load balancers with a different IP family ([#87117](https://github.com/kubernetes/kubernetes/pull/87117), [@aojea](https://github.com/aojea)) [SIG Network]
-- Fix a bug in port-forward: named port not working with service ([#85511](https://github.com/kubernetes/kubernetes/pull/85511), [@oke-py](https://github.com/oke-py)) [SIG CLI]
-- Fix a bug in the dual-stack IPVS proxier where stale IPv6 endpoints were not being cleaned up ([#87695](https://github.com/kubernetes/kubernetes/pull/87695), [@andrewsykim](https://github.com/andrewsykim)) [SIG Network]
-- Fix a bug that orphan revision cannot be adopted and statefulset cannot be synced ([#86801](https://github.com/kubernetes/kubernetes/pull/86801), [@likakuli](https://github.com/likakuli)) [SIG Apps]
-- Fix a bug where ExternalTrafficPolicy is not applied to service ExternalIPs. ([#88786](https://github.com/kubernetes/kubernetes/pull/88786), [@freehan](https://github.com/freehan)) [SIG Network]
-- Fix a bug where kubenet fails to parse the tc output. ([#83572](https://github.com/kubernetes/kubernetes/pull/83572), [@chendotjs](https://github.com/chendotjs)) [SIG Network]
-- Fix a regression in kubenet that prevent pods to obtain ip addresses ([#85993](https://github.com/kubernetes/kubernetes/pull/85993), [@chendotjs](https://github.com/chendotjs)) [SIG Network and Node]
-- Fix azure file AuthorizationFailure ([#85475](https://github.com/kubernetes/kubernetes/pull/85475), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]
-- Fix bug where EndpointSlice controller would attempt to modify shared objects. ([#85368](https://github.com/kubernetes/kubernetes/pull/85368), [@robscott](https://github.com/robscott)) [SIG API Machinery, Apps and Network]
-- Fix handling of aws-load-balancer-security-groups annotation. Security-Groups assigned with this annotation are no longer modified by kubernetes which is the expected behaviour of most users. Also no unnecessary Security-Groups are created anymore if this annotation is used. ([#83446](https://github.com/kubernetes/kubernetes/pull/83446), [@Elias481](https://github.com/Elias481)) [SIG Cloud Provider]
-- Fix invalid VMSS updates due to incorrect cache ([#89002](https://github.com/kubernetes/kubernetes/pull/89002), [@ArchangelSDY](https://github.com/ArchangelSDY)) [SIG Cloud Provider]
-- Fix isCurrentInstance for Windows by removing the dependency of hostname. ([#89138](https://github.com/kubernetes/kubernetes/pull/89138), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Fix issue #85805 about a resource not found in azure cloud provider when LoadBalancer specified in another resource group. ([#86502](https://github.com/kubernetes/kubernetes/pull/86502), [@levimm](https://github.com/levimm)) [SIG Cloud Provider]
-- Fix kubectl annotate error when local=true is set ([#86952](https://github.com/kubernetes/kubernetes/pull/86952), [@zhouya0](https://github.com/zhouya0)) [SIG CLI]
-- Fix kubectl create deployment image name ([#86636](https://github.com/kubernetes/kubernetes/pull/86636), [@zhouya0](https://github.com/zhouya0)) [SIG CLI]
-- Fix `kubectl drain ignore` daemonsets and others. ([#87361](https://github.com/kubernetes/kubernetes/pull/87361), [@zhouya0](https://github.com/zhouya0)) [SIG CLI]
-- Fix missing "apiVersion" for "involvedObject" in Events for Nodes. ([#87537](https://github.com/kubernetes/kubernetes/pull/87537), [@uthark](https://github.com/uthark)) [SIG Apps and Node]
-- Fix nil pointer dereference in azure cloud provider ([#85975](https://github.com/kubernetes/kubernetes/pull/85975), [@ldx](https://github.com/ldx)) [SIG Cloud Provider]
-- Fix regression in statefulset conversion which prevents applying a statefulset multiple times. ([#87706](https://github.com/kubernetes/kubernetes/pull/87706), [@liggitt](https://github.com/liggitt)) [SIG Apps and Testing]
-- Fix route conflicted operations when updating multiple routes together ([#88209](https://github.com/kubernetes/kubernetes/pull/88209), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Fix that prevents repeated fetching of PVC/PV objects by kubelet when processing of pod volumes fails. While this prevents hammering API server in these error scenarios, it means that some errors in processing volume(s) for a pod could now take up to 2-3 minutes before retry. ([#88141](https://github.com/kubernetes/kubernetes/pull/88141), [@tedyu](https://github.com/tedyu)) [SIG Node and Storage]
-- Fix the bug PIP's DNS is deleted if no DNS label service annotation isn't set. ([#87246](https://github.com/kubernetes/kubernetes/pull/87246), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider]
-- Fix control plane hosts rolling upgrade causing thundering herd of LISTs on etcd leading to control plane unavailability. ([#86430](https://github.com/kubernetes/kubernetes/pull/86430), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery, Node and Testing]
-- Fix: add azure disk migration support for CSINode ([#88014](https://github.com/kubernetes/kubernetes/pull/88014), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]
-- Fix: add non-retriable errors in azure clients ([#87941](https://github.com/kubernetes/kubernetes/pull/87941), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider]
-- Fix: add remediation in azure disk attach/detach ([#88444](https://github.com/kubernetes/kubernetes/pull/88444), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider]
-- Fix: azure data disk should use same key as os disk by default ([#86351](https://github.com/kubernetes/kubernetes/pull/86351), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider]
-- Fix: azure disk could not mounted on Standard_DC4s/DC2s instances ([#86612](https://github.com/kubernetes/kubernetes/pull/86612), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]
-- Fix: azure file mount timeout issue ([#88610](https://github.com/kubernetes/kubernetes/pull/88610), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]
-- Fix: check disk status before disk azure disk ([#88360](https://github.com/kubernetes/kubernetes/pull/88360), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider]
-- Fix: corrupted mount point in csi driver ([#88569](https://github.com/kubernetes/kubernetes/pull/88569), [@andyzhangx](https://github.com/andyzhangx)) [SIG Storage]
-- Fix: get azure disk lun timeout issue ([#88158](https://github.com/kubernetes/kubernetes/pull/88158), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]
-- Fix: update azure disk max count ([#88201](https://github.com/kubernetes/kubernetes/pull/88201), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]
-- Fixed "requested device X but found Y" attach error on AWS. ([#85675](https://github.com/kubernetes/kubernetes/pull/85675), [@jsafrane](https://github.com/jsafrane)) [SIG Cloud Provider and Storage]
-- Fixed NetworkPolicy validation that `Except` values are accepted when they are outside the CIDR range. ([#86578](https://github.com/kubernetes/kubernetes/pull/86578), [@tnqn](https://github.com/tnqn)) [SIG Network]
-- Fixed a bug in the TopologyManager. Previously, the TopologyManager would only guarantee alignment if container creation was serialized in some way. Alignment is now guaranteed under all scenarios of container creation. ([#87759](https://github.com/kubernetes/kubernetes/pull/87759), [@klueska](https://github.com/klueska)) [SIG Node]
-- Fixed a bug which could prevent a provider ID from ever being set for node if an error occurred determining the provider ID when the node was added. ([#87043](https://github.com/kubernetes/kubernetes/pull/87043), [@zjs](https://github.com/zjs)) [SIG Apps and Cloud Provider]
-- Fixed a data race in the kubelet image manager that can cause static pod workers to silently stop working. ([#88915](https://github.com/kubernetes/kubernetes/pull/88915), [@roycaihw](https://github.com/roycaihw)) [SIG Node]
-- Fixed a panic in the kubelet cleaning up pod volumes ([#86277](https://github.com/kubernetes/kubernetes/pull/86277), [@tedyu](https://github.com/tedyu)) [SIG Storage]
-- Fixed a regression where the kubelet would fail to update the ready status of pods. ([#84951](https://github.com/kubernetes/kubernetes/pull/84951), [@tedyu](https://github.com/tedyu)) [SIG Node]
-- Fixed an issue that could cause the kubelet to incorrectly run concurrent pod reconciliation loops and crash. ([#89055](https://github.com/kubernetes/kubernetes/pull/89055), [@tedyu](https://github.com/tedyu)) [SIG Node]
-- Fixed block CSI volume cleanup after timeouts. ([#88660](https://github.com/kubernetes/kubernetes/pull/88660), [@jsafrane](https://github.com/jsafrane)) [SIG Storage]
-- Fixed cleaning of CSI raw block volumes. ([#87978](https://github.com/kubernetes/kubernetes/pull/87978), [@jsafrane](https://github.com/jsafrane)) [SIG Storage]
-- Fixed AWS Cloud Provider attempting to delete LoadBalancer security group it didn’t provision, and fixed AWS Cloud Provider creating a default LoadBalancer security group even if annotation `service.beta.kubernetes.io/aws-load-balancer-security-groups` is present because the intended behavior of aws-load-balancer-security-groups is to replace all security groups assigned to the load balancer. ([#84265](https://github.com/kubernetes/kubernetes/pull/84265), [@bhagwat070919](https://github.com/bhagwat070919)) [SIG Cloud Provider]
-- Fixed two scheduler metrics (pending_pods and schedule_attempts_total) not being recorded ([#87692](https://github.com/kubernetes/kubernetes/pull/87692), [@everpeace](https://github.com/everpeace)) [SIG Scheduling]
-- Fixes an issue with kubelet-reported pod status on deleted/recreated pods. ([#86320](https://github.com/kubernetes/kubernetes/pull/86320), [@liggitt](https://github.com/liggitt)) [SIG Node]
-- Fixes conversion error in multi-version custom resources that could cause metadata.generation to increment on no-op patches or updates of a custom resource. ([#88995](https://github.com/kubernetes/kubernetes/pull/88995), [@liggitt](https://github.com/liggitt)) [SIG API Machinery]
-- Fixes issue where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc. The audience claim before this fix has "spn:" prefix. After this fix, "spn:" prefix is omitted. ([#86412](https://github.com/kubernetes/kubernetes/pull/86412), [@weinong](https://github.com/weinong)) [SIG API Machinery, Auth and Cloud Provider]
-- Fixes an issue where you can't attach more than 15 GCE Persistent Disks to c2, n2, m1, m2 machine types. ([#88602](https://github.com/kubernetes/kubernetes/pull/88602), [@yuga711](https://github.com/yuga711)) [SIG Storage]
-- Fixes kube-proxy when EndpointSlice feature gate is enabled on Windows. ([#86016](https://github.com/kubernetes/kubernetes/pull/86016), [@robscott](https://github.com/robscott)) [SIG Auth and Network]
-- Fixes kubelet crash in client certificate rotation cases ([#88079](https://github.com/kubernetes/kubernetes/pull/88079), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Auth and Node]
-- Fixes service account token admission error in clusters that do not run the service account token controller ([#87029](https://github.com/kubernetes/kubernetes/pull/87029), [@liggitt](https://github.com/liggitt)) [SIG Auth]
-- Fixes v1.17.0 regression in --service-cluster-ip-range handling with IPv4 ranges larger than 65536 IP addresses ([#86534](https://github.com/kubernetes/kubernetes/pull/86534), [@liggitt](https://github.com/liggitt)) [SIG Network]
-- Fixes wrong validation result of NetworkPolicy PolicyTypes ([#85747](https://github.com/kubernetes/kubernetes/pull/85747), [@tnqn](https://github.com/tnqn)) [SIG Network]
-- For subprotocol negotiation, both client and server protocol is required now. ([#86646](https://github.com/kubernetes/kubernetes/pull/86646), [@tedyu](https://github.com/tedyu)) [SIG API Machinery and Node]
-- For volumes that allow attaches across multiple nodes, attach and detach operations across different nodes are now executed in parallel. ([#88678](https://github.com/kubernetes/kubernetes/pull/88678), [@verult](https://github.com/verult)) [SIG Storage]
-- Garbage collector now can correctly orphan ControllerRevisions when StatefulSets are deleted with orphan propagation policy. ([#84984](https://github.com/kubernetes/kubernetes/pull/84984), [@cofyc](https://github.com/cofyc)) [SIG Apps]
-- `Get-kube.sh` uses the gcloud's current local GCP service account for auth when the provider is GCE or GKE instead of the metadata server default ([#88383](https://github.com/kubernetes/kubernetes/pull/88383), [@BenTheElder](https://github.com/BenTheElder)) [SIG Cluster Lifecycle]
-- Golang/x/net has been updated to bring in fixes for CVE-2020-9283 ([#88381](https://github.com/kubernetes/kubernetes/pull/88381), [@BenTheElder](https://github.com/BenTheElder)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle and Instrumentation]
-- If a serving certificate’s param specifies a name that is an IP for an SNI certificate, it will have priority for replying to server connections. ([#85308](https://github.com/kubernetes/kubernetes/pull/85308), [@deads2k](https://github.com/deads2k)) [SIG API Machinery]
-- Improved yaml parsing performance ([#85458](https://github.com/kubernetes/kubernetes/pull/85458), [@cjcullen](https://github.com/cjcullen)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Node]
-- Improves performance of the node authorizer ([#87696](https://github.com/kubernetes/kubernetes/pull/87696), [@liggitt](https://github.com/liggitt)) [SIG Auth]
-- In GKE alpha clusters it will be possible to use the service annotation `cloud.google.com/network-tier: Standard` ([#88487](https://github.com/kubernetes/kubernetes/pull/88487), [@zioproto](https://github.com/zioproto)) [SIG Cloud Provider]
-- Includes FSType when describing CSI persistent volumes. ([#85293](https://github.com/kubernetes/kubernetes/pull/85293), [@huffmanca](https://github.com/huffmanca)) [SIG CLI and Storage]
-- Iptables/userspace proxy: improve performance by getting local addresses only once per sync loop, instead of for every external IP ([#85617](https://github.com/kubernetes/kubernetes/pull/85617), [@andrewsykim](https://github.com/andrewsykim)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Network]
-- Kube-aggregator: always sets unavailableGauge metric to reflect the current state of a service. ([#87778](https://github.com/kubernetes/kubernetes/pull/87778), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG API Machinery]
-- Kube-apiserver: fixed a conflict error encountered attempting to delete a pod with gracePeriodSeconds=0 and a resourceVersion precondition ([#85516](https://github.com/kubernetes/kubernetes/pull/85516), [@michaelgugino](https://github.com/michaelgugino)) [SIG API Machinery]
-- Kube-proxy no longer modifies shared EndpointSlices. ([#86092](https://github.com/kubernetes/kubernetes/pull/86092), [@robscott](https://github.com/robscott)) [SIG Network]
-- Kube-proxy: on dual-stack mode, if it is not able to get the IP Family of an endpoint, logs it with level InfoV(4) instead of Warning, avoiding flooding the logs for endpoints without addresses ([#88934](https://github.com/kubernetes/kubernetes/pull/88934), [@aojea](https://github.com/aojea)) [SIG Network]
-- Kubeadm allows to configure single-stack clusters if dual-stack is enabled ([#87453](https://github.com/kubernetes/kubernetes/pull/87453), [@aojea](https://github.com/aojea)) [SIG API Machinery, Cluster Lifecycle and Network]
-- Kubeadm now includes CoreDNS version 1.6.7 ([#86260](https://github.com/kubernetes/kubernetes/pull/86260), [@rajansandeep](https://github.com/rajansandeep)) [SIG Cluster Lifecycle]
-- Kubeadm upgrades always persist the etcd backup for stacked ([#86861](https://github.com/kubernetes/kubernetes/pull/86861), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
-- Kubeadm: 'kubeadm alpha kubelet config download' has been removed, please use 'kubeadm upgrade node phase kubelet-config' instead ([#87944](https://github.com/kubernetes/kubernetes/pull/87944), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
-- Kubeadm: Forward cluster name to the controller-manager arguments ([#85817](https://github.com/kubernetes/kubernetes/pull/85817), [@ereslibre](https://github.com/ereslibre)) [SIG Cluster Lifecycle]
-- Kubeadm: add support for the "ci/k8s-master" version label as a replacement for "ci-cross/*", which no longer exists. ([#86609](https://github.com/kubernetes/kubernetes/pull/86609), [@Pensu](https://github.com/Pensu)) [SIG Cluster Lifecycle]
-- Kubeadm: apply further improvements to the tentative support for concurrent etcd member join. Fixes a bug where multiple members can receive the same hostname. Increase the etcd client dial timeout and retry timeout for add/remove/... operations. ([#87505](https://github.com/kubernetes/kubernetes/pull/87505), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
-- Kubeadm: don't write the kubelet environment file on "upgrade apply" ([#85412](https://github.com/kubernetes/kubernetes/pull/85412), [@boluisa](https://github.com/boluisa)) [SIG Cluster Lifecycle]
-- Kubeadm: fix potential panic when executing "kubeadm reset" with a corrupted kubelet.conf file ([#86216](https://github.com/kubernetes/kubernetes/pull/86216), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
-- Kubeadm: fix the bug that 'kubeadm upgrade' hangs in single node cluster ([#88434](https://github.com/kubernetes/kubernetes/pull/88434), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
-- Kubeadm: make sure images are pre-pulled even if a tag did not change but their contents changed ([#85603](https://github.com/kubernetes/kubernetes/pull/85603), [@bart0sh](https://github.com/bart0sh)) [SIG Cluster Lifecycle]
-- Kubeadm: remove 'kubeadm upgrade node config' command since it was deprecated in v1.15, please use 'kubeadm upgrade node phase kubelet-config' instead ([#87975](https://github.com/kubernetes/kubernetes/pull/87975), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
-- Kubeadm: remove the deprecated CoreDNS feature-gate. It was set to "true" since v1.11 when the feature went GA. In v1.13 it was marked as deprecated and hidden from the CLI. ([#87400](https://github.com/kubernetes/kubernetes/pull/87400), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
-- Kubeadm: retry `kubeadm-config` ConfigMap creation or mutation if the apiserver is not responding. This will improve resiliency when joining new control plane nodes. ([#85763](https://github.com/kubernetes/kubernetes/pull/85763), [@ereslibre](https://github.com/ereslibre)) [SIG Cluster Lifecycle]
-- Kubeadm: tolerate whitespace when validating certificate authority PEM data in kubeconfig files ([#86705](https://github.com/kubernetes/kubernetes/pull/86705), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
-- Kubeadm: use bind-address option to configure the kube-controller-manager and kube-scheduler http probes ([#86493](https://github.com/kubernetes/kubernetes/pull/86493), [@aojea](https://github.com/aojea)) [SIG Cluster Lifecycle]
-- Kubeadm: uses the api-server AdvertiseAddress IP family to choose the etcd endpoint IP family for non external etcd clusters ([#85745](https://github.com/kubernetes/kubernetes/pull/85745), [@aojea](https://github.com/aojea)) [SIG Cluster Lifecycle]
-- Kubectl cluster-info dump --output-directory=xxx now generates files with an extension depending on the output format. ([#82070](https://github.com/kubernetes/kubernetes/pull/82070), [@olivierlemasle](https://github.com/olivierlemasle)) [SIG CLI]
-- `Kubectl describe ` and `kubectl top pod` will return a message saying `"No resources found"` or `"No resources found in namespace"` if there are no results to display. ([#87527](https://github.com/kubernetes/kubernetes/pull/87527), [@brianpursley](https://github.com/brianpursley)) [SIG CLI]
-- `Kubectl drain node --dry-run` will list pods that would be evicted or deleted ([#82660](https://github.com/kubernetes/kubernetes/pull/82660), [@sallyom](https://github.com/sallyom)) [SIG CLI]
-- `Kubectl set resources` will no longer return an error if passed an empty change for a resource. `kubectl set subject` will no longer return an error if passed an empty change for a resource. ([#85490](https://github.com/kubernetes/kubernetes/pull/85490), [@sallyom](https://github.com/sallyom)) [SIG CLI]
-- Kubelet metrics gathered through metrics-server or prometheus should no longer timeout for Windows nodes running more than 3 pods. ([#87730](https://github.com/kubernetes/kubernetes/pull/87730), [@marosset](https://github.com/marosset)) [SIG Node, Testing and Windows]
-- Kubelet metrics have been changed to buckets. For example the `exec/{podNamespace}/{podID}/{containerName}` is now just exec. ([#87913](https://github.com/kubernetes/kubernetes/pull/87913), [@cheftako](https://github.com/cheftako)) [SIG Node]
-- Kubelets perform fewer unnecessary pod status update operations on the API server. ([#88591](https://github.com/kubernetes/kubernetes/pull/88591), [@smarterclayton](https://github.com/smarterclayton)) [SIG Node and Scalability]
-- Kubernetes will try to acquire the iptables lock every 100 msec during 5 seconds instead of every second. This is especially useful for environments using kube-proxy in iptables mode with a high churn rate of services. ([#85771](https://github.com/kubernetes/kubernetes/pull/85771), [@aojea](https://github.com/aojea)) [SIG Network]
-- Limit number of instances in a single update to GCE target pool to 1000. ([#87881](https://github.com/kubernetes/kubernetes/pull/87881), [@wojtek-t](https://github.com/wojtek-t)) [SIG Cloud Provider, Network and Scalability]
-- Make Azure clients only retry on specified HTTP status codes ([#88017](https://github.com/kubernetes/kubernetes/pull/88017), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Make error message and service event message more clear ([#86078](https://github.com/kubernetes/kubernetes/pull/86078), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Minimize AWS NLB health check timeout when externalTrafficPolicy set to Local ([#73363](https://github.com/kubernetes/kubernetes/pull/73363), [@kellycampbell](https://github.com/kellycampbell)) [SIG Cloud Provider]
-- Pause image contains "Architecture" in non-amd64 images ([#87954](https://github.com/kubernetes/kubernetes/pull/87954), [@BenTheElder](https://github.com/BenTheElder)) [SIG Release]
-- Pause image upgraded to 3.2 in kubelet and kubeadm. ([#88173](https://github.com/kubernetes/kubernetes/pull/88173), [@BenTheElder](https://github.com/BenTheElder)) [SIG CLI, Cluster Lifecycle, Node and Testing]
-- Plugin/PluginConfig and Policy APIs are mutually exclusive when running the scheduler ([#88864](https://github.com/kubernetes/kubernetes/pull/88864), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling]
-- Remove `FilteredNodesStatuses` argument from `PreScore`'s interface. ([#88189](https://github.com/kubernetes/kubernetes/pull/88189), [@skilxn-go](https://github.com/skilxn-go)) [SIG Scheduling and Testing]
-- Resolved a performance issue in the node authorizer index maintenance. ([#87693](https://github.com/kubernetes/kubernetes/pull/87693), [@liggitt](https://github.com/liggitt)) [SIG Auth]
-- Resolved regression in admission, authentication, and authorization webhook performance in v1.17.0-rc.1 ([#85810](https://github.com/kubernetes/kubernetes/pull/85810), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Testing]
-- Resolves performance regression in `kubectl get all` and in client-go discovery clients constructed using `NewDiscoveryClientForConfig` or `NewDiscoveryClientForConfigOrDie`. ([#86168](https://github.com/kubernetes/kubernetes/pull/86168), [@liggitt](https://github.com/liggitt)) [SIG API Machinery]
-- Reverted a kubectl azure auth module change where oidc claim spn: prefix was omitted resulting a breaking behavior with existing Azure AD OIDC enabled api-server ([#87507](https://github.com/kubernetes/kubernetes/pull/87507), [@weinong](https://github.com/weinong)) [SIG API Machinery, Auth and Cloud Provider]
-- Shared informers are now more reliable in the face of network disruption. ([#86015](https://github.com/kubernetes/kubernetes/pull/86015), [@squeed](https://github.com/squeed)) [SIG API Machinery]
-- Specifying PluginConfig for the same plugin more than once fails scheduler startup.
- Specifying extenders and configuring .ignoredResources for the NodeResourcesFit plugin fails ([#88870](https://github.com/kubernetes/kubernetes/pull/88870), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling]
-- Terminating a restartPolicy=Never pod no longer has a chance to report the pod succeeded when it actually failed. ([#88440](https://github.com/kubernetes/kubernetes/pull/88440), [@smarterclayton](https://github.com/smarterclayton)) [SIG Node and Testing]
-- The CSR signing cert/key pairs will be reloaded from disk like the kube-apiserver cert/key pairs ([#86816](https://github.com/kubernetes/kubernetes/pull/86816), [@deads2k](https://github.com/deads2k)) [SIG API Machinery, Apps and Auth]
-- The EventRecorder from k8s.io/client-go/tools/events will now create events in the default namespace (instead of kube-system) when the related object does not have it set. ([#88815](https://github.com/kubernetes/kubernetes/pull/88815), [@enj](https://github.com/enj)) [SIG API Machinery]
-- The audit event sourceIPs list will now always end with the IP that sent the request directly to the API server. ([#87167](https://github.com/kubernetes/kubernetes/pull/87167), [@tallclair](https://github.com/tallclair)) [SIG API Machinery and Auth]
-- The sample-apiserver aggregated conformance test has updated to use the Kubernetes v1.17.0 sample apiserver ([#84735](https://github.com/kubernetes/kubernetes/pull/84735), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Architecture, CLI and Testing]
-- To reduce chances of throttling, VM cache is set to nil when Azure node provisioning state is deleting ([#87635](https://github.com/kubernetes/kubernetes/pull/87635), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- VMSS cache is added so that less chances of VMSS GET throttling ([#85885](https://github.com/kubernetes/kubernetes/pull/85885), [@nilo19](https://github.com/nilo19)) [SIG Cloud Provider]
-- Wait for kubelet & kube-proxy to be ready on Windows node within 10s ([#85228](https://github.com/kubernetes/kubernetes/pull/85228), [@YangLu1031](https://github.com/YangLu1031)) [SIG Cluster Lifecycle]
-- `kubectl apply -f --prune -n ` should prune all resources not defined in the file in the cli specified namespace. ([#85613](https://github.com/kubernetes/kubernetes/pull/85613), [@MartinKaburu](https://github.com/MartinKaburu)) [SIG CLI]
-- `kubectl create clusterrolebinding` creates rbac.authorization.k8s.io/v1 object ([#85889](https://github.com/kubernetes/kubernetes/pull/85889), [@oke-py](https://github.com/oke-py)) [SIG CLI]
-- `kubectl diff` now returns 1 only on diff finding changes, and >1 on kubectl errors. The "exit status code 1" message has also been muted. ([#87437](https://github.com/kubernetes/kubernetes/pull/87437), [@apelisse](https://github.com/apelisse)) [SIG CLI and Testing]
-
-## Dependencies
-
-- Update Calico to v3.8.4 ([#84163](https://github.com/kubernetes/kubernetes/pull/84163), [@david-tigera](https://github.com/david-tigera))[SIG Cluster Lifecycle]
-- Update aws-sdk-go dependency to v1.28.2 ([#87253](https://github.com/kubernetes/kubernetes/pull/87253), [@SaranBalaji90](https://github.com/SaranBalaji90))[SIG API Machinery and Cloud Provider]
-- Update CNI version to v0.8.5 ([#78819](https://github.com/kubernetes/kubernetes/pull/78819), [@justaugustus](https://github.com/justaugustus))[SIG Release, Testing, Network, Cluster Lifecycle and API Machinery]
-- Update cri-tools to v1.17.0 ([#86305](https://github.com/kubernetes/kubernetes/pull/86305), [@saschagrunert](https://github.com/saschagrunert))[SIG Release and Cluster Lifecycle]
-- Pause image upgraded to 3.2 in kubelet and kubeadm ([#88173](https://github.com/kubernetes/kubernetes/pull/88173), [@BenTheElder](https://github.com/BenTheElder))[SIG CLI, Node, Testing and Cluster Lifecycle]
-- Update CoreDNS version to 1.6.7 in kubeadm ([#86260](https://github.com/kubernetes/kubernetes/pull/86260), [@rajansandeep](https://github.com/rajansandeep))[SIG Cluster Lifecycle]
-- Update golang.org/x/crypto to fix CVE-2020-9283 ([#8838](https://github.com/kubernetes/kubernetes/pull/88381), [@BenTheElder](https://github.com/BenTheElder))[SIG CLI, Instrumentation, API Machinery, CLuster Lifecycle and Cloud Provider]
-- Update Go to 1.13.8 ([#87648](https://github.com/kubernetes/kubernetes/pull/87648), [@ialidzhikov](https://github.com/ialidzhikov))[SIG Release and Testing]
-- Update Cluster-Autoscaler to 1.18.0 ([#89095](https://github.com/kubernetes/kubernetes/pull/89095), [@losipiuk](https://github.com/losipiuk))[SIG Autoscaling and Cluster Lifecycle]
-
-
-
-# v1.18.0-rc.1
-
-[Documentation](https://docs.k8s.io)
-
-## Downloads for v1.18.0-rc.1
-
-filename | sha512 hash
--------- | -----------
-[kubernetes.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes.tar.gz) | `c17231d5de2e0677e8af8259baa11a388625821c79b86362049f2edb366404d6f4b4587b8f13ccbceeb2f32c6a9fe98607f779c0f3e1caec438f002e3a2c8c21`
-[kubernetes-src.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-src.tar.gz) | `e84ffad57c301f5d6e90f916b996d5abb0c987928c3ca6b1565f7b042588f839b994ca12c43fc36f0ffb63f9fabc15110eb08be253b8939f49cd951e956da618`
-
-### Client Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-client-darwin-386.tar.gz) | `1aea99923d492436b3eb91aaecffac94e5d0aa2b38a0930d266fda85c665bbc4569745c409aa302247df3b578ce60324e7a489eb26240e97d4e65a67428ea3d1`
-[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-client-darwin-amd64.tar.gz) | `07fa7340a959740bd52b83ff44438bbd988e235277dad1e43f125f08ac85230a24a3b755f4e4c8645743444fa2b66a3602fc445d7da6d2fc3770e8c21ba24b33`
-[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-client-linux-386.tar.gz) | `48cebd26448fdd47aa36257baa4c716a98fda055bbf6a05230f2a3fe3c1b99b4e483668661415392190f3eebb9cb6e15c784626b48bb2541d93a37902f0e3974`
-[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-client-linux-amd64.tar.gz) | `c3a5fedf263f07a07f59c01fea6c63c1e0b76ee8dc67c45b6c134255c28ed69171ccc2f91b6a45d6a8ec5570a0a7562e24c33b9d7b0d1a864f4dc04b178b3c04`
-[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-client-linux-arm.tar.gz) | `a6b11a55bd38583bbaac14931a6862f8ce6493afe30947ba29e5556654a571593358278df59412bbeb6888fa127e9ae4c0047a9d46cb59394995010796df6b14`
-[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-client-linux-arm64.tar.gz) | `9e15331ac8010154a9b64f5488969fc8ee2f21059639896cb84c5cf4f05f4c9d1d8970cb6f9831de6b34013848227c1972c12a698d07aac1ecc056e972fe6f79`
-[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-client-linux-ppc64le.tar.gz) | `f828fe6252678de9d4822e482f5873309ae9139b2db87298ab3273ce45d38aa07b6b9b42b76c140705f27ba71e101d58b43e59ac7259d7c08dc647ea809e207c`
-[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-client-linux-s390x.tar.gz) | `19da4b45f0666c063934af616f3e7ed3caa99d4ee1e46d53efadc7a8a4d38e43a36ced7249acd7ad3dcc4b4f60d8451b4f7ec7727e478ee2fadd14d353228bce`
-[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-client-windows-386.tar.gz) | `775c9afb6cb3e7c4ba53e9f48a5df2cf207234a33059bd74448bc9f177dd120fb3f9c58ab45048a566326acc43bc8a67e886e10ef99f20780c8f63bb17426ebd`
-[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-client-windows-amd64.tar.gz) | `208d2595a5b57ac97aac75b4a2a6130f0c937f781a030bde1a432daf4bc51f2fa523fca2eb84c38798489c4b536ee90aad22f7be8477985d9691d51ad8e1c4dc`
-
-### Server Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-server-linux-amd64.tar.gz) | `dcf832eae04f9f52ff473754ef5cfe697b35f4dc1a282622c94fa10943c8c35f4a8777a0c58c7de871c3c428c8973bf72d6bcd8751416d4c682125268b8fcefe`
-[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-server-linux-arm.tar.gz) | `a04e34bea28eb1c8b492e8b1dd3c0dd87ebee71a7dbbef72be10a335e553361af7e48296e504f9844496b04e66350871114d20cfac3f3b49550d8be60f324ba3`
-[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-server-linux-arm64.tar.gz) | `a6af086b07a8c2e498f32b43e6511bf6a5e6baf358c572c6910c8df17cd6cae94f562f459714fcead1595767cb14c7f639c5735f1411173bbd38d5604c082a77`
-[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-server-linux-ppc64le.tar.gz) | `5a960ef5ba0c255f587f2ac0b028cd03136dc91e4efc5d1becab46417852e5524d18572b6f66259531ec6fea997da3c4d162ac153a9439672154375053fec6c7`
-[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-server-linux-s390x.tar.gz) | `0f32c7d9b14bc238b9a5764d8f00edc4d3bf36bcf06b340b81061424e6070768962425194a8c2025c3a7ffb97b1de551d3ad23d1591ae34dd4e3ba25ab364c33`
-
-### Node Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-node-linux-amd64.tar.gz) | `27d8955d535d14f3f4dca501fd27e4f06fad84c6da878ea5332a5c83b6955667f6f731bfacaf5a3a23c09f14caa400f9bee927a0f269f5374de7f79cd1919b3b`
-[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-node-linux-arm.tar.gz) | `0d56eccad63ba608335988e90b377fe8ae978b177dc836cdb803a5c99d99e8f3399a666d9477ca9cfe5964944993e85c416aec10a99323e3246141efc0b1cc9e`
-[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-node-linux-arm64.tar.gz) | `79bb9be66f9e892d866b28e5cc838245818edb9706981fab6ccbff493181b341c1fcf6fe5d2342120a112eb93af413f5ba191cfba1ab4c4a8b0546a5ad8ec220`
-[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-node-linux-ppc64le.tar.gz) | `3e9e2c6f9a2747d828069511dce8b4034c773c2d122f005f4508e22518055c1e055268d9d86773bbd26fbd2d887d783f408142c6c2f56ab2f2365236fd4d2635`
-[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-node-linux-s390x.tar.gz) | `4f96e018c336fa13bb6df6f7217fe46a2b5c47f806f786499c429604ccba2ebe558503ab2c72f63250aa25b61dae2d166e4b80ae10f6ab37d714f87c1dcf6691`
-[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0-rc.1/kubernetes-node-windows-amd64.tar.gz) | `ab110d76d506746af345e5897ef4f6993d5f53ac818ba69a334f3641047351aa63bfb3582841a9afca51dd0baff8b9010077d9c8ec85d2d69e4172b8d4b338b0`
-
-## Changelog since v1.18.0-beta.2
-
-## Changes by Kind
-
-### API Change
-
-- Removes ConfigMap as suggestion for IngressClass parameters ([#89093](https://github.com/kubernetes/kubernetes/pull/89093), [@robscott](https://github.com/robscott)) [SIG Network]
-
-### Other (Bug, Cleanup or Flake)
-
-- EndpointSlice should not contain endpoints for terminating pods ([#89056](https://github.com/kubernetes/kubernetes/pull/89056), [@andrewsykim](https://github.com/andrewsykim)) [SIG Apps and Network]
-- Fix a bug where ExternalTrafficPolicy is not applied to service ExternalIPs. ([#88786](https://github.com/kubernetes/kubernetes/pull/88786), [@freehan](https://github.com/freehan)) [SIG Network]
-- Fix invalid VMSS updates due to incorrect cache ([#89002](https://github.com/kubernetes/kubernetes/pull/89002), [@ArchangelSDY](https://github.com/ArchangelSDY)) [SIG Cloud Provider]
-- Fix isCurrentInstance for Windows by removing the dependency of hostname. ([#89138](https://github.com/kubernetes/kubernetes/pull/89138), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Fixed a data race in kubelet image manager that can cause static pod workers to silently stop working. ([#88915](https://github.com/kubernetes/kubernetes/pull/88915), [@roycaihw](https://github.com/roycaihw)) [SIG Node]
-- Fixed an issue that could cause the kubelet to incorrectly run concurrent pod reconciliation loops and crash. ([#89055](https://github.com/kubernetes/kubernetes/pull/89055), [@tedyu](https://github.com/tedyu)) [SIG Node]
-- Kube-proxy: on dual-stack mode, if it is not able to get the IP Family of an endpoint, logs it with level InfoV(4) instead of Warning, avoiding flooding the logs for endpoints without addresses ([#88934](https://github.com/kubernetes/kubernetes/pull/88934), [@aojea](https://github.com/aojea)) [SIG Network]
-- Update Cluster Autoscaler to 1.18.0; changelog: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.18.0 ([#89095](https://github.com/kubernetes/kubernetes/pull/89095), [@losipiuk](https://github.com/losipiuk)) [SIG Autoscaling and Cluster Lifecycle]
-
-
-# v1.18.0-beta.2
-
-[Documentation](https://docs.k8s.io)
-
-## Downloads for v1.18.0-beta.2
-
-filename | sha512 hash
--------- | -----------
-[kubernetes.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes.tar.gz) | `3017430ca17f8a3523669b4a02c39cedfc6c48b07281bc0a67a9fbe9d76547b76f09529172cc01984765353a6134a43733b7315e0dff370bba2635dd2a6289af`
-[kubernetes-src.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-src.tar.gz) | `c5fd60601380a99efff4458b1c9cf4dc02195f6f756b36e590e54dff68f7064daf32cf63980dddee13ef9dec7a60ad4eeb47a288083fdbbeeef4bc038384e9ea`
-
-### Client Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-client-darwin-386.tar.gz) | `7e49ede167b9271d4171e477fa21d267b2fb35f80869337d5b323198dc12f71b61441975bf925ad6e6cd7b61cbf6372d386417dc1e5c9b3c87ae651021c37237`
-[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-client-darwin-amd64.tar.gz) | `3f5cdf0e85eee7d0773e0ae2df1c61329dea90e0da92b02dae1ffd101008dc4bade1c4951fc09f0cad306f0bcb7d16da8654334ddee43d5015913cc4ac8f3eda`
-[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-client-linux-386.tar.gz) | `b67b41c11bfecb88017c33feee21735c56f24cf6f7851b63c752495fc0fb563cd417a67a81f46bca091f74dc00fca1f296e483d2e3dfe2004ea4b42e252d30b9`
-[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-client-linux-amd64.tar.gz) | `1fef2197cb80003e3a5c26f05e889af9d85fbbc23e27747944d2997ace4bfa28f3670b13c08f5e26b7e274176b4e2df89c1162aebd8b9506e63b39b311b2d405`
-[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-client-linux-arm.tar.gz) | `84e5f4d9776490219ee94a84adccd5dfc7c0362eb330709771afcde95ec83f03d96fe7399eec218e47af0a1e6445e24d95e6f9c66c0882ef8233a09ff2022420`
-[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-client-linux-arm64.tar.gz) | `ba613b114e0cca32fa21a3d10f845aa2f215d3af54e775f917ff93919f7dd7075efe254e4047a85a1f4b817fc2bd78006c2e8873885f1208cbc02db99e2e2e25`
-[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-client-linux-ppc64le.tar.gz) | `502a6938d8c4bbe04abbd19b59919d86765058ff72334848be4012cec493e0e7027c6cd950cf501367ac2026eea9f518110cb72d1c792322b396fc2f73d23217`
-[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-client-linux-s390x.tar.gz) | `c24700e0ed2ef5c1d2dd282d638c88d90392ae90ea420837b39fd8e1cfc19525017325ccda71d8472fdaea174762208c09e1bba9bbc77c89deef6fac5e847ba2`
-[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-client-windows-386.tar.gz) | `0d4c5a741b052f790c8b0923c9586ee9906225e51cf4dc8a56fc303d4d61bb5bf77fba9e65151dec7be854ff31da8fc2dcd3214563e1b4b9951e6af4aa643da4`
-[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-client-windows-amd64.tar.gz) | `841ef2e306c0c9593f04d9528ee019bf3b667761227d9afc1d6ca8bf1aa5631dc25f5fe13ff329c4bf0c816b971fd0dec808f879721e0f3bf51ce49772b38010`
-
-### Server Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-server-linux-amd64.tar.gz) | `b373df2e6ef55215e712315a5508e85a39126bd81b7b93c6b6305238919a88c740077828a6f19bcd97141951048ef7a19806ef6b1c3e1772dbc45715c5fcb3af`
-[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-server-linux-arm.tar.gz) | `b8103cb743c23076ce8dd7c2da01c8dd5a542fbac8480e82dc673139c8ee5ec4495ca33695e7a18dd36412cf1e18ed84c8de05042525ddd8e869fbdfa2766569`
-[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-server-linux-arm64.tar.gz) | `8f8f05cf64fb9c8d80cdcb4935b2d3e3edc48bdd303231ae12f93e3f4d979237490744a11e24ba7f52dbb017ca321a8e31624dcffa391b8afda3d02078767fa0`
-[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-server-linux-ppc64le.tar.gz) | `b313b911c46f2ec129537407af3f165f238e48caeb4b9e530783ffa3659304a544ed02bef8ece715c279373b9fb2c781bd4475560e02c4b98a6d79837bc81938`
-[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-server-linux-s390x.tar.gz) | `a1b6b06571141f507b12e5ef98efb88f4b6b9aba924722b2a74f11278d29a2972ab8290608360151d124608e6e24da0eb3516d484cb5fa12ff2987562f15964a`
-
-### Node Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-node-linux-amd64.tar.gz) | `20e02ca327543cddb2568ead3d5de164cbfb2914ab6416106d906bf12fcfbc4e55b13bea4d6a515e8feab038e2c929d72c4d6909dfd7881ba69fd1e8c772ab99`
-[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-node-linux-arm.tar.gz) | `ecd817ef05d6284f9c6592b84b0a48ea31cf4487030c9fb36518474b2a33dad11b9c852774682e60e4e8b074e6bea7016584ca281dddbe2994da5eaf909025c0`
-[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-node-linux-arm64.tar.gz) | `0020d32b7908ffd5055c8b26a8b3033e4702f89efcfffe3f6fcdb8a9921fa8eaaed4193c85597c24afd8c523662454f233521bb7055841a54c182521217ccc9d`
-[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-node-linux-ppc64le.tar.gz) | `e065411d66d486e7793449c1b2f5a412510b913bf7f4e728c0a20e275642b7668957050dc266952cdff09acc391369ae6ac5230184db89af6823ba400745f2fc`
-[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-node-linux-s390x.tar.gz) | `082ee90413beaaea41d6cbe9a18f7d783a95852607f3b94190e0ca12aacdd97d87e233b87117871bfb7d0a4b6302fbc7688549492a9bc50a2f43a5452504d3ce`
-[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0-beta.2/kubernetes-node-windows-amd64.tar.gz) | `fb5aca0cc36be703f9d4033eababd581bac5de8399c50594db087a99ed4cb56e4920e960eb81d0132d696d094729254eeda2a5c0cb6e65e3abca6c8d61da579e`
-
-## Changelog since v1.18.0-beta.1
-
-## Urgent Upgrade Notes
-
-### (No, really, you MUST read this before you upgrade)
-
-- `kubectl` no longer defaults to `http://localhost:8080`. If you own one of these legacy clusters, you are *strongly- encouraged to secure your server. If you cannot secure your server, you can set `KUBERNETES_MASTER` if you were relying on that behavior and you're a client-go user. Set `--server`, `--kubeconfig` or `KUBECONFIG` to make it work in `kubectl`. ([#86173](https://github.com/kubernetes/kubernetes/pull/86173), [@soltysh](https://github.com/soltysh)) [SIG API Machinery, CLI and Testing]
-
-## Changes by Kind
-
-### Deprecation
-
-- AlgorithmSource is removed from v1alpha2 Scheduler ComponentConfig ([#87999](https://github.com/kubernetes/kubernetes/pull/87999), [@damemi](https://github.com/damemi)) [SIG Scheduling]
-- Kube-proxy: deprecate `--healthz-port` and `--metrics-port` flag, please use `--healthz-bind-address` and `--metrics-bind-address` instead ([#88512](https://github.com/kubernetes/kubernetes/pull/88512), [@SataQiu](https://github.com/SataQiu)) [SIG Network]
-- Kubeadm: deprecate the usage of the experimental flag '--use-api' under the 'kubeadm alpha certs renew' command. ([#88827](https://github.com/kubernetes/kubernetes/pull/88827), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
-
-### API Change
-
-- A new IngressClass resource has been added to enable better Ingress configuration. ([#88509](https://github.com/kubernetes/kubernetes/pull/88509), [@robscott](https://github.com/robscott)) [SIG API Machinery, Apps, CLI, Network, Node and Testing]
-- Added GenericPVCDataSource feature gate to enable using arbitrary custom resources as the data source for a PVC. ([#88636](https://github.com/kubernetes/kubernetes/pull/88636), [@bswartz](https://github.com/bswartz)) [SIG Apps and Storage]
-- Allow user to specify fsgroup permission change policy for pods ([#88488](https://github.com/kubernetes/kubernetes/pull/88488), [@gnufied](https://github.com/gnufied)) [SIG Apps and Storage]
-- BlockVolume and CSIBlockVolume features are now GA. ([#88673](https://github.com/kubernetes/kubernetes/pull/88673), [@jsafrane](https://github.com/jsafrane)) [SIG Apps, Node and Storage]
-- CustomResourceDefinition schemas that use `x-kubernetes-list-map-keys` to specify properties that uniquely identify list items must make those properties required or have a default value, to ensure those properties are present for all list items. See https://kubernetes.io/docs/reference/using-api/api-concepts/#merge-strategy for details. ([#88076](https://github.com/kubernetes/kubernetes/pull/88076), [@eloyekunle](https://github.com/eloyekunle)) [SIG API Machinery and Testing]
-- Fixes a regression with clients prior to 1.15 not being able to update podIP in pod status, or podCIDR in node spec, against >= 1.16 API servers ([#88505](https://github.com/kubernetes/kubernetes/pull/88505), [@liggitt](https://github.com/liggitt)) [SIG Apps and Network]
-- Ingress: Add Exact and Prefix maching to Ingress PathTypes ([#88587](https://github.com/kubernetes/kubernetes/pull/88587), [@cmluciano](https://github.com/cmluciano)) [SIG Apps, Cluster Lifecycle and Network]
-- Ingress: Add alternate backends via TypedLocalObjectReference ([#88775](https://github.com/kubernetes/kubernetes/pull/88775), [@cmluciano](https://github.com/cmluciano)) [SIG Apps and Network]
-- Ingress: allow wildcard hosts in IngressRule ([#88858](https://github.com/kubernetes/kubernetes/pull/88858), [@cmluciano](https://github.com/cmluciano)) [SIG Network]
-- Kube-controller-manager and kube-scheduler expose profiling by default to match the kube-apiserver. Use `--enable-profiling=false` to disable. ([#88663](https://github.com/kubernetes/kubernetes/pull/88663), [@deads2k](https://github.com/deads2k)) [SIG API Machinery, Cloud Provider and Scheduling]
-- Move TaintBasedEvictions feature gates to GA ([#87487](https://github.com/kubernetes/kubernetes/pull/87487), [@skilxn-go](https://github.com/skilxn-go)) [SIG API Machinery, Apps, Node, Scheduling and Testing]
-- New flag --endpointslice-updates-batch-period in kube-controller-manager can be used to reduce number of endpointslice updates generated by pod changes. ([#88745](https://github.com/kubernetes/kubernetes/pull/88745), [@mborsz](https://github.com/mborsz)) [SIG API Machinery, Apps and Network]
-- Scheduler Extenders can now be configured in the v1alpha2 component config ([#88768](https://github.com/kubernetes/kubernetes/pull/88768), [@damemi](https://github.com/damemi)) [SIG Release, Scheduling and Testing]
-- The apiserver/v1alph1#EgressSelectorConfiguration API is now beta. ([#88502](https://github.com/kubernetes/kubernetes/pull/88502), [@caesarxuchao](https://github.com/caesarxuchao)) [SIG API Machinery]
-- The storage.k8s.io/CSIDriver has moved to GA, and is now available for use. ([#84814](https://github.com/kubernetes/kubernetes/pull/84814), [@huffmanca](https://github.com/huffmanca)) [SIG API Machinery, Apps, Auth, Node, Scheduling, Storage and Testing]
-- VolumePVCDataSource moves to GA in 1.18 release ([#88686](https://github.com/kubernetes/kubernetes/pull/88686), [@j-griffith](https://github.com/j-griffith)) [SIG Apps, CLI and Cluster Lifecycle]
-
-### Feature
-
-- Add `rest_client_rate_limiter_duration_seconds` metric to component-base to track client side rate limiter latency in seconds. Broken down by verb and URL. ([#88134](https://github.com/kubernetes/kubernetes/pull/88134), [@jennybuckley](https://github.com/jennybuckley)) [SIG API Machinery, Cluster Lifecycle and Instrumentation]
-- Allow user to specify resource using --filename flag when invoking kubectl exec ([#88460](https://github.com/kubernetes/kubernetes/pull/88460), [@soltysh](https://github.com/soltysh)) [SIG CLI and Testing]
-- Apiserver add a new flag --goaway-chance which is the fraction of requests that will be closed gracefully(GOAWAY) to prevent HTTP/2 clients from getting stuck on a single apiserver.
- After the connection closed(received GOAWAY), the client's other in-flight requests won't be affected, and the client will reconnect.
- The flag min value is 0 (off), max is .02 (1/50 requests); .001 (1/1000) is a recommended starting point.
- Clusters with single apiservers, or which don't use a load balancer, should NOT enable this. ([#88567](https://github.com/kubernetes/kubernetes/pull/88567), [@answer1991](https://github.com/answer1991)) [SIG API Machinery]
-- Azure: add support for single stack IPv6 ([#88448](https://github.com/kubernetes/kubernetes/pull/88448), [@aramase](https://github.com/aramase)) [SIG Cloud Provider]
-- DefaultConstraints can be specified for the PodTopologySpread plugin in the component config ([#88671](https://github.com/kubernetes/kubernetes/pull/88671), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling]
-- Kubeadm: support Windows specific kubelet flags in kubeadm-flags.env ([#88287](https://github.com/kubernetes/kubernetes/pull/88287), [@gab-satchi](https://github.com/gab-satchi)) [SIG Cluster Lifecycle and Windows]
-- Kubectl cluster-info dump changed to only display a message telling you the location where the output was written when the output is not standard output. ([#88765](https://github.com/kubernetes/kubernetes/pull/88765), [@brianpursley](https://github.com/brianpursley)) [SIG CLI]
-- Print NotReady when pod is not ready based on its conditions. ([#88240](https://github.com/kubernetes/kubernetes/pull/88240), [@soltysh](https://github.com/soltysh)) [SIG CLI]
-- Scheduler Extender API is now located under k8s.io/kube-scheduler/extender ([#88540](https://github.com/kubernetes/kubernetes/pull/88540), [@damemi](https://github.com/damemi)) [SIG Release, Scheduling and Testing]
-- Signatures on scale client methods have been modified to accept `context.Context` as a first argument. Signatures of Get, Update, and Patch methods have been updated to accept GetOptions, UpdateOptions and PatchOptions respectively. ([#88599](https://github.com/kubernetes/kubernetes/pull/88599), [@julianvmodesto](https://github.com/julianvmodesto)) [SIG API Machinery, Apps, Autoscaling and CLI]
-- Signatures on the dynamic client methods have been modified to accept `context.Context` as a first argument. Signatures of Delete and DeleteCollection methods now accept DeleteOptions by value instead of by reference. ([#88906](https://github.com/kubernetes/kubernetes/pull/88906), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Apps, CLI, Cluster Lifecycle, Storage and Testing]
-- Signatures on the metadata client methods have been modified to accept `context.Context` as a first argument. Signatures of Delete and DeleteCollection methods now accept DeleteOptions by value instead of by reference. ([#88910](https://github.com/kubernetes/kubernetes/pull/88910), [@liggitt](https://github.com/liggitt)) [SIG API Machinery, Apps and Testing]
-- Webhooks will have alpha support for network proxy ([#85870](https://github.com/kubernetes/kubernetes/pull/85870), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery, Auth and Testing]
-- When client certificate files are provided, reload files for new connections, and close connections when a certificate changes. ([#79083](https://github.com/kubernetes/kubernetes/pull/79083), [@jackkleeman](https://github.com/jackkleeman)) [SIG API Machinery, Auth, Node and Testing]
-- When deleting objects using kubectl with the --force flag, you are no longer required to also specify --grace-period=0. ([#87776](https://github.com/kubernetes/kubernetes/pull/87776), [@brianpursley](https://github.com/brianpursley)) [SIG CLI]
-- `kubectl` now contains a `kubectl alpha debug` command. This command allows attaching an ephemeral container to a running pod for the purposes of debugging. ([#88004](https://github.com/kubernetes/kubernetes/pull/88004), [@verb](https://github.com/verb)) [SIG CLI]
-
-### Documentation
-
-- Update Japanese translation for kubectl help ([#86837](https://github.com/kubernetes/kubernetes/pull/86837), [@inductor](https://github.com/inductor)) [SIG CLI and Docs]
-- `kubectl plugin` now prints a note how to install krew ([#88577](https://github.com/kubernetes/kubernetes/pull/88577), [@corneliusweig](https://github.com/corneliusweig)) [SIG CLI]
-
-### Other (Bug, Cleanup or Flake)
-
-- Azure VMSS LoadBalancerBackendAddressPools updating has been improved with squential-sync + concurrent-async requests. ([#88699](https://github.com/kubernetes/kubernetes/pull/88699), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- AzureFile and CephFS use new Mount library that prevents logging of sensitive mount options. ([#88684](https://github.com/kubernetes/kubernetes/pull/88684), [@saad-ali](https://github.com/saad-ali)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Storage]
-- Build: Enable kube-cross image-building on K8s Infra ([#88562](https://github.com/kubernetes/kubernetes/pull/88562), [@justaugustus](https://github.com/justaugustus)) [SIG Release and Testing]
-- Client-go certificate manager rotation gained the ability to preserve optional intermediate chains accompanying issued certificates ([#88744](https://github.com/kubernetes/kubernetes/pull/88744), [@jackkleeman](https://github.com/jackkleeman)) [SIG API Machinery and Auth]
-- Conformance image now depends on stretch-slim instead of debian-hyperkube-base as that image is being deprecated and removed. ([#88702](https://github.com/kubernetes/kubernetes/pull/88702), [@dims](https://github.com/dims)) [SIG Cluster Lifecycle, Release and Testing]
-- Deprecate --generator flag from kubectl create commands ([#88655](https://github.com/kubernetes/kubernetes/pull/88655), [@soltysh](https://github.com/soltysh)) [SIG CLI]
-- FIX: prevent apiserver from panicking when failing to load audit webhook config file ([#88879](https://github.com/kubernetes/kubernetes/pull/88879), [@JoshVanL](https://github.com/JoshVanL)) [SIG API Machinery and Auth]
-- Fix /readyz to return error immediately after a shutdown is initiated, before the --shutdown-delay-duration has elapsed. ([#88911](https://github.com/kubernetes/kubernetes/pull/88911), [@tkashem](https://github.com/tkashem)) [SIG API Machinery]
-- Fix a bug where kubenet fails to parse the tc output. ([#83572](https://github.com/kubernetes/kubernetes/pull/83572), [@chendotjs](https://github.com/chendotjs)) [SIG Network]
-- Fix describe ingress annotations not sorted. ([#88394](https://github.com/kubernetes/kubernetes/pull/88394), [@zhouya0](https://github.com/zhouya0)) [SIG CLI]
-- Fix handling of aws-load-balancer-security-groups annotation. Security-Groups assigned with this annotation are no longer modified by kubernetes which is the expected behaviour of most users. Also no unnecessary Security-Groups are created anymore if this annotation is used. ([#83446](https://github.com/kubernetes/kubernetes/pull/83446), [@Elias481](https://github.com/Elias481)) [SIG Cloud Provider]
-- Fix kubectl create deployment image name ([#86636](https://github.com/kubernetes/kubernetes/pull/86636), [@zhouya0](https://github.com/zhouya0)) [SIG CLI]
-- Fix missing "apiVersion" for "involvedObject" in Events for Nodes. ([#87537](https://github.com/kubernetes/kubernetes/pull/87537), [@uthark](https://github.com/uthark)) [SIG Apps and Node]
-- Fix that prevents repeated fetching of PVC/PV objects by kubelet when processing of pod volumes fails. While this prevents hammering API server in these error scenarios, it means that some errors in processing volume(s) for a pod could now take up to 2-3 minutes before retry. ([#88141](https://github.com/kubernetes/kubernetes/pull/88141), [@tedyu](https://github.com/tedyu)) [SIG Node and Storage]
-- Fix: azure file mount timeout issue ([#88610](https://github.com/kubernetes/kubernetes/pull/88610), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]
-- Fix: corrupted mount point in csi driver ([#88569](https://github.com/kubernetes/kubernetes/pull/88569), [@andyzhangx](https://github.com/andyzhangx)) [SIG Storage]
-- Fixed a bug in the TopologyManager. Previously, the TopologyManager would only guarantee alignment if container creation was serialized in some way. Alignment is now guaranteed under all scenarios of container creation. ([#87759](https://github.com/kubernetes/kubernetes/pull/87759), [@klueska](https://github.com/klueska)) [SIG Node]
-- Fixed block CSI volume cleanup after timeouts. ([#88660](https://github.com/kubernetes/kubernetes/pull/88660), [@jsafrane](https://github.com/jsafrane)) [SIG Node and Storage]
-- Fixes issue where you can't attach more than 15 GCE Persistent Disks to c2, n2, m1, m2 machine types. ([#88602](https://github.com/kubernetes/kubernetes/pull/88602), [@yuga711](https://github.com/yuga711)) [SIG Storage]
-- For volumes that allow attaches across multiple nodes, attach and detach operations across different nodes are now executed in parallel. ([#88678](https://github.com/kubernetes/kubernetes/pull/88678), [@verult](https://github.com/verult)) [SIG Apps, Node and Storage]
-- Hide kubectl.kubernetes.io/last-applied-configuration in describe command ([#88758](https://github.com/kubernetes/kubernetes/pull/88758), [@soltysh](https://github.com/soltysh)) [SIG Auth and CLI]
-- In GKE alpha clusters it will be possible to use the service annotation `cloud.google.com/network-tier: Standard` ([#88487](https://github.com/kubernetes/kubernetes/pull/88487), [@zioproto](https://github.com/zioproto)) [SIG Cloud Provider]
-- Kubelets perform fewer unnecessary pod status update operations on the API server. ([#88591](https://github.com/kubernetes/kubernetes/pull/88591), [@smarterclayton](https://github.com/smarterclayton)) [SIG Node and Scalability]
-- Plugin/PluginConfig and Policy APIs are mutually exclusive when running the scheduler ([#88864](https://github.com/kubernetes/kubernetes/pull/88864), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling]
-- Specifying PluginConfig for the same plugin more than once fails scheduler startup.
-
- Specifying extenders and configuring .ignoredResources for the NodeResourcesFit plugin fails ([#88870](https://github.com/kubernetes/kubernetes/pull/88870), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling]
-- Support TLS Server Name overrides in kubeconfig file and via --tls-server-name in kubectl ([#88769](https://github.com/kubernetes/kubernetes/pull/88769), [@deads2k](https://github.com/deads2k)) [SIG API Machinery, Auth and CLI]
-- Terminating a restartPolicy=Never pod no longer has a chance to report the pod succeeded when it actually failed. ([#88440](https://github.com/kubernetes/kubernetes/pull/88440), [@smarterclayton](https://github.com/smarterclayton)) [SIG Node and Testing]
-- The EventRecorder from k8s.io/client-go/tools/events will now create events in the default namespace (instead of kube-system) when the related object does not have it set. ([#88815](https://github.com/kubernetes/kubernetes/pull/88815), [@enj](https://github.com/enj)) [SIG API Machinery]
-- The audit event sourceIPs list will now always end with the IP that sent the request directly to the API server. ([#87167](https://github.com/kubernetes/kubernetes/pull/87167), [@tallclair](https://github.com/tallclair)) [SIG API Machinery and Auth]
-- Update to use golang 1.13.8 ([#87648](https://github.com/kubernetes/kubernetes/pull/87648), [@ialidzhikov](https://github.com/ialidzhikov)) [SIG Release and Testing]
-- Validate kube-proxy flags --ipvs-tcp-timeout, --ipvs-tcpfin-timeout, --ipvs-udp-timeout ([#88657](https://github.com/kubernetes/kubernetes/pull/88657), [@chendotjs](https://github.com/chendotjs)) [SIG Network]
-
-
-# v1.18.0-beta.1
-
-[Documentation](https://docs.k8s.io)
-
-## Downloads for v1.18.0-beta.1
-
-filename | sha512 hash
--------- | -----------
-[kubernetes.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes.tar.gz) | `7c182ca905b3a31871c01ab5fdaf46f074547536c7975e069ff230af0d402dfc0346958b1d084bd2c108582ffc407484e6a15a1cd93e9affbe34b6e99409ef1f`
-[kubernetes-src.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-src.tar.gz) | `d104b8c792b1517bd730787678c71c8ee3b259de81449192a49a1c6e37a6576d28f69b05c2019cc4a4c40ddeb4d60b80138323df3f85db8682caabf28e67c2de`
-
-### Client Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-client-darwin-386.tar.gz) | `bc337bb8f200a789be4b97ce99b9d7be78d35ebd64746307c28339dc4628f56d9903e0818c0888aaa9364357a528d1ac6fd34f74377000f292ec502fbea3837e`
-[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-client-darwin-amd64.tar.gz) | `38dfa5e0b0cfff39942c913a6bcb2ad8868ec43457d35cffba08217bb6e7531720e0731f8588505f4c81193ce5ec0e5fe6870031cf1403fbbde193acf7e53540`
-[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-client-linux-386.tar.gz) | `8e63ec7ce29c69241120c037372c6c779e3f16253eabd612c7cbe6aa89326f5160eb5798004d723c5cd72d458811e98dac3574842eb6a57b2798ecd2bbe5bcf9`
-[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-client-linux-amd64.tar.gz) | `c1be9f184a7c3f896a785c41cd6ece9d90d8cb9b1f6088bdfb5557d8856c55e455f6688f5f54c2114396d5ae7adc0361e34ebf8e9c498d0187bd785646ccc1d0`
-[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-client-linux-arm.tar.gz) | `8eab02453cfd9e847632a774a0e0cf3a33c7619fb4ced7f1840e1f71444e8719b1c8e8cbfdd1f20bb909f3abe39cdcac74f14cb9c878c656d35871b7c37c7cbe`
-[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-client-linux-arm64.tar.gz) | `f7df0ec02d2e7e63278d5386e8153cfe2b691b864f17b6452cc824a5f328d688976c975b076e60f1c6b3c859e93e477134fbccc53bb49d9e846fb038b34eee48`
-[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-client-linux-ppc64le.tar.gz) | `36dd5b10addca678a518e6d052c9d6edf473e3f87388a2f03f714c93c5fbfe99ace16cf3b382a531be20a8fe6f4160f8d891800dd2cff5f23c9ca12c2f4a151b`
-[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-client-linux-s390x.tar.gz) | `5bdbb44b996ab4ccf3a383780270f5cfdbf174982c300723c8bddf0a48ae5e459476031c1d51b9d30ffd621d0a126c18a5de132ef1d92fca2f3e477665ea10cc`
-[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-client-windows-386.tar.gz) | `5dea3d4c4e91ef889850143b361974250e99a3c526f5efee23ff9ccdcd2ceca4a2247e7c4f236bdfa77d2150157da5d676ac9c3ba26cf3a2f1e06d8827556f77`
-[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-client-windows-amd64.tar.gz) | `db298e698391368703e6aea7f4345aec5a4b8c69f9d8ff6c99fb5804a6cea16d295fb01e70fe943ade3d4ce9200a081ad40da21bd331317ec9213f69b4d6c48f`
-
-### Server Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-server-linux-amd64.tar.gz) | `c6284929dd5940e750b48db72ffbc09f73c5ec31ab3db283babb8e4e07cd8cbb27642f592009caae4717981c0db82c16312849ef4cbafe76acc4264c7d5864ac`
-[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-server-linux-arm.tar.gz) | `6fc9552cf082c54cc0833b19876117c87ba7feb5a12c7e57f71b52208daf03eaef3ca56bd22b7bce2d6e81b5a23537cf6f5497a6eaa356c0aab1d3de26c309f9`
-[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-server-linux-arm64.tar.gz) | `b794b9c399e548949b5bfb2fe71123e86c2034847b2c99aca34b6de718a35355bbecdae9dc2a81c49e3c82fb4b5862526a3f63c2862b438895e12c5ea884f22e`
-[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-server-linux-ppc64le.tar.gz) | `fddaed7a54f97046a91c29534645811c6346e973e22950b2607b8c119c2377e9ec2d32144f81626078cdaeca673129cc4016c1a3dbd3d43674aa777089fb56ac`
-[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-server-linux-s390x.tar.gz) | `65951a534bb55069c7419f41cbcdfe2fae31541d8a3f9eca11fc2489addf281c5ad2d13719212657da0be5b898f22b57ac39446d99072872fbacb0a7d59a4f74`
-
-### Node Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-node-linux-amd64.tar.gz) | `992059efb5cae7ed0ef55820368d854bad1c6d13a70366162cd3b5111ce24c371c7c87ded2012f055e08b2ff1b4ef506e1f4e065daa3ac474fef50b5efa4fb07`
-[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-node-linux-arm.tar.gz) | `c63ae0f8add5821ad267774314b8c8c1ffe3b785872bf278e721fd5dfdad1a5db1d4db3720bea0a36bf10d9c6dd93e247560162c0eac6e1b743246f587d3b27a`
-[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-node-linux-arm64.tar.gz) | `47adb9ddf6eaf8f475b89f59ee16fbd5df183149a11ad1574eaa645b47a6d58aec2ca70ba857ce9f1a5793d44cf7a61ebc6874793bb685edaf19410f4f76fd13`
-[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-node-linux-ppc64le.tar.gz) | `a3bc4a165567c7b76a3e45ab7b102d6eb3ecf373eb048173f921a4964cf9be8891d0d5b8dafbd88c3af7b0e21ef3d41c1e540c3347ddd84b929b3a3d02ceb7b2`
-[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-node-linux-s390x.tar.gz) | `109ddf37c748f69584c829db57107c3518defe005c11fcd2a1471845c15aae0a3c89aafdd734229f4069ed18856cc650c80436684e1bdc43cfee3149b0324746`
-[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0-beta.1/kubernetes-node-windows-amd64.tar.gz) | `a3a75d2696ad3136476ad7d811e8eabaff5111b90e592695e651d6111f819ebf0165b8b7f5adc05afb5f7f01d1e5fb64876cb696e492feb20a477a5800382b7a`
-
-## Changelog since v1.18.0-beta.0
-
-## Urgent Upgrade Notes
-
-### (No, really, you MUST read this before you upgrade)
-
-- The StreamingProxyRedirects feature and `--redirect-container-streaming` flag are deprecated, and will be removed in a future release. The default behavior (proxy streaming requests through the kubelet) will be the only supported option.
- If you are setting `--redirect-container-streaming=true`, then you must migrate off this configuration. The flag will no longer be able to be enabled starting in v1.20. If you are not setting the flag, no action is necessary. ([#88290](https://github.com/kubernetes/kubernetes/pull/88290), [@tallclair](https://github.com/tallclair)) [SIG API Machinery and Node]
-
-- Yes.
-
- Feature Name: Support using network resources (VNet, LB, IP, etc.) in different AAD Tenant and Subscription than those for the cluster.
-
- Changes in Pull Request:
-
- 1. Add properties `networkResourceTenantID` and `networkResourceSubscriptionID` in cloud provider auth config section, which indicates the location of network resources.
- 2. Add function `GetMultiTenantServicePrincipalToken` to fetch multi-tenant service principal token, which will be used by Azure VM/VMSS Clients in this feature.
- 3. Add function `GetNetworkResourceServicePrincipalToken` to fetch network resource service principal token, which will be used by Azure Network Resource (Load Balancer, Public IP, Route Table, Network Security Group and their sub level resources) Clients in this feature.
- 4. Related unit tests.
-
- None.
-
- User Documentation: In PR https://github.com/kubernetes-sigs/cloud-provider-azure/pull/301 ([#88384](https://github.com/kubernetes/kubernetes/pull/88384), [@bowen5](https://github.com/bowen5)) [SIG Cloud Provider]
-
-## Changes by Kind
-
-### Deprecation
-
-- Azure service annotation service.beta.kubernetes.io/azure-load-balancer-disable-tcp-reset has been deprecated. Its support would be removed in a future release. ([#88462](https://github.com/kubernetes/kubernetes/pull/88462), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-
-### API Change
-
-- API additions to apiserver types ([#87179](https://github.com/kubernetes/kubernetes/pull/87179), [@Jefftree](https://github.com/Jefftree)) [SIG API Machinery, Cloud Provider and Cluster Lifecycle]
-- Add Scheduling Profiles to kubescheduler.config.k8s.io/v1alpha2 ([#88087](https://github.com/kubernetes/kubernetes/pull/88087), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling and Testing]
-- Added support for multiple sizes huge pages on a container level ([#84051](https://github.com/kubernetes/kubernetes/pull/84051), [@bart0sh](https://github.com/bart0sh)) [SIG Apps, Node and Storage]
-- AppProtocol is a new field on Service and Endpoints resources, enabled with the ServiceAppProtocol feature gate. ([#88503](https://github.com/kubernetes/kubernetes/pull/88503), [@robscott](https://github.com/robscott)) [SIG Apps and Network]
-- Fixed missing validation of uniqueness of list items in lists with `x-kubernetes-list-type: map` or x-kubernetes-list-type: set` in CustomResources. ([#84920](https://github.com/kubernetes/kubernetes/pull/84920), [@sttts](https://github.com/sttts)) [SIG API Machinery]
-- Introduces optional --detect-local flag to kube-proxy.
- Currently the only supported value is "cluster-cidr",
- which is the default if not specified. ([#87748](https://github.com/kubernetes/kubernetes/pull/87748), [@satyasm](https://github.com/satyasm)) [SIG Cluster Lifecycle, Network and Scheduling]
-- Kube-scheduler can run more than one scheduling profile. Given a pod, the profile is selected by using its `.spec.SchedulerName`. ([#88285](https://github.com/kubernetes/kubernetes/pull/88285), [@alculquicondor](https://github.com/alculquicondor)) [SIG Apps, Scheduling and Testing]
-- Moving Windows RunAsUserName feature to GA ([#87790](https://github.com/kubernetes/kubernetes/pull/87790), [@marosset](https://github.com/marosset)) [SIG Apps and Windows]
-
-### Feature
-
-- Add --dry-run to kubectl delete, taint, replace ([#88292](https://github.com/kubernetes/kubernetes/pull/88292), [@julianvmodesto](https://github.com/julianvmodesto)) [SIG CLI and Testing]
-- Add huge page stats to Allocated resources in "kubectl describe node" ([#80605](https://github.com/kubernetes/kubernetes/pull/80605), [@odinuge](https://github.com/odinuge)) [SIG CLI]
-- Kubeadm: The ClusterStatus struct present in the kubeadm-config ConfigMap is deprecated and will be removed on a future version. It is going to be maintained by kubeadm until it gets removed. The same information can be found on `etcd` and `kube-apiserver` pod annotations, `kubeadm.kubernetes.io/etcd.advertise-client-urls` and `kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint` respectively. ([#87656](https://github.com/kubernetes/kubernetes/pull/87656), [@ereslibre](https://github.com/ereslibre)) [SIG Cluster Lifecycle]
-- Kubeadm: add the experimental feature gate PublicKeysECDSA that can be used to create a
- cluster with ECDSA certificates from "kubeadm init". Renewal of existing ECDSA certificates is
- also supported using "kubeadm alpha certs renew", but not switching between the RSA and
- ECDSA algorithms on the fly or during upgrades. ([#86953](https://github.com/kubernetes/kubernetes/pull/86953), [@rojkov](https://github.com/rojkov)) [SIG API Machinery, Auth and Cluster Lifecycle]
-- Kubeadm: on kubeconfig certificate renewal, keep the embedded CA in sync with the one on disk ([#88052](https://github.com/kubernetes/kubernetes/pull/88052), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
-- Kubeadm: upgrade supports fallback to the nearest known etcd version if an unknown k8s version is passed ([#88373](https://github.com/kubernetes/kubernetes/pull/88373), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
-- New flag `--show-hidden-metrics-for-version` in kube-scheduler can be used to show all hidden metrics that deprecated in the previous minor release. ([#84913](https://github.com/kubernetes/kubernetes/pull/84913), [@serathius](https://github.com/serathius)) [SIG Instrumentation and Scheduling]
-- Scheduler framework permit plugins now run at the end of the scheduling cycle, after reserve plugins. Waiting on permit will remain in the beginning of the binding cycle. ([#88199](https://github.com/kubernetes/kubernetes/pull/88199), [@mateuszlitwin](https://github.com/mateuszlitwin)) [SIG Scheduling]
-- The kubelet and the default docker runtime now support running ephemeral containers in the Linux process namespace of a target container. Other container runtimes must implement this feature before it will be available in that runtime. ([#84731](https://github.com/kubernetes/kubernetes/pull/84731), [@verb](https://github.com/verb)) [SIG Node]
-
-### Other (Bug, Cleanup or Flake)
-
-- Add delays between goroutines for vm instance update ([#88094](https://github.com/kubernetes/kubernetes/pull/88094), [@aramase](https://github.com/aramase)) [SIG Cloud Provider]
-- Add init containers log to cluster dump info. ([#88324](https://github.com/kubernetes/kubernetes/pull/88324), [@zhouya0](https://github.com/zhouya0)) [SIG CLI]
-- CPU limits are now respected for Windows containers. If a node is over-provisioned, no weighting is used - only limits are respected. ([#86101](https://github.com/kubernetes/kubernetes/pull/86101), [@PatrickLang](https://github.com/PatrickLang)) [SIG Node, Testing and Windows]
-- Cloud provider config CloudProviderBackoffMode has been removed since it won't be used anymore. ([#88463](https://github.com/kubernetes/kubernetes/pull/88463), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Evictions due to pods breaching their ephemeral storage limits are now recorded by the `kubelet_evictions` metric and can be alerted on. ([#87906](https://github.com/kubernetes/kubernetes/pull/87906), [@smarterclayton](https://github.com/smarterclayton)) [SIG Node]
-- Fix: add remediation in azure disk attach/detach ([#88444](https://github.com/kubernetes/kubernetes/pull/88444), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider]
-- Fix: check disk status before disk azure disk ([#88360](https://github.com/kubernetes/kubernetes/pull/88360), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider]
-- Fixed cleaning of CSI raw block volumes. ([#87978](https://github.com/kubernetes/kubernetes/pull/87978), [@jsafrane](https://github.com/jsafrane)) [SIG Storage]
-- Get-kube.sh uses the gcloud's current local GCP service account for auth when the provider is GCE or GKE instead of the metadata server default ([#88383](https://github.com/kubernetes/kubernetes/pull/88383), [@BenTheElder](https://github.com/BenTheElder)) [SIG Cluster Lifecycle]
-- Golang/x/net has been updated to bring in fixes for CVE-2020-9283 ([#88381](https://github.com/kubernetes/kubernetes/pull/88381), [@BenTheElder](https://github.com/BenTheElder)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle and Instrumentation]
-- Kubeadm now includes CoreDNS version 1.6.7 ([#86260](https://github.com/kubernetes/kubernetes/pull/86260), [@rajansandeep](https://github.com/rajansandeep)) [SIG Cluster Lifecycle]
-- Kubeadm: fix the bug that 'kubeadm upgrade' hangs in single node cluster ([#88434](https://github.com/kubernetes/kubernetes/pull/88434), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
-- Optimize kubectl version help info ([#88313](https://github.com/kubernetes/kubernetes/pull/88313), [@zhouya0](https://github.com/zhouya0)) [SIG CLI]
-- Removes the deprecated command `kubectl rolling-update` ([#88057](https://github.com/kubernetes/kubernetes/pull/88057), [@julianvmodesto](https://github.com/julianvmodesto)) [SIG Architecture, CLI and Testing]
-
-
-# v1.18.0-alpha.5
-
-[Documentation](https://docs.k8s.io)
-
-## Downloads for v1.18.0-alpha.5
-
-filename | sha512 hash
--------- | -----------
-[kubernetes.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes.tar.gz) | `6452cac2b80721e9f577cb117c29b9ac6858812b4275c2becbf74312566f7d016e8b34019bd1bf7615131b191613bf9b973e40ad9ac8f6de9007d41ef2d7fd70`
-[kubernetes-src.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-src.tar.gz) | `e41d9d4dd6910a42990051fcdca4bf5d3999df46375abd27ffc56aae9b455ae984872302d590da6aa85bba6079334fb5fe511596b415ee79843dee1c61c137da`
-
-### Client Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-client-darwin-386.tar.gz) | `5c95935863492b31d4aaa6be93260088dafea27663eb91edca980ca3a8485310e60441bc9050d4d577e9c3f7ffd96db516db8d64321124cec1b712e957c9fe1c`
-[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-client-darwin-amd64.tar.gz) | `868faa578b3738604d8be62fae599ccc556799f1ce54807f1fe72599f20f8a1f98ad8152fac14a08a463322530b696d375253ba3653325e74b587df6e0510da3`
-[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-client-linux-386.tar.gz) | `76a89d1d30b476b47f8fb808e342f89608e5c1c1787c4c06f2d7e763f9482e2ae8b31e6ad26541972e2b9a3a7c28327e3150cdd355e8b8d8b050a801bbf08d49`
-[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-client-linux-amd64.tar.gz) | `07ad96a09b44d1c707d7c68312c5d69b101a3424bf1e6e9400b2e7a3fba78df04302985d473ddd640d8f3f0257be34110dbe1304b9565dd9d7a4639b7b7b85fd`
-[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-client-linux-arm.tar.gz) | `c04fed9fa370a75c1b8e18b2be0821943bb9befcc784d14762ea3278e73600332a9b324d5eeaa1801d20ad6be07a553c41dcf4fa7ab3eadd0730ab043d687c8c`
-[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-client-linux-arm64.tar.gz) | `4199147dea9954333df26d34248a1cb7b02ebbd6380ffcd42d9f9ed5fdabae45a59215474dab3c11436c82e60bd27cbd03b3dde288bf611cd3e78b87c783c6a9`
-[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-client-linux-ppc64le.tar.gz) | `4f6d4d61d1c52d3253ca19031ebcd4bad06d19b68bbaaab5c8e8c590774faea4a5ceab1f05f2706b61780927e1467815b3479342c84d45df965aba78414727c4`
-[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-client-linux-s390x.tar.gz) | `e2a454151ae5dd891230fb516a3f73f73ab97832db66fd3d12e7f1657a569f58a9fe2654d50ddd7d8ec88a5ff5094199323a4c6d7d44dcf7edb06cca11dd4de1`
-[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-client-windows-386.tar.gz) | `14b262ba3b71c41f545db2a017cf1746075ada5745a858d2a62bc9df7c5dc10607220375db85e2c4cb85307b09709e58bc66a407488e0961191e3249dc7742b0`
-[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-client-windows-amd64.tar.gz) | `26353c294755a917216664364b524982b7f5fc6aa832ce90134bb178df8a78604963c68873f121ea5f2626ff615bdbf2ffe54e00578739cde6df42ffae034732`
-
-### Server Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-server-linux-amd64.tar.gz) | `ba77e0e7c610f59647c1b2601f82752964a0f54b7ad609a89b00fcfd553d0f0249f6662becbabaa755bb769b36a2000779f08022c40fb8cc61440337481317a1`
-[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-server-linux-arm.tar.gz) | `45e87b3e844ea26958b0b489e8c9b90900a3253000850f5ff9e87ffdcafba72ab8fd17b5ba092051a58a4bc277912c047a85940ec7f093dff6f9e8bf6fed3b42`
-[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-server-linux-arm64.tar.gz) | `155e136e3124ead69c594eead3398d6cfdbb8f823c324880e8a7bbd1b570b05d13a77a69abd0a6758cfcc7923971cc6da4d3e0c1680fd519b632803ece00d5ce`
-[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-server-linux-ppc64le.tar.gz) | `3fa0fb8221da19ad9d03278961172b7fa29a618b30abfa55e7243bb937dede8df56658acf02e6b61e7274fbc9395e237f49c62f2a83017eca2a69f67af31c01c`
-[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-server-linux-s390x.tar.gz) | `db3199c3d7ba0b326d71dc8b80f50b195e79e662f71386a3b2976d47d13d7b0136887cc21df6f53e70a3d733da6eac7bbbf3bab2df8a1909a3cee4b44c32dd0b`
-
-### Node Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-node-linux-amd64.tar.gz) | `addcdfbad7f12647e6babb8eadf853a374605c8f18bf63f416fa4d3bf1b903aa206679d840433206423a984bb925e7983366edcdf777cf5daef6ef88e53d6dfa`
-[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-node-linux-arm.tar.gz) | `b2ac54e0396e153523d116a2aaa32c919d6243931e0104cd47a23f546d710e7abdaa9eae92d978ce63c92041e63a9b56f5dd8fd06c812a7018a10ecac440f768`
-[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-node-linux-arm64.tar.gz) | `7aab36f2735cba805e4fd109831a1af0f586a88db3f07581b6dc2a2aab90076b22c96b490b4f6461a8fb690bf78948b6d514274f0d6fb0664081de2d44dc48e1`
-[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-node-linux-ppc64le.tar.gz) | `a579936f07ebf86f69f297ac50ba4c34caf2c0b903f73190eb581c78382b05ef36d41ade5bfd25d7b1b658cfcbee3d7125702a18e7480f9b09a62733a512a18a`
-[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-node-linux-s390x.tar.gz) | `58fa0359ddd48835192fab1136a2b9b45d1927b04411502c269cda07cb8a8106536973fb4c7fedf1d41893a524c9fe2e21078fdf27bfbeed778273d024f14449`
-[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.5/kubernetes-node-windows-amd64.tar.gz) | `9086c03cd92b440686cea6d8c4e48045cc46a43ab92ae0e70350b3f51804b9e2aaae7178142306768bae00d9ef6dd938167972bfa90b12223540093f735a45db`
-
-## Changelog since v1.18.0-alpha.3
-
-### Deprecation
-
-- Kubeadm: command line option "kubelet-version" for `kubeadm upgrade node` has been deprecated and will be removed in a future release. ([#87942](https://github.com/kubernetes/kubernetes/pull/87942), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
-
-### API Change
-
-- Kubelet podresources API now provides the information about active pods only. ([#79409](https://github.com/kubernetes/kubernetes/pull/79409), [@takmatsu](https://github.com/takmatsu)) [SIG Node]
-- Remove deprecated fields from .leaderElection in kubescheduler.config.k8s.io/v1alpha2 ([#87904](https://github.com/kubernetes/kubernetes/pull/87904), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling]
-- Signatures on generated clientset methods have been modified to accept `context.Context` as a first argument. Signatures of generated Create, Update, and Patch methods have been updated to accept CreateOptions, UpdateOptions and PatchOptions respectively. Clientsets that with the previous interface have been added in new "deprecated" packages to allow incremental migration to the new APIs. The deprecated packages will be removed in the 1.21 release. ([#87299](https://github.com/kubernetes/kubernetes/pull/87299), [@mikedanese](https://github.com/mikedanese)) [SIG API Machinery, Apps, Auth, Autoscaling, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation, Network, Node, Scheduling, Storage, Testing and Windows]
-- The k8s.io/node-api component is no longer updated. Instead, use the RuntimeClass types located within k8s.io/api, and the generated clients located within k8s.io/client-go ([#87503](https://github.com/kubernetes/kubernetes/pull/87503), [@liggitt](https://github.com/liggitt)) [SIG Node and Release]
-
-### Feature
-
-- Add indexer for storage cacher ([#85445](https://github.com/kubernetes/kubernetes/pull/85445), [@shaloulcy](https://github.com/shaloulcy)) [SIG API Machinery]
-- Add support for mount options to the FC volume plugin ([#87499](https://github.com/kubernetes/kubernetes/pull/87499), [@ejweber](https://github.com/ejweber)) [SIG Storage]
-- Added a config-mode flag in azure auth module to enable getting AAD token without spn: prefix in audience claim. When it's not specified, the default behavior doesn't change. ([#87630](https://github.com/kubernetes/kubernetes/pull/87630), [@weinong](https://github.com/weinong)) [SIG API Machinery, Auth, CLI and Cloud Provider]
-- Introduced BackoffManager interface for backoff management ([#87829](https://github.com/kubernetes/kubernetes/pull/87829), [@zhan849](https://github.com/zhan849)) [SIG API Machinery]
-- PodTopologySpread plugin now excludes terminatingPods when making scheduling decisions. ([#87845](https://github.com/kubernetes/kubernetes/pull/87845), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling]
-- Promote CSIMigrationOpenStack to Beta (off by default since it requires installation of the OpenStack Cinder CSI Driver)
- The in-tree AWS OpenStack Cinder "kubernetes.io/cinder" was already deprecated a while ago and will be removed in 1.20. Users should enable CSIMigration + CSIMigrationOpenStack features and install the OpenStack Cinder CSI Driver (https://github.com/kubernetes-sigs/cloud-provider-openstack) to avoid disruption to existing Pod and PVC objects at that time.
- Users should start using the OpenStack Cinder CSI Driver directly for any new volumes. ([#85637](https://github.com/kubernetes/kubernetes/pull/85637), [@dims](https://github.com/dims)) [SIG Cloud Provider]
-
-### Design
-
-- The scheduler Permit extension point doesn't return a boolean value in its Allow() and Reject() functions. ([#87936](https://github.com/kubernetes/kubernetes/pull/87936), [@Huang-Wei](https://github.com/Huang-Wei)) [SIG Scheduling]
-
-### Other (Bug, Cleanup or Flake)
-
-- Adds "volume.beta.kubernetes.io/migrated-to" annotation to PV's and PVC's when they are migrated to signal external provisioners to pick up those objects for Provisioning and Deleting. ([#87098](https://github.com/kubernetes/kubernetes/pull/87098), [@davidz627](https://github.com/davidz627)) [SIG Apps and Storage]
-- Fix a bug in the dual-stack IPVS proxier where stale IPv6 endpoints were not being cleaned up ([#87695](https://github.com/kubernetes/kubernetes/pull/87695), [@andrewsykim](https://github.com/andrewsykim)) [SIG Network]
-- Fix kubectl drain ignore daemonsets and others. ([#87361](https://github.com/kubernetes/kubernetes/pull/87361), [@zhouya0](https://github.com/zhouya0)) [SIG CLI]
-- Fix: add azure disk migration support for CSINode ([#88014](https://github.com/kubernetes/kubernetes/pull/88014), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider and Storage]
-- Fix: add non-retriable errors in azure clients ([#87941](https://github.com/kubernetes/kubernetes/pull/87941), [@andyzhangx](https://github.com/andyzhangx)) [SIG Cloud Provider]
-- Fixed NetworkPolicy validation that Except values are accepted when they are outside the CIDR range. ([#86578](https://github.com/kubernetes/kubernetes/pull/86578), [@tnqn](https://github.com/tnqn)) [SIG Network]
-- Improves performance of the node authorizer ([#87696](https://github.com/kubernetes/kubernetes/pull/87696), [@liggitt](https://github.com/liggitt)) [SIG Auth]
-- Iptables/userspace proxy: improve performance by getting local addresses only once per sync loop, instead of for every external IP ([#85617](https://github.com/kubernetes/kubernetes/pull/85617), [@andrewsykim](https://github.com/andrewsykim)) [SIG API Machinery, CLI, Cloud Provider, Cluster Lifecycle, Instrumentation and Network]
-- Kube-aggregator: always sets unavailableGauge metric to reflect the current state of a service. ([#87778](https://github.com/kubernetes/kubernetes/pull/87778), [@p0lyn0mial](https://github.com/p0lyn0mial)) [SIG API Machinery]
-- Kubeadm allows to configure single-stack clusters if dual-stack is enabled ([#87453](https://github.com/kubernetes/kubernetes/pull/87453), [@aojea](https://github.com/aojea)) [SIG API Machinery, Cluster Lifecycle and Network]
-- Kubeadm: 'kubeadm alpha kubelet config download' has been removed, please use 'kubeadm upgrade node phase kubelet-config' instead ([#87944](https://github.com/kubernetes/kubernetes/pull/87944), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
-- Kubeadm: remove 'kubeadm upgrade node config' command since it was deprecated in v1.15, please use 'kubeadm upgrade node phase kubelet-config' instead ([#87975](https://github.com/kubernetes/kubernetes/pull/87975), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
-- Kubectl describe and kubectl top pod will return a message saying "No resources found" or "No resources found in namespace" if there are no results to display. ([#87527](https://github.com/kubernetes/kubernetes/pull/87527), [@brianpursley](https://github.com/brianpursley)) [SIG CLI]
-- Kubelet metrics gathered through metrics-server or prometheus should no longer timeout for Windows nodes running more than 3 pods. ([#87730](https://github.com/kubernetes/kubernetes/pull/87730), [@marosset](https://github.com/marosset)) [SIG Node, Testing and Windows]
-- Kubelet metrics have been changed to buckets.
- For example the exec/{podNamespace}/{podID}/{containerName} is now just exec. ([#87913](https://github.com/kubernetes/kubernetes/pull/87913), [@cheftako](https://github.com/cheftako)) [SIG Node]
-- Limit number of instances in a single update to GCE target pool to 1000. ([#87881](https://github.com/kubernetes/kubernetes/pull/87881), [@wojtek-t](https://github.com/wojtek-t)) [SIG Cloud Provider, Network and Scalability]
-- Make Azure clients only retry on specified HTTP status codes ([#88017](https://github.com/kubernetes/kubernetes/pull/88017), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Pause image contains "Architecture" in non-amd64 images ([#87954](https://github.com/kubernetes/kubernetes/pull/87954), [@BenTheElder](https://github.com/BenTheElder)) [SIG Release]
-- Pods that are considered for preemption and haven't started don't produce an error log. ([#87900](https://github.com/kubernetes/kubernetes/pull/87900), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling]
-- Prevent error message from being displayed when running kubectl plugin list and your path includes an empty string ([#87633](https://github.com/kubernetes/kubernetes/pull/87633), [@brianpursley](https://github.com/brianpursley)) [SIG CLI]
-- `kubectl create clusterrolebinding` creates rbac.authorization.k8s.io/v1 object ([#85889](https://github.com/kubernetes/kubernetes/pull/85889), [@oke-py](https://github.com/oke-py)) [SIG CLI]
-
-# v1.18.0-alpha.4
-
-[Documentation](https://docs.k8s.io)
-
-## Important note about manual tag
-
-Due to a [tagging bug in our Release Engineering tooling](https://github.com/kubernetes/release/issues/1080) during `v1.18.0-alpha.3`, we needed to push a manual tag (`v1.18.0-alpha.4`).
-
-**No binaries have been produced or will be provided for `v1.18.0-alpha.4`.**
-
-The changelog for `v1.18.0-alpha.4` is included as part of the [changelog since v1.18.0-alpha.3][#changelog-since-v1180-alpha3] section.
-
-# v1.18.0-alpha.3
-
-[Documentation](https://docs.k8s.io)
-
-## Downloads for v1.18.0-alpha.3
-
-filename | sha512 hash
--------- | -----------
-[kubernetes.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes.tar.gz) | `60bf3bfc23b428f53fd853bac18a4a905b980fcc0bacd35ccd6357a89cfc26e47de60975ea6b712e65980e6b9df82a22331152d9f08ed4dba44558ba23a422d4`
-[kubernetes-src.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-src.tar.gz) | `8adf1016565a7c93713ab6fa4293c2d13b4f6e4e1ec4dcba60bd71e218b4dbe9ef5eb7dbb469006743f498fc7ddeb21865cd12bec041af60b1c0edce8b7aecd5`
-
-### Client Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-client-darwin-386.tar.gz) | `abb32e894e8280c772e96227b574da81cd1eac374b8d29158b7f222ed550087c65482eef4a9817dfb5f2baf0d9b85fcdfa8feced0fbc1aacced7296853b57e1f`
-[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-client-darwin-amd64.tar.gz) | `5e4b1a993264e256ec1656305de7c306094cae9781af8f1382df4ce4eed48ce030827fde1a5e757d4ad57233d52075c9e4e93a69efbdc1102e4ba810705ccddc`
-[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-client-linux-386.tar.gz) | `68da39c2ae101d2b38f6137ceda07eb0c2124794982a62ef483245dbffb0611c1441ca085fa3127e7a9977f45646788832a783544ff06954114548ea0e526e46`
-[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-client-linux-amd64.tar.gz) | `dc236ffa8ad426620e50181419e9bebe3c161e953dbfb8a019f61b11286e1eb950b40d7cc03423bdf3e6974973bcded51300f98b55570c29732fa492dcde761d`
-[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-client-linux-arm.tar.gz) | `ab0a8bd6dc31ea160b731593cdc490b3cc03668b1141cf95310bd7060dcaf55c7ee9842e0acae81063fdacb043c3552ccdd12a94afd71d5310b3ce056fdaa06c`
-[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-client-linux-arm64.tar.gz) | `159ea083c601710d0d6aea423eeb346c99ffaf2abd137d35a53e87a07f5caf12fca8790925f3196f67b768fa92a024f83b50325dbca9ccd4dde6c59acdce3509`
-[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-client-linux-ppc64le.tar.gz) | `16b0459adfa26575d13be49ab53ac7f0ffd05e184e4e13d2dfbfe725d46bb8ac891e1fd8aebe36ecd419781d4cc5cf3bd2aaaf5263cf283724618c4012408f40`
-[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-client-linux-s390x.tar.gz) | `d5aa1f5d89168995d2797eb839a04ce32560f405b38c1c0baaa0e313e4771ae7bb3b28e22433ad5897d36aadf95f73eb69d8d411d31c4115b6b0adf5fe041f85`
-[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-client-windows-386.tar.gz) | `374e16a1e52009be88c94786f80174d82dff66399bf294c9bee18a2159c42251c5debef1109a92570799148b08024960c6c50b8299a93fd66ebef94f198f34e9`
-[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-client-windows-amd64.tar.gz) | `5a94c1068c19271f810b994adad8e62fae03b3d4473c7c9e6d056995ff7757ea61dd8d140c9267dd41e48808876673ce117826d35a3c1bb5652752f11a044d57`
-
-### Server Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-server-linux-amd64.tar.gz) | `a677bec81f0eba75114b92ff955bac74512b47e53959d56a685dae5edd527283d91485b1e86ad74ef389c5405863badf7eb22e2f0c9a568a4d0cb495c6a5c32f`
-[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-server-linux-arm.tar.gz) | `2fb696f86ff13ebeb5f3cf2b254bf41303644c5ea84a292782eac6123550702655284d957676d382698c091358e5c7fe73f32803699c19be7138d6530fe413b6`
-[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-server-linux-arm64.tar.gz) | `738e95da9cfb8f1309479078098de1c38cef5e1dd5ee1129b77651a936a412b7cd0cf15e652afc7421219646a98846ab31694970432e48dea9c9cafa03aa59cf`
-[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-server-linux-ppc64le.tar.gz) | `7a85bfcbb2aa636df60c41879e96e788742ecd72040cb0db2a93418439c125218c58a4cfa96d01b0296c295793e94c544e87c2d98d50b49bc4cb06b41f874376`
-[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-server-linux-s390x.tar.gz) | `1f1cdb2efa3e7cac857203d8845df2fdaa5cf1f20df764efffff29371945ec58f6deeba06f8fbf70b96faf81b0c955bf4cb84e30f9516cb2cc1ed27c2d2185a6`
-
-### Node Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-node-linux-amd64.tar.gz) | `4ccfced3f5ba4adfa58f4a9d1b2c5bdb3e89f9203ab0e27d11eb1c325ac323ebe63c015d2c9d070b233f5d1da76cab5349da3528511c1cd243e66edc9af381c4`
-[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-node-linux-arm.tar.gz) | `d695a69d18449062e4c129e54ec8384c573955f8108f4b78adc2ec929719f2196b995469c728dd6656c63c44cda24315543939f85131ebc773cfe0de689df55b`
-[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-node-linux-arm64.tar.gz) | `21df1da88c89000abc22f97e482c3aaa5ce53ec9628d83dda2e04a1d86c4d53be46c03ed6f1f211df3ee5071bce39d944ff7716b5b6ada3b9c4821d368b0a898`
-[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-node-linux-ppc64le.tar.gz) | `ff77e3aacb6ed9d89baed92ef542c8b5cec83151b6421948583cf608bca3b779dce41fc6852961e00225d5e1502f6a634bfa61a36efa90e1aee90dedb787c2d2`
-[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-node-linux-s390x.tar.gz) | `57d75b7977ec1a0f6e7ed96a304dbb3b8664910f42ca19aab319a9ec33535ff5901dfca4abcb33bf5741cde6d152acd89a5f8178f0efe1dc24430e0c1af5b98f`
-[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.3/kubernetes-node-windows-amd64.tar.gz) | `63fdbb71773cfd73a914c498e69bb9eea3fc314366c99ffb8bd42ec5b4dae807682c83c1eb5cfb1e2feb4d11d9e49cc85ba644e954241320a835798be7653d61`
-
-## Changelog since v1.18.0-alpha.2
-
-### Deprecation
-
-- Remove all the generators from kubectl run. It will now only create pods. Additionally, deprecates all the flags that are not relevant anymore. ([#87077](https://github.com/kubernetes/kubernetes/pull/87077), [@soltysh](https://github.com/soltysh)) [SIG Architecture, SIG CLI, and SIG Testing]
-- kubeadm: kube-dns is deprecated and will not be supported in a future version ([#86574](https://github.com/kubernetes/kubernetes/pull/86574), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]
-
-### API Change
-
-- Add kubescheduler.config.k8s.io/v1alpha2 ([#87628](https://github.com/kubernetes/kubernetes/pull/87628), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling]
-- --enable-cadvisor-endpoints is now disabled by default. If you need access to the cAdvisor v1 Json API please enable it explicitly in the kubelet command line. Please note that this flag was deprecated in 1.15 and will be removed in 1.19. ([#87440](https://github.com/kubernetes/kubernetes/pull/87440), [@dims](https://github.com/dims)) [SIG Instrumentation, SIG Node, and SIG Testing]
-- The following feature gates are removed, because the associated features were unconditionally enabled in previous releases: CustomResourceValidation, CustomResourceSubresources, CustomResourceWebhookConversion, CustomResourcePublishOpenAPI, CustomResourceDefaulting ([#87475](https://github.com/kubernetes/kubernetes/pull/87475), [@liggitt](https://github.com/liggitt)) [SIG API Machinery]
-
-### Feature
-
-- aggragation api will have alpha support for network proxy ([#87515](https://github.com/kubernetes/kubernetes/pull/87515), [@Sh4d1](https://github.com/Sh4d1)) [SIG API Machinery]
-- API request throttling (due to a high rate of requests) is now reported in client-go logs at log level 2. The messages are of the form
-
- Throttling request took 1.50705208s, request: GET:
-
- The presence of these messages, may indicate to the administrator the need to tune the cluster accordingly. ([#87740](https://github.com/kubernetes/kubernetes/pull/87740), [@jennybuckley](https://github.com/jennybuckley)) [SIG API Machinery]
-- kubeadm: reject a node joining the cluster if a node with the same name already exists ([#81056](https://github.com/kubernetes/kubernetes/pull/81056), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
-- disableAvailabilitySetNodes is added to avoid VM list for VMSS clusters. It should only be used when vmType is "vmss" and all the nodes (including masters) are VMSS virtual machines. ([#87685](https://github.com/kubernetes/kubernetes/pull/87685), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- The kubectl --dry-run flag now accepts the values 'client', 'server', and 'none', to support client-side and server-side dry-run strategies. The boolean and unset values for the --dry-run flag are deprecated and a value will be required in a future version. ([#87580](https://github.com/kubernetes/kubernetes/pull/87580), [@julianvmodesto](https://github.com/julianvmodesto)) [SIG CLI]
-- Add support for pre-allocated hugepages for more than one page size ([#82820](https://github.com/kubernetes/kubernetes/pull/82820), [@odinuge](https://github.com/odinuge)) [SIG Apps]
-- Update CNI version to v0.8.5 ([#78819](https://github.com/kubernetes/kubernetes/pull/78819), [@justaugustus](https://github.com/justaugustus)) [SIG API Machinery, SIG Cluster Lifecycle, SIG Network, SIG Release, and SIG Testing]
-- Skip default spreading scoring plugin for pods that define TopologySpreadConstraints ([#87566](https://github.com/kubernetes/kubernetes/pull/87566), [@skilxn-go](https://github.com/skilxn-go)) [SIG Scheduling]
-- Added more details to taint toleration errors ([#87250](https://github.com/kubernetes/kubernetes/pull/87250), [@starizard](https://github.com/starizard)) [SIG Apps, and SIG Scheduling]
-- Scheduler: Add DefaultBinder plugin ([#87430](https://github.com/kubernetes/kubernetes/pull/87430), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling, and SIG Testing]
-- Kube-apiserver metrics will now include request counts, latencies, and response sizes for /healthz, /livez, and /readyz requests. ([#83598](https://github.com/kubernetes/kubernetes/pull/83598), [@jktomer](https://github.com/jktomer)) [SIG API Machinery]
-
-### Other (Bug, Cleanup or Flake)
-
-- Fix the masters rolling upgrade causing thundering herd of LISTs on etcd leading to control plane unavailability. ([#86430](https://github.com/kubernetes/kubernetes/pull/86430), [@wojtek-t](https://github.com/wojtek-t)) [SIG API Machinery, SIG Node, and SIG Testing]
-- `kubectl diff` now returns 1 only on diff finding changes, and >1 on kubectl errors. The "exit status code 1" message as also been muted. ([#87437](https://github.com/kubernetes/kubernetes/pull/87437), [@apelisse](https://github.com/apelisse)) [SIG CLI, and SIG Testing]
-- To reduce chances of throttling, VM cache is set to nil when Azure node provisioning state is deleting ([#87635](https://github.com/kubernetes/kubernetes/pull/87635), [@feiskyer](https://github.com/feiskyer)) [SIG Cloud Provider]
-- Fix regression in statefulset conversion which prevented applying a statefulset multiple times. ([#87706](https://github.com/kubernetes/kubernetes/pull/87706), [@liggitt](https://github.com/liggitt)) [SIG Apps, and SIG Testing]
-- fixed two scheduler metrics (pending_pods and schedule_attempts_total) not being recorded ([#87692](https://github.com/kubernetes/kubernetes/pull/87692), [@everpeace](https://github.com/everpeace)) [SIG Scheduling]
-- Resolved a performance issue in the node authorizer index maintenance. ([#87693](https://github.com/kubernetes/kubernetes/pull/87693), [@liggitt](https://github.com/liggitt)) [SIG Auth]
-- Removed the 'client' label from apiserver_request_total. ([#87669](https://github.com/kubernetes/kubernetes/pull/87669), [@logicalhan](https://github.com/logicalhan)) [SIG API Machinery, and SIG Instrumentation]
-- `(*"k8s.io/client-go/rest".Request).{Do,DoRaw,Stream,Watch}` now require callers to pass a `context.Context` as an argument. The context is used for timeout and cancellation signaling and to pass supplementary information to round trippers in the wrapped transport chain. If you don't need any of this functionality, it is sufficient to pass a context created with `context.Background()` to these functions. The `(*"k8s.io/client-go/rest".Request).Context` method is removed now that all methods that execute a request accept a context directly. ([#87597](https://github.com/kubernetes/kubernetes/pull/87597), [@mikedanese](https://github.com/mikedanese)) [SIG API Machinery, SIG Apps, SIG Auth, SIG Autoscaling, SIG CLI, SIG Cloud Provider, SIG Cluster Lifecycle, SIG Instrumentation, SIG Network, SIG Node, SIG Scheduling, SIG Storage, and SIG Testing]
-- For volumes that allow attaches across multiple nodes, attach and detach operations across different nodes are now executed in parallel. ([#87258](https://github.com/kubernetes/kubernetes/pull/87258), [@verult](https://github.com/verult)) [SIG Apps, SIG Node, and SIG Storage]
-- kubeadm: apply further improvements to the tentative support for concurrent etcd member join. Fixes a bug where multiple members can receive the same hostname. Increase the etcd client dial timeout and retry timeout for add/remove/... operations. ([#87505](https://github.com/kubernetes/kubernetes/pull/87505), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
-- Reverted a kubectl azure auth module change where oidc claim spn: prefix was omitted resulting a breaking behavior with existing Azure AD OIDC enabled api-server ([#87507](https://github.com/kubernetes/kubernetes/pull/87507), [@weinong](https://github.com/weinong)) [SIG API Machinery, SIG Auth, and SIG Cloud Provider]
-- Update cri-tools to v1.17.0 ([#86305](https://github.com/kubernetes/kubernetes/pull/86305), [@saschagrunert](https://github.com/saschagrunert)) [SIG Cluster Lifecycle, and SIG Release]
-- kubeadm: remove the deprecated CoreDNS feature-gate. It was set to "true" since v1.11 when the feature went GA. In v1.13 it was marked as deprecated and hidden from the CLI. ([#87400](https://github.com/kubernetes/kubernetes/pull/87400), [@neolit123](https://github.com/neolit123)) [SIG Cluster Lifecycle]
-- Shared informers are now more reliable in the face of network disruption. ([#86015](https://github.com/kubernetes/kubernetes/pull/86015), [@squeed](https://github.com/squeed)) [SIG API Machinery]
-- the CSR signing cert/key pairs will be reloaded from disk like the kube-apiserver cert/key pairs ([#86816](https://github.com/kubernetes/kubernetes/pull/86816), [@deads2k](https://github.com/deads2k)) [SIG API Machinery, SIG Apps, and SIG Auth]
-- "kubectl describe statefulsets.apps" prints garbage for rolling update partition ([#85846](https://github.com/kubernetes/kubernetes/pull/85846), [@phil9909](https://github.com/phil9909)) [SIG CLI]
-
-
-
-
-
-# v1.18.0-alpha.2
-
-[Documentation](https://docs.k8s.io)
-
-## Downloads for v1.18.0-alpha.2
-
-
-filename | sha512 hash
--------- | -----------
-[kubernetes.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes.tar.gz) | `7af83386b4b35353f0aa1bdaf73599eb08b1d1ca11ecc2c606854aff754db69f3cd3dc761b6d7fc86f01052f615ca53185f33dbf9e53b2f926b0f02fc103fbd3`
-[kubernetes-src.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-src.tar.gz) | `a14b02a0a0bde97795a836a8f5897b0ee6b43e010e13e43dd4cca80a5b962a1ef3704eedc7916fed1c38ec663a71db48c228c91e5daacba7d9370df98c7ddfb6`
-
-### Client Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-client-darwin-386.tar.gz) | `427f214d47ded44519007de2ae87160c56c2920358130e474b768299751a9affcbc1b1f0f936c39c6138837bca2a97792a6700896976e98c4beee8a1944cfde1`
-[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-client-darwin-amd64.tar.gz) | `861fd81ac3bd45765575bedf5e002a2294aba48ef9e15980fc7d6783985f7d7fcde990ea0aef34690977a88df758722ec0a2e170d5dcc3eb01372e64e5439192`
-[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-client-linux-386.tar.gz) | `7d59b05d6247e2606a8321c72cd239713373d876dbb43b0fb7f1cb857fa6c998038b41eeed78d9eb67ce77b0b71776ceed428cce0f8d2203c5181b473e0bd86c`
-[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-client-linux-amd64.tar.gz) | `7cdefb4e32bad9d2df5bb8e7e0a6f4dab2ae6b7afef5d801ac5c342d4effdeacd799081fa2dec699ecf549200786c7623c3176252010f12494a95240dd63311d`
-[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-client-linux-arm.tar.gz) | `6212bbf0fa1d01ced77dcca2c4b76b73956cd3c6b70e0701c1fe0df5ff37160835f6b84fa2481e0e6979516551b14d8232d1c72764a559a3652bfe2a1e7488ff`
-[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-client-linux-arm64.tar.gz) | `1f0d9990700510165ee471acb2f88222f1b80e8f6deb351ce14cf50a70a9840fb99606781e416a13231c74b2bd7576981b5348171aa33b628d2666e366cd4629`
-[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-client-linux-ppc64le.tar.gz) | `77e00ba12a32db81e96f8de84609de93f32c61bb3f53875a57496d213aa6d1b92c09ad5a6de240a78e1a5bf77fac587ff92874f34a10f8909ae08ca32fda45d2`
-[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-client-linux-s390x.tar.gz) | `a39ec2044bed5a4570e9c83068e0fc0ce923ccffa44380f8bbc3247426beaff79c8a84613bcb58b05f0eb3afbc34c79fe3309aa2e0b81abcfd0aa04770e62e05`
-[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-client-windows-386.tar.gz) | `1a0ab88f9b7e34b60ab31d5538e97202a256ad8b7b7ed5070cae5f2f12d5d4edeae615db7a34ebbe254004b6393c6b2480100b09e30e59c9139492a3019a596a`
-[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-client-windows-amd64.tar.gz) | `1966eb5dfb78c1bc33aaa6389f32512e3aa92584250a0164182f3566c81d901b59ec78ee4e25df658bc1dd221b5a9527d6ce3b6c487ca3e3c0b319a077caa735`
-
-### Server Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-server-linux-amd64.tar.gz) | `f814d6a3872e4572aa4da297c29def4c1fad8eba0903946780b6bf9788c72b99d71085c5aef9e12c01133b26fa4563c1766ba724ad2a8af2670a24397951a94d`
-[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-server-linux-arm.tar.gz) | `56aa08225e546c92c2ff88ac57d3db7dd5e63640772ea72a429f080f7069827138cbc206f6f5fe3a0c01bfca043a9eda305ecdc1dcb864649114893e46b6dc84`
-[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-server-linux-arm64.tar.gz) | `fb87128d905211ba097aa860244a376575ae2edbaca6e51402a24bc2964854b9b273e09df3d31a2bcffc91509f7eecb2118b183fb0e0eb544f33403fa235c274`
-[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-server-linux-ppc64le.tar.gz) | `6d21fbf39b9d3a0df9642407d6f698fabdc809aca83af197bceb58a81b25846072f407f8fb7caae2e02dc90912e3e0f5894f062f91bcb69f8c2329625d3dfeb7`
-[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-server-linux-s390x.tar.gz) | `ddcda4dc360ca97705f71bf2a18ddacd7b7ddf77535b62e699e97a1b2dd24843751313351d0112e238afe69558e8271eba4d27ab77bb67b4b9e3fbde6eec85c9`
-
-### Node Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-node-linux-amd64.tar.gz) | `78915a9bde35c70c67014f0cea8754849db4f6a84491a3ad9678fd3bc0203e43af5a63cfafe104ae1d56b05ce74893a87a6dcd008d7859e1af6b3bce65425b5d`
-[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-node-linux-arm.tar.gz) | `3218e811abcb0cb09d80742def339be3916db5e9bbc62c0dc8e6d87085f7e3d9eeed79dea081906f1de78ddd07b7e3acdbd7765fdb838d262bb35602fd1df106`
-[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-node-linux-arm64.tar.gz) | `fa22de9c4440b8fb27f4e77a5a63c5e1c8aa8aa30bb79eda843b0f40498c21b8c0ad79fff1d841bb9fef53fe20da272506de9a86f81a0b36d028dbeab2e482ce`
-[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-node-linux-ppc64le.tar.gz) | `bbda9b5cc66e8f13d235703b2a85e2c4f02fa16af047be4d27a3e198e11eb11706e4a0fbb6c20978c770b069cd4cd9894b661f09937df9d507411548c36576e0`
-[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-node-linux-s390x.tar.gz) | `b2ed1eda013069adce2aac00b86d75b84e006cfce9bafac0b5a2bafcb60f8f2cb346b5ea44eafa72d777871abef1ea890eb3a2a05de28968f9316fa88886a8ed`
-[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.2/kubernetes-node-windows-amd64.tar.gz) | `bd8eb23dba711f31b5148257076b1bbe9629f2a75de213b2c779bd5b29279e9bf22f8bde32f4bc814f4c0cc49e19671eb8b24f4105f0fe2c1490c4b78ec3c704`
-
-## Changelog since v1.18.0-alpha.1
-
-### Other notable changes
-
-* Bump golang/mock version to v1.3.1 ([#87326](https://github.com/kubernetes/kubernetes/pull/87326), [@wawa0210](https://github.com/wawa0210))
-* fix a bug that orphan revision cannot be adopted and statefulset cannot be synced ([#86801](https://github.com/kubernetes/kubernetes/pull/86801), [@likakuli](https://github.com/likakuli))
-* Azure storage clients now suppress requests on throttling ([#87306](https://github.com/kubernetes/kubernetes/pull/87306), [@feiskyer](https://github.com/feiskyer))
-* Introduce Alpha field `Immutable` in both Secret and ConfigMap objects to mark their contents as immutable. The implementation is hidden behind feature gate `ImmutableEphemeralVolumes` (currently in Alpha stage). ([#86377](https://github.com/kubernetes/kubernetes/pull/86377), [@wojtek-t](https://github.com/wojtek-t))
-* EndpointSlices will now be enabled by default. A new `EndpointSliceProxying` feature gate determines if kube-proxy will use EndpointSlices, this is disabled by default. ([#86137](https://github.com/kubernetes/kubernetes/pull/86137), [@robscott](https://github.com/robscott))
-* kubeadm upgrades always persist the etcd backup for stacked ([#86861](https://github.com/kubernetes/kubernetes/pull/86861), [@SataQiu](https://github.com/SataQiu))
-* Fix the bug PIP's DNS is deleted if no DNS label service annotation isn't set. ([#87246](https://github.com/kubernetes/kubernetes/pull/87246), [@nilo19](https://github.com/nilo19))
-* New flag `--show-hidden-metrics-for-version` in kube-controller-manager can be used to show all hidden metrics that deprecated in the previous minor release. ([#85281](https://github.com/kubernetes/kubernetes/pull/85281), [@RainbowMango](https://github.com/RainbowMango))
-* Azure network and VM clients now suppress requests on throttling ([#87122](https://github.com/kubernetes/kubernetes/pull/87122), [@feiskyer](https://github.com/feiskyer))
-* `kubectl apply -f --prune -n ` should prune all resources not defined in the file in the cli specified namespace. ([#85613](https://github.com/kubernetes/kubernetes/pull/85613), [@MartinKaburu](https://github.com/MartinKaburu))
-* Fixes service account token admission error in clusters that do not run the service account token controller ([#87029](https://github.com/kubernetes/kubernetes/pull/87029), [@liggitt](https://github.com/liggitt))
-* CustomResourceDefinition status fields are no longer required for client validation when submitting manifests. ([#87213](https://github.com/kubernetes/kubernetes/pull/87213), [@hasheddan](https://github.com/hasheddan))
-* All apiservers log request lines in a more greppable format. ([#87203](https://github.com/kubernetes/kubernetes/pull/87203), [@lavalamp](https://github.com/lavalamp))
-* provider/azure: Network security groups can now be in a separate resource group. ([#87035](https://github.com/kubernetes/kubernetes/pull/87035), [@CecileRobertMichon](https://github.com/CecileRobertMichon))
-* Cleaned up the output from `kubectl describe CSINode `. ([#85283](https://github.com/kubernetes/kubernetes/pull/85283), [@huffmanca](https://github.com/huffmanca))
-* Fixed the following ([#84265](https://github.com/kubernetes/kubernetes/pull/84265), [@bhagwat070919](https://github.com/bhagwat070919))
- * - AWS Cloud Provider attempts to delete LoadBalancer security group it didn’t provision
- * - AWS Cloud Provider creates default LoadBalancer security group even if annotation [service.beta.kubernetes.io/aws-load-balancer-security-groups] is present
-* kubelet: resource metrics endpoint `/metrics/resource/v1alpha1` as well as all metrics under this endpoint have been deprecated. ([#86282](https://github.com/kubernetes/kubernetes/pull/86282), [@RainbowMango](https://github.com/RainbowMango))
- * Please convert to the following metrics emitted by endpoint `/metrics/resource`:
- * - scrape_error --> scrape_error
- * - node_cpu_usage_seconds_total --> node_cpu_usage_seconds
- * - node_memory_working_set_bytes --> node_memory_working_set_bytes
- * - container_cpu_usage_seconds_total --> container_cpu_usage_seconds
- * - container_memory_working_set_bytes --> container_memory_working_set_bytes
- * - scrape_error --> scrape_error
-* You can now pass "--node-ip ::" to kubelet to indicate that it should autodetect an IPv6 address to use as the node's primary address. ([#85850](https://github.com/kubernetes/kubernetes/pull/85850), [@danwinship](https://github.com/danwinship))
-* kubeadm: support automatic retry after failing to pull image ([#86899](https://github.com/kubernetes/kubernetes/pull/86899), [@SataQiu](https://github.com/SataQiu))
-* TODO ([#87044](https://github.com/kubernetes/kubernetes/pull/87044), [@jennybuckley](https://github.com/jennybuckley))
-* Improved yaml parsing performance ([#85458](https://github.com/kubernetes/kubernetes/pull/85458), [@cjcullen](https://github.com/cjcullen))
-* Fixed a bug which could prevent a provider ID from ever being set for node if an error occurred determining the provider ID when the node was added. ([#87043](https://github.com/kubernetes/kubernetes/pull/87043), [@zjs](https://github.com/zjs))
-* fix a regression in kubenet that prevent pods to obtain ip addresses ([#85993](https://github.com/kubernetes/kubernetes/pull/85993), [@chendotjs](https://github.com/chendotjs))
-* Bind kube-dns containers to linux nodes to avoid Windows scheduling ([#83358](https://github.com/kubernetes/kubernetes/pull/83358), [@wawa0210](https://github.com/wawa0210))
-* The following features are unconditionally enabled and the corresponding `--feature-gates` flags have been removed: `PodPriority`, `TaintNodesByCondition`, `ResourceQuotaScopeSelectors` and `ScheduleDaemonSetPods` ([#86210](https://github.com/kubernetes/kubernetes/pull/86210), [@draveness](https://github.com/draveness))
-* Bind dns-horizontal containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes ([#83364](https://github.com/kubernetes/kubernetes/pull/83364), [@wawa0210](https://github.com/wawa0210))
-* fix kubectl annotate error when local=true is set ([#86952](https://github.com/kubernetes/kubernetes/pull/86952), [@zhouya0](https://github.com/zhouya0))
-* Bug fixes: ([#84163](https://github.com/kubernetes/kubernetes/pull/84163), [@david-tigera](https://github.com/david-tigera))
- * Make sure we include latest packages node #351 ([@caseydavenport](https://github.com/caseydavenport))
-* fix kuebctl apply set-last-applied namespaces error ([#86474](https://github.com/kubernetes/kubernetes/pull/86474), [@zhouya0](https://github.com/zhouya0))
-* Add VolumeBinder method to FrameworkHandle interface, which allows user to get the volume binder when implementing scheduler framework plugins. ([#86940](https://github.com/kubernetes/kubernetes/pull/86940), [@skilxn-go](https://github.com/skilxn-go))
-* elasticsearch supports automatically setting the advertise address ([#85944](https://github.com/kubernetes/kubernetes/pull/85944), [@SataQiu](https://github.com/SataQiu))
-* If a serving certificates param specifies a name that is an IP for an SNI certificate, it will have priority for replying to server connections. ([#85308](https://github.com/kubernetes/kubernetes/pull/85308), [@deads2k](https://github.com/deads2k))
-* kube-proxy: Added dual-stack IPv4/IPv6 support to the iptables proxier. ([#82462](https://github.com/kubernetes/kubernetes/pull/82462), [@vllry](https://github.com/vllry))
-* Azure VMSS/VMSSVM clients now suppress requests on throttling ([#86740](https://github.com/kubernetes/kubernetes/pull/86740), [@feiskyer](https://github.com/feiskyer))
-* New metric kubelet_pleg_last_seen_seconds to aid diagnosis of PLEG not healthy issues. ([#86251](https://github.com/kubernetes/kubernetes/pull/86251), [@bboreham](https://github.com/bboreham))
-* For subprotocol negotiation, both client and server protocol is required now. ([#86646](https://github.com/kubernetes/kubernetes/pull/86646), [@tedyu](https://github.com/tedyu))
-* kubeadm: use bind-address option to configure the kube-controller-manager and kube-scheduler http probes ([#86493](https://github.com/kubernetes/kubernetes/pull/86493), [@aojea](https://github.com/aojea))
-* Marked scheduler's metrics scheduling_algorithm_predicate_evaluation_seconds and ([#86584](https://github.com/kubernetes/kubernetes/pull/86584), [@xiaoanyunfei](https://github.com/xiaoanyunfei))
- * scheduling_algorithm_priority_evaluation_seconds as deprecated. Those are replaced by framework_extension_point_duration_seconds[extenstion_point="Filter"] and framework_extension_point_duration_seconds[extenstion_point="Score"] respectively.
-* Marked scheduler's scheduling_duration_seconds Summary metric as deprecated ([#86586](https://github.com/kubernetes/kubernetes/pull/86586), [@xiaoanyunfei](https://github.com/xiaoanyunfei))
-* Add instructions about how to bring up e2e test cluster ([#85836](https://github.com/kubernetes/kubernetes/pull/85836), [@YangLu1031](https://github.com/YangLu1031))
-* If a required flag is not provided to a command, the user will only see the required flag error message, instead of the entire usage menu. ([#86693](https://github.com/kubernetes/kubernetes/pull/86693), [@sallyom](https://github.com/sallyom))
-* kubeadm: tolerate whitespace when validating certificate authority PEM data in kubeconfig files ([#86705](https://github.com/kubernetes/kubernetes/pull/86705), [@neolit123](https://github.com/neolit123))
-* kubeadm: add support for the "ci/k8s-master" version label as a replacement for "ci-cross/*", which no longer exists. ([#86609](https://github.com/kubernetes/kubernetes/pull/86609), [@Pensu](https://github.com/Pensu))
-* Fix EndpointSlice controller race condition and ensure that it handles external changes to EndpointSlices. ([#85703](https://github.com/kubernetes/kubernetes/pull/85703), [@robscott](https://github.com/robscott))
-* Fix nil pointer dereference in azure cloud provider ([#85975](https://github.com/kubernetes/kubernetes/pull/85975), [@ldx](https://github.com/ldx))
-* fix: azure disk could not mounted on Standard_DC4s/DC2s instances ([#86612](https://github.com/kubernetes/kubernetes/pull/86612), [@andyzhangx](https://github.com/andyzhangx))
-* Fixes v1.17.0 regression in --service-cluster-ip-range handling with IPv4 ranges larger than 65536 IP addresses ([#86534](https://github.com/kubernetes/kubernetes/pull/86534), [@liggitt](https://github.com/liggitt))
-* Adds back support for AlwaysCheckAllPredicates flag. ([#86496](https://github.com/kubernetes/kubernetes/pull/86496), [@ahg-g](https://github.com/ahg-g))
-* Azure global rate limit is switched to per-client. A set of new rate limit configure options are introduced, including routeRateLimit, SubnetsRateLimit, InterfaceRateLimit, RouteTableRateLimit, LoadBalancerRateLimit, PublicIPAddressRateLimit, SecurityGroupRateLimit, VirtualMachineRateLimit, StorageAccountRateLimit, DiskRateLimit, SnapshotRateLimit, VirtualMachineScaleSetRateLimit and VirtualMachineSizeRateLimit. ([#86515](https://github.com/kubernetes/kubernetes/pull/86515), [@feiskyer](https://github.com/feiskyer))
- * The original rate limit options would be default values for those new client's rate limiter.
-* Fix issue [#85805](https://github.com/kubernetes/kubernetes/pull/85805) about resource not found in azure cloud provider when lb specified in other resource group. ([#86502](https://github.com/kubernetes/kubernetes/pull/86502), [@levimm](https://github.com/levimm))
-* `AlwaysCheckAllPredicates` is deprecated in scheduler Policy API. ([#86369](https://github.com/kubernetes/kubernetes/pull/86369), [@Huang-Wei](https://github.com/Huang-Wei))
-* Kubernetes KMS provider for data encryption now supports disabling the in-memory data encryption key (DEK) cache by setting cachesize to a negative value. ([#86294](https://github.com/kubernetes/kubernetes/pull/86294), [@enj](https://github.com/enj))
-* option `preConfiguredBackendPoolLoadBalancerTypes` is added to azure cloud provider for the pre-configured load balancers, possible values: `""`, `"internal"`, "external"`, `"all"` ([#86338](https://github.com/kubernetes/kubernetes/pull/86338), [@gossion](https://github.com/gossion))
-* Promote StartupProbe to beta for 1.18 release ([#83437](https://github.com/kubernetes/kubernetes/pull/83437), [@matthyx](https://github.com/matthyx))
-* Fixes issue where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc. ([#86412](https://github.com/kubernetes/kubernetes/pull/86412), [@weinong](https://github.com/weinong))
- * The audience claim before this fix has "spn:" prefix. After this fix, "spn:" prefix is omitted.
-* change CounterVec to Counter about PLEGDiscardEvent ([#86167](https://github.com/kubernetes/kubernetes/pull/86167), [@yiyang5055](https://github.com/yiyang5055))
-* hollow-node do not use remote CRI anymore ([#86425](https://github.com/kubernetes/kubernetes/pull/86425), [@jkaniuk](https://github.com/jkaniuk))
-* hollow-node use fake CRI ([#85879](https://github.com/kubernetes/kubernetes/pull/85879), [@gongguan](https://github.com/gongguan))
-
-
-
-# v1.18.0-alpha.1
-
-[Documentation](https://docs.k8s.io)
-
-## Downloads for v1.18.0-alpha.1
-
-
-filename | sha512 hash
--------- | -----------
-[kubernetes.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes.tar.gz) | `0c4904efc7f4f1436119c91dc1b6c93b3bd9c7490362a394bff10099c18e1e7600c4f6e2fcbaeb2d342a36c4b20692715cf7aa8ada6dfac369f44cc9292529d7`
-[kubernetes-src.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-src.tar.gz) | `0a50fc6816c730ca5ae4c4f26d5ad7b049607d29f6a782a4e5b4b05ac50e016486e269dafcc6a163bd15e1a192780a9a987f1bb959696993641c603ed1e841c8`
-
-### Client Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-client-darwin-386.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-client-darwin-386.tar.gz) | `c6d75f7f3f20bef17fc7564a619b54e6f4a673d041b7c9ec93663763a1cc8dd16aecd7a2af70e8d54825a0eecb9762cf2edfdade840604c9a32ecd9cc2d5ac3c`
-[kubernetes-client-darwin-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-client-darwin-amd64.tar.gz) | `ca1f19db289933beace6daee6fc30af19b0e260634ef6e89f773464a05e24551c791be58b67da7a7e2a863e28b7cbcc7b24b6b9bf467113c26da76ac8f54fdb6`
-[kubernetes-client-linux-386.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-client-linux-386.tar.gz) | `af2e673653eb39c3f24a54efc68e1055f9258bdf6cf8fea42faf42c05abefc2da853f42faac3b166c37e2a7533020b8993b98c0d6d80a5b66f39e91d8ae0a3fb`
-[kubernetes-client-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-client-linux-amd64.tar.gz) | `9009032c3f94ac8a78c1322a28e16644ce3b20989eb762685a1819148aed6e883ca8e1200e5ec37ec0853f115c67e09b5d697d6cf5d4c45f653788a2d3a2f84f`
-[kubernetes-client-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-client-linux-arm.tar.gz) | `afba9595b37a3f2eead6e3418573f7ce093b55467dce4da0b8de860028576b96b837a2fd942f9c276e965da694e31fbd523eeb39aefb902d7e7a2f169344d271`
-[kubernetes-client-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-client-linux-arm64.tar.gz) | `04fc3b2fe3f271807f0bc6c61be52456f26a1af904964400be819b7914519edc72cbab9afab2bb2e2ba1a108963079367cedfb253c9364c0175d1fcc64d52f5c`
-[kubernetes-client-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-client-linux-ppc64le.tar.gz) | `04c7edab874b33175ff7bebfff5b3a032bc6eb088fcd7387ffcd5b3fa71395ca8c5f9427b7ddb496e92087dfdb09eaf14a46e9513071d3bd73df76c182922d38`
-[kubernetes-client-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-client-linux-s390x.tar.gz) | `499287dbbc33399a37b9f3b35e0124ff20b17b6619f25a207ee9c606ef261af61fa0c328dde18c7ce2d3dfb2eea2376623bc3425d16bc8515932a68b44f8bede`
-[kubernetes-client-windows-386.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-client-windows-386.tar.gz) | `cf84aeddf00f126fb13c0436b116dd0464a625659e44c84bf863517db0406afb4eefd86807e7543c4f96006d275772fbf66214ae7d582db5865c84ac3545b3e6`
-[kubernetes-client-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-client-windows-amd64.tar.gz) | `69f20558ccd5cd6dbaccf29307210db4e687af21f6d71f68c69d3a39766862686ac1333ab8a5012010ca5c5e3c11676b45e498e3d4c38773da7d24bcefc46d95`
-
-### Server Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-server-linux-amd64.tar.gz) | `3f29df2ce904a0f10db4c1d7a425a36f420867b595da3fa158ae430bfead90def2f2139f51425b349faa8a9303dcf20ea01657cb6ea28eb6ad64f5bb32ce2ed1`
-[kubernetes-server-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-server-linux-arm.tar.gz) | `4a21073b2273d721fbf062c254840be5c8471a010bcc0c731b101729e36e61f637cb7fcb521a22e8d24808510242f4fff8a6ca40f10e9acd849c2a47bf135f27`
-[kubernetes-server-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-server-linux-arm64.tar.gz) | `7f1cb6d721bedc90e28b16f99bea7e59f5ad6267c31ef39c14d34db6ad6aad87ee51d2acdd01b6903307c1c00b58ff6b785a03d5a491cc3f8a4df9a1d76d406c`
-[kubernetes-server-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-server-linux-ppc64le.tar.gz) | `8f2b552030b5274b1c2c7c166eacd5a14b0c6ca0f23042f4c52efe87e22a167ba4460dcd66615a5ecd26d9e88336be1fb555548392e70efe59070dd2c314da98`
-[kubernetes-server-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-server-linux-s390x.tar.gz) | `8d9f2c96f66edafb7c8b3aa90960d29b41471743842aede6b47b3b2e61f4306fb6fc60b9ebc18820c547ee200bfedfe254c1cde962d447c791097dd30e79abdb`
-
-### Node Binaries
-
-filename | sha512 hash
--------- | -----------
-[kubernetes-node-linux-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-node-linux-amd64.tar.gz) | `84194cb081d1502f8ca68143569f9707d96f1a28fcf0c574ebd203321463a8b605f67bb2a365eaffb14fbeb8d55c8d3fa17431780b242fb9cba3a14426a0cd4a`
-[kubernetes-node-linux-arm.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-node-linux-arm.tar.gz) | `0091e108ab94fd8683b89c597c4fdc2fbf4920b007cfcd5297072c44bc3a230dfe5ceed16473e15c3e6cf5edab866d7004b53edab95be0400cc60e009eee0d9d`
-[kubernetes-node-linux-arm64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-node-linux-arm64.tar.gz) | `b7e85682cc2848a35d52fd6f01c247f039ee1b5dd03345713821ea10a7fa9939b944f91087baae95eaa0665d11857c1b81c454f720add077287b091f9f19e5d3`
-[kubernetes-node-linux-ppc64le.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-node-linux-ppc64le.tar.gz) | `cd1f0849e9c62b5d2c93ff0cebf58843e178d8a88317f45f76de0db5ae020b8027e9503a5fccc96445184e0d77ecdf6f57787176ac31dbcbd01323cd0a190cbb`
-[kubernetes-node-linux-s390x.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-node-linux-s390x.tar.gz) | `e1e697a34424c75d75415b613b81c8af5f64384226c5152d869f12fd7db1a3e25724975b73fa3d89e56e4bf78d5fd07e68a709ba8566f53691ba6a88addc79ea`
-[kubernetes-node-windows-amd64.tar.gz](https://dl.k8s.io/v1.18.0-alpha.1/kubernetes-node-windows-amd64.tar.gz) | `c725a19a4013c74e22383ad3fb4cb799b3e161c4318fdad066daf806730a89bc3be3ff0f75678d02b3cbe52b2ef0c411c0639968e200b9df470be40bb2c015cc`
-
-## Changelog since v1.17.0
-
-### Action Required
-
-* action required ([#85363](https://github.com/kubernetes/kubernetes/pull/85363), [@immutableT](https://github.com/immutableT))
- * 1. Currently, if users were to explicitly specify CacheSize of 0 for KMS provider, they would end-up with a provider that caches up to 1000 keys. This PR changes this behavior.
- * Post this PR, when users supply 0 for CacheSize this will result in a validation error.
- * 2. CacheSize type was changed from int32 to *int32. This allows defaulting logic to differentiate between cases where users explicitly supplied 0 vs. not supplied any value.
- * 3. KMS Provider's endpoint (path to Unix socket) is now validated when the EncryptionConfiguration files is loaded. This used to be handled by the GRPCService.
-
-### Other notable changes
-
-* fix: azure data disk should use same key as os disk by default ([#86351](https://github.com/kubernetes/kubernetes/pull/86351), [@andyzhangx](https://github.com/andyzhangx))
-* New flag `--show-hidden-metrics-for-version` in kube-proxy can be used to show all hidden metrics that deprecated in the previous minor release. ([#85279](https://github.com/kubernetes/kubernetes/pull/85279), [@RainbowMango](https://github.com/RainbowMango))
-* Remove cluster-monitoring addon ([#85512](https://github.com/kubernetes/kubernetes/pull/85512), [@serathius](https://github.com/serathius))
-* Changed core_pattern on COS nodes to be an absolute path. ([#86329](https://github.com/kubernetes/kubernetes/pull/86329), [@mml](https://github.com/mml))
-* Track mount operations as uncertain if operation fails with non-final error ([#82492](https://github.com/kubernetes/kubernetes/pull/82492), [@gnufied](https://github.com/gnufied))
-* add kube-proxy flags --ipvs-tcp-timeout, --ipvs-tcpfin-timeout, --ipvs-udp-timeout to configure IPVS connection timeouts. ([#85517](https://github.com/kubernetes/kubernetes/pull/85517), [@andrewsykim](https://github.com/andrewsykim))
-* The sample-apiserver aggregated conformance test has updated to use the Kubernetes v1.17.0 sample apiserver ([#84735](https://github.com/kubernetes/kubernetes/pull/84735), [@liggitt](https://github.com/liggitt))
-* The underlying format of the `CPUManager` state file has changed. Upgrades should be seamless, but any third-party tools that rely on reading the previous format need to be updated. ([#84462](https://github.com/kubernetes/kubernetes/pull/84462), [@klueska](https://github.com/klueska))
-* kubernetes will try to acquire the iptables lock every 100 msec during 5 seconds instead of every second. This specially useful for environments using kube-proxy in iptables mode with a high churn rate of services. ([#85771](https://github.com/kubernetes/kubernetes/pull/85771), [@aojea](https://github.com/aojea))
-* Fixed a panic in the kubelet cleaning up pod volumes ([#86277](https://github.com/kubernetes/kubernetes/pull/86277), [@tedyu](https://github.com/tedyu))
-* azure cloud provider cache TTL is configurable, list of the azure cloud provider is as following: ([#86266](https://github.com/kubernetes/kubernetes/pull/86266), [@zqingqing1](https://github.com/zqingqing1))
- * - "availabilitySetNodesCacheTTLInSeconds"
- * - "vmssCacheTTLInSeconds"
- * - "vmssVirtualMachinesCacheTTLInSeconds"
- * - "vmCacheTTLInSeconds"
- * - "loadBalancerCacheTTLInSeconds"
- * - "nsgCacheTTLInSeconds"
- * - "routeTableCacheTTLInSeconds"
-* Fixes kube-proxy when EndpointSlice feature gate is enabled on Windows. ([#86016](https://github.com/kubernetes/kubernetes/pull/86016), [@robscott](https://github.com/robscott))
-* Fixes wrong validation result of NetworkPolicy PolicyTypes ([#85747](https://github.com/kubernetes/kubernetes/pull/85747), [@tnqn](https://github.com/tnqn))
-* Fixes an issue with kubelet-reported pod status on deleted/recreated pods. ([#86320](https://github.com/kubernetes/kubernetes/pull/86320), [@liggitt](https://github.com/liggitt))
-* kube-apiserver no longer serves the following deprecated APIs: ([#85903](https://github.com/kubernetes/kubernetes/pull/85903), [@liggitt](https://github.com/liggitt))
- * All resources under `apps/v1beta1` and `apps/v1beta2` - use `apps/v1` instead
- * `daemonsets`, `deployments`, `replicasets` resources under `extensions/v1beta1` - use `apps/v1` instead
- * `networkpolicies` resources under `extensions/v1beta1` - use `networking.k8s.io/v1` instead
- * `podsecuritypolicies` resources under `extensions/v1beta1` - use `policy/v1beta1` instead
-* kubeadm: fix potential panic when executing "kubeadm reset" with a corrupted kubelet.conf file ([#86216](https://github.com/kubernetes/kubernetes/pull/86216), [@neolit123](https://github.com/neolit123))
-* Fix a bug in port-forward: named port not working with service ([#85511](https://github.com/kubernetes/kubernetes/pull/85511), [@oke-py](https://github.com/oke-py))
-* kube-proxy no longer modifies shared EndpointSlices. ([#86092](https://github.com/kubernetes/kubernetes/pull/86092), [@robscott](https://github.com/robscott))
-* allow for configuration of CoreDNS replica count ([#85837](https://github.com/kubernetes/kubernetes/pull/85837), [@pickledrick](https://github.com/pickledrick))
-* Fixed a regression where the kubelet would fail to update the ready status of pods. ([#84951](https://github.com/kubernetes/kubernetes/pull/84951), [@tedyu](https://github.com/tedyu))
-* Resolves performance regression in client-go discovery clients constructed using `NewDiscoveryClientForConfig` or `NewDiscoveryClientForConfigOrDie`. ([#86168](https://github.com/kubernetes/kubernetes/pull/86168), [@liggitt](https://github.com/liggitt))
-* Make error message and service event message more clear ([#86078](https://github.com/kubernetes/kubernetes/pull/86078), [@feiskyer](https://github.com/feiskyer))
-* e2e-test-framework: add e2e test namespace dump if all tests succeed but the cleanup fails. ([#85542](https://github.com/kubernetes/kubernetes/pull/85542), [@schrodit](https://github.com/schrodit))
-* SafeSysctlWhitelist: add net.ipv4.ping_group_range ([#85463](https://github.com/kubernetes/kubernetes/pull/85463), [@AkihiroSuda](https://github.com/AkihiroSuda))
-* kubelet: the metric process_start_time_seconds be marked as with the ALPHA stability level. ([#85446](https://github.com/kubernetes/kubernetes/pull/85446), [@RainbowMango](https://github.com/RainbowMango))
-* API request throttling (due to a high rate of requests) is now reported in the kubelet (and other component) logs by default. The messages are of the form ([#80649](https://github.com/kubernetes/kubernetes/pull/80649), [@RobertKrawitz](https://github.com/RobertKrawitz))
- * Throttling request took 1.50705208s, request: GET:
- * The presence of large numbers of these messages, particularly with long delay times, may indicate to the administrator the need to tune the cluster accordingly.
-* Fix API Server potential memory leak issue in processing watch request. ([#85410](https://github.com/kubernetes/kubernetes/pull/85410), [@answer1991](https://github.com/answer1991))
-* Verify kubelet & kube-proxy can recover after being killed on Windows nodes ([#84886](https://github.com/kubernetes/kubernetes/pull/84886), [@YangLu1031](https://github.com/YangLu1031))
-* Fixed an issue that the scheduler only returns the first failure reason. ([#86022](https://github.com/kubernetes/kubernetes/pull/86022), [@Huang-Wei](https://github.com/Huang-Wei))
-* kubectl/drain: add skip-wait-for-delete-timeout option. ([#85577](https://github.com/kubernetes/kubernetes/pull/85577), [@michaelgugino](https://github.com/michaelgugino))
- * If pod DeletionTimestamp older than N seconds, skip waiting for the pod. Seconds must be greater than 0 to skip.
-* Following metrics have been turned off: ([#83841](https://github.com/kubernetes/kubernetes/pull/83841), [@RainbowMango](https://github.com/RainbowMango))
- * - kubelet_pod_worker_latency_microseconds
- * - kubelet_pod_start_latency_microseconds
- * - kubelet_cgroup_manager_latency_microseconds
- * - kubelet_pod_worker_start_latency_microseconds
- * - kubelet_pleg_relist_latency_microseconds
- * - kubelet_pleg_relist_interval_microseconds
- * - kubelet_eviction_stats_age_microseconds
- * - kubelet_runtime_operations
- * - kubelet_runtime_operations_latency_microseconds
- * - kubelet_runtime_operations_errors
- * - kubelet_device_plugin_registration_count
- * - kubelet_device_plugin_alloc_latency_microseconds
- * - kubelet_docker_operations
- * - kubelet_docker_operations_latency_microseconds
- * - kubelet_docker_operations_errors
- * - kubelet_docker_operations_timeout
- * - network_plugin_operations_latency_microseconds
-* - Renamed Kubelet metric certificate_manager_server_expiration_seconds to certificate_manager_server_ttl_seconds and changed to report the second until expiration at read time rather than absolute time of expiry. ([#85874](https://github.com/kubernetes/kubernetes/pull/85874), [@sambdavidson](https://github.com/sambdavidson))
- * - Improved accuracy of Kubelet metric rest_client_exec_plugin_ttl_seconds.
-* Bind metadata-agent containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes ([#83363](https://github.com/kubernetes/kubernetes/pull/83363), [@wawa0210](https://github.com/wawa0210))
-* Bind metrics-server containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes ([#83362](https://github.com/kubernetes/kubernetes/pull/83362), [@wawa0210](https://github.com/wawa0210))
-* During initialization phase (preflight), kubeadm now verifies the presence of the conntrack executable ([#85857](https://github.com/kubernetes/kubernetes/pull/85857), [@hnanni](https://github.com/hnanni))
-* VMSS cache is added so that less chances of VMSS GET throttling ([#85885](https://github.com/kubernetes/kubernetes/pull/85885), [@nilo19](https://github.com/nilo19))
-* Update go-winio module version from 0.4.11 to 0.4.14 ([#85739](https://github.com/kubernetes/kubernetes/pull/85739), [@wawa0210](https://github.com/wawa0210))
-* Fix LoadBalancer rule checking so that no unexpected LoadBalancer updates are made ([#85990](https://github.com/kubernetes/kubernetes/pull/85990), [@feiskyer](https://github.com/feiskyer))
-* kubectl drain node --dry-run will list pods that would be evicted or deleted ([#82660](https://github.com/kubernetes/kubernetes/pull/82660), [@sallyom](https://github.com/sallyom))
-* Windows nodes on GCE can use TPM-based authentication to the master. ([#85466](https://github.com/kubernetes/kubernetes/pull/85466), [@pjh](https://github.com/pjh))
-* kubectl/drain: add disable-eviction option. ([#85571](https://github.com/kubernetes/kubernetes/pull/85571), [@michaelgugino](https://github.com/michaelgugino))
- * Force drain to use delete, even if eviction is supported. This will bypass checking PodDisruptionBudgets, and should be used with caution.
-* kubeadm now errors out whenever a not supported component config version is supplied for the kubelet and kube-proxy ([#85639](https://github.com/kubernetes/kubernetes/pull/85639), [@rosti](https://github.com/rosti))
-* Fixed issue with addon-resizer using deprecated extensions APIs ([#85793](https://github.com/kubernetes/kubernetes/pull/85793), [@bskiba](https://github.com/bskiba))
-* Includes FSType when describing CSI persistent volumes. ([#85293](https://github.com/kubernetes/kubernetes/pull/85293), [@huffmanca](https://github.com/huffmanca))
-* kubelet now exports a "server_expiration_renew_failure" and "client_expiration_renew_failure" metric counter if the certificate rotations cannot be performed. ([#84614](https://github.com/kubernetes/kubernetes/pull/84614), [@rphillips](https://github.com/rphillips))
-* kubeadm: don't write the kubelet environment file on "upgrade apply" ([#85412](https://github.com/kubernetes/kubernetes/pull/85412), [@boluisa](https://github.com/boluisa))
-* fix azure file AuthorizationFailure ([#85475](https://github.com/kubernetes/kubernetes/pull/85475), [@andyzhangx](https://github.com/andyzhangx))
-* Resolved regression in admission, authentication, and authorization webhook performance in v1.17.0-rc.1 ([#85810](https://github.com/kubernetes/kubernetes/pull/85810), [@liggitt](https://github.com/liggitt))
-* kubeadm: uses the apiserver AdvertiseAddress IP family to choose the etcd endpoint IP family for non external etcd clusters ([#85745](https://github.com/kubernetes/kubernetes/pull/85745), [@aojea](https://github.com/aojea))
-* kubeadm: Forward cluster name to the controller-manager arguments ([#85817](https://github.com/kubernetes/kubernetes/pull/85817), [@ereslibre](https://github.com/ereslibre))
-* Fixed "requested device X but found Y" attach error on AWS. ([#85675](https://github.com/kubernetes/kubernetes/pull/85675), [@jsafrane](https://github.com/jsafrane))
-* addons: elasticsearch discovery supports IPv6 ([#85543](https://github.com/kubernetes/kubernetes/pull/85543), [@SataQiu](https://github.com/SataQiu))
-* kubeadm: retry `kubeadm-config` ConfigMap creation or mutation if the apiserver is not responding. This will improve resiliency when joining new control plane nodes. ([#85763](https://github.com/kubernetes/kubernetes/pull/85763), [@ereslibre](https://github.com/ereslibre))
-* Update Cluster Autoscaler to 1.17.0; changelog: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.17.0 ([#85610](https://github.com/kubernetes/kubernetes/pull/85610), [@losipiuk](https://github.com/losipiuk))
-* Filter published OpenAPI schema by making nullable, required fields non-required in order to avoid kubectl to wrongly reject null values. ([#85722](https://github.com/kubernetes/kubernetes/pull/85722), [@sttts](https://github.com/sttts))
-* kubectl set resources will no longer return an error if passed an empty change for a resource. ([#85490](https://github.com/kubernetes/kubernetes/pull/85490), [@sallyom](https://github.com/sallyom))
- * kubectl set subject will no longer return an error if passed an empty change for a resource.
-* kube-apiserver: fixed a conflict error encountered attempting to delete a pod with gracePeriodSeconds=0 and a resourceVersion precondition ([#85516](https://github.com/kubernetes/kubernetes/pull/85516), [@michaelgugino](https://github.com/michaelgugino))
-* kubeadm: add a upgrade health check that deploys a Job ([#81319](https://github.com/kubernetes/kubernetes/pull/81319), [@neolit123](https://github.com/neolit123))
-* kubeadm: make sure images are pre-pulled even if a tag did not change but their contents changed ([#85603](https://github.com/kubernetes/kubernetes/pull/85603), [@bart0sh](https://github.com/bart0sh))
-* kube-apiserver: Fixes a bug that hidden metrics can not be enabled by the command-line option `--show-hidden-metrics-for-version`. ([#85444](https://github.com/kubernetes/kubernetes/pull/85444), [@RainbowMango](https://github.com/RainbowMango))
-* kubeadm now supports automatic calculations of dual-stack node cidr masks to kube-controller-manager. ([#85609](https://github.com/kubernetes/kubernetes/pull/85609), [@Arvinderpal](https://github.com/Arvinderpal))
-* Fix bug where EndpointSlice controller would attempt to modify shared objects. ([#85368](https://github.com/kubernetes/kubernetes/pull/85368), [@robscott](https://github.com/robscott))
-* Use context to check client closed instead of http.CloseNotifier in processing watch request which will reduce 1 goroutine for each request if proto is HTTP/2.x . ([#85408](https://github.com/kubernetes/kubernetes/pull/85408), [@answer1991](https://github.com/answer1991))
-* kubeadm: reset raises warnings if it cannot delete folders ([#85265](https://github.com/kubernetes/kubernetes/pull/85265), [@SataQiu](https://github.com/SataQiu))
-* Wait for kubelet & kube-proxy to be ready on Windows node within 10s ([#85228](https://github.com/kubernetes/kubernetes/pull/85228), [@YangLu1031](https://github.com/YangLu1031))
diff --git a/content/zh/docs/setup/release/version-skew-policy.md b/content/zh/docs/setup/release/version-skew-policy.md
deleted file mode 100644
index b2fbebfbd1..0000000000
--- a/content/zh/docs/setup/release/version-skew-policy.md
+++ /dev/null
@@ -1,365 +0,0 @@
----
-title: Kubernetes 版本及版本偏差支持策略
-content_type: concept
-weight: 30
----
-
-
-
-本文描述 Kubernetes 各组件之间版本偏差支持策略。
-特定的集群部署工具可能会有额外的限制。
-
-
-
-
-
-## 版本支持策略
-
-
-Kubernetes 版本号格式为 **x.y.z**,其中 **x** 为大版本号,**y** 为小版本号,**z** 为补丁版本号。
-版本号格式遵循 [Semantic Versioning](https://semver.org/) 规则。
-更多信息,请参阅
-[Kubernetes 发布版本](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/release/versioning.md#kubernetes-release-versioning)。
-
-
-Kubernetes 项目会维护最近的三个小版本分支({{< skew latestVersion >}},
-{{< skew prevMinorVersion >}}, {{< skew oldestMinorVersion >}})。
-Kubernetes 1.19 及更高的版本将获得大约1年的补丁支持。
-Kubernetes 1.18 及更早的版本获得大约9个月的补丁支持。
-
-
-一些 bug 修复,包括安全修复,取决于其严重性和可行性,有可能会反向合并到这三个发布分支。
-补丁版本会[定期](https://git.k8s.io/sig-release/releases/patch-releases.md#cadence)
-或根据需要从这些分支中发布。
-最终是否发布是由
-[发布管理者](https://github.com/kubernetes/sig-release/blob/master/release-managers.md)
-来决定的。
-如需了解更多信息,请查看 Kubernetes
-[补丁发布](https://github.com/kubernetes/sig-release/blob/master/releases/patch-releases.md)。
-
-
-## 版本偏差策略
-
-### kube-apiserver
-
-
-在 [高可用(HA)集群](/zh/docs/setup/production-environment/tools/kubeadm/high-availability/) 中,
-多个 `kube-apiserver` 实例小版本号最多差1。
-
-
-例如:
-
-
-* 最新的 `kube-apiserver` 版本号如果是 **{{< skew latestVersion >}}**
-* 其他受支持的 `kube-apiserver` 版本号包括 **{{< skew latestVersion >}}** 和
- **{{< skew prevMinorVersion >}}**
-
-### kubelet
-
-
-`kubelet` 版本号不能高于 `kube-apiserver`,最多可以比 `kube-apiserver` 低两个小版本。
-
-
-例如:
-
-* `kube-apiserver` 版本号如果是 **{{< skew latestVersion >}}**
-* 受支持的的 `kubelet` 版本将包括 **{{< skew latestVersion >}}**、
- **{{< skew prevMinorVersion >}}** 和 **{{< skew oldestMinorVersion >}}**
-
-
-{{< note >}}
-如果 HA 集群中多个 `kube-apiserver` 实例版本号不一致,相应的 `kubelet` 版本号可选范围也要减小。
-{{}}
-
-
-例如:
-
-* 如果 `kube-apiserver` 实例同时存在 **{{< skew latestVersion >}}** 和
- **{{< skew prevMinorVersion >}}**
-* `kubelet` 的受支持版本将是 **{{< skew prevMinorVersion >}}** 和
- **{{< skew oldestMinorVersion >}}**
- (**{{< skew latestVersion >}}** 不再支持,因为它比
- **{{< skew prevMinorVersion >}}** 版本的 `kube-apiserver` 更新)
-
-
-### kube-controller-manager、 kube-scheduler 和 cloud-controller-manager
-
-
-`kube-controller-manager`、`kube-scheduler` 和 `cloud-controller-manager`
-版本不能高于 `kube-apiserver` 版本号。
-最好它们的版本号与 `kube-apiserver` 保持一致,但允许比 `kube-apiserver`
-低一个小版本(为了支持在线升级)。
-
-
-例如:
-
-* 如果 `kube-apiserver` 版本号为 **{{< skew latestVersion >}}**
-* `kube-controller-manager`、`kube-scheduler` 和 `cloud-controller-manager`
- 版本支持 **{{< skew latestVersion >}}** 和 **{{< skew prevMinorVersion >}}**
-
-
-{{< note >}}
-如果在 HA 集群中,多个 `kube-apiserver` 实例版本号不一致,他们也可以跟
-任意一个 `kube-apiserver` 实例通信(例如,通过 load balancer),
-但 `kube-controller-manager`、`kube-scheduler` 和 `cloud-controller-manager`
-版本可用范围会相应的减小。
-{{< /note >}}
-
-
-例如:
-
-* `kube-apiserver` 实例同时存在 **{{< skew latestVersion >}}** 和
- **{{< skew prevMinorVersion >}}** 版本
-* `kube-controller-manager`、`kube-scheduler` 和 `cloud-controller-manager`
- 可以通过 load balancer 与所有的 `kube-apiserver` 通信
-* `kube-controller-manager`、`kube-scheduler` 和 `cloud-controller-manager`
- 可选版本为 **{{< skew prevMinorVersion >}}**
- (**{{< skew latestVersion >}}** 不再支持,因为它比 **{{< skew prevMinorVersion >}}**
- 版本的 `kube-apiserver` 更新)
-
-### kubectl
-
-
-`kubectl` 可以比 `kube-apiserver` 高一个小版本,也可以低一个小版本。
-
-
-例如:
-
-* 如果 `kube-apiserver` 当前是 **{{< skew latestVersion >}}** 版本
-* `kubectl` 则支持 **{{< skew nextMinorVersion >}}**、**{{< skew latestVersion >}}**
- 和 **{{< skew prevMinorVersion >}}**
-
-
-{{< note >}}
-如果 HA 集群中的多个 `kube-apiserver` 实例版本号不一致,相应的 `kubectl` 可用版本范围也会减小。
-{{< /note >}}
-
-
-例如:
-
-* `kube-apiserver` 多个实例同时存在 **{{< skew latestVersion >}}** 和
- **{{< skew prevMinorVersion >}}**
-* `kubectl` 可选的版本为 **{{< skew latestVersion >}}** 和
- **{{< skew prevMinorVersion >}}**(其他版本不再支持,
- 因为它会比其中某个 `kube-apiserver` 实例高或低一个小版本)
-
-
-## 支持的组件升级次序
-
-
-组件之间支持的版本偏差会影响组件升级的顺序。
-本节描述组件从版本 **{{< skew prevMinorVersion >}}** 到 **{{< skew latestVersion >}}**
-的升级次序。
-
-### kube-apiserver
-
-
-前提条件:
-
-
-* 单实例集群中,`kube-apiserver` 实例版本号须是 **{{< skew prevMinorVersion >}}**
-* 高可用(HA)集群中,所有的 `kube-apiserver` 实例版本号必须是
- **{{< skew prevMinorVersion >}}** 或 **{{< skew latestVersion >}}**
- (确保满足最新和最旧的实例小版本号相差不大于1)
-* `kube-controller-manager`、`kube-scheduler` 和 `cloud-controller-manager`
- 版本号必须为 **{{< skew prevMinorVersion >}}**
- (确保不高于 API server 的版本,且版本号相差不大于1)
-* `kubelet` 实例版本号必须是 **{{< skew prevMinorVersion >}}** 或
- **{{< skew oldestMinorVersion >}}**(确保版本号不高于 API server,且版本号相差不大于2)
-* 注册的 admission 插件必须能够处理新的 `kube-apiserver` 实例发送过来的数据:
- * `ValidatingWebhookConfiguration` 和 `MutatingWebhookConfiguration` 对象必须升级到可以处理
- **{{< skew latestVersion >}}** 版本新加的 REST 资源(或使用 1.15 版本提供的
- [`matchPolicy: Equivalent` 选项](/zh/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy))
- * 插件可以处理任何 **{{< skew latestVersion >}}** 版本新的 REST 资源数据和新加的字段
-
-
-升级 `kube-apiserver` 到 **{{< skew latestVersion >}}**
-
-{{< note >}}
-
-根据 [API 弃用策略](/zh/docs/reference/using-api/deprecation-policy/) 和
-[API 变更指南](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api_changes.md),
-`kube-apiserver` 不能跨小版本号升级,即使是单实例集群也不可以。
-
-{{< /note >}}
-
-
-### kube-controller-manager、kube-scheduler 和 cloud-controller-manager
-
-
-前提条件:
-
-* `kube-apiserver` 实例必须为 **{{< skew latestVersion >}}**
- (HA 集群中,所有的`kube-apiserver` 实例必须在组件升级前完成升级)
-
-
-升级 `kube-controller-manager`、`kube-scheduler` 和 `cloud-controller-manager`
-到 **{{< skew latestVersion >}}**
-
-### kubelet
-
-
-前提条件:
-
-* `kube-apiserver` 实例必须为 **{{< skew latestVersion >}}** 版本
-
-`kubelet` 可以升级到 **{{< skew latestVersion >}}**(或者停留在
-**{{< skew prevMinorVersion >}}** 或 **{{< skew oldestMinorVersion >}}**)
-
-{{< note >}}
-
-在对 `kubelet` 执行次版本升级时,先[腾空](/zh/docs/tasks/administer-cluster/safely-drain-node/)
-节点上的 Pods。
-目前不支持原地升级 `kubelet` 的次版本。
-{{}}
-
-{{< warning >}}
-
-集群中 `kubelet` 版本号不建议比 `kube-apiserver` 低两个版本号:
-
-* 它们必须升级到与 `kube-apiserver` 相差不超过 1 个小版本,才可以升级其他控制面组件
-* 有可能使用低于 3 个在维护的小版本
-{{}}
-
-
-### kube-proxy
-
-
-* `kube-proxy` 必须与节点上的 `kubelet` 的小版本相同
-* `kube-proxy` 一定不能比 `kube-apiserver` 小版本更新
-* `kube-proxy` 最多只能比 `kube-apiserver` 早两个小版本
-
-
-例如:
-
-如果 `kube-proxy` 的版本是 **{{< skew oldestMinorVersion >}}**:
-
-* `kubelet` 版本必须相同,也是 **{{< skew oldestMinorVersion >}}**
-* `kube-apiserver` 版本必须在 **{{< skew oldestMinorVersion >}}** 到
- **{{< skew latestVersion >}}** 之间(闭区间)
diff --git a/content/zh/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md b/content/zh/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md
index 66c4200ea8..867063c0f6 100644
--- a/content/zh/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md
+++ b/content/zh/docs/tasks/access-application-cluster/configure-access-multiple-clusters.md
@@ -34,6 +34,19 @@ It does not mean that there is a file named `kubeconfig`.
这是一种引用配置文件的通用方式,并不意味着存在一个名为 `kubeconfig` 的文件。
{{< /note >}}
+
+
+{{< warning >}}
+只使用来源可靠的 kubeconfig 文件。使用特制的 kubeconfig 文件可能会导致恶意代码执行或文件暴露。
+如果必须使用不受信任的 kubeconfig 文件,请首先像检查 shell 脚本一样仔细检查它。
+{{< /warning>}}
+
+
## {{% heading "prerequisites" %}}
{{< include "task-tutorial-prereqs.md" >}}
@@ -41,13 +54,13 @@ It does not mean that there is a file named `kubeconfig`.
要检查 {{< glossary_tooltip text="kubectl" term_id="kubectl" >}} 是否安装,
执行 `kubectl version --client` 命令。
kubectl 的版本应该与集群的 API 服务器
-[使用同一次版本号](/zh/docs/setup/release/version-skew-policy/#kubectl)。
+[使用同一次版本号](/zh/releases/version-skew-policy/#kubectl)。
-输出应该类似于:
-
-```
-Forwarding from 127.0.0.1:63753 -> 27017
-Forwarding from [::1]:63753 -> 27017
-```
-
- **容器镜像**(必填):公共镜像仓库上的 Docker
[容器镜像](/zh/docs/concepts/containers/images/) 或者私有镜像仓库
- (通常是 Google Container Registery 或者 Docker Hub)的 URL。容器镜像参数说明必须以冒号结尾。
+ (通常是 Google Container Registry 或者 Docker Hub)的 URL。容器镜像参数说明必须以冒号结尾。
-许多[样例](https://github.com/kubernetes/examples/tree/{{< param "githubbranch" >}}/)
+许多[样例](https://github.com/kubernetes/examples/tree/master/)
提供了使用 kubectl 的介绍。完整文档请见 [kubectl 手册](/zh/docs/reference/kubectl/overview/)。
如果该应用程序部署为集群中的一个
-Pod,请参阅[下一节](#accessing-the-api-from-within-accessing-the-api-from-within-a-pod)。
+Pod,请参阅[从 Pod 内访问 API](/zh/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod)。
#### Python 客户端 {#python-client}
diff --git a/content/zh/docs/tasks/administer-cluster/change-pv-reclaim-policy.md b/content/zh/docs/tasks/administer-cluster/change-pv-reclaim-policy.md
index 1499ecfc1b..950e493f52 100644
--- a/content/zh/docs/tasks/administer-cluster/change-pv-reclaim-policy.md
+++ b/content/zh/docs/tasks/administer-cluster/change-pv-reclaim-policy.md
@@ -27,7 +27,7 @@ volume is automatically deleted when a user deletes the corresponding
PersistentVolumeClaim. This automatic behavior might be inappropriate if the volume
contains precious data. In that case, it is more appropriate to use the "Retain"
policy. With the "Retain" policy, if a user deletes a PersistentVolumeClaim,
-the corresponding PersistentVolume is not be deleted. Instead, it is moved to the
+the corresponding PersistentVolume will not be deleted. Instead, it is moved to the
Released phase, where all of its data can be manually recovered.
-->
## 为什么要更改 PersistentVolume 的回收策略
diff --git a/content/zh/docs/tasks/administer-cluster/cluster-upgrade.md b/content/zh/docs/tasks/administer-cluster/cluster-upgrade.md
index e9b9d0dec5..72535b27e8 100644
--- a/content/zh/docs/tasks/administer-cluster/cluster-upgrade.md
+++ b/content/zh/docs/tasks/administer-cluster/cluster-upgrade.md
@@ -62,14 +62,14 @@ If your cluster was deployed using the `kubeadm` tool, refer to
for detailed information on how to upgrade the cluster.
Once you have upgraded the cluster, remember to
-[install the latest version of `kubectl`](/docs/tasks/tools/install-kubectl/).
+[install the latest version of `kubectl`](/docs/tasks/tools/).
-->
如果你的集群是使用 `kubeadm` 安装工具部署而来,
那么升级群集的详细信息,请参阅
[升级 kubeadm 集群](/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/)。
升级集群之后,要记得
-[安装最新版本的 `kubectl`](/zh/docs/tasks/tools/install-kubectl/).
+[安装最新版本的 `kubectl`](/zh/docs/tasks/tools/).
### 手动部署 {#manual-deployments}
@@ -101,7 +101,7 @@ You should manually update the control plane following this sequence:
现在,你应该
-[安装最新版本的 `kubectl`](/zh/docs/tasks/tools/install-kubectl/).
+[安装最新版本的 `kubectl`](/zh/docs/tasks/tools/).
对于群集中的每个节点,
[排空](/zh/docs/tasks/administer-cluster/safely-drain-node/)
diff --git a/content/zh/docs/tasks/administer-cluster/controller-manager-leader-migration.md b/content/zh/docs/tasks/administer-cluster/controller-manager-leader-migration.md
index f8ed2cdb4a..83a716ce44 100644
--- a/content/zh/docs/tasks/administer-cluster/controller-manager-leader-migration.md
+++ b/content/zh/docs/tasks/administer-cluster/controller-manager-leader-migration.md
@@ -17,7 +17,7 @@ content_type: task
-{{< feature-state state="alpha" for_k8s_version="v1.21" >}}
+{{< feature-state state="beta" for_k8s_version="v1.22" >}}
{{< glossary_definition term_id="cloud-controller-manager" length="all" prepend="云管理控制器是">}}
@@ -43,17 +43,14 @@ For a single-node control plane, or if unavailability of controller managers can
对于单节点控制平面,或者在升级过程中可以容忍控制器管理器不可用的情况,则不需要领导者迁移,并且可以忽略本指南。
-领导者迁移是一项 Alpha 阶段功能,默认情况下处于禁用状态,它需要设置控制器管理器的 `--enable-leader-migration` 参数。
-可以通过在 `kube-controller-manager` 或 `cloud-controller-manager` 上设置特性门控
-`ControllerManagerLeaderMigration` 和 `--enable-leader-migration` 来启用。
+领导者迁移可以通过在 `kube-controller-manager` 或 `cloud-controller-manager` 上设置 `--enable-leader-migration` 来启用。
领导者迁移仅在升级期间适用,并且可以安全地禁用,也可以在升级完成后保持启用状态。
本指南将引导你手动将控制平面从内置的云驱动的 `kube-controller-manager` 升级为
@@ -64,14 +61,14 @@ If you use a tool to administrator the cluster, please refer to the documentatio
假定控制平面正在运行 Kubernetes N 版本,并且要升级到 N+1 版本。
-尽管可以在同一版本中进行迁移,但理想情况下,迁移应作为升级的一部分执行,以便可以更改配置与发布保持一致。
+尽管可以在同一版本中进行迁移,但理想情况下,迁移应作为升级的一部分执行,以便可以更改配置与每个发布版本保持一致。
N 和 N+1的确切版本取决于各个云驱动。例如,如果云驱动构建了一个可与 Kubernetes 1.22 配合使用的 `cloud-controller-manager`,
则 N 可以为 1.21,N+1 可以为 1.22。
@@ -80,19 +77,21 @@ N 和 N+1的确切版本取决于各个云驱动。例如,如果云驱动构
树外云驱动必须已经构建了一个实现领导者迁移的 `cloud-controller-manager`。
如果云驱动导入了 v0.21.0 或更高版本的 `k8s.io/cloud-provider` 和 `k8s.io/controller-manager`,
则可以进行领导者迁移。
+但是,对 v0.22.0 以下的版本,领导者迁移是一项 Alpha 阶段功能,它需要启用特性门控 `ControllerManagerLeaderMigration`。
本指南假定每个控制平面节点的 kubelet 以静态 pod 的形式启动 `kube-controller-manager`
和 `cloud-controller-manager`,静态 pod 的定义在清单文件中。
@@ -137,19 +136,21 @@ Do the same to the `system::leader-locking-cloud-controller-manager` role.
### 初始领导者迁移配置
-领导者迁移需要一个表示控制器到管理器分配状态的配置文件。
+领导者迁移可以选择使用一个表示控制器到管理器分配状态的配置文件。
目前,对于树内云驱动,`kube-controller-manager` 运行 `route`、`service` 和 `cloud-node-lifecycle`。
以下示例配置显示了分配。
+领导者迁移可以不指定配置来启用。请参阅 [默认配置](#default-configuration) 以获取更多详细信息。
+
```yaml
kind: LeaderMigrationConfiguration
-apiVersion: controllermanager.config.k8s.io/v1alpha1
+apiVersion: controllermanager.config.k8s.io/v1beta1
leaderName: cloud-provider-extraction-migration
resourceLock: leases
controllerLeaders:
@@ -166,7 +167,6 @@ On each control plane node, save the content to `/etc/leadermigration.conf`,
and update the manifest of `kube-controller-manager` so that the file is mounted inside the container at the same location.
Also, update the same manifest to add the following arguments:
-- `--feature-gates=ControllerManagerLeaderMigration=true` to enable Leader Migration which is an alpha feature
- `--enable-leader-migration` to enable Leader Migration on the controller manager
- `--leader-migration-config=/etc/leadermigration.conf` to set configuration file
@@ -176,7 +176,6 @@ Restart `kube-controller-manager` on each node. At this moment, `kube-controller
并更新 `kube-controller-manager` 清单,以便将文件安装在容器内的同一位置。
另外,更新相同的清单,添加以下参数:
-- `--feature-gates=ControllerManagerLeaderMigration=true` 启用领导者迁移(这是 Alpha 版功能)
- `--enable-leader-migration` 在控制器管理器上启用领导者迁移
- `--leader-migration-config=/etc/leadermigration.conf` 设置配置文件
@@ -196,7 +195,7 @@ Please note `component` field of each `controllerLeaders` changing from `kube-co
```yaml
kind: LeaderMigrationConfiguration
-apiVersion: controllermanager.config.k8s.io/v1alpha1
+apiVersion: controllermanager.config.k8s.io/v1beta1
leaderName: cloud-provider-extraction-migration
resourceLock: leases
controllerLeaders:
@@ -286,6 +285,22 @@ To re-enable Leader Migration, recreate the configuration file and add its mount
最后删除 `/etc/leadermigration.conf`。
要重新启用领导者迁移,请重新创建配置文件,并将其挂载和启用领导者迁移的标志添加回到 `cloud-controller-manager`。
+
+### 默认配置 {#default-configuration}
+
+从 Kubernetes 1.22 开始,领导者迁移提供了一个默认配置,它适用于默认的控制器到管理器分配。
+可以通过设置 `--enable-leader-migration`,但不设置 `--leader-migration-config=` 来启用默认配置。
+
+对于 `kube-controller-manager` 和 `cloud-controller-manager`,如果没有用参数来启用树内云驱动或者改变控制器属主,
+则可以使用默认配置来避免手动创建配置文件。
+
## {{% heading "whatsnext" %}}
+Static 策略的行为可以使用 `--cpu-manager-policy-options` 参数来微调。
+该参数采用一个逗号分隔的 `key=value` 策略选项列表。
+
### none 策略
`none` 策略显式地启用现有的默认 CPU 亲和方案,不提供操作系统调度器默认行为之外的亲和性策略。
通过 CFS 配额来实现 [Guaranteed pods](/zh/docs/tasks/configure-pod-container/quality-service-pod/)
+和 [Burstable pods](/zh/docs/tasks/configure-pod-container/quality-service-pod/)
的 CPU 使用限制。
+#### Static 策略选项
+
+如果使用 `full-pcpus-only` 策略选项,static 策略总是会分配完整的物理核心。
+你可以通过在 CPUManager 策略选项里加上 `full-pcups-only=true` 来启用该选项。
+
+默认情况下,如果不使用该选项,static 策略会使用拓扑感知最适合的分配方法来分配 CPU。
+在启用了 SMT 的系统上,此策略所分配是与硬件线程对应的、独立的虚拟核。
+这会导致不同的容器共享相同的物理核心,该行为进而会导致
+[吵闹的邻居问题](https://en.wikipedia.org/wiki/Cloud_computing_issues#Performance_interference_and_noisy_neighbors)。
+
+启用该选项之后,只有当一个 Pod 里所有容器的 CPU 请求都能够分配到完整的物理核心时,kubelet 才会接受该 Pod。
+如果 Pod 没有被准入,它会被置于 Failed 状态,错误消息是 `SMTAlignmentError`。
\ No newline at end of file
diff --git a/content/zh/docs/tasks/administer-cluster/encrypt-data.md b/content/zh/docs/tasks/administer-cluster/encrypt-data.md
index 6a645eb2ec..2b62f86725 100644
--- a/content/zh/docs/tasks/administer-cluster/encrypt-data.md
+++ b/content/zh/docs/tasks/administer-cluster/encrypt-data.md
@@ -253,11 +253,11 @@ program to retrieve the contents of your secret.
```
其输出应该是 `mykey: bXlkYXRh`,`mydata` 数据是被加密过的,请参阅
- [解密 Secret](/zh/docs/concepts/configuration/secret#decoding-a-secret)
+ [解密 Secret](/zh/docs/tasks/configmap-secret/managing-secret-using-kubectl/#decoding-secret)
了解如何完全解码 Secret 内容。
{{< note >}}
-上面的列表中没有包含 `kubelet.conf` 因为 kubeadm 将 kubelet 配置为自动更新证书。
+上面的列表中没有包含 `kubelet.conf`,因为 kubeadm 将 kubelet 配置为
+[自动更新证书](/docs/tasks/tls/certificate-rotation/)。
+轮换的证书位于目录 `/var/lib/kubelet/pki`。
+要修复过期的 kubelet 客户端证书,请参阅
+[kubelet 客户端证书轮换失败](/zh/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm/#kubelet-client-cert)。
{{< /note >}}
## 手动更新证书
-你能随时通过 `kubeadm alpha certs renew` 命令手动更新你的证书。
+你能随时通过 `kubeadm certs renew` 命令手动更新你的证书。
`kubeadm certs renew`提供以下选项:
@@ -303,10 +311,10 @@ Kubernetes 证书颁发机构不是开箱即用。
要激活内置签名者,请传递 `--cluster-signing-cert-file` 和 `--cluster-signing-key-file` 参数。
如果你正在创建一个新的集群,你可以使用 kubeadm 的
-[配置文件](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2)。
+[配置文件](/docs/reference/config-api/kubeadm-config.v1beta2/)。
```yaml
apiVersion: kubeadm.k8s.io/v1beta2
@@ -331,7 +339,7 @@ See [Create CertificateSigningRequest](/docs/reference/access-authn-authz/certif
## 通过外部 CA 更新证书
@@ -349,7 +357,7 @@ CSR 表示向 CA 请求客户的签名证书。
### 创建证书签名请求 (CSR)
-你可以通过 `kubeadm alpha certs renew --csr-only` 命令创建证书签名请求。
+你可以通过 `kubeadm certs renew --csr-only` 命令创建证书签名请求。
CSR 和随附的私钥都在输出中给出。
你可以传入一个带有 `--csr-dir` 的目录,将 CRS 输出到指定位置。
@@ -444,7 +452,7 @@ serverTLSBootstrap: true
-此示例演示了一种限制名字空间中存储使用量的简便方法。
+此示例演示了如何限制一个名字空间中的存储使用量。
-{{< feature-state for_k8s_version="v1.11" state="beta" >}}
+{{< feature-state for_k8s_version="v1.22" state="deprecated" >}}
+
+
+{{< caution >}}
+[动态 kubelet 配置](https://github.com/kubernetes/enhancements/issues/281)
+已经废弃不建议使用。请选择其他方法将配置分发到集群中的节点。
+{{< /caution >}}
[动态 kubelet 配置](https://github.com/kubernetes/enhancements/issues/281)
-允许你在一个运行的 Kubernetes 集群上通过部署 ConfigMap
-并配置每个节点来使用它来更改每个 kubelet 的配置,。
+允许你通过部署一个所有节点都会使用的 ConfigMap
+达到在运行中的 Kubernetes 集群中更改 kubelet 配置的目的。
{{< warning >}}
-所有 kubelet 配置参数都可以动态更改,但这对某些参数来说是不安全的。
-在决定动态更改参数之前,你需要深刻理解这种变化将如何影响你的集群的行为。
-在把一组变更推广到集群范围之前,需要在较小规模的节点集合上仔细地测试这些配置变化。
-与特定字段配置相关的建议可以在源码中 `KubeletConfiguration`
-[类型文档](https://github.com/kubernetes/kubernetes/blob/release-1.11/pkg/kubelet/apis/kubeletconfig/v1beta1/types.go)中找到。
+所有 kubelet 配置参数都可以被动态更改,但对某些参数来说这类更改是不安全的。
+在决定动态更改参数之前,你需要深刻理解这个改动将会如何影响集群的行为。
+在将变更扩散到整个集群之前,你需要先在小规模的节点集合上仔细地测试这些配置变动。
+特定字段相关的配置建议可以在文档
+[`KubeletConfiguration`](/docs/reference/config-api/kubelet-config.v1beta1/)中找到。
{{< /warning >}}
## {{% heading "prerequisites" %}}
@@ -54,10 +62,10 @@ or v1.17; other combinations
[aren't supported](/docs/setup/release/version-skew-policy/#kubectl).
-->
你需要一个 Kubernetes 集群。
-你需要 v1.11 或更高版本的 kubectl,并以配置好与集群通信。
+你需要 v1.11 或更高版本的 kubectl,并配置好与集群的通信。
{{< version-check >}}
-你的集群 API 服务器版本(如 v1.12)不能比你所用的 kubectl
-的版本差不止一个小版本号。
+你的集群 API 服务器版本(如 v1.12)不能和你的 kubectl
+版本相差超过一个小版本号。
例如,如果你的集群在运行 v1.16,那么你可以使用 v1.15、v1.16、v1.17 的 kubectl,
所有其他的组合都是
[不支持的](/zh/docs/setup/release/version-skew-policy/#kubectl)。
@@ -70,10 +78,10 @@ because there are manual alternatives.
For each node that you're reconfiguring, you must set the kubelet
`-dynamic-config-dir` flag to a writable directory.
-->
-某些例子中使用了命令行工具 [jq](https://stedolan.github.io/jq/)。
+在某些例子中使用了命令行工具 [jq](https://stedolan.github.io/jq/)。
你并不一定需要 `jq` 才能完成这些任务,因为总是有一些手工替代的方式。
-针对你所重新配置的每个节点,你必须设置 kubelet 的参数
+针对你重新配置的每个节点,你必须设置 kubelet 的标志
`-dynamic-config-dir`,使之指向一个可写的目录。
@@ -85,21 +93,21 @@ For each node that you're reconfiguring, you must set the kubelet
-->
## 重配置 集群中运行节点上的 kubelet
-### 基本工作流程概述
+### 基本工作流程概览
在运行中的集群中配置 kubelet 的基本工作流程如下:
-1. 编写一个 YAML 或 JSON 的配置文件包含 kubelet 的配置。
+1. 编写一个包含 kubelet 配置的 YAML 或 JSON 文件。
2. 将此文件包装在 ConfigMap 中并将其保存到 Kubernetes 控制平面。
-3. 更新 kubelet 的相应节点对象以使用此 ConfigMap。
+3. 更新 kubelet 所在节点对象以使用此 ConfigMap。
-每个 kubelet 都会在其各自的节点对象上监测(Watch)配置引用。当引用更改时,kubelet 将下载新配置,
-更新本地引用以引用该文件,然后退出。
-要想使该功能正常地工作,你必须运行操作系统级别的服务管理器(如 systemd),
-在 kubelet 退出时将其重启。
+每个 kubelet 都会在其各自的节点对象上监测(Watch)配置引用。当引用更改时,kubelet 将下载新的配置文件,
+更新本地引用指向该文件,然后退出。
+为了使该功能正常地工作,你必须运行操作系统级别的服务管理器(如 systemd),
+它将会在 kubelet 退出后将其重启。
kubelet 重新启动时,将开始使用新配置。
-这个新配置完全地覆盖 `--config` 所提供的配置,并被命令行标志覆盖。
+新配置将会完全地覆盖 `--config` 所提供的配置,并被命令行标志覆盖。
新配置中未指定的值将收到适合配置版本的默认值
(e.g. `kubelet.config.k8s.io/v1beta1`),除非被命令行标志覆盖。
@@ -132,16 +140,16 @@ ConfigMap, you can observe this status to confirm that the Node is using the
intended configuration.
-->
节点 kubelet 配置状态可通过 `node.spec.status.config` 获取。
-一旦你已经改变了一个节点去使用新的 ConfigMap,
-就可以观察此状态以确认该节点正在使用的预期配置。
+一旦你更新了一个节点去使用新的 ConfigMap,
+就可以通过观察此状态来确认该节点是否正在使用预期配置。
-本文用命令 `kubectl edit` 描述节点的编辑,还有一些其他的方式去修改节点的规约,
-包括更利于脚本化的工作流程的 `kubectl patch`。
+本文中使用命令 `kubectl edit` 来编辑节点,还有其他的方式可以修改节点的规约,
+比如更利于脚本化工作流程的 `kubectl patch`。
{{< warning >}}
-通过就地更新 ConfigMap 来更改配置是 *可能的*。
-尽管如此,这样做会导致所有配置为使用该 ConfigMap 的 kubelet 被同时更新。
+尽管通过就地更新 ConfigMap 来更改配置是 *可能的*。
+但是这样做会导致所有使用该 ConfigMap 配置的 kubelet 同时更新。
更安全的做法是按惯例将 ConfigMap 视为不可变更的,借助于
`kubectl` 的 `--append-hash` 选项逐步把更新推广到 `node.spec.configSource`。
{{< /warning >}}
@@ -249,22 +257,22 @@ adapt the steps if you prefer to extract the `kubeletconfig` subobject manually.
1. 选择要重新配置的节点。在本例中,此节点的名称为 `NODE_NAME`。
2. 使用以下命令在后台启动 kubectl 代理:
- ```bash
+ ```shell
kubectl proxy --port=8001 &
```
3. 运行以下命令从 `configz` 端点中下载并解压配置。这个命令很长,因此在复制粘贴时要小心。
**如果你使用 zsh**,请注意常见的 zsh 配置要添加反斜杠转义 URL 中变量名称周围的大括号。
@@ -477,12 +485,12 @@ by eye.
-如果发生错误,kubelet 会在 `node.status.config.error` 中显示出错误信息的结构体。
-可能的错误列在[了解节点配置错误信息](#understanding-node-config-status-errors)节。
+如果发生错误,kubelet 会在 `Node.Status.Config.Error` 中显示出错误信息的结构体。
+错误可能出现在列表[理解节点状态配置错误信息](#understanding-node-config-status-errors)中。
你可以在 kubelet 日志中搜索相同的文本以获取更多详细信息和有关错误的上下文。
-## 了解节点配置错误信息 {#understanding-node-config-status-errors}
+## 理解 `Node.Status.Config.Error` 消息 {#understanding-node-config-status-errors}
下表描述了使用动态 kubelet 配置时可能发生的错误消息。
你可以在 kubelet 日志中搜索相同的文本来获取有关错误的其他详细信息和上下文。
@@ -646,11 +654,15 @@ internal failure, see Kubelet log for details | 在对配置进行同步的循
## {{% heading "whatsnext" %}}
- 关于如何通过配置文件来配置 kubelet 的更多细节信息,可参阅
[使用配置文件设置 kubelet 参数](/zh/docs/tasks/administer-cluster/kubelet-config-file).
- 阅读 API 文档中 [`NodeConfigSource`](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#nodeconfigsource-v1-core) 说明
-
+- 查阅[`KubeletConfiguration`](/docs/reference/config-api/kubelet-config.v1beta1/)文献进一步了解 kubelet
+ 配置信息。
\ No newline at end of file
diff --git a/content/zh/docs/tasks/configmap-secret/managing-secret-using-config-file.md b/content/zh/docs/tasks/configmap-secret/managing-secret-using-config-file.md
index cce9f50f4f..7e155136ed 100644
--- a/content/zh/docs/tasks/configmap-secret/managing-secret-using-config-file.md
+++ b/content/zh/docs/tasks/configmap-secret/managing-secret-using-config-file.md
@@ -5,7 +5,7 @@ weight: 20
description: 使用资源配置文件创建 Secret 对象。
---
- 进一步阅读 [Secret 概念](/zh/docs/concepts/configuration/secret/)
- 了解如何[使用 `kubectl` 命令管理 Secret](/zh/docs/tasks/configmap-secret/managing-secret-using-kubectl/)
diff --git a/content/zh/docs/tasks/configmap-secret/managing-secret-using-kubectl.md b/content/zh/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
index a4be3c9d04..8e2dd7d202 100644
--- a/content/zh/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
+++ b/content/zh/docs/tasks/configmap-secret/managing-secret-using-kubectl.md
@@ -104,7 +104,7 @@ run the following command:
可以像下面一样执行命令:
```shell
-kubectl create secret generic dev-db-secret \
+kubectl create secret generic db-user-pass \
--from-literal=username=devuser \
--from-literal=password='S!B\*d$zDsb='
```
diff --git a/content/zh/docs/tasks/configmap-secret/managing-secret-using-kustomize.md b/content/zh/docs/tasks/configmap-secret/managing-secret-using-kustomize.md
index e46a1d3ec2..de6967d438 100644
--- a/content/zh/docs/tasks/configmap-secret/managing-secret-using-kustomize.md
+++ b/content/zh/docs/tasks/configmap-secret/managing-secret-using-kustomize.md
@@ -5,7 +5,7 @@ weight: 30
description: 使用 kustomization.yaml 文件创建 Secret 对象。
---
- 进一步阅读 [Secret 概念](/zh/docs/concepts/configuration/secret/)
- 了解如何[使用 `kubectl` 命令管理 Secret](/zh/docs/tasks/configmap-secret/managing-secret-using-kubectl/)
diff --git a/content/zh/docs/tasks/debug-application-cluster/audit.md b/content/zh/docs/tasks/debug-application-cluster/audit.md
index 595d4d66e2..6ba032c030 100644
--- a/content/zh/docs/tasks/debug-application-cluster/audit.md
+++ b/content/zh/docs/tasks/debug-application-cluster/audit.md
@@ -168,7 +168,7 @@ rules:
如果你在打磨自己的审计配置文件,你可以使用为 Google Container-Optimized OS
设计的审计配置作为出发点。你可以参考
-[configure-helper.sh](https://github.com/kubernetes/kubernetes/blob/{{< param "githubbranch" >}}/cluster/gce/gci/configure-helper.sh)
+[configure-helper.sh](https://github.com/kubernetes/kubernetes/blob/master/cluster/gce/gci/configure-helper.sh)
脚本,该脚本能够生成审计策略文件。你可以直接在脚本中看到审计策略的绝大部份内容。
你也可以参考 [`Policy` 配置参考](/zh/docs/reference/config-api/apiserver-audit.v1/#audit-k8s-io-v1-Policy)
diff --git a/content/zh/docs/tasks/debug-application-cluster/debug-application.md b/content/zh/docs/tasks/debug-application-cluster/debug-application.md
index d2e95ab2b4..2e71c22af0 100644
--- a/content/zh/docs/tasks/debug-application-cluster/debug-application.md
+++ b/content/zh/docs/tasks/debug-application-cluster/debug-application.md
@@ -124,7 +124,7 @@ Once your pod has been scheduled, the methods described in [Debug Running Pods](
#### Pod 处于 Crashing 或别的不健康状态
一旦 Pod 被调度,就可以采用
-[调试运行中的 Pod](/zh/docs/concepts/configuration/manage-resources-containers/)
+[调试运行中的 Pod](/zh/docs/tasks/debug-application-cluster/debug-running-pod/)
中的方法来进一步调试。
## 使用临时调试容器来进行调试 {#ephemeral-container}
-{{< feature-state state="alpha" for_k8s_version="v1.18" >}}
+{{< feature-state state="alpha" for_k8s_version="v1.22" >}}
当由于容器崩溃或容器镜像不包含调试程序(例如[无发行版镜像](https://github.com/GoogleContainerTools/distroless)等)
而导致 `kubectl exec` 无法运行时,{{< glossary_tooltip text="临时容器" term_id="ephemeral-container" >}}对于排除交互式故障很有用。
-从 'v1.18' 版本开始,'kubectl' 有一个可以创建用于调试的临时容器的 alpha 命令。
@@ -234,7 +231,8 @@ You can view the state of the newly created ephemeral container using `kubectl d
{{< note >}}
{{< glossary_tooltip text="容器运行时" term_id="container-runtime" >}}必须支持`--target`参数。
-如果不支持,则临时容器可能不会启动,或者可能使用隔离的进程命名空间启动。
+如果不支持,则临时容器可能不会启动,或者可能使用隔离的进程命名空间启动,
+以便 `ps` 不显示其他容器内的进程。
{{< /note >}}
你可以使用 `kubectl describe` 查看新创建的临时容器的状态:
diff --git a/content/zh/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md b/content/zh/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
index 93c6cfc31c..19f29d781b 100644
--- a/content/zh/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
+++ b/content/zh/docs/tasks/debug-application-cluster/determine-reason-pod-failure.md
@@ -54,11 +54,11 @@ the container starts.
kubectl create -f https://k8s.io/examples/debug/termination.yaml
```
-
- YAML 文件中,在 `cmd` 和 `args` 字段,你可以看到容器休眠 10 秒然后将 "Sleep expired"
+ YAML 文件中,在 `command` 和 `args` 字段,你可以看到容器休眠 10 秒然后将 "Sleep expired"
写入 `/dev/termination-log` 文件。
容器写完 "Sleep expired" 消息后就终止了。
diff --git a/content/zh/docs/tasks/debug-application-cluster/logging-stackdriver.md b/content/zh/docs/tasks/debug-application-cluster/logging-stackdriver.md
deleted file mode 100644
index aacac3e5f0..0000000000
--- a/content/zh/docs/tasks/debug-application-cluster/logging-stackdriver.md
+++ /dev/null
@@ -1,629 +0,0 @@
----
-title: 使用 Stackdriver 生成日志
-content_type: concept
----
-
-
-
-
-
-
-在阅读这篇文档之前,强烈建议你先熟悉一下 [Kubernetes 日志概况](/zh/docs/concepts/cluster-administration/logging)
-
-
-
-{{< note >}}
-默认情况下,Stackdriver 日志机制仅收集容器的标准输出和标准错误流。
-如果要收集你的应用程序写入一个文件(例如)的任何日志,请参见 Kubernetes 日志概述中的 [sidecar 方式](/zh/docs/concepts/cluster-administration/logging#sidecar-container-with-a-logging-agent)
-{{< /note >}}
-
-
-
-
-
-## 部署 {#deploying}
-
-
-为了接收日志,你必须将 Stackdriver 日志代理部署到集群中的每个节点。
-此代理是一个已配置的 `fluentd`,其配置存在一个 `ConfigMap` 中,且实例使用 Kubernetes 的 `DaemonSet` 进行管理。
-`ConfigMap` 和 `DaemonSet` 的实际部署,取决你的集群设置。
-
-
-
-### 部署到一个新的集群
-
-#### Google Kubernetes Engine
-
-
-对于部署在 Google Kubernetes Engine 上的集群,Stackdriver 是默认的日志解决方案。
-Stackdriver 日志机制会默认部署到你的新集群上,除非你明确地不选择。
-
-
-
-#### 其他平台
-
-
-为了将 Stackdriver 日志机制部署到你正在使用 `kube-up.sh` 创建的*新*集群上,执行如下操作:
-
-
-1. 设置环境变量 `KUBE_LOGGING_DESTINATION` 为 `gcp`。
-1. **如果不是跑在 GCE 上**,在 `KUBE_NODE_LABELS` 变量中包含 `beta.kubernetes.io/fluentd-ds-ready=true`。
-
-
-
-集群启动后,每个节点都应该运行 Stackdriver 日志代理。
-`DaemonSet` 和 `ConfigMap` 作为附加组件进行配置。
-如果你不是使用 `kube-up.sh`,可以考虑不使用预先配置的日志方案启动集群,然后部署 Stackdriver 日志代理到正在运行的集群。
-
-
-
-{{< warning >}}
-除了 Google Kubernetes Engine,Stackdriver 日志守护进程在其他的平台有已知的问题。
-请自行承担风险。
-{{< /warning >}}
-
-
-### 部署到一个已知集群
-
-
-1. 在每个节点上打标签(如果尚未存在)
-
-
- Stackdriver 日志代理部署使用节点标签来确定应该将其分配到给哪些节点。
- 引入这些标签是为了区分 Kubernetes 1.6 或更高版本的节点。
- 如果集群是在配置了 Stackdriver 日志机制的情况下创建的,并且节点的版本为 1.5.X 或更低版本,则它将使用 fluentd 用作静态容器。
- 节点最多只能有一个 fluentd 实例,因此只能将标签打在未分配过 fluentd pod 的节点上。
- 你可以通过运行 `kubectl describe` 来确保你的节点被正确标记,如下所示:
-
- ```
- kubectl describe node $NODE_NAME
- ```
-
- 输出应类似于如下内容:
-
- ```
- Name: NODE_NAME
- Role:
- Labels: beta.kubernetes.io/fluentd-ds-ready=true
- ...
- ```
-
- 确保输出内容包含 `beta.kubernetes.io/fluentd-ds-ready=true` 标签。
- 如果不存在,则可以使用 `kubectl label` 命令添加,如下所示:
-
- ```
- kubectl label node $NODE_NAME beta.kubernetes.io/fluentd-ds-ready=true
- ```
-
-
- {{< note >}}
- 如果节点发生故障并且必须重新创建,则必须将标签重新打在重新创建了的节点。
- 为了让此操作更便捷,你可以在节点启动脚本中使用 Kubelet 的命令行参数给节点添加标签。
- {{< /note >}}
-
-
-2. 通过运行以下命令,部署一个带有日志代理配置的 `ConfigMap`:
-
- ```
- kubectl apply -f https://k8s.io/examples/debug/fluentd-gcp-configmap.yaml
- ```
-
- 该命令在 `default` 命名空间中创建 `ConfigMap`。你可以在创建 `ConfigMap` 对象之前手动下载文件并进行更改。
-
-
-3. 通过运行以下命令,部署日志代理的 `DaemonSet`:
-
- ```
- kubectl apply -f https://k8s.io/examples/debug/fluentd-gcp-ds.yaml
- ```
-
- 你也可以在使用前下载和编辑此文件。
-
-
-## 验证日志代理部署
-
-
-部署 Stackdriver `DaemonSet` 之后,你可以通过运行以下命令来查看日志代理的部署状态:
-
-```shell
-kubectl get ds --all-namespaces
-```
-
-
-如果你的集群中有 3 个节点,则输出应类似于如下:
-
-```
-NAMESPACE NAME DESIRED CURRENT READY NODE-SELECTOR AGE
-...
-default fluentd-gcp-v2.0 3 3 3 beta.kubernetes.io/fluentd-ds-ready=true 5m
-...
-```
-
-
-要了解使用 Stackdriver 进行日志记录的工作方式,请考虑以下具有日志生成的 pod 定义 [counter-pod.yaml](/examples/debug/counter-pod.yaml):
-
-{{< codenew file="debug/counter-pod.yaml" >}}
-
-
-这个 pod 定义里有一个容器,该容器运行一个 bash 脚本,脚本每秒写一次计数器的值和日期时间,并无限期地运行。
-让我们在默认命名空间中创建此 pod。
-
-```shell
-kubectl apply -f https://k8s.io/examples/debug/counter-pod.yaml
-```
-
-
-你可以观察到正在运行的 pod:
-
-```shell
-kubectl get pods
-```
-```
-NAME READY STATUS RESTARTS AGE
-counter 1/1 Running 0 5m
-```
-
-
-在短时间内,你可以观察到 "pending" 的 pod 的状态,因为 kubelet 必须先下载容器镜像。
-当 pod 状态变为 `Running` 时,你可以使用 `kubectl logs` 命令查看此 counter pod 的输出。
-
-```shell
-kubectl logs counter
-```
-```
-0: Mon Jan 1 00:00:00 UTC 2001
-1: Mon Jan 1 00:00:01 UTC 2001
-2: Mon Jan 1 00:00:02 UTC 2001
-...
-```
-
-
-正如日志概览所述,此命令从容器日志文件中获取日志项。
-如果该容器被 Kubernetes 杀死然后重新启动,你仍然可以访问前一个容器的日志。
-但是,如果将 Pod 从节点中驱逐,则日志文件会丢失。让我们通过删除当前运行的 counter 容器来演示这一点:
-
-```shell
-kubectl delete pod counter
-```
-```
-pod "counter" deleted
-```
-
-
-然后重建它:
-
-```shell
-kubectl create -f https://k8s.io/examples/debug/counter-pod.yaml
-```
-```
-pod/counter created
-```
-
-
-一段时间后,你可以再次从 counter pod 访问日志:
-
-```shell
-kubectl logs counter
-```
-```
-0: Mon Jan 1 00:01:00 UTC 2001
-1: Mon Jan 1 00:01:01 UTC 2001
-2: Mon Jan 1 00:01:02 UTC 2001
-...
-```
-
-
-如预期的那样,日志中仅出现最近的日志记录。
-但是,对于实际应用程序,你可能希望能够访问所有容器的日志,特别是出于调试的目的。
-这就是先前启用的 Stackdriver 日志机制可以提供帮助的地方。
-
-
-## 查看日志
-
-
-Stackdriver 日志代理为每个日志项关联元数据,供你在后续的查询中只选择感兴趣的消息:
-例如,来自某个特定 Pod 的消息。
-
-
-元数据最重要的部分是资源类型和日志名称。
-容器日志的资源类型为 `container`,在用户界面中名为 `GKE Containers`(即使 Kubernetes 集群不在 Google Kubernetes Engine 上)。
-日志名称是容器的名称,因此,如果你有一个包含两个容器的 pod,在 spec 中名称定义为 `container_1` 和 `container_2`,则它们的日志的名称分别为 `container_1` 和 `container_2`。
-
-
-系统组件的资源类型为 `compute`,在接口中名为 `GCE VM Instance`。
-系统组件的日志名称是固定的。
-对于 Google Kubernetes Engine 节点,系统组件中的每个日志项都具有以下日志名称之一:
-
-* docker
-* kubelet
-* kube-proxy
-
-
-你可以在[Stackdriver 专用页面](https://cloud.google.com/logging/docs/view/overview)
-上了解有关查看日志的更多信息。
-
-
-查看日志的一种可能方法是使用 [Google Cloud SDK](https://cloud.google.com/sdk/)
-中的 [`gcloud logging`](https://cloud.google.com/logging/docs/reference/tools/gcloud-logging)
-命令行接口。
-它使用 Stackdriver 日志机制的
-[过滤语法](https://cloud.google.com/logging/docs/view/advanced_filters)查询特定日志。
-例如,你可以运行以下命令:
-
-```none
-gcloud beta logging read 'logName="projects/$YOUR_PROJECT_ID/logs/count"' --format json | jq '.[].textPayload'
-```
-```
-...
-"2: Mon Jan 1 00:01:02 UTC 2001\n"
-"1: Mon Jan 1 00:01:01 UTC 2001\n"
-"0: Mon Jan 1 00:01:00 UTC 2001\n"
-...
-"2: Mon Jan 1 00:00:02 UTC 2001\n"
-"1: Mon Jan 1 00:00:01 UTC 2001\n"
-"0: Mon Jan 1 00:00:00 UTC 2001\n"
-```
-
-
-如你所见,尽管 kubelet 已经删除了第一个容器的日志,日志中仍会包含 counter
-容器第一次和第二次运行时输出的消息。
-
-
-### 导出日志
-
-
-你可以将日志导出到 [Google Cloud Storage](https://cloud.google.com/storage/) 或
-[BigQuery](https://cloud.google.com/bigquery/) 进行进一步的分析。
-Stackdriver 日志机制提供了接收器(Sink)的概念,你可以在其中指定日志项的存放地。
-可在 Stackdriver [导出日志页面](https://cloud.google.com/logging/docs/export/configure_export_v2)
-上获得更多信息。
-
-
-## 配置 Stackdriver 日志代理
-
-
-有时默认的 Stackdriver 日志机制安装可能无法满足你的需求,例如:
-
-
-* 你可能需要添加更多资源,因为默认的行为表现无法满足你的需求。
-* 你可能需要引入额外的解析机制以便从日志消息中提取更多元数据,例如严重性或源代码引用。
-* 你可能想要将日志不仅仅发送到 Stackdriver 或仅将部分日志发送到 Stackdriver。
-
-
-在这种情况下,你需要更改 `DaemonSet` 和 `ConfigMap` 的参数。
-
-
-### 先决条件
-
-
-如果使用的是 GKE,并且集群中启用了 Stackdriver 日志机制,则无法更改其配置,
-因为它是由 GKE 管理和支持的。
-但是,你可以禁用默认集成的日志机制并部署自己的。
-
-
-{{< note >}}
-你将需要自己支持和维护新部署的配置了:更新映像和配置、调整资源等等。
-{{< /note >}}
-
-
-若要禁用默认的日志记录集成,请使用以下命令:
-
-```
-gcloud beta container clusters update --logging-service=none CLUSTER
-```
-
-
-你可以在[部署部分](#deploying)中找到有关如何将 Stackdriver 日志代理安装到
-正在运行的集群中的说明。
-
-
-### 更改 `DaemonSet` 参数 {#changing-daemonset-parameters}
-
-
-当集群中有 Stackdriver 日志机制的 `DaemonSet` 时,你只需修改其 spec 中的
-`template` 字段,DaemonSet 控制器将为你管理 Pod。
-例如,假设你按照上面的描述已经安装了 Stackdriver 日志机制。
-现在,你想更改内存限制,来给 fluentd 提供的更多内存,从而安全地处理更多日志。
-
-
-获取集群中运行的 `DaemonSet` 的 spec:
-
-```shell
-kubectl get ds fluentd-gcp-v2.0 --namespace kube-system -o yaml > fluentd-gcp-ds.yaml
-```
-
-
-然后在 spec 文件中编辑资源需求,并使用以下命令更新 apiserver 中的 `DaemonSet` 对象:
-
-```shell
-kubectl replace -f fluentd-gcp-ds.yaml
-```
-
-
-一段时间后,Stackdriver 日志代理的 pod 将使用新配置重新启动。
-
-
-### 更改 fluentd 参数
-
-
-Fluentd 的配置存在 `ConfigMap` 对象中。
-它实际上是一组合并在一起的配置文件。
-你可以在[官方网站](https://docs.fluentd.org)上了解 fluentd 的配置。
-
-
-假设你要向配置添加新的解析逻辑,以便 fluentd 可以理解默认的 Python 日志记录格式。
-一个合适的 fluentd 过滤器类似如下:
-
-```
-
- type parser
- format /^(?\w):(?\w):(?.*)/
- reserve_data true
- suppress_parse_error_log true
- key_name log
-
-```
-
-
-现在,你需要将其放入配置中,并使 Stackdriver 日志代理感知它。
-通过运行以下命令,获取集群中当前版本的 Stackdriver 日志机制的 `ConfigMap`:
-
-```shell
-kubectl get cm fluentd-gcp-config --namespace kube-system -o yaml > fluentd-gcp-configmap.yaml
-```
-
-
-然后在 `containers.input.conf` 键的值中,在 `source` 部分之后插入一个新的过滤器。
-
-
-
-{{< note >}}
-顺序很重要。
-{{< /note >}}
-
-
-在 apiserver 中更新 `ConfigMap` 比更新 `DaemonSet` 更复杂。
-最好考虑 `ConfigMap` 是不可变的。
-如果是这样,要更新配置,你应该使用新名称创建 `ConfigMap`,然后使用
-[上面的指南](#changing-daemonset-parameters)将 `DaemonSet` 更改为指向它。
-
-
-### 添加 fluentd 插件
-
-
-Fluentd 用 Ruby 编写,并允许使用 [plugins](https://www.fluentd.org/plugins) 扩展其功能。
-如果要使用默认的 Stackdriver 日志机制容器镜像中未包含的插件,则必须构建自定义镜像。
-假设你要为来自特定容器添加 Kafka 信息接收器,以进行其他处理。
-你可以复用默认的[容器镜像源](https://git.k8s.io/contrib/fluentd/fluentd-gcp-image),并仅添加少量更改:
-
-
-* 将 Makefile 更改为指向你的容器仓库,例如 `PREFIX=gcr.io/`。
-* 将你的依赖项添加到 Gemfile 中,例如 `gem 'fluent-plugin-kafka'`。
-
-
-然后在该目录运行 `make build push`。
-在更新 `DaemonSet` 以使用新镜像后,你就可以使用在 fluentd 配置中安装的插件了。
-
diff --git a/content/zh/docs/tasks/debug-application-cluster/monitor-node-health.md b/content/zh/docs/tasks/debug-application-cluster/monitor-node-health.md
index 4e81fd8567..5d4a265b10 100644
--- a/content/zh/docs/tasks/debug-application-cluster/monitor-node-health.md
+++ b/content/zh/docs/tasks/debug-application-cluster/monitor-node-health.md
@@ -22,7 +22,7 @@ To learn how to install and use Node Problem Detector, see
[Node Problem Detector project documentation](https://github.com/kubernetes/node-problem-detector).
-->
-*节点问题检测器(Node Problem Detector)*是一个守护程序,用于监视和报告节点的健康状况。
+*节点问题检测器(Node Problem Detector)* 是一个守护程序,用于监视和报告节点的健康状况。
你可以将节点问题探测器以 `DaemonSet` 或独立守护程序运行。
节点问题检测器从各种守护进程收集节点问题,并以
[NodeCondition](/zh/docs/concepts/architecture/nodes/#condition) 和
@@ -203,7 +203,7 @@ Kernel monitor watches the kernel log and detects known kernel issues following
-->
## 内核监视器
-*内核监视器(Kernel Monitor)*是节点问题检测器中支持的系统日志监视器守护进程。
+*内核监视器(Kernel Monitor)* 是节点问题检测器中支持的系统日志监视器守护进程。
内核监视器观察内核日志并根据预定义规则检测已知的内核问题。
{{< note >}}
要使聚合层在你的环境中正常工作以支持代理服务器和扩展 apiserver 之间的相互 TLS 身份验证,
需要满足一些设置要求。Kubernetes 和 kube-apiserver 具有多个 CA,
-因此请确保代理是由聚合层 CA 签名的,而不是由主 CA 签名的。
+因此请确保代理是由聚合层 CA 签名的,而不是由 Kubernetes 通用 CA 签名的。
{{< /note >}}
如果转换失败,则 Webhook 应该返回包含以下字段的 `response` 节:
-*`uid`,从发送到 Webhook 的 `request.uid` 复制而来
-*`result`,设置为 `{"status": "Failed"}`
+* `uid`,从发送到 Webhook 的 `request.uid` 复制而来
+* `result`,设置为 `{"status": "Failed"}`
{{< warning >}}
8. 确保你的扩展 apiserver 从该卷中加载了那些证书,并在 HTTPS 握手过程中使用它们。
-9. 在你的命令空间中创建一个 Kubernetes 服务账号。
+9. 在你的命名空间中创建一个 Kubernetes 服务账号。
10. 为资源允许的操作创建 Kubernetes 集群角色。
-11. 用你命令空间中的服务账号创建一个 Kubernetes 集群角色绑定,绑定到你创建的角色上。
-12. 用你命令空间中的服务账号创建一个 Kubernetes 集群角色绑定,绑定到 `system:auth-delegator`
+11. 用你命名空间中的服务账号创建一个 Kubernetes 集群角色绑定,绑定到你创建的角色上。
+12. 用你命名空间中的服务账号创建一个 Kubernetes 集群角色绑定,绑定到 `system:auth-delegator`
集群角色,以将 auth 决策委派给 Kubernetes 核心 API 服务器。
-13. 以你命令空间中的服务账号创建一个 Kubernetes 集群角色绑定,绑定到
+13. 以你命名空间中的服务账号创建一个 Kubernetes 集群角色绑定,绑定到
`extension-apiserver-authentication-reader` 角色。
这将让你的扩展 api-server 能够访问 `extension-apiserver-authentication` configmap。
@@ -114,4 +114,3 @@ Alternatively, you can use an existing 3rd party solution, such as [apiserver-bu
并启用 apiserver 的相关参数。
* 高级概述,请参阅[使用聚合层扩展 Kubernetes API](/zh/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation)。
* 了解如何[使用 Custom Resource Definition 扩展 Kubernetes API](/zh/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/)。
-
diff --git a/content/zh/docs/tasks/job/automated-tasks-with-cron-jobs.md b/content/zh/docs/tasks/job/automated-tasks-with-cron-jobs.md
index b4039ee281..0f2f5e90b6 100644
--- a/content/zh/docs/tasks/job/automated-tasks-with-cron-jobs.md
+++ b/content/zh/docs/tasks/job/automated-tasks-with-cron-jobs.md
@@ -230,9 +230,9 @@ It takes a [Cron](https://en.wikipedia.org/wiki/Cron) format string, such as `0
格式串,例如 `0 * * * *` or `@hourly` ,作为它的任务被创建和执行的调度时间。
-该格式也包含了扩展的 `vixie cron` 步长值。
+该格式也包含了扩展的 "Vixie cron" 步长值。
[FreeBSD 手册](https://www.freebsd.org/cgi/man.cgi?crontab%285%29)中解释如下:
-Kubernets 接收清单文件并执行你所创建的 Job。
+Kubernetes 接收清单文件并执行你所创建的 Job。
+
+{{< feature-state for_k8s_version="v1.20" state="alpha" >}}
+
+
+
+
+从 Kubernetes v1.20 开始,kubelet 可以使用 exec 插件动态检索容器镜像注册中心的凭据。
+kubelet 和 exec 插件使用 Kubernetes 版本化 API 通过标准输入输出(标准输入、标准输出和标准错误)通信。
+这些插件允许 kubelet 动态请求容器注册中心的凭据,而不是将静态凭据存储在磁盘上。
+例如,插件可能会与本地元数据通信,以检索 kubelet 正在拉取的镜像的短期凭据。
+
+
+如果以下任一情况属实,你可能对此功能感兴趣:
+
+* 需要调用云提供商的 API 来检索注册中心的身份验证信息。
+* 凭据的到期时间很短,需要频繁请求新凭据。
+* 将注册中心凭据存储在磁盘或者 imagePullSecret 是不可接受的。
+
+## {{% heading "prerequisites" %}}
+
+
+* kubelet 镜像凭证提供程序在 v1.20 版本作为 alpha 功能引入。
+ 与其他 alpha 功能一样,当前仅当在 kubelet 启动 `KubeletCredentialProviders` 特性门禁才能使该功能正常工作。
+* 凭据提供程序 exec 插件的工作实现。你可以构建自己的插件或使用云提供商提供的插件。
+
+
+
+
+## 在节点上安装插件 {#installing-plugins-on-nodes}
+
+凭据提供程序插件是将由 kubelet 运行的可执行二进制文件。
+确保插件二进制存在于你的集群的每个节点上,并存储在已知目录中。
+稍后配置 kubelet 标志需要该目录。
+
+
+## 配置 kubelet {#configuring-the-kubelet}
+
+为了使用这个特性,kubelet 需要设置以下两个标志:
+* `--image-credential-provider-config` —— 凭据提供程序插件配置文件的路径。
+* `--image-credential-provider-bin-dir` —— 凭据提供程序插件二进制文件所在目录的路径。
+
+
+### 配置 kubelet 凭据提供程序 {#configure-a-kubelet-credential-provider}
+
+kubelet 会读取传入 `--image-credential-provider-config` 的配置文件文件,
+以确定应该为哪些容器镜像调用哪些 exec 插件。
+如果你正在使用基于 [ECR](https://aws.amazon.com/ecr/) 插件,
+这里有个样例配置文件你可能最终会使用到:
+
+```yaml
+kind: CredentialProviderConfig
+apiVersion: kubelet.config.k8s.io/v1alpha1
+# providers 是将由 kubelet 启用的凭证提供程序插件列表。
+# 多个提供程序可能与单个镜像匹配,在这种情况下,来自所有提供程序的凭据将返回到 kubelet。
+# 如果为单个镜像调用多个提供程序,则结果会合并。
+# 如果提供程序返回重叠的身份验证密钥,则使用提供程序列表中较早的值。
+providers:
+ # name 是凭据提供程序的必需名称。
+ # 它必须与 kubelet 看到的提供程序可执行文件的名称相匹配。
+ # 可执行文件必须在 kubelet 的 bin 目录中
+ # (由 --image-credential-provider-bin-dir 标志设置)。
+ - name: ecr
+ # matchImages 是一个必需的字符串列表,用于匹配镜像以确定是否应调用此提供程序。
+ # 如果其中一个字符串与 kubelet 请求的镜像相匹配,则该插件将被调用并有机会提供凭据。
+ # 镜像应包含注册域和 URL 路径。
+ #
+ # matchImages 中的每个条目都是一个模式,可以选择包含端口和路径。
+ # 通配符可以在域中使用,但不能在端口或路径中使用。
+ # 支持通配符作为子域(例如“*.k8s.io”或“k8s.*.io”)和顶级域(例如“k8s.*”)。
+ # 还支持匹配部分子域,如“app*.k8s.io”。
+ # 每个通配符只能匹配一个子域段,因此 *.io 不匹配 *.k8s.io。
+ #
+ # 当以下所有条件都为真时,镜像和 matchImage 之间存在匹配:
+ # - 两者都包含相同数量的域部分并且每个部分都匹配。
+ # - imageMatch 的 URL 路径必须是目标镜像 URL 路径的前缀。
+ # - 如果 imageMatch 包含端口,则该端口也必须在图像中匹配。
+ #
+ # matchImages 的示例值:
+ # - 123456789.dkr.ecr.us-east-1.amazonaws.com
+ # - *.azurecr.io
+ # - gcr.io
+ # - *.*.registry.io
+ # - registry.io:8080/path
+ matchImages:
+ - "*.dkr.ecr.*.amazonaws.com"
+ - "*.dkr.ecr.*.amazonaws.cn"
+ - "*.dkr.ecr-fips.*.amazonaws.com"
+ - "*.dkr.ecr.us-iso-east-1.c2s.ic.gov"
+ - "*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov"
+ # defaultCacheDuration 是插件将在内存中缓存凭据的默认持续时间
+ # 如果插件响应中未提供缓存持续时间。此字段是必需的。
+ defaultCacheDuration: "12h"
+ # exec CredentialProviderRequest 的必需输入版本。
+ # 返回的 CredentialProviderResponse 必须使用与输入相同的编码版本。当前支持的值为:
+ # - credentialprovider.kubelet.k8s.io/v1alpha1
+ apiVersion: credentialprovider.kubelet.k8s.io/v1alpha1
+ # 执行命令时传递给命令的参数。
+ # +可选
+ args:
+ - get-credentials
+ # env 定义了额外的环境变量以暴露给进程。
+ # 这些与主机环境以及 client-go 用于将参数传递给插件的变量结合在一起。
+ # +可选
+ env:
+ - name: AWS_PROFILE
+ value: example_profile
+```
+
+
+`providers` 字段是 kubelet 使用的已启用插件列表。每个条目都有几个必填字段:
+* `name`:插件的名称,必须与传入`--image-credential-provider-bin-dir`
+ 的目录中存在的可执行二进制文件的名称相匹配。
+* `matchImages`:用于匹配图像以确定是否应调用此提供程序的字符串列表。更多相关信息如下。
+* `defaultCacheDuration`:如果插件未指定缓存持续时间,kubelet 将在内存中缓存凭据的默认持续时间。
+* `apiVersion`:kubelet 和 exec 插件在通信时将使用的 api 版本。
+
+每个凭证提供程序也可以被赋予可选的参数和环境变量。
+咨询插件实现者以确定给定插件需要哪些参数和环境变量集。
+
+
+#### 配置镜像匹配 {#configure-image-matching}
+
+kubelet 使用每个凭证提供程序的 `matchImages` 字段来确定是否应该为 Pod 正在使用的给定镜像调用插件。
+`matchImages` 中的每个条目都是一个镜像模式,可以选择包含端口和路径。
+通配符可以在域中使用,但不能在端口或路径中使用。
+支持通配符作为子域,如 `*.k8s.io` 或 `k8s.*.io`,以及顶级域,如 `k8s.*`。
+还支持匹配部分子域,如 `app*.k8s.io`。每个通配符只能匹配一个子域段,
+因此 `*.io` 不匹配 `*.k8s.io`。
+
+
+当以下所有条件都为真时,镜像名称和 `matchImage` 条目之间存在匹配:
+
+* 两者都包含相同数量的域部分并且每个部分都匹配。
+* 匹配图片的 URL 路径必须是目标图片 URL 路径的前缀。
+* 如果 imageMatch 包含端口,则该端口也必须在镜像中匹配。
+
+`matchImages` 模式的一些示例值:
+* `123456789.dkr.ecr.us-east-1.amazonaws.com`
+* `*.azurecr.io`
+* `gcr.io`
+* `*.*.registry.io`
+* `foo.registry.io:8080/path`
diff --git a/content/zh/docs/tasks/manage-daemon/update-daemon-set.md b/content/zh/docs/tasks/manage-daemon/update-daemon-set.md
index 1b889c0aa6..6539786c25 100644
--- a/content/zh/docs/tasks/manage-daemon/update-daemon-set.md
+++ b/content/zh/docs/tasks/manage-daemon/update-daemon-set.md
@@ -19,10 +19,7 @@ This page shows how to perform a rolling update on a DaemonSet.
## {{% heading "prerequisites" %}}
-
-* Kubernetes 1.6 或者更高版本中才支持 DaemonSet 滚动更新功能。
+{{< include "task-tutorial-prereqs.md" >}}
@@ -36,20 +33,20 @@ DaemonSet has two update strategy types:
DaemonSet 有两种更新策略:
-* OnDelete: 使用 `OnDelete` 更新策略时,在更新 DaemonSet 模板后,只有当你手动删除老的
+* `OnDelete`: 使用 `OnDelete` 更新策略时,在更新 DaemonSet 模板后,只有当你手动删除老的
DaemonSet pods 之后,新的 DaemonSet Pod *才会*被自动创建。跟 Kubernetes 1.6 以前的版本类似。
-* RollingUpdate: 这是默认的更新策略。使用 `RollingUpdate` 更新策略时,在更新 DaemonSet 模板后,
+* `RollingUpdate`: 这是默认的更新策略。使用 `RollingUpdate` 更新策略时,在更新 DaemonSet 模板后,
老的 DaemonSet pods 将被终止,并且将以受控方式自动创建新的 DaemonSet pods。
更新期间,最多只能有 DaemonSet 的一个 Pod 运行于每个节点上。
@@ -64,12 +61,18 @@ To enable the rolling update feature of a DaemonSet, you must set its
要启用 DaemonSet 的滚动更新功能,必须设置 `.spec.updateStrategy.type` 为 `RollingUpdate`。
你可能想设置
-[`.spec.updateStrategy.rollingUpdate.maxUnavailable`](/zh/docs/concepts/workloads/controllers/deployment/#max-unavailable) (默认为 1) 和
-[`.spec.minReadySeconds`](/zh/docs/concepts/workloads/controllers/deployment/#min-ready-seconds) (默认为 0)。
+[`.spec.updateStrategy.rollingUpdate.maxUnavailable`](/zh/docs/concepts/workloads/controllers/deployment/#max-unavailable) (默认为 1),
+[`.spec.minReadySeconds`](/zh/docs/concepts/workloads/controllers/deployment/#min-ready-seconds) (默认为 0) 和
+[`.spec.maxSurge`](/zh/docs/concepts/workloads/controllers/deployment/#max-surge) (一种 Beta 阶段的特性,默认为 25%)
DaemonSet 滚动更新可能会卡住,其 Pod 至少在某个节点上无法调度运行。
-当节点上[可用资源耗尽](/zh/docs/tasks/administer-cluster/out-of-resource/)时,
+当节点上[可用资源耗尽](/zh/docs/concepts/scheduling-eviction/node-pressure-eviction/)时,
这是可能的。
发生这种情况时,通过对 `kubectl get nodes` 和下面命令行的输出作比较,
@@ -328,10 +331,9 @@ kubectl delete ds fluentd-elasticsearch -n kube-system
## {{% heading "whatsnext" %}}
-* 查看[任务:在 DaemonSet 上执行回滚](/zh/docs/tasks/manage-daemon/rollback-daemon-set/)
-* 查看[概念:创建 DaemonSet 以收养现有 DaemonSet Pod](/zh/docs/concepts/workloads/controllers/daemonset/)
+* 查看[在 DaemonSet 上执行回滚](/zh/docs/tasks/manage-daemon/rollback-daemon-set/)
+* 查看[创建 DaemonSet 以收养现有 DaemonSet Pod](/zh/docs/concepts/workloads/controllers/daemonset/)
diff --git a/content/zh/docs/tasks/manage-kubernetes-objects/kustomization.md b/content/zh/docs/tasks/manage-kubernetes-objects/kustomization.md
index 605e9113fe..b98ec00718 100644
--- a/content/zh/docs/tasks/manage-kubernetes-objects/kustomization.md
+++ b/content/zh/docs/tasks/manage-kubernetes-objects/kustomization.md
@@ -257,7 +257,7 @@ spec:
containers:
- name: app
image: my-app
- volumeMount:
+ volumeMounts:
- name: config
mountPath: /config
volumes:
@@ -317,7 +317,7 @@ spec:
containers:
- image: my-app
name: app
- volumeMount:
+ volumeMounts:
- mountPath: /config
name: config
volumes:
@@ -428,7 +428,7 @@ spec:
containers:
- name: app
image: my-app
- volumeMount:
+ volumeMounts:
- name: password
mountPath: /secrets
volumes:
diff --git a/content/zh/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases.md b/content/zh/docs/tasks/network/customize-hosts-file-for-pods.md
similarity index 99%
rename from content/zh/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases.md
rename to content/zh/docs/tasks/network/customize-hosts-file-for-pods.md
index 4229689422..f2f5e7fc1b 100644
--- a/content/zh/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases.md
+++ b/content/zh/docs/tasks/network/customize-hosts-file-for-pods.md
@@ -10,7 +10,7 @@ reviewers:
- rickypai
- thockin
title: Adding entries to Pod /etc/hosts with HostAliases
-content_type: concept
+content_type: task
weight: 60
min-kubernetes-server-version: 1.7
-->
@@ -29,7 +29,7 @@ Modification not using HostAliases is not suggested because the file is managed
建议通过使用 HostAliases 来进行修改,因为该文件由 Kubelet 管理,并且
可以在 Pod 创建/重启过程中被重写。
-
+
-验证节点是否检测到 IPv4 和 IPv6 接口(用集群中的有效节点替换节点名称。
-在此示例中,节点名称为 `k8s-linuxpool1-34450317-0`):
+验证节点是否检测到 IPv4 和 IPv6 接口。用集群中的有效节点替换节点名称。
+在此示例中,节点名称为 `k8s-linuxpool1-34450317-0`:
```shell
kubectl get nodes k8s-linuxpool1-34450317-0 -o go-template --template='{{range .status.addresses}}{{printf "%s: %s \n" .type .address}}{{end}}'
@@ -81,12 +81,12 @@ InternalIP: 2001:1234:5678:9abc::5
### 验证 Pod 寻址
-验证 Pod 已分配了 IPv4 和 IPv6 地址。(用集群中的有效 Pod 替换 Pod 名称。
-在此示例中,Pod 名称为 pod01)
+验证 Pod 已分配了 IPv4 和 IPv6 地址。用集群中的有效 Pod 替换 Pod 名称。
+在此示例中,Pod 名称为 `pod01`:
```shell
kubectl get pods pod01 -o go-template --template='{{range .status.podIPs}}{{printf "%s \n" .ip}}{{end}}'
@@ -209,7 +209,7 @@ Create the following Service that explicitly defines `IPv6` as the first array e
Kubernetes 将 `service-cluster-ip-range` 配置的 IPv6 地址范围给 Service 分配集群 IP,
并将 `.spec.ipFamilyPolicy` 设置为 `SingleStack`。
-{{< codenew file="service/networking/dual-stack-ipv6-svc.yaml" >}}
+{{< codenew file="service/networking/dual-stack-ipfamilies-ipv6.yaml" >}}
### 创建双协议栈负载均衡服务
-如果云提供商支持配置启用 IPv6 的外部负载均衡器,则将 `ipFamily` 字段设置为
-`IPv6` 并将 `type` 字段设置为 `LoadBalancer` 的方式创建以下服务:
+如果云提供商支持配置启用 IPv6 的外部负载均衡器,则创建如下 Service 时将
+`.spec.ipFamilyPolicy` 设置为 `PreferDualStack`, 并将 `spec.ipFamilies` 字段
+的第一个元素设置为 `IPv6`,将 `type` 字段设置为 `LoadBalancer`:
-{{< codenew file="service/networking/dual-stack-ipv6-lb-svc.yaml" >}}
+{{< codenew file="service/networking/dual-stack-prefer-ipv6-lb-svc.yaml" >}}
+
+
+检查服务:
+
+```shell
+kubectl get svc -l app=MyApp
+```
当通过 `kubectl` 删除 StatefulSet 时,StatefulSet 会被缩容为 0。
属于该 StatefulSet 的所有 Pod 也被删除。
-如果你只想删除 StatefulSet 而不删除 Pod,使用 `--cascade=false`。
+如果你只想删除 StatefulSet 而不删除 Pod,使用 `--cascade=orphan`。
```shell
-kubectl delete -f --cascade=false
+kubectl delete -f --cascade=orphan
```
-通过将 `--cascade=false` 传递给 `kubectl delete`,在删除 StatefulSet 对象之后,
+通过将 `--cascade=orphan` 传递给 `kubectl delete`,在删除 StatefulSet 对象之后,
StatefulSet 管理的 Pod 会被保留下来。如果 Pod 具有标签 `app=myapp`,则可以按照
如下方式删除它们:
diff --git a/content/zh/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md b/content/zh/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md
index ca9931c7d1..f831b28fab 100644
--- a/content/zh/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md
+++ b/content/zh/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md
@@ -304,7 +304,7 @@ First, get the YAML of your HorizontalPodAutoscaler in the `autoscaling/v2beta2`
首先,将 HorizontalPodAutoscaler 的 YAML 文件改为 `autoscaling/v2beta2` 格式:
```shell
-kubectl get hpa.v2beta2.autoscaling -o yaml > /tmp/hpa-v2.yaml
+kubectl get hpa php-apache -o yaml > /tmp/hpa-v2.yaml
```
## 滚动升级时扩缩 {#autoscaling-during-rolling-update}
-目前在 Kubernetes 中,可以针对 ReplicationController 或 Deployment 执行
-滚动更新,它们会为你管理底层副本数。
-Pod 水平扩缩只支持后一种:HPA 会被绑定到 Deployment 对象,
-HPA 设置副本数量时,Deployment 会设置底层副本数。
+Kubernetes 允许你在 Deployment 上执行滚动更新。在这种情况下,Deployment 为你管理下层的 ReplicaSet。
+当你为一个 Deployment 配置自动扩缩时,你要为每个 Deployment 绑定一个 HorizontalPodAutoscaler。
+HorizontalPodAutoscaler 管理 Deployment 的 `replicas` 字段。
+Deployment Controller 负责设置下层 ReplicaSet 的 `replicas` 字段,
+以便确保在上线及后续过程副本个数合适。
-通过直接操控副本控制器执行滚动升级时,HPA 不能工作,
-也就是说你不能将 HPA 绑定到某个 RC 再执行滚动升级。
-HPA 不能工作的原因是它无法绑定到滚动更新时所新创建的副本控制器。
+如果你对一个副本个数被自动扩缩的 StatefulSet 执行滚动更新, 该 StatefulSet
+会直接管理它的 Pod 集合 (不存在类似 ReplicaSet 这样的中间资源)。
输入 **Ctrl+C** 结束 watch 操作。
-如果你看不到任何进度,确保已启用[前提条件](#before-you-begin)
+如果你看不到任何进度,确保已启用[前提条件](#准备开始)
中提到的动态 PersistentVolume 预配器。
-Kubernetes 1.8 版本中包含 beta 特性
+Kubernetes 包含特性
[kubelet 证书轮换](/zh/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/),
在当前证书即将过期时,
将自动生成新的秘钥,并从 Kubernetes API 申请新的证书。 一旦新的证书可用,它将被用于与
@@ -99,7 +99,7 @@ criteria, it will be auto approved by the controller manager, then it will have
a status of `Approved`. Next, the controller manager will sign a certificate,
issued for the duration specified by the
`--cluster-signing-duration` parameter, and the signed certificate
-will be attached to the certificate signing requests.
+will be attached to the certificate signing request.
-->
最初,来自节点上 kubelet 的证书签名请求处于 `Pending` 状态。 如果证书签名请求满足特定条件,
控制器管理器会自动批准,此时请求会处于 `Approved` 状态。 接下来,控制器管理器会签署证书,
@@ -116,14 +116,16 @@ Kubelet 会从 Kubernetes API 取回签署的证书,并将其写入磁盘,
-当签署的证书即将到期时,kubelet 会使用 Kubernetes API,发起新的证书签名请求。
+当签署的证书即将到期时,kubelet 会使用 Kubernetes API,自动发起新的证书签名请求。
+该请求会发生在证书的有效时间剩下 30% 到 10% 之间的任意时间点。
同样地,控制器管理器会自动批准证书请求,并将签署的证书附加到证书签名请求中。 Kubelet
会从 Kubernetes API 取回签署的证书,并将其写入磁盘。 然后它会更新与 Kubernetes API
的连接,使用新的证书重新连接到 Kubernetes API。
diff --git a/content/zh/docs/tasks/tools/included/kubectl-convert-overview.md b/content/zh/docs/tasks/tools/included/kubectl-convert-overview.md
new file mode 100644
index 0000000000..f26827f2c2
--- /dev/null
+++ b/content/zh/docs/tasks/tools/included/kubectl-convert-overview.md
@@ -0,0 +1,24 @@
+---
+title: "kubectl-convert 概述"
+description: >-
+ 一个 kubectl 插件,允许你将清单从一个 Kubernetes API 版本转换到不同的版本。
+headless: true
+---
+
+
+
+一个 Kubernetes 命令行工具 `kubectl` 的插件,允许你将清单在不同 API 版本间转换。
+在将清单迁移到具有较新 Kubernetes 版本的未弃用 API 版本时,这个插件特别有用。
+更多信息请访问 [迁移到非弃用 API](/zh/docs/reference/using-api/deprecation-guide/#migrate-to-non-deprecated-apis)
diff --git a/content/zh/docs/tasks/tools/install-kubectl-linux.md b/content/zh/docs/tasks/tools/install-kubectl-linux.md
index 2357358d97..91786b715d 100644
--- a/content/zh/docs/tasks/tools/install-kubectl-linux.md
+++ b/content/zh/docs/tasks/tools/install-kubectl-linux.md
@@ -44,12 +44,10 @@ The following methods exist for installing kubectl on Linux:
- [Install kubectl binary with curl on Linux](#install-kubectl-binary-with-curl-on-linux)
- [Install using native package management](#install-using-native-package-management)
- [Install using other package management](#install-using-other-package-management)
-- [Install on Linux as part of the Google Cloud SDK](#install-on-linux-as-part-of-the-google-cloud-sdk)
-->
- [用 curl 在 Linux 系统中安装 kubectl](#install-kubectl-binary-with-curl-on-linux)
- [用原生包管理工具安装](#install-using-native-package-management)
- [用其他包管理工具安装](#install-using-other-package-management)
-- [作为谷歌云 SDK 的一部分,在 Linux 中安装](#install-on-linux-as-part-of-the-google-cloud-sdk)
-### 作为谷歌云 SDK 的一部分,在 Linux 上安装 {#install-on-linux-as-part-of-the-google-cloud-sdk}
-
-{{< include "included/install-kubectl-gcloud.md" >}}
-
@@ -275,11 +267,11 @@ kubectl version --client
{{< include "included/verify-kubectl.md" >}}
-## kubectl 的可选配置 {#optional-kubectl-configurations}
+## kubectl 的可选配置和插件 {#optional-kubectl-configurations}
### 启用 shell 自动补全功能 {#enable-shell-autocompletion}
@@ -297,6 +289,91 @@ kubectl 为 Bash 和 Zsh 提供自动补全功能,可以减轻许多输入的
{{< tab name="Zsh" include="included/optional-kubectl-configs-zsh.md" />}}
{{< /tabs >}}
+
+### 安装 `kubectl convert` 插件
+
+{{< include "included/kubectl-convert-overview.md" >}}
+
+
+1. 用以下命令下载最新发行版:
+
+ ```bash
+ curl -LO https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl-convert
+ ```
+
+1. 验证该可执行文件(可选步骤)
+
+ 下载 kubectl-convert 校验和文件:
+
+ ```bash
+ curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl-convert.sha256"
+ ```
+
+
+ 基于校验和,验证 kubectl-convert 的可执行文件:
+
+ ```bash
+ echo "$(
+ 验证通过时,输出为:
+
+ ```console
+ kubectl-convert: OK
+ ```
+
+
+ 验证失败时,`sha256` 将以非零值退出,并打印输出类似于:
+
+ ```bash
+ kubectl-convert: FAILED
+ sha256sum: WARNING: 1 computed checksum did NOT match
+ ```
+ {{< note >}}
+
+ 下载相同版本的可执行文件和校验和。
+ {{< /note >}}
+
+
+1. 安装 kubectl-convert
+
+ ```bash
+ sudo install -o root -g root -m 0755 kubectl-convert /usr/local/bin/kubectl-convert
+ ```
+
+
+1. 验证插件是否安装成功
+
+ ```shell
+ kubectl convert --help
+ ```
+
+
+ 如果你没有看到任何错误就代表插件安装成功了。
+
## {{% heading "whatsnext" %}}
{{< include "included/kubectl-whats-next.md" >}}
diff --git a/content/zh/docs/tasks/tools/install-kubectl-macos.md b/content/zh/docs/tasks/tools/install-kubectl-macos.md
index ec9dcae5f8..bfae71d454 100644
--- a/content/zh/docs/tasks/tools/install-kubectl-macos.md
+++ b/content/zh/docs/tasks/tools/install-kubectl-macos.md
@@ -169,6 +169,13 @@ The following methods exist for installing kubectl on macOS:
sudo chown root: /usr/local/bin/kubectl
```
+ {{< note >}}
+
+ 确保 `/usr/local/bin` 在你的 PATH 环境变量中。
+ {{< /note >}}
+
@@ -257,11 +264,11 @@ If you are on macOS and using [Macports](https://macports.org/) package manager,
{{< include "included/verify-kubectl.md" >}}
-## 可选的 kubectl 配置 {#optional-kubectl-configurations}
+## 可选的 kubectl 配置和插件 {#optional-kubectl-configurations-and-plugins}
### 启用 shell 自动补全功能 {#enable-shell-autocompletion}
@@ -279,6 +286,120 @@ kubectl 为 Bash 和 Zsh 提供自动补全功能,这可以节省许多输入
{{< tab name="Zsh" include="included/optional-kubectl-configs-zsh.md" />}}
{{< /tabs >}}
+
+### 安装 `kubectl convert` 插件
+
+{{< include "included/kubectl-convert-overview.md" >}}
+
+
+1. 用以下命令下载最新发行版:
+
+ {{< tabs name="download_convert_binary_macos" >}}
+ {{< tab name="Intel" codelang="bash" >}}
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl-convert"
+ {{< /tab >}}
+ {{< tab name="Apple Silicon" codelang="bash" >}}
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/arm64/kubectl-convert"
+ {{< /tab >}}
+ {{< /tabs >}}
+
+
+1. 验证该可执行文件(可选步骤)
+
+ 下载 kubectl-convert 校验和文件:
+
+ {{< tabs name="download_convert_checksum_macos" >}}
+ {{< tab name="Intel" codelang="bash" >}}
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl-convert.sha256"
+ {{< /tab >}}
+ {{< tab name="Apple Silicon" codelang="bash" >}}
+ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/arm64/kubectl-convert.sha256"
+ {{< /tab >}}
+ {{< /tabs >}}
+
+
+ 基于校验和,验证 kubectl-convert 的可执行文件:
+
+ ```bash
+ echo "$(
+ 验证通过时,输出为:
+
+ ```console
+ kubectl-convert: OK
+ ```
+
+
+ 验证失败时,`sha256` 将以非零值退出,并打印输出类似于:
+
+ ```bash
+ kubectl-convert: FAILED
+ shasum: WARNING: 1 computed checksum did NOT match
+ ```
+
+ {{< note >}}
+
+ 下载相同版本的可执行文件和校验和。
+ {{< /note >}}
+
+
+1. 使 kubectl-convert 二进制文件可执行
+
+ ```bash
+ chmod +x ./kubectl-convert
+ ```
+
+
+1. 将 kubectl-convert 可执行文件移动到系统 `PATH` 环境变量中的一个位置。
+
+ ```bash
+ sudo mv ./kubectl-convert /usr/local/bin/kubectl-convert
+ sudo chown root: /usr/local/bin/kubectl-convert
+ ```
+
+ {{< note >}}
+
+ 确保你的 PATH 环境变量中存在 `/usr/local/bin`
+ {{< /note >}}
+
+
+1. 验证插件是否安装成功
+
+ ```shell
+ kubectl convert --help
+ ```
+
+
+ 如果你没有看到任何错误就代表插件安装成功了。
+
## {{% heading "whatsnext" %}}
{{< include "included/kubectl-whats-next.md" >}}
diff --git a/content/zh/docs/tasks/tools/install-kubectl-windows.md b/content/zh/docs/tasks/tools/install-kubectl-windows.md
index 43d33e7510..d7f23a11dc 100644
--- a/content/zh/docs/tasks/tools/install-kubectl-windows.md
+++ b/content/zh/docs/tasks/tools/install-kubectl-windows.md
@@ -42,7 +42,6 @@ The following methods exist for installing kubectl on Windows:
- [用 curl 在 Windows 上安装 kubectl](#install-kubectl-binary-with-curl-on-windows)
- [在 Windows 上用 Chocolatey 或 Scoop 安装](#install-on-windows-using-chocolatey-or-scoop)
-- [作为谷歌云 SDK 的一部分,在 Windows 上安装](#install-on-windows-as-part-of-the-google-cloud-sdk)
-### 作为谷歌云 SDK 的一部分,在 Windows 上安装 {#install-on-windows-as-part-of-the-google-cloud-sdk}
-
-{{< include "included/install-kubectl-gcloud.md" >}}
-
@@ -225,11 +217,11 @@ Edit the config file with a text editor of your choice, such as Notepad.
{{< include "included/verify-kubectl.md" >}}
-## kubectl 可选配置 {#optional-kubectl-configurations}
+## kubectl 可选配置和插件 {#optional-kubectl-configurations}
### 启用 shell 自动补全功能 {#enable-shell-autocompletion}
@@ -244,7 +236,76 @@ kubectl 为 Bash 和 Zsh 提供自动补全功能,可以减轻许多输入的
{{< include "included/optional-kubectl-configs-zsh.md" >}}
+
+### 安装 `kubectl convert` 插件
+
+{{< include "included/kubectl-convert-overview.md" >}}
+
+
+1. 用以下命令下载最新发行版:
+
+ ```powershell
+ curl -LO https://dl.k8s.io/release/{{< param "fullversion" >}}/bin/windows/amd64/kubectl-convert.exe
+ ```
+
+
+1. 验证该可执行文件(可选步骤)
+
+ 下载 kubectl-convert 校验和文件:
+
+ ```powershell
+ curl -LO https://dl.k8s.io/{{< param "fullversion" >}}/bin/windows/amd64/kubectl-convert.exe.sha256
+ ```
+
+
+ 基于校验和,验证 kubectl-convert 的可执行文件:
+
+ - 用提示的命令对 `CertUtil` 的输出和下载的校验和文件进行手动比较。
+
+ ```cmd
+ CertUtil -hashfile kubectl-convert.exe SHA256
+ type kubectl-convert.exe.sha256
+ ```
+
+
+ - 使用 PowerShell `-eq` 操作使验证自动化,获得 `True` 或者 `False` 的结果:
+
+ ```powershell
+ $($(CertUtil -hashfile .\kubectl-convert.exe SHA256)[1] -replace " ", "") -eq $(type .\kubectl-convert.exe.sha256)
+ ```
+
+
+1. 将可执行文件添加到你的 `PATH` 环境变量。
+
+1. 验证插件是否安装成功
+
+ ```shell
+ kubectl convert --help
+ ```
+
+
+ 如果你没有看到任何错误就代表插件安装成功了。
+
## {{% heading "whatsnext" %}}
{{< include "included/kubectl-whats-next.md" >}}
-
diff --git a/content/zh/docs/tutorials/_index.md b/content/zh/docs/tutorials/_index.md
index 821855b712..d6c16b2e2c 100644
--- a/content/zh/docs/tutorials/_index.md
+++ b/content/zh/docs/tutorials/_index.md
@@ -72,7 +72,7 @@ Kubernetes 文档的这一部分包含教程。每个教程展示了如何完成
* [公开外部 IP 地址访问集群中的应用程序](/zh/docs/tutorials/stateless-application/expose-external-ip-address/)
-* [示例:使用 MongoDB 部署 PHP 留言板应用程序](/zh/docs/tutorials/stateless-application/guestbook/)
+* [示例:使用 Redis 部署 PHP 留言板应用程序](/zh/docs/tutorials/stateless-application/guestbook/)
## 集群
-* [AppArmor](/zh/docs/tutorials/clusters/apparmor/)
+* [seccomp](/zh/docs/tutorials/clusters/seccomp/)
### 使用 PodSecurityPolicy 限制配置文件
+{{< note >}}
+
+PodSecurityPolicy 在 Kubernetes v1.21 版本中已被废弃,将在 v1.25 版本移除。
+查看 [PodSecurityPolicy 文档](/zh/docs/concepts/policy/pod-security-policy/)获取更多信息。
+{{< /note >}}
+
如果启用了 PodSecurityPolicy 扩展,则可以应用群集范围的 AppArmor 限制。要启用 PodSecurityPolicy,必须在“apiserver”上设置以下标志:
diff --git a/content/zh/docs/tutorials/clusters/seccomp.md b/content/zh/docs/tutorials/clusters/seccomp.md
index 9f8d7dc2f3..d724d605b6 100644
--- a/content/zh/docs/tutorials/clusters/seccomp.md
+++ b/content/zh/docs/tutorials/clusters/seccomp.md
@@ -2,6 +2,7 @@
title: 使用 Seccomp 限制容器的系统调用
content_type: tutorial
weight: 20
+min-kubernetes-server-version: v1.22
---
@@ -10,7 +11,7 @@ weight: 20
为了完成本教程中的所有步骤,你必须安装 [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
-和 [kubectl](/zh/docs/tasks/tools/)。本教程将显示同时具有 alpha(v1.19 之前的版本)
-和通常可用的 seccomp 功能的示例,因此请确保为所使用的版本[正确配置](https://kind.sigs.k8s.io/docs/user/quick-start/#setting-kubernetes-version)了集群。
+和 [kubectl](/zh/docs/tasks/tools/)。本教程将显示同时具有 alpha(v1.22 新版本)
+和通常可用的 seccomp 功能的示例。
+你应该确保为所使用的版本[正确配置](https://kind.sigs.k8s.io/docs/user/quick-start/#setting-kubernetes-version)了集群。
+
+
+## 启用 `RuntimeDefault` 作为所有工作负载的默认 seccomp 配置文件
+
+{{< feature-state state="alpha" for_k8s_version="v1.22" >}}
+
+`SeccompDefault` 是一个可选的 kubelet
+[特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates),
+相应地,`--seccomp-default` 是此特性门控的
+[命令行标志](/zh/docs/reference/command-line-tools-reference/kubelet)。
+必须同时启用两者才能使用该功能。
+
+
+如果启用,kubelet 将默认使用 `RuntimeDefault` seccomp 配置,
+而不是使用 `Unconfined`(禁用 seccomp)模式,该配置由容器运行时定义。
+默认配置旨在提供一组强大的安全默认值设置,同时避免影响工作负载的功能。
+不同的容器运行时之间及其不同的发布版本之间的默认配置可能不同,
+例如在比较 CRI-O 和 containerd 的配置文件时(就会发现这点)。
+
+
+某些工作负载可能相比其他工作负载需要更少的系统调用限制。
+这意味着即使使用 `RuntimeDefault` 配置文件,它们也可能在运行时失败。
+要处理此类失效,你可以:
+
+- 将工作负载显式运行为 `Unconfined`。
+- 禁用节点的 `SeccompDefault` 功能。
+ 还要确保工作负载被安排在禁用该功能的节点上。
+- 为工作负载创建自定义 seccomp 配置文件。
+
+
+如果你将此功能引入到类似生产的集群中,
+Kubernetes 项目建议你在节点的子集上启用此特性门控,
+然后在集群范围内推出更改之前测试工作负载的执行情况。
+
+有关可能的升级和降级策略的更多详细信息,
+请参见[相关 Kubernetes 增强提案 (KEP)](https://github.com/kubernetes/enhancements/tree/a70cc18/keps/sig-node/2413-seccomp-by-default#upgrade--downgrade-strategy)。
+
+
+由于该功能处于 alpha 状态,因此默认情况下是被禁用的。要启用它,
+请将标志 `--feature-gates=SeccompDefault=true --seccomp-default`
+传递给 `kubelet` CLI 或通过
+[kubelet 配置文件](/zh/docs/tasks/administer-cluster/kubelet-config-file/)启用它。
+要在 [kind](https://kind.sigs.k8s.io) 中启用特性门控,
+请确保 `kind` 提供所需的最低 Kubernetes 版本并
+[在 kind 配置中](https://kind.sigs.k8s.io/docs/user/quick-start/#enable-feature-gates-in-your-cluster)
+启用 `SeccompDefault` 功能:
+
+```yaml
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+featureGates:
+ SeccompDefault: true
+```
+
-## 使用 Seccomp 配置文件创建 Pod 以进行系统调用审核
+## 使用 seccomp 配置文件创建 Pod 以进行系统调用审核
首先,将 `audit.json` 配置文件应用到新的 Pod 中,该配置文件将记录该进程的所有系统调用。
@@ -297,14 +396,14 @@ kubectl delete svc/audit-pod
```
-## 使用导致违规的 Seccomp 配置文件创建 Pod
+## 使用导致违规的 seccomp 配置文件创建 Pod
为了进行演示,请将不允许任何系统调用的配置文件应用于 Pod。
@@ -364,7 +463,7 @@ kubectl delete svc/violation-pod
```
-## 使用设置仅允许需要的系统调用的配置文件来创建 Pod
+## 使用设置仅允许需要的系统调用的 seccomp 配置文件来创建 Pod
如果你看一下 `fine-pod.json` 文件,你会注意到在第一个示例中配置文件设置为 `"defaultAction": "SCMP_ACT_LOG"` 的一些系统调用。
现在,配置文件设置为 `"defaultAction": "SCMP_ACT_ERRNO"`,但是在 `"action": "SCMP_ACT_ALLOW"` 块中明确允许一组系统调用。
@@ -482,7 +581,7 @@ kubectl delete svc/fine-pod
```
-## 使用容器运行时默认的 Seccomp 配置文件创建 Pod
+## 使用容器运行时默认的 seccomp 配置文件创建 Pod
大多数容器运行时都提供一组允许或不允许的默认系统调用。通过使用 `runtime/default` 注释
或将 Pod 或容器的安全上下文中的 seccomp 类型设置为 `RuntimeDefault`,可以轻松地在 Kubernetes 中应用默认值。
@@ -518,10 +617,10 @@ The default seccomp profile should provide adequate access for most workloads.
额外的资源:
-* [Seccomp 概要](https://lwn.net/Articles/656307/)
+* [seccomp 概要](https://lwn.net/Articles/656307/)
* [Seccomp 在 Docker 中的安全配置](https://docs.docker.com/engine/security/seccomp/)
\ No newline at end of file
diff --git a/content/zh/docs/tutorials/configuration/configure-java-microservice/_index.md b/content/zh/docs/tutorials/configuration/configure-java-microservice/_index.md
old mode 100755
new mode 100644
diff --git a/content/zh/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice-interactive.html b/content/zh/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice-interactive.html
index f453fc75cb..5a119fcd37 100644
--- a/content/zh/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice-interactive.html
+++ b/content/zh/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice-interactive.html
@@ -11,7 +11,7 @@ weight: 20
-
+
diff --git a/content/zh/docs/tutorials/configuration/configure-redis-using-configmap.md b/content/zh/docs/tutorials/configuration/configure-redis-using-configmap.md
index 027771a28c..fc6f0fa2f1 100644
--- a/content/zh/docs/tutorials/configuration/configure-redis-using-configmap.md
+++ b/content/zh/docs/tutorials/configuration/configure-redis-using-configmap.md
@@ -79,7 +79,7 @@ Apply the ConfigMap created above, along with a Redis pod manifest:
```shell
kubectl apply -f example-redis-config.yaml
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/pods/config/redis-pod.yaml
+kubectl apply -f https://k8s.io/examples/pods/config/redis-pod.yaml
```
{{< note >}}
-`dashboard` 命令启用仪表板插件,并在默认的 Web 浏览器中打开代理。你可以在仪表板上创建 Kubernetes 资源,例如 Deployment 和 Service。
+`dashboard` 命令启用仪表板插件,并在默认的 Web 浏览器中打开代理。
+你可以在仪表板上创建 Kubernetes 资源,例如 Deployment 和 Service。
如果你以 root 用户身份在环境中运行,
请参见[使用 URL 打开仪表板](#open-dashboard-with-url)。
+默认情况下,仪表板只能从内部 Kubernetes 虚拟网络中访问。
+`dashboard` 命令创建一个临时代理,使仪表板可以从 Kubernetes 虚拟网络外部访问。
+
要停止代理,请运行 `Ctrl+C` 退出该进程。仪表板仍在运行中。
+命令退出后,仪表板仍然在 Kubernetes 集群中运行。
+你可以再次运行 `dashboard` 命令创建另一个代理来访问仪表板。
+
{{< /note >}}
-
+
Create a configmap based on a file, directory, or specified literal value.
-
A single configmap may package one or more key/value pairs.
-
When creating a configmap based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key, you may specify an alternate key.
-
When creating a configmap based on a directory, each file whose basename is a valid key in the directory will be packaged into the configmap. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc).
+
Create a config map based on a file, directory, or specified literal value.
+
A single config map may package one or more key/value pairs.
+
When creating a config map based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key, you may specify an alternate key.
+
When creating a config map based on a directory, each file whose basename is a valid key in the directory will be packaged into the config map. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc).
Usage
$ kubectl create configmap NAME [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run=server|client|none]
Create a pod disruption budget named my-pdb that will select all pods with the app=rails label # and require at least one of them being available at any point in time.
+
Create a pod disruption budget named my-pdb that will select all pods with the app=rails label # and require at least one of them being available at any point in time
Create a pod disruption budget named my-pdb that will select all pods with the app=nginx label # and require at least half of the pods selected to be available at any point in time.
+
Create a pod disruption budget named my-pdb that will select all pods with the app=nginx label # and require at least half of the pods selected to be available at any point in time
That produces a ~/.dockercfg file that is used by subsequent 'docker push' and 'docker pull' commands to authenticate to the registry. The email address is optional.
When creating applications, you may have a Docker registry that requires authentication. In order for the
- nodes to pull images on your behalf, they have to have the credentials. You can provide this information
+ nodes to pull images on your behalf, they must have the credentials. You can provide this information
by creating a dockercfg secret and attaching it to your service account.
Create a TLS secret from the given public/private key pair.
-
The public/private key pair must exist before hand. The public key certificate must be .PEM encoded and match the given private key.
+
The public/private key pair must exist beforehand. The public key certificate must be .PEM encoded and match the given private key.
Usage
$ kubectl create tls NAME --cert=path/to/cert/file --key=path/to/key/file [--dry-run=server|client|none]
Flags
@@ -1823,7 +1817,7 @@ inspect them.
service
-
Create a service using specified subcommand.
+
Create a service using a specified subcommand.
Usage
$ kubectl create service
@@ -2232,67 +2226,67 @@ inspect them.
get
-
List all pods in ps output format.
+
List all pods in ps output format
kubectl get pods
-
List all pods in ps output format with more information (such as node name).
+
List all pods in ps output format with more information (such as node name)
kubectl get pods -o wide
-
List a single replication controller with specified NAME in ps output format.
+
List a single replication controller with specified NAME in ps output format
kubectl get replicationcontroller web
-
List deployments in JSON output format, in the "v1" version of the "apps" API group:
+
List deployments in JSON output format, in the "v1" version of the "apps" API group
kubectlgetdeployments.v1.apps-ojson
-
List a single pod in JSON output format.
+
List a single pod in JSON output format
kubectl get -o json pod web-pod-13je7
-
List a pod identified by type and name specified in "pod.yaml" in JSON output format.
+
List a pod identified by type and name specified in "pod.yaml" in JSON output format
kubectl get -f pod.yaml -o json
-
List resources from a directory with kustomization.yaml - e.g. dir/kustomization.yaml.
+
List resources from a directory with kustomization.yaml - e.g. dir/kustomization.yaml
kubectl get -k dir/
-
Return only the phase value of the specified pod.
+
Return only the phase value of the specified pod
kubectl get -o template pod/web-pod-13je7 --template={{.status.phase}}
-
List resource information in custom columns.
+
List resource information in custom columns
kubectl get pod test-pod -o custom-columns=CONTAINER:.spec.containers[0].name,IMAGE:.spec.containers[0].image
-
List all replication controllers and services together in ps output format.
+
List all replication controllers and services together in ps output format
kubectl get rc,services
-
List one or more resources by their type and names.
+
List one or more resources by their type and names
kubectl get rc/web service/frontend pods/web-pod-13je7
-
Display one or many resources
+
Display one or many resources.
Prints a table of the most important information about the specified resources. You can filter the list using a label selector and the --selector flag. If the desired resource type is namespaced you will only see results in your current namespace unless you pass --all-namespaces.
Uninitialized objects are not shown unless --include-uninitialized is passed.
By specifying the output as 'template' and providing a Go template as the value of the --template flag, you can filter the attributes of the fetched resources.
Use "kubectl api-resources" for a complete list of supported resources.
Create a service for a replication controller identified by type and name specified in "nginx-controller.yaml", which serves on port 80 and connects to the containers on port 8000.
+
Create a service for a replication controller identified by type and name specified in "nginx-controller.yaml", which serves on port 80 and connects to the containers on port 8000
Delete a pod using the type and name specified in pod.json.
+
Delete a pod using the type and name specified in pod.json
kubectl delete -f ./pod.json
-
Delete resources from a directory containing kustomization.yaml - e.g. dir/kustomization.yaml.
+
Delete resources from a directory containing kustomization.yaml - e.g. dir/kustomization.yaml
kubectl delete -k dir
-
Delete a pod based on the type and name in the JSON passed into stdin.
+
Delete a pod based on the type and name in the JSON passed into stdin
cat pod.json | kubectl delete -f -
@@ -2964,7 +2958,7 @@ inspect them.
kubectl delete pod,service baz foo
-
Delete pods and services with label name=myLabel.
+
Delete pods and services with label name=myLabel
kubectl delete pods,services -l name=myLabel
@@ -2983,10 +2977,10 @@ inspect them.
kubectl delete pods --all
-
Delete resources by filenames, stdin, resources and names, or by resources and label selector.
-
JSON and YAML formats are accepted. Only one type of the arguments may be specified: filenames, resources and names, or resources and label selector.
-
Some resources, such as pods, support graceful deletion. These resources define a default period before they are forcibly terminated (the grace period) but you may override that value with the --grace-period flag, or pass --now to set a grace-period of 1. Because these resources often represent entities in the cluster, deletion may not be acknowledged immediately. If the node hosting a pod is down or cannot reach the API server, termination may take significantly longer than the grace period. To force delete a resource, you must specify the --force flag. Note: only a subset of resources support graceful deletion. In absence of the support, --grace-period is ignored.
-
IMPORTANT: Force deleting pods does not wait for confirmation that the pod's processes have been terminated, which can leave those processes running until the node detects the deletion and completes graceful deletion. If your processes use shared storage or talk to a remote API and depend on the name of the pod to identify themselves, force deleting those pods may result in multiple processes running on different machines using the same identification which may lead to data corruption or inconsistency. Only force delete pods when you are sure the pod is terminated, or if your application can tolerate multiple copies of the same pod running at once. Also, if you force delete pods the scheduler may place new pods on those nodes before the node has released those resources and causing those pods to be evicted immediately.
+
Delete resources by file names, stdin, resources and names, or by resources and label selector.
+
JSON and YAML formats are accepted. Only one type of argument may be specified: file names, resources and names, or resources and label selector.
+
Some resources, such as pods, support graceful deletion. These resources define a default period before they are forcibly terminated (the grace period) but you may override that value with the --grace-period flag, or pass --now to set a grace-period of 1. Because these resources often represent entities in the cluster, deletion may not be acknowledged immediately. If the node hosting a pod is down or cannot reach the API server, termination may take significantly longer than the grace period. To force delete a resource, you must specify the --force flag. Note: only a subset of resources support graceful deletion. In absence of the support, the --grace-period flag is ignored.
+
IMPORTANT: Force deleting pods does not wait for confirmation that the pod's processes have been terminated, which can leave those processes running until the node detects the deletion and completes graceful deletion. If your processes use shared storage or talk to a remote API and depend on the name of the pod to identify themselves, force deleting those pods may result in multiple processes running on different machines using the same identification which may lead to data corruption or inconsistency. Only force delete pods when you are sure the pod is terminated, or if your application can tolerate multiple copies of the same pod running at once. Also, if you force delete pods, the scheduler may place new pods on those nodes before the node has released those resources and causing those pods to be evicted immediately.
Note that the delete command does NOT do resource version checks, so if someone submits an update to a resource right when you submit a delete, their update will be lost along with the rest of the resource.
@@ -3111,31 +3105,31 @@ viewing your workloads in a Kubernetes cluster.
apply
-
Apply the configuration in pod.json to a pod.
+
Apply the configuration in pod.json to a pod
kubectl apply -f ./pod.json
-
Apply resources from a directory containing kustomization.yaml - e.g. dir/kustomization.yaml.
+
Apply resources from a directory containing kustomization.yaml - e.g. dir/kustomization.yaml
kubectl apply -k dir/
-
Apply the JSON passed into stdin to a pod.
+
Apply the JSON passed into stdin to a pod
cat pod.json | kubectlapply -f -
-
Note: --prune is still in Alpha # Apply the configuration in manifest.yaml that matches label app=nginx and delete all the other resources that are not in the file and match label app=nginx.
+
Note: --prune is still in Alpha # Apply the configuration in manifest.yaml that matches label app=nginx and delete all other resources that are not in the file and match label app=nginx
Apply a configuration to a resource by filename or stdin. The resource name must be specified. This resource will be created if it doesn't exist yet. To use 'apply', always create the resource initially with either 'apply' or 'create --save-config'.
+
Apply a configuration to a resource by file name or stdin. The resource name must be specified. This resource will be created if it doesn't exist yet. To use 'apply', always create the resource initially with either 'apply' or 'create --save-config'.
JSON and YAML formats are accepted.
Alpha Disclaimer: the --prune functionality is not yet complete. Do not use unless you are aware of what the current state is. See https://issues.k8s.io/34274.
Usage
@@ -3300,17 +3294,17 @@ viewing your workloads in a Kubernetes cluster.
edit-last-applied
-
Edit the last-applied-configuration annotations by type/name in YAML.
+
Edit the last-applied-configuration annotations by type/name in YAML
kubectl apply edit-last-applied deployment/nginx
-
Edit the last-applied-configuration annotations by file in JSON.
+
Edit the last-applied-configuration annotations by file in JSON
Edit the latest last-applied-configuration annotations of resources from the default editor.
-
The edit-last-applied command allows you to directly edit any API resource you can retrieve via the command line tools. It will open the editor defined by your KUBE_EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows. You can edit multiple objects, although changes are applied one at a time. The command accepts filenames as well as command line arguments, although the files you point to must be previously saved versions of resources.
+
The edit-last-applied command allows you to directly edit any API resource you can retrieve via the command-line tools. It will open the editor defined by your KUBE_EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows. You can edit multiple objects, although changes are applied one at a time. The command accepts file names as well as command-line arguments, although the files you point to must be previously saved versions of resources.
The default format is YAML. To edit in JSON, specify "-o json".
The flag --windows-line-endings can be used to force Windows line endings, otherwise the default for your operating system will be used.
In the event an error occurs while updating, a temporary file will be created on disk that contains your unapplied changes. The most common error when updating a resource is another editor changing the resource on the server. When this occurs, you will have to apply your changes to the newer version of the resource, or update your temporary saved copy to include the latest resource version.
@@ -3392,17 +3386,17 @@ viewing your workloads in a Kubernetes cluster.
set-last-applied
-
Set the last-applied-configuration of a resource to match the contents of a file.
+
Set the last-applied-configuration of a resource to match the contents of a file
kubectl apply set-last-applied -f deploy.yaml
-
Execute set-last-applied against each configuration file in a directory.
+
Execute set-last-applied against each configuration file in a directory
kubectl apply set-last-applied -f path/
-
Set the last-applied-configuration of a resource to match the contents of a file, will create the annotation if it does not already exist.
+
Set the last-applied-configuration of a resource to match the contents of a file; will create the annotation if it does not already exist
@@ -3532,7 +3526,7 @@ viewing your workloads in a Kubernetes cluster.
annotate
-
Update pod 'foo' with the annotation 'description' and the value 'my frontend'. # If the same annotation is set multiple times, only the last value will be applied
+
Update pod 'foo' with the annotation 'description' and the value 'my frontend' # If the same annotation is set multiple times, only the last value will be applied
Update pod 'foo' by removing an annotation named 'description' if it exists. # Does not require the --overwrite flag.
+
Update pod 'foo' by removing an annotation named 'description' if it exists # Does not require the --overwrite flag
kubectl annotate pods foo description-
-
Update the annotations on one or more resources
+
Update the annotations on one or more resources.
All Kubernetes objects support the ability to store additional data with the object as annotations. Annotations are key/value pairs that can be larger than labels and include arbitrary string values such as structured JSON. Tools and system extensions may use annotations to store their own data.
Attempting to set an annotation that already exists will fail unless --overwrite is set. If --resource-version is specified and does not match the current resource version on the server the command will fail.
Use "kubectl api-resources" for a complete list of supported resources.
@@ -3585,6 +3579,12 @@ viewing your workloads in a Kubernetes cluster.
Select all resources, including uninitialized ones, in the namespace of the specified resource types.
+
all-namespaces
+
A
+
false
+
If true, check the specified action in all namespaces.
+
+
allow-missing-template-keys
true
@@ -3685,17 +3685,17 @@ viewing your workloads in a Kubernetes cluster.
autoscale
-
Auto scale a deployment "foo", with the number of pods between 2 and 10, no target CPU utilization specified so a default autoscaling policy will be used:
+
Auto scale a deployment "foo", with the number of pods between 2 and 10, no target CPU utilization specified so a default autoscaling policy will be used
kubectl autoscale deployment foo --min=2 --max=10
-
Auto scale a replication controller "foo", with the number of pods between 1 and 5, target CPU utilization at 80%:
+
Auto scale a replication controller "foo", with the number of pods between 1 and 5, target CPU utilization at 80%
kubectl autoscale rc foo --max=5 --cpu-percent=80
-
Creates an autoscaler that automatically chooses and sets the number of pods that run in a kubernetes cluster.
-
Looks up a Deployment, ReplicaSet, StatefulSet, or ReplicationController by name and creates an autoscaler that uses the given resource as a reference. An autoscaler can automatically increase or decrease number of pods deployed within the system as needed.
+
Creates an autoscaler that automatically chooses and sets the number of pods that run in a Kubernetes cluster.
+
Looks up a deployment, replica set, stateful set, or replication controller by name and creates an autoscaler that uses the given resource as a reference. An autoscaler can automatically increase or decrease number of pods deployed within the system as needed.
Usage
$ kubectl autoscale (-f FILENAME | TYPE NAME | TYPE/NAME) [--min=MINPODS] --max=MAXPODS [--cpu-percent=CPU]
Flags
@@ -3740,12 +3740,6 @@ viewing your workloads in a Kubernetes cluster.
Filename, directory, or URL to files identifying the resource to autoscale.
-
generator
-
-
horizontalpodautoscaler/v1
-
The name of the API generator to use. Currently there is only 1 generator.
-
-
kustomize
k
@@ -3960,7 +3954,7 @@ viewing your workloads in a Kubernetes cluster.
diff
-
Diff resources included in pod.json.
+
Diff resources included in pod.json
kubectldiff-fpod.json
@@ -3969,10 +3963,10 @@ viewing your workloads in a Kubernetes cluster.
cat service.yaml | kubectl diff -f -
-
Diff configurations specified by filename or stdin between the current online configuration, and the configuration as it would be if applied.
-
Output is always YAML.
+
Diff configurations specified by file name or stdin between the current online configuration, and the configuration as it would be if applied.
+
The output is always YAML.
KUBECTL_EXTERNAL_DIFF environment variable can be used to select your own diff command. Users can use external commands with params too, example: KUBECTL_EXTERNAL_DIFF="colordiff -N -u"
-
By default, the "diff" command available in your path will be run with "-u" (unified diff) and "-N" (treat absent files as empty) options.
+
By default, the "diff" command available in your path will be run with the "-u" (unified diff) and "-N" (treat absent files as empty) options.
Exit status: 0 No differences were found. 1 Differences were found. >1 Kubectl or diff failed with an error.
Note: KUBECTL_EXTERNAL_DIFF, if used, is expected to follow that convention.
Usage
@@ -4035,7 +4029,7 @@ viewing your workloads in a Kubernetes cluster.
edit
-
Edit the service named 'docker-registry':
+
Edit the service named 'docker-registry'
kubectl edit svc/docker-registry
@@ -4045,17 +4039,17 @@ viewing your workloads in a Kubernetes cluster.
The edit command allows you to directly edit any API resource you can retrieve via the command line tools. It will open the editor defined by your KUBE_EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows. You can edit multiple objects, although changes are applied one at a time. The command accepts filenames as well as command line arguments, although the files you point to must be previously saved versions of resources.
+
The edit command allows you to directly edit any API resource you can retrieve via the command-line tools. It will open the editor defined by your KUBE_EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows. You can edit multiple objects, although changes are applied one at a time. The command accepts file names as well as command-line arguments, although the files you point to must be previously saved versions of resources.
Editing is done with the API version used to fetch the resource. To edit using a specific API version, fully-qualify the resource, version, and group.
The default format is YAML. To edit in JSON, specify "-o json".
The flag --windows-line-endings can be used to force Windows line endings, otherwise the default for your operating system will be used.
@@ -4185,10 +4179,10 @@ viewing your workloads in a Kubernetes cluster.
-
allow-id-changes
+
as-current-user
false
-
enable changes to a resourceId
+
use the uid and gid of the command executor to run the function in the container
enable-alpha-plugins
@@ -4197,6 +4191,12 @@ viewing your workloads in a Kubernetes cluster.
enable kustomize plugins
+
enable-helm
+
+
false
+
Enable use of the Helm chart inflator generator.
+
+
enable-managedby-label
false
@@ -4209,6 +4209,12 @@ viewing your workloads in a Kubernetes cluster.
a list of environment variables to be used by functions
+
helm-command
+
+
helm
+
helm command (path to executable)
+
+
load-restrictor
LoadRestrictionsRootOnly
@@ -4249,12 +4255,12 @@ viewing your workloads in a Kubernetes cluster.
label
-
Update pod 'foo' with the label 'unhealthy' and the value 'true'.
+
Update pod 'foo' with the label 'unhealthy' and the value 'true'
kubectl label pods foo unhealthy=true
-
Update pod 'foo' with the label 'status' and the value 'unhealthy', overwriting any existing value.
+
Update pod 'foo' with the label 'status' and the value 'unhealthy', overwriting any existing value
@@ -4533,12 +4545,12 @@ viewing your workloads in a Kubernetes cluster.
replace
-
Replace a pod using the data in pod.json.
+
Replace a pod using the data in pod.json
kubectl replace -f ./pod.json
-
Replace a pod based on the JSON passed into stdin.
+
Replace a pod based on the JSON passed into stdin
cat pod.json | kubectlreplace -f -
@@ -4552,7 +4564,7 @@ viewing your workloads in a Kubernetes cluster.
kubectl replace --force -f ./pod.json
-
Replace a resource by filename or stdin.
+
Replace a resource by file name or stdin.
JSON and YAML formats are accepted. If replacing an existing resource, the complete resource spec must be provided. This can be obtained by
$ kubectl get TYPE NAME -o yaml
Usage
@@ -4772,11 +4784,11 @@ viewing your workloads in a Kubernetes cluster.
pause
-
Mark the nginx deployment as paused. Any current state of # the deployment will continue its function, new updates to the deployment will not # have an effect as long as the deployment is paused.
+
Mark the nginx deployment as paused # Any current state of the deployment will continue its function; new updates # to the deployment will not have an effect as long as the deployment is paused
kubectl rollout pause deployment/nginx
-
Mark the provided resource as paused
+
Mark the provided resource as paused.
Paused resources will not be reconciled by a controller. Use "kubectl rollout resume" to resume a paused resource. Currently only deployments support being paused.
Usage
$ kubectl rollout pause RESOURCE
@@ -4849,12 +4861,12 @@ viewing your workloads in a Kubernetes cluster.
kubectl rollout restart deployment/nginx
-
Restart a daemonset
+
Restart a daemon set
kubectl rollout restart daemonset/abc
Restart a resource.
-
Resource will be rollout restarted.
+
Resource rollout will be restarted.
Usage
$ kubectl rollout restart RESOURCE
Flags
@@ -4925,7 +4937,7 @@ viewing your workloads in a Kubernetes cluster.
kubectl rollout resume deployment/nginx
-
Resume a paused resource
+
Resume a paused resource.
Paused resources will not be reconciled by a controller. By resuming a resource, we allow it to be reconciled again. Currently only deployments support being resumed.
Usage
$ kubectl rollout resume RESOURCE
@@ -5053,21 +5065,21 @@ viewing your workloads in a Kubernetes cluster.
Set a new size for a Deployment, ReplicaSet, Replication Controller, or StatefulSet.
+
Set a new size for a deployment, replica set, replication controller, or stateful set.
Scale also allows users to specify one or more preconditions for the scale action.
If --current-replicas or --resource-version is specified, it is validated before the scale is attempted, and it is guaranteed that the precondition holds true when the scale is sent to the server.
Usage
@@ -5196,7 +5208,7 @@ viewing your workloads in a Kubernetes cluster.
current-replicas
-1
-
Precondition for current size. Requires that the current size of the resource match this value in order to scale.
+
Precondition for current size. Requires that the current size of the resource match this value in order to scale. -1 (default) for no condition.
dry-run
@@ -5274,7 +5286,7 @@ viewing your workloads in a Kubernetes cluster.
set
-
Configure application resources
+
Configure application resources.
These commands help you make changes to existing application resources.
Usage
$ kubectl set SUBCOMMAND
@@ -5339,7 +5351,7 @@ viewing your workloads in a Kubernetes cluster.
List environment variable definitions in one or more pods, pod templates. Add, update, or remove container environment variable definitions in one or more pod templates (within replication controllers or deployment configurations). View or modify the environment variable definitions on all containers in the specified pods or pod templates, or just those that match a wildcard.
If "--env -" is passed, environment variables can be read from STDIN using the standard env syntax.
$ kubectl set image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 ... CONTAINER_NAME_N=CONTAINER_IMAGE_N
Flags
@@ -5615,8 +5627,8 @@ viewing your workloads in a Kubernetes cluster.
kubectl set resources -f path/to/file.yaml --limits=cpu=200m,memory=512Mi --local -o yaml
-
Specify compute resource requirements (cpu, memory) for any resource that defines a pod template. If a pod is successfully scheduled, it is guaranteed the amount of resource requested, but may burst up to its specified limits.
-
for each compute resource, if a limit is specified and a request is omitted, the request will default to the limit.
+
Specify compute resource requirements (CPU, memory) for any resource that defines a pod template. If a pod is successfully scheduled, it is guaranteed the amount of resource requested, but may burst up to its specified limits.
+
For each compute resource, if a limit is specified and a request is omitted, the request will default to the limit.
Possible resources include (case insensitive): Use "kubectl api-resources" for a complete list of supported resources..
Usage
$ kubectl set resources (-f FILENAME | TYPE NAME) ([--limits=LIMITS & --requests=REQUESTS]
@@ -5732,7 +5744,7 @@ viewing your workloads in a Kubernetes cluster.
selector
-
set the labels and selector before creating a deployment/service pair.
+
Set the labels and selector before creating a deployment/service pair
Wait for the pod "busybox1" to be deleted, with a timeout of 60s, after having issued the "delete" command.
+
Wait for the pod "busybox1" to be deleted, with a timeout of 60s, after having issued the "delete" command
kubectl delete pod/busybox1
kubectl wait --for=delete pod/busybox1 --timeout=60s
@@ -6066,7 +6078,7 @@ kubectl wait --for=delete pod/busybox1 Experimental: Wait for a specific condition on one or many resources.
The command takes multiple resources and waits until the specified condition is seen in the Status field of every given resource.
Alternatively, the command can wait for the given set of resources to be deleted by providing the "delete" keyword as the value to the --for flag.
-
A successful message will be printed to stdout indicating when the specified condition has been met. One can use -o option to change to output destination.
+
A successful message will be printed to stdout indicating when the specified condition has been met. You can use -o option to change to output destination.
Get output from running pod mypod, use the kubectl.kubernetes.io/default-container annotation # for selecting the container to be attached or the first container in the pod will be chosen
+
Get output from running pod mypod; use the 'kubectl.kubernetes.io/default-container' annotation # for selecting the container to be attached or the first container in the pod will be chosen
kubectl attach mypod
@@ -6181,12 +6193,12 @@ applications.
kubectl attach mypod -c ruby-container
-
Switch to raw terminal mode, sends stdin to 'bash' in ruby-container from pod mypod # and sends stdout/stderr from 'bash' back to the client
+
Switch to raw terminal mode; sends stdin to 'bash' in ruby-container from pod mypod # and sends stdout/stderr from 'bash' back to the client
kubectl attach mypod -c ruby-container -i -t
-
Get output from the first pod of a ReplicaSet named nginx
+
Get output from the first pod of a replica set named nginx
kubectl attach rs/nginx
@@ -6279,7 +6291,7 @@ applications.
kubectl auth can-i --list --namespace=foo
Check whether an action is allowed.
-
VERB is a logical Kubernetes API verb like 'get', 'list', 'watch', 'delete', etc. TYPE is a Kubernetes resource. Shortcuts and groups will be resolved. NONRESOURCEURL is a partial URL starts with "/". NAME is the name of a particular Kubernetes resource.
+
VERB is a logical Kubernetes API verb like 'get', 'list', 'watch', 'delete', etc. TYPE is a Kubernetes resource. Shortcuts and groups will be resolved. NONRESOURCEURL is a partial URL that starts with "/". NAME is the name of a particular Kubernetes resource.
Reconciles rules for RBAC Role, RoleBinding, ClusterRole, and ClusterRoleBinding objects.
+
Reconciles rules for RBAC role, role binding, cluster role, and cluster role binding objects.
Missing objects are created, and the containing namespace is created for namespaced objects, if required.
Existing roles are updated to include the permissions in the input objects, and remove extra permissions if --remove-extra-permissions is specified.
Existing bindings are updated to include the subjects in the input objects, and remove extra subjects if --remove-extra-subjects is specified.
@@ -6415,7 +6427,7 @@ applications.
cp
-
!!!Important Note!!! # Requires that the 'tar' binary is present in your container # image. If 'tar' is not present, 'kubectl cp' will fail. # # For advanced use cases, such as symlinks, wildcard expansion or # file mode preservation consider using 'kubectl exec'. # Copy /tmp/foo local file to /tmp/bar in a remote pod in namespace
+
!!!Important Note!!! # Requires that the 'tar' binary is present in your container # image. If 'tar' is not present, 'kubectl cp' will fail. # # For advanced use cases, such as symlinks, wildcard expansion or # file mode preservation, consider using 'kubectl exec'. # Copy /tmp/foo local file to /tmp/bar in a remote pod in namespace
tar cf - /tmp/foo | kubectl exec -i -n <some-namespace><some-pod> -- tar xf - -C /tmp/bar
@@ -6500,11 +6512,11 @@ applications.
kubectl describe po -l name=myLabel
-
Describe all pods managed by the 'frontend' replication controller (rc-created pods # get the name of the rc as a prefix in the pod the name).
+
Describe all pods managed by the 'frontend' replication controller (rc-created pods # get the name of the rc as a prefix in the pod the name)
kubectl describe pods frontend
-
Show details of a specific resource or group of resources
+
Show details of a specific resource or group of resources.
Print a detailed description of the selected resources, including related resources such as events or controllers. You may select a single object by name, all objects of that type, provide a name prefix, or label selector. For example:
$ kubectl describe TYPE NAME_PREFIX
will first check for an exact match on TYPE and NAME_PREFIX. If no such resource exists, it will output details for every resource that has a name prefixed with NAME_PREFIX.
@@ -6529,6 +6541,12 @@ applications.
If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
+
chunk-size
+
+
500
+
Return large lists in chunks rather than all at once. Pass 0 to disable. This flag is beta and may change in the future.
+
+
filename
f
[]
@@ -6563,22 +6581,22 @@ applications.
exec
-
Get output from running 'date' command from pod mypod, using the first container by default
+
Get output from running the 'date' command from pod mypod, using the first container by default
kubectl exec mypod -- date
-
Get output from running 'date' command in ruby-container from pod mypod
+
Get output from running the 'date' command in ruby-container from pod mypod
kubectl exec mypod -c ruby-container -- date
-
Switch to raw terminal mode, sends stdin to 'bash' in ruby-container from pod mypod # and sends stdout/stderr from 'bash' back to the client
+
Switch to raw terminal mode; sends stdin to 'bash' in ruby-container from pod mypod # and sends stdout/stderr from 'bash' back to the client
List contents of /usr from the first container of pod mypod and sort by modification time. # If the command you want to execute in the pod has any flags in common (e.g. -i), # you must use two dashes (--) to separate your command's flags/arguments. # Also note, do not surround your command and its flags/arguments with quotes # unless that is how you would execute it normally (i.e., do ls -t /usr, not "ls -t /usr").
+
List contents of /usr from the first container of pod mypod and sort by modification time # If the command you want to execute in the pod has any flags in common (e.g. -i), # you must use two dashes (--) to separate your command's flags/arguments # Also note, do not surround your command and its flags/arguments with quotes # unless that is how you would execute it normally (i.e., do ls -t /usr, not "ls -t /usr")
kubectl exec mypod -i -t -- ls -t /usr
@@ -6659,7 +6677,7 @@ applications.
Return snapshot logs from all containers in pods defined by label app=nginx
-
kubectl logs -lapp=nginx --all-containers=true
+
kubectl logs -l app=nginx --all-containers=true
Return snapshot of previous terminated ruby container logs from pod web-1
@@ -6674,7 +6692,7 @@ applications.
Begin streaming the logs from all containers in pods defined by label app=nginx
Display only the most recent 20 lines of output in pod nginx
@@ -6844,9 +6862,9 @@ applications.
kubectl port-forward pod/mypod :5000
-
Forward one or more local ports to a pod. This command requires the node to have 'socat' installed.
+
Forward one or more local ports to a pod.
Use resource type/name such as deployment/mydeployment to select a pod. Resource type defaults to 'pod' if omitted.
-
If there are multiple pods matching the criteria, a pod will be selected automatically. The forwarding session ends when the selected pod terminates, and rerun of the command is needed to resume forwarding.
+
If there are multiple pods matching the criteria, a pod will be selected automatically. The forwarding session ends when the selected pod terminates, and a rerun of the command is needed to resume forwarding.
To proxy the entire kubernetes api at a different root. # You can get pods info with 'curl localhost:8001/custom/api/v1/pods'
+
To proxy the entire Kubernetes API at a different root # You can get pods info with 'curl localhost:8001/custom/api/v1/pods'
kubectl proxy --api-prefix=/custom/
-
Run a proxy to kubernetes apiserver on port 8011, serving static content from ./local/www/
+
Run a proxy to the Kubernetes API server on port 8011, serving static content from ./local/www/
kubectl proxy --port=8011 --www=./local/www/
-
Run a proxy to kubernetes apiserver on an arbitrary local port. # The chosen port for the server will be output to stdout.
+
Run a proxy to the Kubernetes API server on an arbitrary local port # The chosen port for the server will be output to stdout
kubectl proxy --port=0
-
Run a proxy to kubernetes apiserver, changing the api prefix to k8s-api # This makes e.g. the pods api available at localhost:8001/k8s-api/v1/pods/
+
Run a proxy to the Kubernetes API server, changing the API prefix to k8s-api # This makes e.g. the pods API available at localhost:8001/k8s-api/v1/pods/
kubectl proxy --api-prefix=/k8s-api
-
Creates a proxy server or application-level gateway between localhost and the Kubernetes API Server. It also allows serving static content over specified HTTP path. All incoming data enters through one port and gets forwarded to the remote kubernetes API Server port, except for the path matching the static content path.
+
Creates a proxy server or application-level gateway between localhost and the Kubernetes API server. It also allows serving static content over specified HTTP path. All incoming data enters through one port and gets forwarded to the remote Kubernetes API server port, except for the path matching the static content path.
The top-node command allows you to see the resource consumption of nodes.
Usage
$ kubectl top node [NAME | -l label]
@@ -7049,8 +7067,8 @@ applications.
use-protocol-buffers
-
false
-
If present, protocol-buffers will be used to request metrics.
+
true
+
Enables using protocol-buffers to access Metrics API.
@@ -7076,7 +7094,7 @@ applications.
kubectl top pod -l name=myLabel
-
Display Resource (CPU/Memory) usage of pods.
+
Display resource (CPU/memory) usage of pods.
The 'top pod' command allows you to see the resource consumption of pods.
Due to the metrics pipeline delay, they may be unavailable for a few minutes since pod creation.
Usage
@@ -7105,6 +7123,12 @@ applications.
If present, print usage of containers within a pod.
+
field-selector
+
+
+
Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.
+
+
no-headers
false
@@ -7125,8 +7149,8 @@ applications.
use-protocol-buffers
-
false
-
If present, protocol-buffers will be used to request metrics.
+
true
+
Enables using protocol-buffers to access Metrics API.
@@ -7138,7 +7162,7 @@ applications.
kubectl api-versions
-
Print the supported API versions on the server, in the form of "group/version"
+
Print the supported API versions on the server, in the form of "group/version".
Usage
$ kubectl api-versions
@@ -7148,6 +7172,11 @@ applications.
$ kubectl certificate SUBCOMMAND
approve
+
+
Approve CSR 'csr-sqgzp'
+
+
kubectl certificate approve csr-sqgzp
+
Approve a certificate signing request.
kubectl certificate approve allows a cluster admin to approve a certificate signing request (CSR). This action tells a certificate signing controller to issue a certificate to the requestor with the attributes requested in the CSR.
SECURITY NOTICE: Depending on the requested attributes, the issued certificate can potentially grant a requester access to cluster resources or to authenticate as a requested identity. Before approving a CSR, ensure you understand what the signed certificate can do.
@@ -7216,6 +7245,11 @@ applications.
deny
+
+
Deny CSR 'csr-sqgzp'
+
+
kubectl certificate deny csr-sqgzp
+
Deny a certificate signing request.
kubectl certificate deny allows a cluster admin to deny a certificate signing request (CSR). This action tells a certificate signing controller to not to issue a certificate to the requestor.
Usage
@@ -7288,7 +7322,7 @@ applications.
kubectl cluster-info
-
Display addresses of the control plane and services with label kubernetes.io/cluster-service=true To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
+
Display addresses of the control plane and services with label kubernetes.io/cluster-service=true. To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
Dumps cluster info out suitable for debugging and diagnosing cluster problems. By default, dumps everything to stdout. You can optionally specify a directory with --output-directory. If you specify a directory, kubernetes will build a set of files in that directory. By default only dumps things in the 'kube-system' namespace, but you can switch to a different namespace with the --namespaces flag, or specify --all-namespaces to dump all namespaces.
-
The command also dumps the logs of all of the pods in the cluster, these logs are dumped into different directories based on namespace and pod name.
+
Dump cluster information out suitable for debugging and diagnosing cluster problems. By default, dumps everything to stdout. You can optionally specify a directory with --output-directory. If you specify a directory, Kubernetes will build a set of files in that directory. By default, only dumps things in the current namespace and 'kube-system' namespace, but you can switch to a different namespace with the --namespaces flag, or specify --all-namespaces to dump all namespaces.
+
The command also dumps the logs of all of the pods in the cluster; these logs are dumped into different directories based on namespace and pod name.
Usage
$ kubectl cluster-info dump
Flags
@@ -7381,7 +7415,7 @@ applications.
cordon
-
Mark node "foo" as unschedulable.
+
Mark node "foo" as unschedulable
kubectl cordon foo
@@ -7416,20 +7450,20 @@ applications.
drain
-
Drain node "foo", even if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet on it.
+
Drain node "foo", even if there are pods not managed by a replication controller, replica set, job, daemon set or stateful set on it
-
$ kubectl drain foo --force
+
kubectl drain foo --force
-
As above, but abort if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet, and use a grace period of 15 minutes.
+
As above, but abort if there are pods not managed by a replication controller, replica set, job, daemon set or stateful set, and use a grace period of 15 minutes
-
$ kubectl drain foo --grace-period=900
+
kubectl drain foo --grace-period=900
Drain node in preparation for maintenance.
-
The given node will be marked unschedulable to prevent new pods from arriving. 'drain' evicts the pods if the APIServer supports http://kubernetes.io/docs/admin/disruptions/ . Otherwise, it will use normal DELETE to delete the pods. The 'drain' evicts or deletes all pods except mirror pods (which cannot be deleted through the API server). If there are DaemonSet-managed pods, drain will not proceed without --ignore-daemonsets, and regardless it will not delete any DaemonSet-managed pods, because those pods would be immediately replaced by the DaemonSet controller, which ignores unschedulable markings. If there are any pods that are neither mirror pods nor managed by ReplicationController, ReplicaSet, DaemonSet, StatefulSet or Job, then drain will not delete any pods unless you use --force. --force will also allow deletion to proceed if the managing resource of one or more pods is missing.
+
The given node will be marked unschedulable to prevent new pods from arriving. 'drain' evicts the pods if the API server supports https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ . Otherwise, it will use normal DELETE to delete the pods. The 'drain' evicts or deletes all pods except mirror pods (which cannot be deleted through the API server). If there are daemon set-managed pods, drain will not proceed without --ignore-daemonsets, and regardless it will not delete any daemon set-managed pods, because those pods would be immediately replaced by the daemon set controller, which ignores unschedulable markings. If there are any pods that are neither mirror pods nor managed by a replication controller, replica set, daemon set, stateful set, or job, then drain will not delete any pods unless you use --force. --force will also allow deletion to proceed if the managing resource of one or more pods is missing.
'drain' waits for graceful termination. You should not operate on the machine until the command completes.
When you are ready to put the node back into service, use kubectl uncordon, which will make the node schedulable again.
Return large lists in chunks rather than all at once. Pass 0 to disable. This flag is beta and may change in the future.
+
+
delete-emptydir-data
false
@@ -7520,12 +7560,12 @@ applications.
taint
-
Update node 'foo' with a taint with key 'dedicated' and value 'special-user' and effect 'NoSchedule'. # If a taint with that key and effect already exists, its value is replaced as specified.
+
Update node 'foo' with a taint with key 'dedicated' and value 'special-user' and effect 'NoSchedule' # If a taint with that key and effect already exists, its value is replaced as specified
Remove from node 'foo' the taint with key 'dedicated' and effect 'NoSchedule' if one exists.
+
Remove from node 'foo' the taint with key 'dedicated' and effect 'NoSchedule' if one exists
kubectltaintnodesfoodedicated:NoSchedule-
@@ -7548,7 +7588,7 @@ applications.
A taint consists of a key, value, and effect. As an argument here, it is expressed as key=value:effect.
The key must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 253 characters.
-
Optionally, the key can begin with a DNS subdomain prefix and a single '/', like example.com/my-app
+
Optionally, the key can begin with a DNS subdomain prefix and a single '/', like example.com/my-app.
The value is optional. If given, it must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters.
The effect must be NoSchedule, PreferNoSchedule or NoExecute.
Currently taint can only apply to node.
@@ -7631,9 +7671,9 @@ applications.
uncordon
-
Mark node "foo" as schedulable.
+
Mark node "foo" as schedulable
-
$ kubectl uncordon foo
+
kubectl uncordon foo
Mark node as schedulable.
Usage
@@ -7672,17 +7712,17 @@ applications.
api-resources
-
Print the supported API Resources
+
Print the supported API resources
kubectl api-resources
-
Print the supported API Resources with more information
+
Print the supported API resources with more information
kubectl api-resources -o wide
-
Print the supported API Resources sorted by a column
+
Print the supported API resources sorted by a column
kubectl api-resources --sort-by=name
@@ -7697,11 +7737,11 @@ applications.
kubectl api-resources --namespaced=false
-
Print the supported API Resources with specific APIGroup
+
Print the supported API resources with a specific APIGroup
kubectl api-resources --api-group=extensions
-
Print the supported API resources on the server
+
Print the supported API resources on the server.
Usage
$ kubectl api-resources
Flags
@@ -7772,12 +7812,12 @@ applications.
brew install bash-completion@2
-
If kubectl is installed via homebrew, this should start working immediately. ## If you've installed via other means, you may need add the completion to your completion directory
+
If kubectl is installed via homebrew, this should start working immediately ## If you've installed via other means, you may need add the completion to your completion directory
Installing bash completion on Linux ## If bash-completion is not installed on Linux, please install the 'bash-completion' package ## via your distribution's package manager. ## Load the kubectl completion code for bash into the current shell
+
Installing bash completion on Linux ## If bash-completion is not installed on Linux, install the 'bash-completion' package ## via your distribution's package manager. ## Load the kubectl completion code for bash into the current shell
source <(kubectl completion bash)
@@ -7805,8 +7845,14 @@ source $HOME/.bash_profile
kubectl completion zsh > "${fpath[1]}/_kubectl"
Output shell completion code for the specified shell (bash or zsh). The shell code must be evaluated to provide interactive completion of kubectl commands. This can be done by sourcing it from the .bash_profile.
Set certificate-authority-data field on the my-cluster cluster.
+
Set the certificate-authority-data field on the my-cluster cluster
kubectl config set clusters.my-cluster.certificate-authority-data $(echo "cert_data_here" | base64 -i -)
-
Set cluster field in the my-context context to my-cluster.
+
Set the cluster field in the my-context context to my-cluster
kubectl config set contexts.my-context.cluster my-cluster
-
Set client-key-data field in the cluster-admin user using --set-raw-bytes option.
+
Set the client-key-data field in the cluster-admin user using --set-raw-bytes option
kubectl config set users.cluster-admin.client-key-data cert_data_here --set-raw-bytes=true
-
Sets an individual value in a kubeconfig file
+
Set an individual value in a kubeconfig file.
PROPERTY_NAME is a dot delimited name where each token represents either an attribute name or a map key. Map keys may not contain dots.
-
PROPERTY_VALUE is the new value you wish to set. Binary fields such as 'certificate-authority-data' expect a base64 encoded string unless the --set-raw-bytes flag is used.
-
Specifying a attribute name that already exists will merge new fields on top of existing values.
+
PROPERTY_VALUE is the new value you want to set. Binary fields such as 'certificate-authority-data' expect a base64 encoded string unless the --set-raw-bytes flag is used.
+
Specifying an attribute name that already exists will merge new fields on top of existing values.
Usage
$ kubectl config set PROPERTY_NAME PROPERTY_VALUE
Flags
@@ -7983,7 +8029,7 @@ source $HOME/.bash_profile
set-cluster
-
Set only the server field on the e2e cluster entry without touching other values.
+
Set only the server field on the e2e cluster entry without touching other values
Show merged kubeconfig settings and raw certificate data.
+
Show merged kubeconfig settings and raw certificate data
kubectl config view --raw
@@ -8293,7 +8339,7 @@ source $HOME/.bash_profile
kubectlexplainpods.spec.containers
-
List the fields for supported resources
+
List the fields for supported resources.
This command describes the fields associated with each supported API resource. Fields are identified via a simple JSONPath identifier:
<type>.<fieldName>[.<fieldName>]
Add the --recursive flag to display all of the fields at once without descriptions. Information about each field is retrieved from the server in OpenAPI format.
@@ -8374,7 +8420,7 @@ source $HOME/.bash_profile
kubectl version
-
Print the client and server version information for the current context
+
Print the client and server version information for the current context.
What action was taken/failed regarding to the Regarding object.
+
action string
action is what action was taken/failed regarding to the regarding object. It is machine-readable. This field cannot be empty for new Events and it can have at most 128 characters.
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
eventTime is the time when this Event was first observed. It is required.
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
note is a human-readable description of the status of this operation. Maximal length of the note is 1kB, but libraries should be prepared to handle values up to 64kB.
+
reason string
reason is why the action was taken. It is human-readable. This field cannot be empty for new Events and it can have at most 128 characters.
regarding contains the object this Event is about. In most cases it's an Object reporting controller implements, e.g. ReplicaSetController implements ReplicaSets and this event is emitted because it acts on some changes in a ReplicaSet object.
related is the optional secondary object for more complex actions. E.g. when regarding object triggers a creation or deletion of related object.
+
reportingController string
reportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. This field cannot be empty for new Events.
+
reportingInstance string
reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`. This field cannot be empty for new Events and it can have at most 128 characters.
series is data about the Event series this event represents or nil if it's a singleton Event.
+
type string
type is the type of this event (Normal, Warning), new types could be added in the future. It is machine-readable. This field cannot be empty for new Events.
-
EventList v1 core
+
EventList v1 events
Field
Description
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
watch changes to an object of kind Event. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. Required, must not be nil.
-
EventSeries v1 core
+
EventSeries v1 events.k8s.io
Group
Version
Kind
-
core
v1
EventSeries
+
events.k8s.io
v1
EventSeries
-
EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time.
+
EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time. How often to update the EventSeries is up to the event reporters. The default event reporter in "k8s.io/client-go/tools/events/event_broadcaster.go" shows how this struct is updated on heartbeats and can guide customized reporter implementations.
action is what action was taken/failed regarding to the regarding object. It is machine-readable. This field cannot be empty for new Events and it can have at most 128 characters.
+
action string
What action was taken/failed regarding to the Regarding object.
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-
deprecatedCount integer
deprecatedCount is the deprecated field assuring backward compatibility with core.v1 Event type.
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
note is a human-readable description of the status of this operation. Maximal length of the note is 1kB, but libraries should be prepared to handle values up to 64kB.
-
reason string
reason is why the action was taken. It is human-readable. This field cannot be empty for new Events and it can have at most 128 characters.
regarding contains the object this Event is about. In most cases it's an Object reporting controller implements, e.g. ReplicaSetController implements ReplicaSets and this event is emitted because it acts on some changes in a ReplicaSet object.
related is the optional secondary object for more complex actions. E.g. when regarding object triggers a creation or deletion of related object.
-
reportingController string
reportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. This field cannot be empty for new Events.
-
reportingInstance string
reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`. This field cannot be empty for new Events and it can have at most 128 characters.
series is data about the Event series this event represents or nil if it's a singleton Event.
-
type string
type is the type of this event (Normal, Warning), new types could be added in the future. It is machine-readable. This field cannot be empty for new Events.
The component reporting this event. Should be a short machine understandable string.
+
type string
Type of this event (Normal, Warning), new types could be added in the future
-
EventList v1 events
+
EventList v1 core
Field
Description
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
watch changes to an object of kind Event. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
@@ -41371,8 +41371,8 @@ The contents of the target Secret's Data field will be presented in a volume
Other API versions of this object exist:
-v1v1
+v1
Appears In:
diff --git a/static/docs/reference/generated/kubernetes-api/v1.20/js/navData.js b/static/docs/reference/generated/kubernetes-api/v1.20/js/navData.js
index df9f1cb57d..939dfeb183 100644
--- a/static/docs/reference/generated/kubernetes-api/v1.20/js/navData.js
+++ b/static/docs/reference/generated/kubernetes-api/v1.20/js/navData.js
@@ -1 +1 @@
-(function(){navData={"toc":[{"section":"webhookclientconfig-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"webhookclientconfig-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"webhookclientconfig-v1-apiextensions-k8s-io","subsections":[]},{"section":"volumenoderesources-v1beta1-storage-k8s-io","subsections":[]},{"section":"volumeerror-v1alpha1-storage-k8s-io","subsections":[]},{"section":"volumeerror-v1beta1-storage-k8s-io","subsections":[]},{"section":"volumeattachmentsource-v1alpha1-storage-k8s-io","subsections":[]},{"section":"volumeattachmentsource-v1beta1-storage-k8s-io","subsections":[]},{"section":"volumeattachment-v1alpha1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-volumeattachment-v1alpha1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"watch-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"list-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"read-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-volumeattachment-v1alpha1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"delete-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"replace-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"patch-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"create-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]}]}]},{"section":"volumeattachment-v1beta1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-volumeattachment-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-volumeattachment-v1beta1-storage-k8s-io","subsections":[]},{"section":"watch-volumeattachment-v1beta1-storage-k8s-io","subsections":[]},{"section":"list-volumeattachment-v1beta1-storage-k8s-io","subsections":[]},{"section":"read-volumeattachment-v1beta1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-volumeattachment-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-volumeattachment-v1beta1-storage-k8s-io","subsections":[]},{"section":"delete-volumeattachment-v1beta1-storage-k8s-io","subsections":[]},{"section":"replace-volumeattachment-v1beta1-storage-k8s-io","subsections":[]},{"section":"patch-volumeattachment-v1beta1-storage-k8s-io","subsections":[]},{"section":"create-volumeattachment-v1beta1-storage-k8s-io","subsections":[]}]}]},{"section":"validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[{"section":"-strong-read-operations-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","subsections":[{"section":"watch-list-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"watch-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"list-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"read-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"delete-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"replace-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"patch-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"create-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]}]}]},{"section":"validatingwebhook-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"usersubject-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"userinfo-v1beta1-authentication-k8s-io","subsections":[]},{"section":"tokenreview-v1beta1-authentication-k8s-io","subsections":[{"section":"-strong-write-operations-tokenreview-v1beta1-authentication-k8s-io-strong-","subsections":[{"section":"create-tokenreview-v1beta1-authentication-k8s-io","subsections":[]}]}]},{"section":"tokenrequest-v1beta1-storage-k8s-io","subsections":[]},{"section":"tokenrequest-v1-storage-k8s-io","subsections":[]},{"section":"subjectrulesreviewstatus-v1beta1-authorization-k8s-io","subsections":[]},{"section":"subjectaccessreview-v1beta1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-subjectaccessreview-v1beta1-authorization-k8s-io-strong-","subsections":[{"section":"create-subjectaccessreview-v1beta1-authorization-k8s-io","subsections":[]}]}]},{"section":"subject-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"subject-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"subject-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"subject-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"storageclass-v1beta1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-storageclass-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-storageclass-v1beta1-storage-k8s-io","subsections":[]},{"section":"watch-storageclass-v1beta1-storage-k8s-io","subsections":[]},{"section":"list-storageclass-v1beta1-storage-k8s-io","subsections":[]},{"section":"read-storageclass-v1beta1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-storageclass-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-storageclass-v1beta1-storage-k8s-io","subsections":[]},{"section":"delete-storageclass-v1beta1-storage-k8s-io","subsections":[]},{"section":"replace-storageclass-v1beta1-storage-k8s-io","subsections":[]},{"section":"patch-storageclass-v1beta1-storage-k8s-io","subsections":[]},{"section":"create-storageclass-v1beta1-storage-k8s-io","subsections":[]}]}]},{"section":"servicereference-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"servicereference-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"servicereference-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"servicereference-v1-apiregistration-k8s-io","subsections":[]},{"section":"servicereference-v1-apiextensions-k8s-io","subsections":[]},{"section":"serviceaccountsubject-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"selfsubjectrulesreview-v1beta1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-selfsubjectrulesreview-v1beta1-authorization-k8s-io-strong-","subsections":[{"section":"create-selfsubjectrulesreview-v1beta1-authorization-k8s-io","subsections":[]}]}]},{"section":"selfsubjectaccessreview-v1beta1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-selfsubjectaccessreview-v1beta1-authorization-k8s-io-strong-","subsections":[{"section":"create-selfsubjectaccessreview-v1beta1-authorization-k8s-io","subsections":[]}]}]},{"section":"scheduling-v1alpha1-node-k8s-io","subsections":[]},{"section":"scheduling-v1beta1-node-k8s-io","subsections":[]},{"section":"runtimeclass-v1alpha1-node-k8s-io","subsections":[{"section":"-strong-read-operations-runtimeclass-v1alpha1-node-k8s-io-strong-","subsections":[{"section":"watch-list-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"watch-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"list-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"read-runtimeclass-v1alpha1-node-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-runtimeclass-v1alpha1-node-k8s-io-strong-","subsections":[{"section":"delete-collection-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"delete-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"replace-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"patch-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"create-runtimeclass-v1alpha1-node-k8s-io","subsections":[]}]}]},{"section":"runtimeclass-v1beta1-node-k8s-io","subsections":[{"section":"-strong-read-operations-runtimeclass-v1beta1-node-k8s-io-strong-","subsections":[{"section":"watch-list-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"watch-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"list-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"read-runtimeclass-v1beta1-node-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-runtimeclass-v1beta1-node-k8s-io-strong-","subsections":[{"section":"delete-collection-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"delete-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"replace-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"patch-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"create-runtimeclass-v1beta1-node-k8s-io","subsections":[]}]}]},{"section":"rulewithoperations-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"roleref-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"roleref-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-rolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-rolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-rolebinding-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-rolebinding-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"role-v1alpha1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-role-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-role-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"role-v1beta1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-role-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-role-v1beta1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-role-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-role-v1beta1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"resourcerule-v1beta1-authorization-k8s-io","subsections":[]},{"section":"resourcepolicyrule-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"resourcemetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"resourcemetricsource-v2beta1-autoscaling","subsections":[]},{"section":"resourceattributes-v1beta1-authorization-k8s-io","subsections":[]},{"section":"queuingconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"prioritylevelconfigurationreference-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"prioritylevelconfigurationcondition-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[{"section":"-strong-status-operations-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"replace-status-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-status-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-status-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"watch-list-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"watch-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"list-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"delete-collection-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"delete-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"replace-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"create-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]}]}]},{"section":"priorityclass-v1alpha1-scheduling-k8s-io","subsections":[{"section":"-strong-read-operations-priorityclass-v1alpha1-scheduling-k8s-io-strong-","subsections":[{"section":"watch-list-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"watch-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"list-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"read-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-priorityclass-v1alpha1-scheduling-k8s-io-strong-","subsections":[{"section":"delete-collection-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"delete-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"replace-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"patch-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"create-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]}]}]},{"section":"priorityclass-v1beta1-scheduling-k8s-io","subsections":[{"section":"-strong-read-operations-priorityclass-v1beta1-scheduling-k8s-io-strong-","subsections":[{"section":"watch-list-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]},{"section":"watch-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]},{"section":"list-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]},{"section":"read-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-priorityclass-v1beta1-scheduling-k8s-io-strong-","subsections":[{"section":"delete-collection-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]},{"section":"delete-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]},{"section":"replace-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]},{"section":"patch-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]},{"section":"create-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]}]}]},{"section":"policyruleswithsubjects-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"policyrule-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"policyrule-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"podsmetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"podsmetricsource-v2beta1-autoscaling","subsections":[]},{"section":"overhead-v1alpha1-node-k8s-io","subsections":[]},{"section":"overhead-v1beta1-node-k8s-io","subsections":[]},{"section":"objectmetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"objectmetricsource-v2beta1-autoscaling","subsections":[]},{"section":"nonresourcerule-v1beta1-authorization-k8s-io","subsections":[]},{"section":"nonresourcepolicyrule-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"nonresourceattributes-v1beta1-authorization-k8s-io","subsections":[]},{"section":"mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[{"section":"-strong-read-operations-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","subsections":[{"section":"watch-list-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"watch-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"list-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"read-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"delete-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"replace-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"patch-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"create-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]}]}]},{"section":"mutatingwebhook-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"metricstatus-v2beta1-autoscaling","subsections":[]},{"section":"metricspec-v2beta1-autoscaling","subsections":[]},{"section":"localsubjectaccessreview-v1beta1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-localsubjectaccessreview-v1beta1-authorization-k8s-io-strong-","subsections":[{"section":"create-localsubjectaccessreview-v1beta1-authorization-k8s-io","subsections":[]}]}]},{"section":"limitedprioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"limitresponse-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"lease-v1beta1-coordination-k8s-io","subsections":[{"section":"-strong-read-operations-lease-v1beta1-coordination-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"watch-list-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"watch-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"list-all-namespaces-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"list-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"read-lease-v1beta1-coordination-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-lease-v1beta1-coordination-k8s-io-strong-","subsections":[{"section":"delete-collection-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"delete-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"replace-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"patch-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"create-lease-v1beta1-coordination-k8s-io","subsections":[]}]}]},{"section":"jobtemplatespec-v2alpha1-batch","subsections":[]},{"section":"jsonschemapropsorbool-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"jsonschemapropsorarray-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"jsonschemaprops-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"json-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"ingresstls-v1beta1-networking-k8s-io","subsections":[]},{"section":"ingresstls-v1beta1-extensions","subsections":[]},{"section":"ingressrule-v1beta1-networking-k8s-io","subsections":[]},{"section":"ingressrule-v1beta1-extensions","subsections":[]},{"section":"ingressclass-v1beta1-networking-k8s-io","subsections":[{"section":"-strong-read-operations-ingressclass-v1beta1-networking-k8s-io-strong-","subsections":[{"section":"watch-list-ingressclass-v1beta1-networking-k8s-io","subsections":[]},{"section":"watch-ingressclass-v1beta1-networking-k8s-io","subsections":[]},{"section":"list-ingressclass-v1beta1-networking-k8s-io","subsections":[]},{"section":"read-ingressclass-v1beta1-networking-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-ingressclass-v1beta1-networking-k8s-io-strong-","subsections":[{"section":"delete-collection-ingressclass-v1beta1-networking-k8s-io","subsections":[]},{"section":"delete-ingressclass-v1beta1-networking-k8s-io","subsections":[]},{"section":"replace-ingressclass-v1beta1-networking-k8s-io","subsections":[]},{"section":"patch-ingressclass-v1beta1-networking-k8s-io","subsections":[]},{"section":"create-ingressclass-v1beta1-networking-k8s-io","subsections":[]}]}]},{"section":"ingressbackend-v1beta1-networking-k8s-io","subsections":[]},{"section":"ingressbackend-v1beta1-extensions","subsections":[]},{"section":"ingress-v1beta1-networking-k8s-io","subsections":[{"section":"-strong-status-operations-ingress-v1beta1-networking-k8s-io-strong-","subsections":[{"section":"replace-status-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"read-status-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"patch-status-ingress-v1beta1-networking-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-ingress-v1beta1-networking-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"watch-list-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"watch-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"list-all-namespaces-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"list-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"read-ingress-v1beta1-networking-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-ingress-v1beta1-networking-k8s-io-strong-","subsections":[{"section":"delete-collection-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"delete-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"replace-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"patch-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"create-ingress-v1beta1-networking-k8s-io","subsections":[]}]}]},{"section":"ingress-v1beta1-extensions","subsections":[{"section":"-strong-status-operations-ingress-v1beta1-extensions-strong-","subsections":[{"section":"replace-status-ingress-v1beta1-extensions","subsections":[]},{"section":"read-status-ingress-v1beta1-extensions","subsections":[]},{"section":"patch-status-ingress-v1beta1-extensions","subsections":[]}]},{"section":"-strong-read-operations-ingress-v1beta1-extensions-strong-","subsections":[{"section":"watch-list-all-namespaces-ingress-v1beta1-extensions","subsections":[]},{"section":"watch-list-ingress-v1beta1-extensions","subsections":[]},{"section":"watch-ingress-v1beta1-extensions","subsections":[]},{"section":"list-all-namespaces-ingress-v1beta1-extensions","subsections":[]},{"section":"list-ingress-v1beta1-extensions","subsections":[]},{"section":"read-ingress-v1beta1-extensions","subsections":[]}]},{"section":"-strong-write-operations-ingress-v1beta1-extensions-strong-","subsections":[{"section":"delete-collection-ingress-v1beta1-extensions","subsections":[]},{"section":"delete-ingress-v1beta1-extensions","subsections":[]},{"section":"replace-ingress-v1beta1-extensions","subsections":[]},{"section":"patch-ingress-v1beta1-extensions","subsections":[]},{"section":"create-ingress-v1beta1-extensions","subsections":[]}]}]},{"section":"horizontalpodautoscalercondition-v2beta1-autoscaling","subsections":[]},{"section":"horizontalpodautoscaler-v2beta1-autoscaling","subsections":[{"section":"-strong-status-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","subsections":[{"section":"replace-status-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"read-status-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"patch-status-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]}]},{"section":"-strong-read-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","subsections":[{"section":"watch-list-all-namespaces-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"watch-list-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"watch-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"list-all-namespaces-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"list-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"read-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]}]},{"section":"-strong-write-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","subsections":[{"section":"delete-collection-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"delete-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"replace-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"patch-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"create-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]}]}]},{"section":"horizontalpodautoscaler-v2beta2-autoscaling","subsections":[{"section":"-strong-status-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","subsections":[{"section":"replace-status-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"read-status-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"patch-status-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]}]},{"section":"-strong-read-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","subsections":[{"section":"watch-list-all-namespaces-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"watch-list-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"watch-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"list-all-namespaces-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"list-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"read-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]}]},{"section":"-strong-write-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","subsections":[{"section":"delete-collection-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"delete-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"replace-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"patch-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"create-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]}]}]},{"section":"httpingressrulevalue-v1beta1-networking-k8s-io","subsections":[]},{"section":"httpingressrulevalue-v1beta1-extensions","subsections":[]},{"section":"httpingresspath-v1beta1-networking-k8s-io","subsections":[]},{"section":"httpingresspath-v1beta1-extensions","subsections":[]},{"section":"groupsubject-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"flowschemacondition-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[{"section":"-strong-status-operations-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"replace-status-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-status-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-status-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"watch-list-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"watch-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"list-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"delete-collection-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"delete-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"replace-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"create-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]}]}]},{"section":"flowdistinguishermethod-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"externalmetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"externalmetricsource-v2beta1-autoscaling","subsections":[]},{"section":"externaldocumentation-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"eventseries-v1beta1-events-k8s-io","subsections":[]},{"section":"eventseries-v1-events-k8s-io","subsections":[]},{"section":"event-v1beta1-events-k8s-io","subsections":[{"section":"-strong-read-operations-event-v1beta1-events-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-event-v1beta1-events-k8s-io","subsections":[]},{"section":"watch-list-event-v1beta1-events-k8s-io","subsections":[]},{"section":"watch-event-v1beta1-events-k8s-io","subsections":[]},{"section":"list-all-namespaces-event-v1beta1-events-k8s-io","subsections":[]},{"section":"list-event-v1beta1-events-k8s-io","subsections":[]},{"section":"read-event-v1beta1-events-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-event-v1beta1-events-k8s-io-strong-","subsections":[{"section":"delete-collection-event-v1beta1-events-k8s-io","subsections":[]},{"section":"delete-event-v1beta1-events-k8s-io","subsections":[]},{"section":"replace-event-v1beta1-events-k8s-io","subsections":[]},{"section":"patch-event-v1beta1-events-k8s-io","subsections":[]},{"section":"create-event-v1beta1-events-k8s-io","subsections":[]}]}]},{"section":"event-v1-events-k8s-io","subsections":[{"section":"-strong-read-operations-event-v1-events-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-event-v1-events-k8s-io","subsections":[]},{"section":"watch-list-event-v1-events-k8s-io","subsections":[]},{"section":"watch-event-v1-events-k8s-io","subsections":[]},{"section":"list-all-namespaces-event-v1-events-k8s-io","subsections":[]},{"section":"list-event-v1-events-k8s-io","subsections":[]},{"section":"read-event-v1-events-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-event-v1-events-k8s-io-strong-","subsections":[{"section":"delete-collection-event-v1-events-k8s-io","subsections":[]},{"section":"delete-event-v1-events-k8s-io","subsections":[]},{"section":"replace-event-v1-events-k8s-io","subsections":[]},{"section":"patch-event-v1-events-k8s-io","subsections":[]},{"section":"create-event-v1-events-k8s-io","subsections":[]}]}]},{"section":"endpointport-v1beta1-discovery-k8s-io","subsections":[]},{"section":"customresourcevalidation-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresources-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresourcestatus-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresourcescale-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitionversion-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitionnames-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitioncondition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[{"section":"-strong-status-operations-customresourcedefinition-v1beta1-apiextensions-k8s-io-strong-","subsections":[{"section":"replace-status-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"read-status-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"patch-status-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-customresourcedefinition-v1beta1-apiextensions-k8s-io-strong-","subsections":[{"section":"watch-list-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"watch-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"list-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"read-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-customresourcedefinition-v1beta1-apiextensions-k8s-io-strong-","subsections":[{"section":"delete-collection-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"delete-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"replace-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"patch-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"create-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]}]}]},{"section":"customresourceconversion-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcecolumndefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"crossversionobjectreference-v2beta1-autoscaling","subsections":[]},{"section":"crossversionobjectreference-v2beta2-autoscaling","subsections":[]},{"section":"cronjob-v2alpha1-batch","subsections":[{"section":"-strong-status-operations-cronjob-v2alpha1-batch-strong-","subsections":[{"section":"replace-status-cronjob-v2alpha1-batch","subsections":[]},{"section":"read-status-cronjob-v2alpha1-batch","subsections":[]},{"section":"patch-status-cronjob-v2alpha1-batch","subsections":[]}]},{"section":"-strong-read-operations-cronjob-v2alpha1-batch-strong-","subsections":[{"section":"watch-list-all-namespaces-cronjob-v2alpha1-batch","subsections":[]},{"section":"watch-list-cronjob-v2alpha1-batch","subsections":[]},{"section":"watch-cronjob-v2alpha1-batch","subsections":[]},{"section":"list-all-namespaces-cronjob-v2alpha1-batch","subsections":[]},{"section":"list-cronjob-v2alpha1-batch","subsections":[]},{"section":"read-cronjob-v2alpha1-batch","subsections":[]}]},{"section":"-strong-write-operations-cronjob-v2alpha1-batch-strong-","subsections":[{"section":"delete-collection-cronjob-v2alpha1-batch","subsections":[]},{"section":"delete-cronjob-v2alpha1-batch","subsections":[]},{"section":"replace-cronjob-v2alpha1-batch","subsections":[]},{"section":"patch-cronjob-v2alpha1-batch","subsections":[]},{"section":"create-cronjob-v2alpha1-batch","subsections":[]}]}]},{"section":"containerresourcemetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"containerresourcemetricsource-v2beta1-autoscaling","subsections":[]},{"section":"clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrolebinding-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrolebinding-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrole-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrole-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrole-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrole-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"certificatesigningrequestcondition-v1beta1-certificates-k8s-io","subsections":[]},{"section":"certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[{"section":"-strong-status-operations-certificatesigningrequest-v1beta1-certificates-k8s-io-strong-","subsections":[{"section":"replace-status-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"read-status-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"patch-status-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-certificatesigningrequest-v1beta1-certificates-k8s-io-strong-","subsections":[{"section":"watch-list-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"watch-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"list-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"read-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-certificatesigningrequest-v1beta1-certificates-k8s-io-strong-","subsections":[{"section":"delete-collection-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"delete-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"replace-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"patch-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"create-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]}]}]},{"section":"csinodedriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"csinode-v1beta1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-csinode-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-csinode-v1beta1-storage-k8s-io","subsections":[]},{"section":"watch-csinode-v1beta1-storage-k8s-io","subsections":[]},{"section":"list-csinode-v1beta1-storage-k8s-io","subsections":[]},{"section":"read-csinode-v1beta1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-csinode-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-csinode-v1beta1-storage-k8s-io","subsections":[]},{"section":"delete-csinode-v1beta1-storage-k8s-io","subsections":[]},{"section":"replace-csinode-v1beta1-storage-k8s-io","subsections":[]},{"section":"patch-csinode-v1beta1-storage-k8s-io","subsections":[]},{"section":"create-csinode-v1beta1-storage-k8s-io","subsections":[]}]}]},{"section":"csidriver-v1beta1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-csidriver-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-csidriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"watch-csidriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"list-csidriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"read-csidriver-v1beta1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-csidriver-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-csidriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"delete-csidriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"replace-csidriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"patch-csidriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"create-csidriver-v1beta1-storage-k8s-io","subsections":[]}]}]},{"section":"aggregationrule-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"aggregationrule-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"apiservicecondition-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"apiservice-v1beta1-apiregistration-k8s-io","subsections":[{"section":"-strong-status-operations-apiservice-v1beta1-apiregistration-k8s-io-strong-","subsections":[{"section":"replace-status-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"read-status-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"patch-status-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-apiservice-v1beta1-apiregistration-k8s-io-strong-","subsections":[{"section":"watch-list-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"watch-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"list-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"read-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-apiservice-v1beta1-apiregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"delete-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"replace-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"patch-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"create-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]}]}]},{"section":"-strong-old-api-versions-strong-","subsections":[]},{"section":"windowssecuritycontextoptions-v1-core","subsections":[]},{"section":"weightedpodaffinityterm-v1-core","subsections":[]},{"section":"webhookconversion-v1-apiextensions-k8s-io","subsections":[]},{"section":"webhookclientconfig-v1-admissionregistration-k8s-io","subsections":[]},{"section":"watchevent-v1-meta","subsections":[]},{"section":"vspherevirtualdiskvolumesource-v1-core","subsections":[]},{"section":"volumeprojection-v1-core","subsections":[]},{"section":"volumenoderesources-v1-storage-k8s-io","subsections":[]},{"section":"volumenodeaffinity-v1-core","subsections":[]},{"section":"volumemount-v1-core","subsections":[]},{"section":"volumeerror-v1-storage-k8s-io","subsections":[]},{"section":"volumedevice-v1-core","subsections":[]},{"section":"volumeattachmentsource-v1-storage-k8s-io","subsections":[]},{"section":"validatingwebhook-v1-admissionregistration-k8s-io","subsections":[]},{"section":"usersubject-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"userinfo-v1-authentication-k8s-io","subsections":[]},{"section":"typedlocalobjectreference-v1-core","subsections":[]},{"section":"topologyspreadconstraint-v1-core","subsections":[]},{"section":"topologyselectorterm-v1-core","subsections":[]},{"section":"topologyselectorlabelrequirement-v1-core","subsections":[]},{"section":"toleration-v1-core","subsections":[]},{"section":"time-v1-meta","subsections":[]},{"section":"taint-v1-core","subsections":[]},{"section":"tcpsocketaction-v1-core","subsections":[]},{"section":"sysctl-v1-core","subsections":[]},{"section":"supplementalgroupsstrategyoptions-v1beta1-policy","subsections":[]},{"section":"subjectrulesreviewstatus-v1-authorization-k8s-io","subsections":[]},{"section":"subject-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"storageversioncondition-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"storageosvolumesource-v1-core","subsections":[]},{"section":"storageospersistentvolumesource-v1-core","subsections":[]},{"section":"statusdetails-v1-meta","subsections":[]},{"section":"statuscause-v1-meta","subsections":[]},{"section":"status-v1-meta","subsections":[]},{"section":"statefulsetupdatestrategy-v1-apps","subsections":[]},{"section":"statefulsetcondition-v1-apps","subsections":[]},{"section":"sessionaffinityconfig-v1-core","subsections":[]},{"section":"servicereference-v1-admissionregistration-k8s-io","subsections":[]},{"section":"serviceport-v1-core","subsections":[]},{"section":"servicebackendport-v1-networking-k8s-io","subsections":[]},{"section":"serviceaccounttokenprojection-v1-core","subsections":[]},{"section":"serviceaccountsubject-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"serverstorageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"serveraddressbyclientcidr-v1-meta","subsections":[]},{"section":"securitycontext-v1-core","subsections":[]},{"section":"secretvolumesource-v1-core","subsections":[]},{"section":"secretreference-v1-core","subsections":[]},{"section":"secretprojection-v1-core","subsections":[]},{"section":"secretkeyselector-v1-core","subsections":[]},{"section":"secretenvsource-v1-core","subsections":[]},{"section":"seccompprofile-v1-core","subsections":[]},{"section":"scopedresourceselectorrequirement-v1-core","subsections":[]},{"section":"scopeselector-v1-core","subsections":[]},{"section":"scheduling-v1-node-k8s-io","subsections":[]},{"section":"scaleiovolumesource-v1-core","subsections":[]},{"section":"scaleiopersistentvolumesource-v1-core","subsections":[]},{"section":"scale-v1-autoscaling","subsections":[]},{"section":"selinuxstrategyoptions-v1beta1-policy","subsections":[]},{"section":"selinuxoptions-v1-core","subsections":[]},{"section":"runtimeclassstrategyoptions-v1beta1-policy","subsections":[]},{"section":"runasuserstrategyoptions-v1beta1-policy","subsections":[]},{"section":"runasgroupstrategyoptions-v1beta1-policy","subsections":[]},{"section":"rulewithoperations-v1-admissionregistration-k8s-io","subsections":[]},{"section":"rollingupdatestatefulsetstrategy-v1-apps","subsections":[]},{"section":"roleref-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"resourcerule-v1-authorization-k8s-io","subsections":[]},{"section":"resourcerequirements-v1-core","subsections":[]},{"section":"resourcepolicyrule-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"resourcemetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"resourcemetricsource-v2beta2-autoscaling","subsections":[]},{"section":"resourcefieldselector-v1-core","subsections":[]},{"section":"resourceattributes-v1-authorization-k8s-io","subsections":[]},{"section":"replicationcontrollercondition-v1-core","subsections":[]},{"section":"replicasetcondition-v1-apps","subsections":[]},{"section":"rbdvolumesource-v1-core","subsections":[]},{"section":"rbdpersistentvolumesource-v1-core","subsections":[]},{"section":"quobytevolumesource-v1-core","subsections":[]},{"section":"queuingconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"quantity-resource-core","subsections":[]},{"section":"projectedvolumesource-v1-core","subsections":[]},{"section":"probe-v1-core","subsections":[]},{"section":"prioritylevelconfigurationreference-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"prioritylevelconfigurationcondition-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"preferredschedulingterm-v1-core","subsections":[]},{"section":"preconditions-v1-meta","subsections":[]},{"section":"portworxvolumesource-v1-core","subsections":[]},{"section":"portstatus-v1-core","subsections":[]},{"section":"policyruleswithsubjects-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"policyrule-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"podsmetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"podsmetricsource-v2beta2-autoscaling","subsections":[]},{"section":"podsecuritycontext-v1-core","subsections":[]},{"section":"podreadinessgate-v1-core","subsections":[]},{"section":"podip-v1-core","subsections":[]},{"section":"poddnsconfigoption-v1-core","subsections":[]},{"section":"poddnsconfig-v1-core","subsections":[]},{"section":"podcondition-v1-core","subsections":[]},{"section":"podantiaffinity-v1-core","subsections":[]},{"section":"podaffinityterm-v1-core","subsections":[]},{"section":"podaffinity-v1-core","subsections":[]},{"section":"photonpersistentdiskvolumesource-v1-core","subsections":[]},{"section":"persistentvolumeclaimvolumesource-v1-core","subsections":[]},{"section":"persistentvolumeclaimtemplate-v1-core","subsections":[]},{"section":"persistentvolumeclaimcondition-v1-core","subsections":[]},{"section":"patch-v1-meta","subsections":[]},{"section":"ownerreference-v1-meta","subsections":[]},{"section":"overhead-v1-node-k8s-io","subsections":[]},{"section":"objectreference-v1-core","subsections":[]},{"section":"objectmetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"objectmetricsource-v2beta2-autoscaling","subsections":[]},{"section":"objectmeta-v1-meta","subsections":[]},{"section":"objectfieldselector-v1-core","subsections":[]},{"section":"nonresourcerule-v1-authorization-k8s-io","subsections":[]},{"section":"nonresourcepolicyrule-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"nonresourceattributes-v1-authorization-k8s-io","subsections":[]},{"section":"nodesysteminfo-v1-core","subsections":[]},{"section":"nodeselectorterm-v1-core","subsections":[]},{"section":"nodeselectorrequirement-v1-core","subsections":[]},{"section":"nodeselector-v1-core","subsections":[]},{"section":"nodedaemonendpoints-v1-core","subsections":[]},{"section":"nodeconfigstatus-v1-core","subsections":[]},{"section":"nodeconfigsource-v1-core","subsections":[]},{"section":"nodecondition-v1-core","subsections":[]},{"section":"nodeaffinity-v1-core","subsections":[]},{"section":"nodeaddress-v1-core","subsections":[]},{"section":"networkpolicyport-v1-networking-k8s-io","subsections":[]},{"section":"networkpolicypeer-v1-networking-k8s-io","subsections":[]},{"section":"networkpolicyingressrule-v1-networking-k8s-io","subsections":[]},{"section":"networkpolicyegressrule-v1-networking-k8s-io","subsections":[]},{"section":"namespacecondition-v1-core","subsections":[]},{"section":"nfsvolumesource-v1-core","subsections":[]},{"section":"mutatingwebhook-v1-admissionregistration-k8s-io","subsections":[]},{"section":"microtime-v1-meta","subsections":[]},{"section":"metricvaluestatus-v2beta2-autoscaling","subsections":[]},{"section":"metrictarget-v2beta2-autoscaling","subsections":[]},{"section":"metricstatus-v2beta2-autoscaling","subsections":[]},{"section":"metricspec-v2beta2-autoscaling","subsections":[]},{"section":"metricidentifier-v2beta2-autoscaling","subsections":[]},{"section":"managedfieldsentry-v1-meta","subsections":[]},{"section":"localvolumesource-v1-core","subsections":[]},{"section":"localobjectreference-v1-core","subsections":[]},{"section":"loadbalancerstatus-v1-core","subsections":[]},{"section":"loadbalanceringress-v1-core","subsections":[]},{"section":"listmeta-v1-meta","subsections":[]},{"section":"limitedprioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"limitresponse-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"limitrangeitem-v1-core","subsections":[]},{"section":"lifecycle-v1-core","subsections":[]},{"section":"labelselectorrequirement-v1-meta","subsections":[]},{"section":"labelselector-v1-meta","subsections":[]},{"section":"keytopath-v1-core","subsections":[]},{"section":"jobtemplatespec-v1beta1-batch","subsections":[]},{"section":"jobcondition-v1-batch","subsections":[]},{"section":"jsonschemapropsorbool-v1-apiextensions-k8s-io","subsections":[]},{"section":"jsonschemapropsorarray-v1-apiextensions-k8s-io","subsections":[]},{"section":"jsonschemaprops-v1-apiextensions-k8s-io","subsections":[]},{"section":"json-v1-apiextensions-k8s-io","subsections":[]},{"section":"ingresstls-v1-networking-k8s-io","subsections":[]},{"section":"ingressservicebackend-v1-networking-k8s-io","subsections":[]},{"section":"ingressrule-v1-networking-k8s-io","subsections":[]},{"section":"ingressbackend-v1-networking-k8s-io","subsections":[]},{"section":"iscsivolumesource-v1-core","subsections":[]},{"section":"iscsipersistentvolumesource-v1-core","subsections":[]},{"section":"ipblock-v1-networking-k8s-io","subsections":[]},{"section":"idrange-v1beta1-policy","subsections":[]},{"section":"hostportrange-v1beta1-policy","subsections":[]},{"section":"hostpathvolumesource-v1-core","subsections":[]},{"section":"hostalias-v1-core","subsections":[]},{"section":"horizontalpodautoscalercondition-v2beta2-autoscaling","subsections":[]},{"section":"horizontalpodautoscalerbehavior-v2beta2-autoscaling","subsections":[]},{"section":"handler-v1-core","subsections":[]},{"section":"httpingressrulevalue-v1-networking-k8s-io","subsections":[]},{"section":"httpingresspath-v1-networking-k8s-io","subsections":[]},{"section":"httpheader-v1-core","subsections":[]},{"section":"httpgetaction-v1-core","subsections":[]},{"section":"hpascalingrules-v2beta2-autoscaling","subsections":[]},{"section":"hpascalingpolicy-v2beta2-autoscaling","subsections":[]},{"section":"groupversionfordiscovery-v1-meta","subsections":[]},{"section":"groupsubject-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"glusterfsvolumesource-v1-core","subsections":[]},{"section":"glusterfspersistentvolumesource-v1-core","subsections":[]},{"section":"gitrepovolumesource-v1-core","subsections":[]},{"section":"gcepersistentdiskvolumesource-v1-core","subsections":[]},{"section":"flowschemacondition-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"flowdistinguishermethod-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"flockervolumesource-v1-core","subsections":[]},{"section":"flexvolumesource-v1-core","subsections":[]},{"section":"flexpersistentvolumesource-v1-core","subsections":[]},{"section":"fieldsv1-v1-meta","subsections":[]},{"section":"fsgroupstrategyoptions-v1beta1-policy","subsections":[]},{"section":"fcvolumesource-v1-core","subsections":[]},{"section":"externalmetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"externalmetricsource-v2beta2-autoscaling","subsections":[]},{"section":"externaldocumentation-v1-apiextensions-k8s-io","subsections":[]},{"section":"execaction-v1-core","subsections":[]},{"section":"eviction-v1beta1-policy","subsections":[]},{"section":"eventsource-v1-core","subsections":[]},{"section":"eventseries-v1-core","subsections":[]},{"section":"ephemeralvolumesource-v1-core","subsections":[]},{"section":"ephemeralcontainer-v1-core","subsections":[]},{"section":"envvarsource-v1-core","subsections":[]},{"section":"envvar-v1-core","subsections":[]},{"section":"envfromsource-v1-core","subsections":[]},{"section":"endpointsubset-v1-core","subsections":[]},{"section":"endpointport-v1-core","subsections":[]},{"section":"endpointconditions-v1beta1-discovery-k8s-io","subsections":[]},{"section":"endpointaddress-v1-core","subsections":[]},{"section":"endpoint-v1beta1-discovery-k8s-io","subsections":[]},{"section":"emptydirvolumesource-v1-core","subsections":[]},{"section":"downwardapivolumesource-v1-core","subsections":[]},{"section":"downwardapivolumefile-v1-core","subsections":[]},{"section":"downwardapiprojection-v1-core","subsections":[]},{"section":"deploymentcondition-v1-apps","subsections":[]},{"section":"deleteoptions-v1-meta","subsections":[]},{"section":"daemonsetupdatestrategy-v1-apps","subsections":[]},{"section":"daemonsetcondition-v1-apps","subsections":[]},{"section":"daemonendpoint-v1-core","subsections":[]},{"section":"customresourcevalidation-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresources-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresourcestatus-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresourcescale-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitionversion-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitionnames-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitioncondition-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourceconversion-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcecolumndefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"crossversionobjectreference-v1-autoscaling","subsections":[]},{"section":"containerstatewaiting-v1-core","subsections":[]},{"section":"containerstateterminated-v1-core","subsections":[]},{"section":"containerstaterunning-v1-core","subsections":[]},{"section":"containerstate-v1-core","subsections":[]},{"section":"containerresourcemetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"containerresourcemetricsource-v2beta2-autoscaling","subsections":[]},{"section":"containerport-v1-core","subsections":[]},{"section":"containerimage-v1-core","subsections":[]},{"section":"configmapvolumesource-v1-core","subsections":[]},{"section":"configmapprojection-v1-core","subsections":[]},{"section":"configmapnodeconfigsource-v1-core","subsections":[]},{"section":"configmapkeyselector-v1-core","subsections":[]},{"section":"configmapenvsource-v1-core","subsections":[]},{"section":"condition-v1-meta","subsections":[]},{"section":"componentcondition-v1-core","subsections":[]},{"section":"clientipconfig-v1-core","subsections":[]},{"section":"cindervolumesource-v1-core","subsections":[]},{"section":"cinderpersistentvolumesource-v1-core","subsections":[]},{"section":"certificatesigningrequestcondition-v1-certificates-k8s-io","subsections":[]},{"section":"cephfsvolumesource-v1-core","subsections":[]},{"section":"cephfspersistentvolumesource-v1-core","subsections":[]},{"section":"capabilities-v1-core","subsections":[]},{"section":"csivolumesource-v1-core","subsections":[]},{"section":"csipersistentvolumesource-v1-core","subsections":[]},{"section":"csinodedriver-v1-storage-k8s-io","subsections":[]},{"section":"boundobjectreference-v1-authentication-k8s-io","subsections":[]},{"section":"azurefilevolumesource-v1-core","subsections":[]},{"section":"azurefilepersistentvolumesource-v1-core","subsections":[]},{"section":"azurediskvolumesource-v1-core","subsections":[]},{"section":"attachedvolume-v1-core","subsections":[]},{"section":"allowedhostpath-v1beta1-policy","subsections":[]},{"section":"allowedflexvolume-v1beta1-policy","subsections":[]},{"section":"allowedcsidriver-v1beta1-policy","subsections":[]},{"section":"aggregationrule-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"affinity-v1-core","subsections":[]},{"section":"awselasticblockstorevolumesource-v1-core","subsections":[]},{"section":"apiversions-v1-meta","subsections":[]},{"section":"apiservicecondition-v1-apiregistration-k8s-io","subsections":[]},{"section":"apiresource-v1-meta","subsections":[]},{"section":"apigroup-v1-meta","subsections":[]},{"section":"-strong-definitions-strong-","subsections":[]},{"section":"networkpolicy-v1-networking-k8s-io","subsections":[{"section":"-strong-read-operations-networkpolicy-v1-networking-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"watch-list-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"watch-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"list-all-namespaces-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"list-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"read-networkpolicy-v1-networking-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-networkpolicy-v1-networking-k8s-io-strong-","subsections":[{"section":"delete-collection-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"delete-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"replace-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"patch-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"create-networkpolicy-v1-networking-k8s-io","subsections":[]}]}]},{"section":"tokenreview-v1-authentication-k8s-io","subsections":[{"section":"-strong-write-operations-tokenreview-v1-authentication-k8s-io-strong-","subsections":[{"section":"create-tokenreview-v1-authentication-k8s-io","subsections":[]}]}]},{"section":"tokenrequest-v1-authentication-k8s-io","subsections":[]},{"section":"subjectaccessreview-v1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-subjectaccessreview-v1-authorization-k8s-io-strong-","subsections":[{"section":"create-subjectaccessreview-v1-authorization-k8s-io","subsections":[]}]}]},{"section":"storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[{"section":"-strong-status-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","subsections":[{"section":"replace-status-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"read-status-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"patch-status-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","subsections":[{"section":"watch-list-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"watch-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"list-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"read-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","subsections":[{"section":"delete-collection-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"delete-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"replace-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"patch-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"create-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]}]}]},{"section":"serviceaccount-v1-core","subsections":[{"section":"-strong-read-operations-serviceaccount-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-serviceaccount-v1-core","subsections":[]},{"section":"watch-list-serviceaccount-v1-core","subsections":[]},{"section":"watch-serviceaccount-v1-core","subsections":[]},{"section":"list-all-namespaces-serviceaccount-v1-core","subsections":[]},{"section":"list-serviceaccount-v1-core","subsections":[]},{"section":"read-serviceaccount-v1-core","subsections":[]}]},{"section":"-strong-write-operations-serviceaccount-v1-core-strong-","subsections":[{"section":"delete-collection-serviceaccount-v1-core","subsections":[]},{"section":"delete-serviceaccount-v1-core","subsections":[]},{"section":"replace-serviceaccount-v1-core","subsections":[]},{"section":"patch-serviceaccount-v1-core","subsections":[]},{"section":"create-serviceaccount-v1-core","subsections":[]}]}]},{"section":"selfsubjectrulesreview-v1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-selfsubjectrulesreview-v1-authorization-k8s-io-strong-","subsections":[{"section":"create-selfsubjectrulesreview-v1-authorization-k8s-io","subsections":[]}]}]},{"section":"selfsubjectaccessreview-v1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-selfsubjectaccessreview-v1-authorization-k8s-io-strong-","subsections":[{"section":"create-selfsubjectaccessreview-v1-authorization-k8s-io","subsections":[]}]}]},{"section":"runtimeclass-v1-node-k8s-io","subsections":[{"section":"-strong-read-operations-runtimeclass-v1-node-k8s-io-strong-","subsections":[{"section":"watch-list-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"watch-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"list-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"read-runtimeclass-v1-node-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-runtimeclass-v1-node-k8s-io-strong-","subsections":[{"section":"delete-collection-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"delete-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"replace-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"patch-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"create-runtimeclass-v1-node-k8s-io","subsections":[]}]}]},{"section":"rolebinding-v1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-rolebinding-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-rolebinding-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"role-v1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-role-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-role-v1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-role-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-role-v1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"resourcequota-v1-core","subsections":[{"section":"-strong-status-operations-resourcequota-v1-core-strong-","subsections":[{"section":"replace-status-resourcequota-v1-core","subsections":[]},{"section":"read-status-resourcequota-v1-core","subsections":[]},{"section":"patch-status-resourcequota-v1-core","subsections":[]}]},{"section":"-strong-read-operations-resourcequota-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-resourcequota-v1-core","subsections":[]},{"section":"watch-list-resourcequota-v1-core","subsections":[]},{"section":"watch-resourcequota-v1-core","subsections":[]},{"section":"list-all-namespaces-resourcequota-v1-core","subsections":[]},{"section":"list-resourcequota-v1-core","subsections":[]},{"section":"read-resourcequota-v1-core","subsections":[]}]},{"section":"-strong-write-operations-resourcequota-v1-core-strong-","subsections":[{"section":"delete-collection-resourcequota-v1-core","subsections":[]},{"section":"delete-resourcequota-v1-core","subsections":[]},{"section":"replace-resourcequota-v1-core","subsections":[]},{"section":"patch-resourcequota-v1-core","subsections":[]},{"section":"create-resourcequota-v1-core","subsections":[]}]}]},{"section":"prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[{"section":"-strong-status-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"replace-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"watch-list-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"watch-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"list-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"delete-collection-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"delete-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"replace-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"create-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]}]},{"section":"persistentvolume-v1-core","subsections":[{"section":"-strong-status-operations-persistentvolume-v1-core-strong-","subsections":[{"section":"replace-status-persistentvolume-v1-core","subsections":[]},{"section":"read-status-persistentvolume-v1-core","subsections":[]},{"section":"patch-status-persistentvolume-v1-core","subsections":[]}]},{"section":"-strong-read-operations-persistentvolume-v1-core-strong-","subsections":[{"section":"watch-list-persistentvolume-v1-core","subsections":[]},{"section":"watch-persistentvolume-v1-core","subsections":[]},{"section":"list-persistentvolume-v1-core","subsections":[]},{"section":"read-persistentvolume-v1-core","subsections":[]}]},{"section":"-strong-write-operations-persistentvolume-v1-core-strong-","subsections":[{"section":"delete-collection-persistentvolume-v1-core","subsections":[]},{"section":"delete-persistentvolume-v1-core","subsections":[]},{"section":"replace-persistentvolume-v1-core","subsections":[]},{"section":"patch-persistentvolume-v1-core","subsections":[]},{"section":"create-persistentvolume-v1-core","subsections":[]}]}]},{"section":"node-v1-core","subsections":[{"section":"-strong-proxy-operations-node-v1-core-strong-","subsections":[{"section":"replace-connect-proxy-path-node-v1-core","subsections":[]},{"section":"replace-connect-proxy-node-v1-core","subsections":[]},{"section":"head-connect-proxy-path-node-v1-core","subsections":[]},{"section":"head-connect-proxy-node-v1-core","subsections":[]},{"section":"get-connect-proxy-path-node-v1-core","subsections":[]},{"section":"get-connect-proxy-node-v1-core","subsections":[]},{"section":"delete-connect-proxy-path-node-v1-core","subsections":[]},{"section":"delete-connect-proxy-node-v1-core","subsections":[]},{"section":"create-connect-proxy-path-node-v1-core","subsections":[]},{"section":"create-connect-proxy-node-v1-core","subsections":[]}]},{"section":"-strong-status-operations-node-v1-core-strong-","subsections":[{"section":"replace-status-node-v1-core","subsections":[]},{"section":"read-status-node-v1-core","subsections":[]},{"section":"patch-status-node-v1-core","subsections":[]}]},{"section":"-strong-read-operations-node-v1-core-strong-","subsections":[{"section":"watch-list-node-v1-core","subsections":[]},{"section":"watch-node-v1-core","subsections":[]},{"section":"list-node-v1-core","subsections":[]},{"section":"read-node-v1-core","subsections":[]}]},{"section":"-strong-write-operations-node-v1-core-strong-","subsections":[{"section":"delete-collection-node-v1-core","subsections":[]},{"section":"delete-node-v1-core","subsections":[]},{"section":"replace-node-v1-core","subsections":[]},{"section":"patch-node-v1-core","subsections":[]},{"section":"create-node-v1-core","subsections":[]}]}]},{"section":"namespace-v1-core","subsections":[{"section":"-strong-status-operations-namespace-v1-core-strong-","subsections":[{"section":"replace-status-namespace-v1-core","subsections":[]},{"section":"read-status-namespace-v1-core","subsections":[]},{"section":"patch-status-namespace-v1-core","subsections":[]}]},{"section":"-strong-read-operations-namespace-v1-core-strong-","subsections":[{"section":"watch-list-namespace-v1-core","subsections":[]},{"section":"watch-namespace-v1-core","subsections":[]},{"section":"list-namespace-v1-core","subsections":[]},{"section":"read-namespace-v1-core","subsections":[]}]},{"section":"-strong-write-operations-namespace-v1-core-strong-","subsections":[{"section":"delete-namespace-v1-core","subsections":[]},{"section":"replace-namespace-v1-core","subsections":[]},{"section":"patch-namespace-v1-core","subsections":[]},{"section":"create-namespace-v1-core","subsections":[]}]}]},{"section":"localsubjectaccessreview-v1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-localsubjectaccessreview-v1-authorization-k8s-io-strong-","subsections":[{"section":"create-localsubjectaccessreview-v1-authorization-k8s-io","subsections":[]}]}]},{"section":"lease-v1-coordination-k8s-io","subsections":[{"section":"-strong-read-operations-lease-v1-coordination-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-lease-v1-coordination-k8s-io","subsections":[]},{"section":"watch-list-lease-v1-coordination-k8s-io","subsections":[]},{"section":"watch-lease-v1-coordination-k8s-io","subsections":[]},{"section":"list-all-namespaces-lease-v1-coordination-k8s-io","subsections":[]},{"section":"list-lease-v1-coordination-k8s-io","subsections":[]},{"section":"read-lease-v1-coordination-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-lease-v1-coordination-k8s-io-strong-","subsections":[{"section":"delete-collection-lease-v1-coordination-k8s-io","subsections":[]},{"section":"delete-lease-v1-coordination-k8s-io","subsections":[]},{"section":"replace-lease-v1-coordination-k8s-io","subsections":[]},{"section":"patch-lease-v1-coordination-k8s-io","subsections":[]},{"section":"create-lease-v1-coordination-k8s-io","subsections":[]}]}]},{"section":"flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[{"section":"-strong-status-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"replace-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"watch-list-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"watch-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"list-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"delete-collection-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"delete-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"replace-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"create-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]}]},{"section":"componentstatus-v1-core","subsections":[{"section":"-strong-read-operations-componentstatus-v1-core-strong-","subsections":[{"section":"list-componentstatus-v1-core","subsections":[]},{"section":"read-componentstatus-v1-core","subsections":[]}]}]},{"section":"clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrolebinding-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrolebinding-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"clusterrole-v1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrole-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrole-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"certificatesigningrequest-v1-certificates-k8s-io","subsections":[{"section":"-strong-status-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","subsections":[{"section":"replace-status-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"read-status-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"patch-status-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","subsections":[{"section":"watch-list-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"watch-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"list-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"read-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","subsections":[{"section":"delete-collection-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"delete-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"replace-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"patch-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"create-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]}]}]},{"section":"binding-v1-core","subsections":[{"section":"-strong-write-operations-binding-v1-core-strong-","subsections":[{"section":"create-binding-v1-core","subsections":[]}]}]},{"section":"apiservice-v1-apiregistration-k8s-io","subsections":[{"section":"-strong-status-operations-apiservice-v1-apiregistration-k8s-io-strong-","subsections":[{"section":"replace-status-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"read-status-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"patch-status-apiservice-v1-apiregistration-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-apiservice-v1-apiregistration-k8s-io-strong-","subsections":[{"section":"watch-list-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"watch-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"list-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"read-apiservice-v1-apiregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-apiservice-v1-apiregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"delete-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"replace-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"patch-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"create-apiservice-v1-apiregistration-k8s-io","subsections":[]}]}]},{"section":"-strong-cluster-apis-strong-","subsections":[]},{"section":"podsecuritypolicy-v1beta1-policy","subsections":[{"section":"-strong-read-operations-podsecuritypolicy-v1beta1-policy-strong-","subsections":[{"section":"watch-list-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"watch-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"list-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"read-podsecuritypolicy-v1beta1-policy","subsections":[]}]},{"section":"-strong-write-operations-podsecuritypolicy-v1beta1-policy-strong-","subsections":[{"section":"delete-collection-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"delete-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"replace-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"patch-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"create-podsecuritypolicy-v1beta1-policy","subsections":[]}]}]},{"section":"priorityclass-v1-scheduling-k8s-io","subsections":[{"section":"-strong-read-operations-priorityclass-v1-scheduling-k8s-io-strong-","subsections":[{"section":"watch-list-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"watch-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"list-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"read-priorityclass-v1-scheduling-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-priorityclass-v1-scheduling-k8s-io-strong-","subsections":[{"section":"delete-collection-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"delete-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"replace-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"patch-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"create-priorityclass-v1-scheduling-k8s-io","subsections":[]}]}]},{"section":"poddisruptionbudget-v1beta1-policy","subsections":[{"section":"-strong-status-operations-poddisruptionbudget-v1beta1-policy-strong-","subsections":[{"section":"replace-status-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"read-status-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"patch-status-poddisruptionbudget-v1beta1-policy","subsections":[]}]},{"section":"-strong-read-operations-poddisruptionbudget-v1beta1-policy-strong-","subsections":[{"section":"watch-list-all-namespaces-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"watch-list-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"watch-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"list-all-namespaces-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"list-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"read-poddisruptionbudget-v1beta1-policy","subsections":[]}]},{"section":"-strong-write-operations-poddisruptionbudget-v1beta1-policy-strong-","subsections":[{"section":"delete-collection-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"delete-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"replace-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"patch-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"create-poddisruptionbudget-v1beta1-policy","subsections":[]}]}]},{"section":"podtemplate-v1-core","subsections":[{"section":"-strong-read-operations-podtemplate-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-podtemplate-v1-core","subsections":[]},{"section":"watch-list-podtemplate-v1-core","subsections":[]},{"section":"watch-podtemplate-v1-core","subsections":[]},{"section":"list-all-namespaces-podtemplate-v1-core","subsections":[]},{"section":"list-podtemplate-v1-core","subsections":[]},{"section":"read-podtemplate-v1-core","subsections":[]}]},{"section":"-strong-write-operations-podtemplate-v1-core-strong-","subsections":[{"section":"delete-collection-podtemplate-v1-core","subsections":[]},{"section":"delete-podtemplate-v1-core","subsections":[]},{"section":"replace-podtemplate-v1-core","subsections":[]},{"section":"patch-podtemplate-v1-core","subsections":[]},{"section":"create-podtemplate-v1-core","subsections":[]}]}]},{"section":"validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[{"section":"-strong-read-operations-validatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","subsections":[{"section":"watch-list-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"watch-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"list-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"read-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-validatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"delete-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"replace-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"patch-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"create-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]}]}]},{"section":"mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[{"section":"-strong-read-operations-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","subsections":[{"section":"watch-list-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"watch-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"list-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"read-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"delete-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"replace-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"patch-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"create-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]}]}]},{"section":"horizontalpodautoscaler-v1-autoscaling","subsections":[{"section":"-strong-status-operations-horizontalpodautoscaler-v1-autoscaling-strong-","subsections":[{"section":"replace-status-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"read-status-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"patch-status-horizontalpodautoscaler-v1-autoscaling","subsections":[]}]},{"section":"-strong-read-operations-horizontalpodautoscaler-v1-autoscaling-strong-","subsections":[{"section":"watch-list-all-namespaces-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"watch-list-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"watch-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"list-all-namespaces-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"list-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"read-horizontalpodautoscaler-v1-autoscaling","subsections":[]}]},{"section":"-strong-write-operations-horizontalpodautoscaler-v1-autoscaling-strong-","subsections":[{"section":"delete-collection-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"delete-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"replace-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"patch-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"create-horizontalpodautoscaler-v1-autoscaling","subsections":[]}]}]},{"section":"limitrange-v1-core","subsections":[{"section":"-strong-read-operations-limitrange-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-limitrange-v1-core","subsections":[]},{"section":"watch-list-limitrange-v1-core","subsections":[]},{"section":"watch-limitrange-v1-core","subsections":[]},{"section":"list-all-namespaces-limitrange-v1-core","subsections":[]},{"section":"list-limitrange-v1-core","subsections":[]},{"section":"read-limitrange-v1-core","subsections":[]}]},{"section":"-strong-write-operations-limitrange-v1-core-strong-","subsections":[{"section":"delete-collection-limitrange-v1-core","subsections":[]},{"section":"delete-limitrange-v1-core","subsections":[]},{"section":"replace-limitrange-v1-core","subsections":[]},{"section":"patch-limitrange-v1-core","subsections":[]},{"section":"create-limitrange-v1-core","subsections":[]}]}]},{"section":"event-v1-core","subsections":[{"section":"-strong-read-operations-event-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-event-v1-core","subsections":[]},{"section":"watch-list-event-v1-core","subsections":[]},{"section":"watch-event-v1-core","subsections":[]},{"section":"list-all-namespaces-event-v1-core","subsections":[]},{"section":"list-event-v1-core","subsections":[]},{"section":"read-event-v1-core","subsections":[]}]},{"section":"-strong-write-operations-event-v1-core-strong-","subsections":[{"section":"delete-collection-event-v1-core","subsections":[]},{"section":"delete-event-v1-core","subsections":[]},{"section":"replace-event-v1-core","subsections":[]},{"section":"patch-event-v1-core","subsections":[]},{"section":"create-event-v1-core","subsections":[]}]}]},{"section":"customresourcedefinition-v1-apiextensions-k8s-io","subsections":[{"section":"-strong-status-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","subsections":[{"section":"replace-status-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"read-status-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"patch-status-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","subsections":[{"section":"watch-list-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"watch-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"list-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"read-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","subsections":[{"section":"delete-collection-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"delete-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"replace-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"patch-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"create-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]}]}]},{"section":"controllerrevision-v1-apps","subsections":[{"section":"-strong-read-operations-controllerrevision-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-controllerrevision-v1-apps","subsections":[]},{"section":"watch-list-controllerrevision-v1-apps","subsections":[]},{"section":"watch-controllerrevision-v1-apps","subsections":[]},{"section":"list-all-namespaces-controllerrevision-v1-apps","subsections":[]},{"section":"list-controllerrevision-v1-apps","subsections":[]},{"section":"read-controllerrevision-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-controllerrevision-v1-apps-strong-","subsections":[{"section":"delete-collection-controllerrevision-v1-apps","subsections":[]},{"section":"delete-controllerrevision-v1-apps","subsections":[]},{"section":"replace-controllerrevision-v1-apps","subsections":[]},{"section":"patch-controllerrevision-v1-apps","subsections":[]},{"section":"create-controllerrevision-v1-apps","subsections":[]}]}]},{"section":"-strong-metadata-apis-strong-","subsections":[]},{"section":"volumeattachment-v1-storage-k8s-io","subsections":[{"section":"-strong-status-operations-volumeattachment-v1-storage-k8s-io-strong-","subsections":[{"section":"replace-status-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"read-status-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"patch-status-volumeattachment-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-volumeattachment-v1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"watch-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"list-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"read-volumeattachment-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-volumeattachment-v1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"delete-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"replace-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"patch-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"create-volumeattachment-v1-storage-k8s-io","subsections":[]}]}]},{"section":"volume-v1-core","subsections":[]},{"section":"storageclass-v1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-storageclass-v1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"watch-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"list-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"read-storageclass-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-storageclass-v1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"delete-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"replace-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"patch-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"create-storageclass-v1-storage-k8s-io","subsections":[]}]}]},{"section":"persistentvolumeclaim-v1-core","subsections":[{"section":"-strong-status-operations-persistentvolumeclaim-v1-core-strong-","subsections":[{"section":"replace-status-persistentvolumeclaim-v1-core","subsections":[]},{"section":"read-status-persistentvolumeclaim-v1-core","subsections":[]},{"section":"patch-status-persistentvolumeclaim-v1-core","subsections":[]}]},{"section":"-strong-read-operations-persistentvolumeclaim-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-persistentvolumeclaim-v1-core","subsections":[]},{"section":"watch-list-persistentvolumeclaim-v1-core","subsections":[]},{"section":"watch-persistentvolumeclaim-v1-core","subsections":[]},{"section":"list-all-namespaces-persistentvolumeclaim-v1-core","subsections":[]},{"section":"list-persistentvolumeclaim-v1-core","subsections":[]},{"section":"read-persistentvolumeclaim-v1-core","subsections":[]}]},{"section":"-strong-write-operations-persistentvolumeclaim-v1-core-strong-","subsections":[{"section":"delete-collection-persistentvolumeclaim-v1-core","subsections":[]},{"section":"delete-persistentvolumeclaim-v1-core","subsections":[]},{"section":"replace-persistentvolumeclaim-v1-core","subsections":[]},{"section":"patch-persistentvolumeclaim-v1-core","subsections":[]},{"section":"create-persistentvolumeclaim-v1-core","subsections":[]}]}]},{"section":"secret-v1-core","subsections":[{"section":"-strong-read-operations-secret-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-secret-v1-core","subsections":[]},{"section":"watch-list-secret-v1-core","subsections":[]},{"section":"watch-secret-v1-core","subsections":[]},{"section":"list-all-namespaces-secret-v1-core","subsections":[]},{"section":"list-secret-v1-core","subsections":[]},{"section":"read-secret-v1-core","subsections":[]}]},{"section":"-strong-write-operations-secret-v1-core-strong-","subsections":[{"section":"delete-collection-secret-v1-core","subsections":[]},{"section":"delete-secret-v1-core","subsections":[]},{"section":"replace-secret-v1-core","subsections":[]},{"section":"patch-secret-v1-core","subsections":[]},{"section":"create-secret-v1-core","subsections":[]}]}]},{"section":"csinode-v1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-csinode-v1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-csinode-v1-storage-k8s-io","subsections":[]},{"section":"watch-csinode-v1-storage-k8s-io","subsections":[]},{"section":"list-csinode-v1-storage-k8s-io","subsections":[]},{"section":"read-csinode-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-csinode-v1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-csinode-v1-storage-k8s-io","subsections":[]},{"section":"delete-csinode-v1-storage-k8s-io","subsections":[]},{"section":"replace-csinode-v1-storage-k8s-io","subsections":[]},{"section":"patch-csinode-v1-storage-k8s-io","subsections":[]},{"section":"create-csinode-v1-storage-k8s-io","subsections":[]}]}]},{"section":"csidriver-v1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-csidriver-v1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"watch-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"list-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"read-csidriver-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-csidriver-v1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"delete-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"replace-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"patch-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"create-csidriver-v1-storage-k8s-io","subsections":[]}]}]},{"section":"configmap-v1-core","subsections":[{"section":"-strong-read-operations-configmap-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-configmap-v1-core","subsections":[]},{"section":"watch-list-configmap-v1-core","subsections":[]},{"section":"watch-configmap-v1-core","subsections":[]},{"section":"list-all-namespaces-configmap-v1-core","subsections":[]},{"section":"list-configmap-v1-core","subsections":[]},{"section":"read-configmap-v1-core","subsections":[]}]},{"section":"-strong-write-operations-configmap-v1-core-strong-","subsections":[{"section":"delete-collection-configmap-v1-core","subsections":[]},{"section":"delete-configmap-v1-core","subsections":[]},{"section":"replace-configmap-v1-core","subsections":[]},{"section":"patch-configmap-v1-core","subsections":[]},{"section":"create-configmap-v1-core","subsections":[]}]}]},{"section":"-strong-config-and-storage-apis-strong-","subsections":[]},{"section":"service-v1-core","subsections":[{"section":"-strong-proxy-operations-service-v1-core-strong-","subsections":[{"section":"replace-connect-proxy-path-service-v1-core","subsections":[]},{"section":"replace-connect-proxy-service-v1-core","subsections":[]},{"section":"head-connect-proxy-path-service-v1-core","subsections":[]},{"section":"head-connect-proxy-service-v1-core","subsections":[]},{"section":"get-connect-proxy-path-service-v1-core","subsections":[]},{"section":"get-connect-proxy-service-v1-core","subsections":[]},{"section":"delete-connect-proxy-path-service-v1-core","subsections":[]},{"section":"delete-connect-proxy-service-v1-core","subsections":[]},{"section":"create-connect-proxy-path-service-v1-core","subsections":[]},{"section":"create-connect-proxy-service-v1-core","subsections":[]}]},{"section":"-strong-status-operations-service-v1-core-strong-","subsections":[{"section":"replace-status-service-v1-core","subsections":[]},{"section":"read-status-service-v1-core","subsections":[]},{"section":"patch-status-service-v1-core","subsections":[]}]},{"section":"-strong-read-operations-service-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-service-v1-core","subsections":[]},{"section":"watch-list-service-v1-core","subsections":[]},{"section":"watch-service-v1-core","subsections":[]},{"section":"list-all-namespaces-service-v1-core","subsections":[]},{"section":"list-service-v1-core","subsections":[]},{"section":"read-service-v1-core","subsections":[]}]},{"section":"-strong-write-operations-service-v1-core-strong-","subsections":[{"section":"delete-service-v1-core","subsections":[]},{"section":"replace-service-v1-core","subsections":[]},{"section":"patch-service-v1-core","subsections":[]},{"section":"create-service-v1-core","subsections":[]}]}]},{"section":"ingressclass-v1-networking-k8s-io","subsections":[{"section":"-strong-read-operations-ingressclass-v1-networking-k8s-io-strong-","subsections":[{"section":"watch-list-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"watch-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"list-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"read-ingressclass-v1-networking-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-ingressclass-v1-networking-k8s-io-strong-","subsections":[{"section":"delete-collection-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"delete-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"replace-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"patch-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"create-ingressclass-v1-networking-k8s-io","subsections":[]}]}]},{"section":"ingress-v1-networking-k8s-io","subsections":[{"section":"-strong-status-operations-ingress-v1-networking-k8s-io-strong-","subsections":[{"section":"replace-status-ingress-v1-networking-k8s-io","subsections":[]},{"section":"read-status-ingress-v1-networking-k8s-io","subsections":[]},{"section":"patch-status-ingress-v1-networking-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-ingress-v1-networking-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-ingress-v1-networking-k8s-io","subsections":[]},{"section":"watch-list-ingress-v1-networking-k8s-io","subsections":[]},{"section":"watch-ingress-v1-networking-k8s-io","subsections":[]},{"section":"list-all-namespaces-ingress-v1-networking-k8s-io","subsections":[]},{"section":"list-ingress-v1-networking-k8s-io","subsections":[]},{"section":"read-ingress-v1-networking-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-ingress-v1-networking-k8s-io-strong-","subsections":[{"section":"delete-collection-ingress-v1-networking-k8s-io","subsections":[]},{"section":"delete-ingress-v1-networking-k8s-io","subsections":[]},{"section":"replace-ingress-v1-networking-k8s-io","subsections":[]},{"section":"patch-ingress-v1-networking-k8s-io","subsections":[]},{"section":"create-ingress-v1-networking-k8s-io","subsections":[]}]}]},{"section":"endpointslice-v1beta1-discovery-k8s-io","subsections":[{"section":"-strong-read-operations-endpointslice-v1beta1-discovery-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"watch-list-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"watch-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"list-all-namespaces-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"list-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"read-endpointslice-v1beta1-discovery-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-endpointslice-v1beta1-discovery-k8s-io-strong-","subsections":[{"section":"delete-collection-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"delete-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"replace-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"patch-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"create-endpointslice-v1beta1-discovery-k8s-io","subsections":[]}]}]},{"section":"endpoints-v1-core","subsections":[{"section":"-strong-read-operations-endpoints-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-endpoints-v1-core","subsections":[]},{"section":"watch-list-endpoints-v1-core","subsections":[]},{"section":"watch-endpoints-v1-core","subsections":[]},{"section":"list-all-namespaces-endpoints-v1-core","subsections":[]},{"section":"list-endpoints-v1-core","subsections":[]},{"section":"read-endpoints-v1-core","subsections":[]}]},{"section":"-strong-write-operations-endpoints-v1-core-strong-","subsections":[{"section":"delete-collection-endpoints-v1-core","subsections":[]},{"section":"delete-endpoints-v1-core","subsections":[]},{"section":"replace-endpoints-v1-core","subsections":[]},{"section":"patch-endpoints-v1-core","subsections":[]},{"section":"create-endpoints-v1-core","subsections":[]}]}]},{"section":"-strong-service-apis-strong-","subsections":[]},{"section":"statefulset-v1-apps","subsections":[{"section":"-strong-misc-operations-statefulset-v1-apps-strong-","subsections":[{"section":"patch-scale-statefulset-v1-apps","subsections":[]},{"section":"replace-scale-statefulset-v1-apps","subsections":[]},{"section":"read-scale-statefulset-v1-apps","subsections":[]}]},{"section":"-strong-status-operations-statefulset-v1-apps-strong-","subsections":[{"section":"replace-status-statefulset-v1-apps","subsections":[]},{"section":"read-status-statefulset-v1-apps","subsections":[]},{"section":"patch-status-statefulset-v1-apps","subsections":[]}]},{"section":"-strong-read-operations-statefulset-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-statefulset-v1-apps","subsections":[]},{"section":"watch-list-statefulset-v1-apps","subsections":[]},{"section":"watch-statefulset-v1-apps","subsections":[]},{"section":"list-all-namespaces-statefulset-v1-apps","subsections":[]},{"section":"list-statefulset-v1-apps","subsections":[]},{"section":"read-statefulset-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-statefulset-v1-apps-strong-","subsections":[{"section":"delete-collection-statefulset-v1-apps","subsections":[]},{"section":"delete-statefulset-v1-apps","subsections":[]},{"section":"replace-statefulset-v1-apps","subsections":[]},{"section":"patch-statefulset-v1-apps","subsections":[]},{"section":"create-statefulset-v1-apps","subsections":[]}]}]},{"section":"replicationcontroller-v1-core","subsections":[{"section":"-strong-misc-operations-replicationcontroller-v1-core-strong-","subsections":[{"section":"patch-scale-replicationcontroller-v1-core","subsections":[]},{"section":"replace-scale-replicationcontroller-v1-core","subsections":[]},{"section":"read-scale-replicationcontroller-v1-core","subsections":[]}]},{"section":"-strong-status-operations-replicationcontroller-v1-core-strong-","subsections":[{"section":"replace-status-replicationcontroller-v1-core","subsections":[]},{"section":"read-status-replicationcontroller-v1-core","subsections":[]},{"section":"patch-status-replicationcontroller-v1-core","subsections":[]}]},{"section":"-strong-read-operations-replicationcontroller-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-replicationcontroller-v1-core","subsections":[]},{"section":"watch-list-replicationcontroller-v1-core","subsections":[]},{"section":"watch-replicationcontroller-v1-core","subsections":[]},{"section":"list-all-namespaces-replicationcontroller-v1-core","subsections":[]},{"section":"list-replicationcontroller-v1-core","subsections":[]},{"section":"read-replicationcontroller-v1-core","subsections":[]}]},{"section":"-strong-write-operations-replicationcontroller-v1-core-strong-","subsections":[{"section":"delete-collection-replicationcontroller-v1-core","subsections":[]},{"section":"delete-replicationcontroller-v1-core","subsections":[]},{"section":"replace-replicationcontroller-v1-core","subsections":[]},{"section":"patch-replicationcontroller-v1-core","subsections":[]},{"section":"create-replicationcontroller-v1-core","subsections":[]}]}]},{"section":"replicaset-v1-apps","subsections":[{"section":"-strong-misc-operations-replicaset-v1-apps-strong-","subsections":[{"section":"patch-scale-replicaset-v1-apps","subsections":[]},{"section":"replace-scale-replicaset-v1-apps","subsections":[]},{"section":"read-scale-replicaset-v1-apps","subsections":[]}]},{"section":"-strong-status-operations-replicaset-v1-apps-strong-","subsections":[{"section":"replace-status-replicaset-v1-apps","subsections":[]},{"section":"read-status-replicaset-v1-apps","subsections":[]},{"section":"patch-status-replicaset-v1-apps","subsections":[]}]},{"section":"-strong-read-operations-replicaset-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-replicaset-v1-apps","subsections":[]},{"section":"watch-list-replicaset-v1-apps","subsections":[]},{"section":"watch-replicaset-v1-apps","subsections":[]},{"section":"list-all-namespaces-replicaset-v1-apps","subsections":[]},{"section":"list-replicaset-v1-apps","subsections":[]},{"section":"read-replicaset-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-replicaset-v1-apps-strong-","subsections":[{"section":"delete-collection-replicaset-v1-apps","subsections":[]},{"section":"delete-replicaset-v1-apps","subsections":[]},{"section":"replace-replicaset-v1-apps","subsections":[]},{"section":"patch-replicaset-v1-apps","subsections":[]},{"section":"create-replicaset-v1-apps","subsections":[]}]}]},{"section":"pod-v1-core","subsections":[{"section":"-strong-misc-operations-pod-v1-core-strong-","subsections":[{"section":"read-log-pod-v1-core","subsections":[]}]},{"section":"-strong-proxy-operations-pod-v1-core-strong-","subsections":[{"section":"replace-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"replace-connect-proxy-pod-v1-core","subsections":[]},{"section":"head-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"head-connect-proxy-pod-v1-core","subsections":[]},{"section":"get-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"get-connect-proxy-pod-v1-core","subsections":[]},{"section":"get-connect-portforward-pod-v1-core","subsections":[]},{"section":"delete-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"delete-connect-proxy-pod-v1-core","subsections":[]},{"section":"create-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"create-connect-proxy-pod-v1-core","subsections":[]},{"section":"create-connect-portforward-pod-v1-core","subsections":[]}]},{"section":"-strong-status-operations-pod-v1-core-strong-","subsections":[{"section":"replace-status-pod-v1-core","subsections":[]},{"section":"read-status-pod-v1-core","subsections":[]},{"section":"patch-status-pod-v1-core","subsections":[]}]},{"section":"-strong-read-operations-pod-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-pod-v1-core","subsections":[]},{"section":"watch-list-pod-v1-core","subsections":[]},{"section":"watch-pod-v1-core","subsections":[]},{"section":"list-all-namespaces-pod-v1-core","subsections":[]},{"section":"list-pod-v1-core","subsections":[]},{"section":"read-pod-v1-core","subsections":[]}]},{"section":"-strong-write-operations-pod-v1-core-strong-","subsections":[{"section":"delete-collection-pod-v1-core","subsections":[]},{"section":"delete-pod-v1-core","subsections":[]},{"section":"replace-pod-v1-core","subsections":[]},{"section":"patch-pod-v1-core","subsections":[]},{"section":"create-eviction-pod-v1-core","subsections":[]},{"section":"create-pod-v1-core","subsections":[]}]}]},{"section":"job-v1-batch","subsections":[{"section":"-strong-status-operations-job-v1-batch-strong-","subsections":[{"section":"replace-status-job-v1-batch","subsections":[]},{"section":"read-status-job-v1-batch","subsections":[]},{"section":"patch-status-job-v1-batch","subsections":[]}]},{"section":"-strong-read-operations-job-v1-batch-strong-","subsections":[{"section":"watch-list-all-namespaces-job-v1-batch","subsections":[]},{"section":"watch-list-job-v1-batch","subsections":[]},{"section":"watch-job-v1-batch","subsections":[]},{"section":"list-all-namespaces-job-v1-batch","subsections":[]},{"section":"list-job-v1-batch","subsections":[]},{"section":"read-job-v1-batch","subsections":[]}]},{"section":"-strong-write-operations-job-v1-batch-strong-","subsections":[{"section":"delete-collection-job-v1-batch","subsections":[]},{"section":"delete-job-v1-batch","subsections":[]},{"section":"replace-job-v1-batch","subsections":[]},{"section":"patch-job-v1-batch","subsections":[]},{"section":"create-job-v1-batch","subsections":[]}]}]},{"section":"deployment-v1-apps","subsections":[{"section":"-strong-misc-operations-deployment-v1-apps-strong-","subsections":[{"section":"patch-scale-deployment-v1-apps","subsections":[]},{"section":"replace-scale-deployment-v1-apps","subsections":[]},{"section":"read-scale-deployment-v1-apps","subsections":[]}]},{"section":"-strong-status-operations-deployment-v1-apps-strong-","subsections":[{"section":"replace-status-deployment-v1-apps","subsections":[]},{"section":"read-status-deployment-v1-apps","subsections":[]},{"section":"patch-status-deployment-v1-apps","subsections":[]}]},{"section":"-strong-read-operations-deployment-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-deployment-v1-apps","subsections":[]},{"section":"watch-list-deployment-v1-apps","subsections":[]},{"section":"watch-deployment-v1-apps","subsections":[]},{"section":"list-all-namespaces-deployment-v1-apps","subsections":[]},{"section":"list-deployment-v1-apps","subsections":[]},{"section":"read-deployment-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-deployment-v1-apps-strong-","subsections":[{"section":"delete-collection-deployment-v1-apps","subsections":[]},{"section":"delete-deployment-v1-apps","subsections":[]},{"section":"replace-deployment-v1-apps","subsections":[]},{"section":"patch-deployment-v1-apps","subsections":[]},{"section":"create-deployment-v1-apps","subsections":[]}]}]},{"section":"daemonset-v1-apps","subsections":[{"section":"-strong-status-operations-daemonset-v1-apps-strong-","subsections":[{"section":"replace-status-daemonset-v1-apps","subsections":[]},{"section":"read-status-daemonset-v1-apps","subsections":[]},{"section":"patch-status-daemonset-v1-apps","subsections":[]}]},{"section":"-strong-read-operations-daemonset-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-daemonset-v1-apps","subsections":[]},{"section":"watch-list-daemonset-v1-apps","subsections":[]},{"section":"watch-daemonset-v1-apps","subsections":[]},{"section":"list-all-namespaces-daemonset-v1-apps","subsections":[]},{"section":"list-daemonset-v1-apps","subsections":[]},{"section":"read-daemonset-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-daemonset-v1-apps-strong-","subsections":[{"section":"delete-collection-daemonset-v1-apps","subsections":[]},{"section":"delete-daemonset-v1-apps","subsections":[]},{"section":"replace-daemonset-v1-apps","subsections":[]},{"section":"patch-daemonset-v1-apps","subsections":[]},{"section":"create-daemonset-v1-apps","subsections":[]}]}]},{"section":"cronjob-v1beta1-batch","subsections":[{"section":"-strong-status-operations-cronjob-v1beta1-batch-strong-","subsections":[{"section":"replace-status-cronjob-v1beta1-batch","subsections":[]},{"section":"read-status-cronjob-v1beta1-batch","subsections":[]},{"section":"patch-status-cronjob-v1beta1-batch","subsections":[]}]},{"section":"-strong-read-operations-cronjob-v1beta1-batch-strong-","subsections":[{"section":"watch-list-all-namespaces-cronjob-v1beta1-batch","subsections":[]},{"section":"watch-list-cronjob-v1beta1-batch","subsections":[]},{"section":"watch-cronjob-v1beta1-batch","subsections":[]},{"section":"list-all-namespaces-cronjob-v1beta1-batch","subsections":[]},{"section":"list-cronjob-v1beta1-batch","subsections":[]},{"section":"read-cronjob-v1beta1-batch","subsections":[]}]},{"section":"-strong-write-operations-cronjob-v1beta1-batch-strong-","subsections":[{"section":"delete-collection-cronjob-v1beta1-batch","subsections":[]},{"section":"delete-cronjob-v1beta1-batch","subsections":[]},{"section":"replace-cronjob-v1beta1-batch","subsections":[]},{"section":"patch-cronjob-v1beta1-batch","subsections":[]},{"section":"create-cronjob-v1beta1-batch","subsections":[]}]}]},{"section":"container-v1-core","subsections":[]},{"section":"-strong-workloads-apis-strong-","subsections":[]},{"section":"-strong-api-groups-strong-","subsections":[]},{"section":"-strong-api-overview-strong-","subsections":[]}],"flatToc":["webhookclientconfig-v1beta1-apiextensions-k8s-io","webhookclientconfig-v1beta1-admissionregistration-k8s-io","webhookclientconfig-v1-apiextensions-k8s-io","volumenoderesources-v1beta1-storage-k8s-io","volumeerror-v1alpha1-storage-k8s-io","volumeerror-v1beta1-storage-k8s-io","volumeattachmentsource-v1alpha1-storage-k8s-io","volumeattachmentsource-v1beta1-storage-k8s-io","watch-list-volumeattachment-v1alpha1-storage-k8s-io","watch-volumeattachment-v1alpha1-storage-k8s-io","list-volumeattachment-v1alpha1-storage-k8s-io","read-volumeattachment-v1alpha1-storage-k8s-io","-strong-read-operations-volumeattachment-v1alpha1-storage-k8s-io-strong-","delete-collection-volumeattachment-v1alpha1-storage-k8s-io","delete-volumeattachment-v1alpha1-storage-k8s-io","replace-volumeattachment-v1alpha1-storage-k8s-io","patch-volumeattachment-v1alpha1-storage-k8s-io","create-volumeattachment-v1alpha1-storage-k8s-io","-strong-write-operations-volumeattachment-v1alpha1-storage-k8s-io-strong-","volumeattachment-v1alpha1-storage-k8s-io","watch-list-volumeattachment-v1beta1-storage-k8s-io","watch-volumeattachment-v1beta1-storage-k8s-io","list-volumeattachment-v1beta1-storage-k8s-io","read-volumeattachment-v1beta1-storage-k8s-io","-strong-read-operations-volumeattachment-v1beta1-storage-k8s-io-strong-","delete-collection-volumeattachment-v1beta1-storage-k8s-io","delete-volumeattachment-v1beta1-storage-k8s-io","replace-volumeattachment-v1beta1-storage-k8s-io","patch-volumeattachment-v1beta1-storage-k8s-io","create-volumeattachment-v1beta1-storage-k8s-io","-strong-write-operations-volumeattachment-v1beta1-storage-k8s-io-strong-","volumeattachment-v1beta1-storage-k8s-io","watch-list-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","watch-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","list-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","read-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","-strong-read-operations-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","delete-collection-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","delete-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","replace-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","patch-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","create-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","-strong-write-operations-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","validatingwebhook-v1beta1-admissionregistration-k8s-io","usersubject-v1alpha1-flowcontrol-apiserver-k8s-io","userinfo-v1beta1-authentication-k8s-io","create-tokenreview-v1beta1-authentication-k8s-io","-strong-write-operations-tokenreview-v1beta1-authentication-k8s-io-strong-","tokenreview-v1beta1-authentication-k8s-io","tokenrequest-v1beta1-storage-k8s-io","tokenrequest-v1-storage-k8s-io","subjectrulesreviewstatus-v1beta1-authorization-k8s-io","create-subjectaccessreview-v1beta1-authorization-k8s-io","-strong-write-operations-subjectaccessreview-v1beta1-authorization-k8s-io-strong-","subjectaccessreview-v1beta1-authorization-k8s-io","subject-v1alpha1-rbac-authorization-k8s-io","subject-v1alpha1-flowcontrol-apiserver-k8s-io","subject-v1beta1-rbac-authorization-k8s-io","subject-v1-rbac-authorization-k8s-io","watch-list-storageclass-v1beta1-storage-k8s-io","watch-storageclass-v1beta1-storage-k8s-io","list-storageclass-v1beta1-storage-k8s-io","read-storageclass-v1beta1-storage-k8s-io","-strong-read-operations-storageclass-v1beta1-storage-k8s-io-strong-","delete-collection-storageclass-v1beta1-storage-k8s-io","delete-storageclass-v1beta1-storage-k8s-io","replace-storageclass-v1beta1-storage-k8s-io","patch-storageclass-v1beta1-storage-k8s-io","create-storageclass-v1beta1-storage-k8s-io","-strong-write-operations-storageclass-v1beta1-storage-k8s-io-strong-","storageclass-v1beta1-storage-k8s-io","servicereference-v1beta1-apiregistration-k8s-io","servicereference-v1beta1-apiextensions-k8s-io","servicereference-v1beta1-admissionregistration-k8s-io","servicereference-v1-apiregistration-k8s-io","servicereference-v1-apiextensions-k8s-io","serviceaccountsubject-v1alpha1-flowcontrol-apiserver-k8s-io","create-selfsubjectrulesreview-v1beta1-authorization-k8s-io","-strong-write-operations-selfsubjectrulesreview-v1beta1-authorization-k8s-io-strong-","selfsubjectrulesreview-v1beta1-authorization-k8s-io","create-selfsubjectaccessreview-v1beta1-authorization-k8s-io","-strong-write-operations-selfsubjectaccessreview-v1beta1-authorization-k8s-io-strong-","selfsubjectaccessreview-v1beta1-authorization-k8s-io","scheduling-v1alpha1-node-k8s-io","scheduling-v1beta1-node-k8s-io","watch-list-runtimeclass-v1alpha1-node-k8s-io","watch-runtimeclass-v1alpha1-node-k8s-io","list-runtimeclass-v1alpha1-node-k8s-io","read-runtimeclass-v1alpha1-node-k8s-io","-strong-read-operations-runtimeclass-v1alpha1-node-k8s-io-strong-","delete-collection-runtimeclass-v1alpha1-node-k8s-io","delete-runtimeclass-v1alpha1-node-k8s-io","replace-runtimeclass-v1alpha1-node-k8s-io","patch-runtimeclass-v1alpha1-node-k8s-io","create-runtimeclass-v1alpha1-node-k8s-io","-strong-write-operations-runtimeclass-v1alpha1-node-k8s-io-strong-","runtimeclass-v1alpha1-node-k8s-io","watch-list-runtimeclass-v1beta1-node-k8s-io","watch-runtimeclass-v1beta1-node-k8s-io","list-runtimeclass-v1beta1-node-k8s-io","read-runtimeclass-v1beta1-node-k8s-io","-strong-read-operations-runtimeclass-v1beta1-node-k8s-io-strong-","delete-collection-runtimeclass-v1beta1-node-k8s-io","delete-runtimeclass-v1beta1-node-k8s-io","replace-runtimeclass-v1beta1-node-k8s-io","patch-runtimeclass-v1beta1-node-k8s-io","create-runtimeclass-v1beta1-node-k8s-io","-strong-write-operations-runtimeclass-v1beta1-node-k8s-io-strong-","runtimeclass-v1beta1-node-k8s-io","rulewithoperations-v1beta1-admissionregistration-k8s-io","roleref-v1alpha1-rbac-authorization-k8s-io","roleref-v1beta1-rbac-authorization-k8s-io","watch-list-all-namespaces-rolebinding-v1alpha1-rbac-authorization-k8s-io","watch-list-rolebinding-v1alpha1-rbac-authorization-k8s-io","watch-rolebinding-v1alpha1-rbac-authorization-k8s-io","list-all-namespaces-rolebinding-v1alpha1-rbac-authorization-k8s-io","list-rolebinding-v1alpha1-rbac-authorization-k8s-io","read-rolebinding-v1alpha1-rbac-authorization-k8s-io","-strong-read-operations-rolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","delete-collection-rolebinding-v1alpha1-rbac-authorization-k8s-io","delete-rolebinding-v1alpha1-rbac-authorization-k8s-io","replace-rolebinding-v1alpha1-rbac-authorization-k8s-io","patch-rolebinding-v1alpha1-rbac-authorization-k8s-io","create-rolebinding-v1alpha1-rbac-authorization-k8s-io","-strong-write-operations-rolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","rolebinding-v1alpha1-rbac-authorization-k8s-io","watch-list-all-namespaces-rolebinding-v1beta1-rbac-authorization-k8s-io","watch-list-rolebinding-v1beta1-rbac-authorization-k8s-io","watch-rolebinding-v1beta1-rbac-authorization-k8s-io","list-all-namespaces-rolebinding-v1beta1-rbac-authorization-k8s-io","list-rolebinding-v1beta1-rbac-authorization-k8s-io","read-rolebinding-v1beta1-rbac-authorization-k8s-io","-strong-read-operations-rolebinding-v1beta1-rbac-authorization-k8s-io-strong-","delete-collection-rolebinding-v1beta1-rbac-authorization-k8s-io","delete-rolebinding-v1beta1-rbac-authorization-k8s-io","replace-rolebinding-v1beta1-rbac-authorization-k8s-io","patch-rolebinding-v1beta1-rbac-authorization-k8s-io","create-rolebinding-v1beta1-rbac-authorization-k8s-io","-strong-write-operations-rolebinding-v1beta1-rbac-authorization-k8s-io-strong-","rolebinding-v1beta1-rbac-authorization-k8s-io","watch-list-all-namespaces-role-v1alpha1-rbac-authorization-k8s-io","watch-list-role-v1alpha1-rbac-authorization-k8s-io","watch-role-v1alpha1-rbac-authorization-k8s-io","list-all-namespaces-role-v1alpha1-rbac-authorization-k8s-io","list-role-v1alpha1-rbac-authorization-k8s-io","read-role-v1alpha1-rbac-authorization-k8s-io","-strong-read-operations-role-v1alpha1-rbac-authorization-k8s-io-strong-","delete-collection-role-v1alpha1-rbac-authorization-k8s-io","delete-role-v1alpha1-rbac-authorization-k8s-io","replace-role-v1alpha1-rbac-authorization-k8s-io","patch-role-v1alpha1-rbac-authorization-k8s-io","create-role-v1alpha1-rbac-authorization-k8s-io","-strong-write-operations-role-v1alpha1-rbac-authorization-k8s-io-strong-","role-v1alpha1-rbac-authorization-k8s-io","watch-list-all-namespaces-role-v1beta1-rbac-authorization-k8s-io","watch-list-role-v1beta1-rbac-authorization-k8s-io","watch-role-v1beta1-rbac-authorization-k8s-io","list-all-namespaces-role-v1beta1-rbac-authorization-k8s-io","list-role-v1beta1-rbac-authorization-k8s-io","read-role-v1beta1-rbac-authorization-k8s-io","-strong-read-operations-role-v1beta1-rbac-authorization-k8s-io-strong-","delete-collection-role-v1beta1-rbac-authorization-k8s-io","delete-role-v1beta1-rbac-authorization-k8s-io","replace-role-v1beta1-rbac-authorization-k8s-io","patch-role-v1beta1-rbac-authorization-k8s-io","create-role-v1beta1-rbac-authorization-k8s-io","-strong-write-operations-role-v1beta1-rbac-authorization-k8s-io-strong-","role-v1beta1-rbac-authorization-k8s-io","resourcerule-v1beta1-authorization-k8s-io","resourcepolicyrule-v1alpha1-flowcontrol-apiserver-k8s-io","resourcemetricstatus-v2beta1-autoscaling","resourcemetricsource-v2beta1-autoscaling","resourceattributes-v1beta1-authorization-k8s-io","queuingconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","prioritylevelconfigurationreference-v1alpha1-flowcontrol-apiserver-k8s-io","prioritylevelconfigurationcondition-v1alpha1-flowcontrol-apiserver-k8s-io","replace-status-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","read-status-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","patch-status-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","-strong-status-operations-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","watch-list-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","watch-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","list-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","read-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","-strong-read-operations-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","delete-collection-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","delete-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","replace-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","patch-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","create-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","-strong-write-operations-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","watch-list-priorityclass-v1alpha1-scheduling-k8s-io","watch-priorityclass-v1alpha1-scheduling-k8s-io","list-priorityclass-v1alpha1-scheduling-k8s-io","read-priorityclass-v1alpha1-scheduling-k8s-io","-strong-read-operations-priorityclass-v1alpha1-scheduling-k8s-io-strong-","delete-collection-priorityclass-v1alpha1-scheduling-k8s-io","delete-priorityclass-v1alpha1-scheduling-k8s-io","replace-priorityclass-v1alpha1-scheduling-k8s-io","patch-priorityclass-v1alpha1-scheduling-k8s-io","create-priorityclass-v1alpha1-scheduling-k8s-io","-strong-write-operations-priorityclass-v1alpha1-scheduling-k8s-io-strong-","priorityclass-v1alpha1-scheduling-k8s-io","watch-list-priorityclass-v1beta1-scheduling-k8s-io","watch-priorityclass-v1beta1-scheduling-k8s-io","list-priorityclass-v1beta1-scheduling-k8s-io","read-priorityclass-v1beta1-scheduling-k8s-io","-strong-read-operations-priorityclass-v1beta1-scheduling-k8s-io-strong-","delete-collection-priorityclass-v1beta1-scheduling-k8s-io","delete-priorityclass-v1beta1-scheduling-k8s-io","replace-priorityclass-v1beta1-scheduling-k8s-io","patch-priorityclass-v1beta1-scheduling-k8s-io","create-priorityclass-v1beta1-scheduling-k8s-io","-strong-write-operations-priorityclass-v1beta1-scheduling-k8s-io-strong-","priorityclass-v1beta1-scheduling-k8s-io","policyruleswithsubjects-v1alpha1-flowcontrol-apiserver-k8s-io","policyrule-v1alpha1-rbac-authorization-k8s-io","policyrule-v1beta1-rbac-authorization-k8s-io","podsmetricstatus-v2beta1-autoscaling","podsmetricsource-v2beta1-autoscaling","overhead-v1alpha1-node-k8s-io","overhead-v1beta1-node-k8s-io","objectmetricstatus-v2beta1-autoscaling","objectmetricsource-v2beta1-autoscaling","nonresourcerule-v1beta1-authorization-k8s-io","nonresourcepolicyrule-v1alpha1-flowcontrol-apiserver-k8s-io","nonresourceattributes-v1beta1-authorization-k8s-io","watch-list-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","watch-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","list-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","read-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","-strong-read-operations-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","delete-collection-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","delete-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","replace-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","patch-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","create-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","-strong-write-operations-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","mutatingwebhook-v1beta1-admissionregistration-k8s-io","metricstatus-v2beta1-autoscaling","metricspec-v2beta1-autoscaling","create-localsubjectaccessreview-v1beta1-authorization-k8s-io","-strong-write-operations-localsubjectaccessreview-v1beta1-authorization-k8s-io-strong-","localsubjectaccessreview-v1beta1-authorization-k8s-io","limitedprioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","limitresponse-v1alpha1-flowcontrol-apiserver-k8s-io","watch-list-all-namespaces-lease-v1beta1-coordination-k8s-io","watch-list-lease-v1beta1-coordination-k8s-io","watch-lease-v1beta1-coordination-k8s-io","list-all-namespaces-lease-v1beta1-coordination-k8s-io","list-lease-v1beta1-coordination-k8s-io","read-lease-v1beta1-coordination-k8s-io","-strong-read-operations-lease-v1beta1-coordination-k8s-io-strong-","delete-collection-lease-v1beta1-coordination-k8s-io","delete-lease-v1beta1-coordination-k8s-io","replace-lease-v1beta1-coordination-k8s-io","patch-lease-v1beta1-coordination-k8s-io","create-lease-v1beta1-coordination-k8s-io","-strong-write-operations-lease-v1beta1-coordination-k8s-io-strong-","lease-v1beta1-coordination-k8s-io","jobtemplatespec-v2alpha1-batch","jsonschemapropsorbool-v1beta1-apiextensions-k8s-io","jsonschemapropsorarray-v1beta1-apiextensions-k8s-io","jsonschemaprops-v1beta1-apiextensions-k8s-io","json-v1beta1-apiextensions-k8s-io","ingresstls-v1beta1-networking-k8s-io","ingresstls-v1beta1-extensions","ingressrule-v1beta1-networking-k8s-io","ingressrule-v1beta1-extensions","watch-list-ingressclass-v1beta1-networking-k8s-io","watch-ingressclass-v1beta1-networking-k8s-io","list-ingressclass-v1beta1-networking-k8s-io","read-ingressclass-v1beta1-networking-k8s-io","-strong-read-operations-ingressclass-v1beta1-networking-k8s-io-strong-","delete-collection-ingressclass-v1beta1-networking-k8s-io","delete-ingressclass-v1beta1-networking-k8s-io","replace-ingressclass-v1beta1-networking-k8s-io","patch-ingressclass-v1beta1-networking-k8s-io","create-ingressclass-v1beta1-networking-k8s-io","-strong-write-operations-ingressclass-v1beta1-networking-k8s-io-strong-","ingressclass-v1beta1-networking-k8s-io","ingressbackend-v1beta1-networking-k8s-io","ingressbackend-v1beta1-extensions","replace-status-ingress-v1beta1-networking-k8s-io","read-status-ingress-v1beta1-networking-k8s-io","patch-status-ingress-v1beta1-networking-k8s-io","-strong-status-operations-ingress-v1beta1-networking-k8s-io-strong-","watch-list-all-namespaces-ingress-v1beta1-networking-k8s-io","watch-list-ingress-v1beta1-networking-k8s-io","watch-ingress-v1beta1-networking-k8s-io","list-all-namespaces-ingress-v1beta1-networking-k8s-io","list-ingress-v1beta1-networking-k8s-io","read-ingress-v1beta1-networking-k8s-io","-strong-read-operations-ingress-v1beta1-networking-k8s-io-strong-","delete-collection-ingress-v1beta1-networking-k8s-io","delete-ingress-v1beta1-networking-k8s-io","replace-ingress-v1beta1-networking-k8s-io","patch-ingress-v1beta1-networking-k8s-io","create-ingress-v1beta1-networking-k8s-io","-strong-write-operations-ingress-v1beta1-networking-k8s-io-strong-","ingress-v1beta1-networking-k8s-io","replace-status-ingress-v1beta1-extensions","read-status-ingress-v1beta1-extensions","patch-status-ingress-v1beta1-extensions","-strong-status-operations-ingress-v1beta1-extensions-strong-","watch-list-all-namespaces-ingress-v1beta1-extensions","watch-list-ingress-v1beta1-extensions","watch-ingress-v1beta1-extensions","list-all-namespaces-ingress-v1beta1-extensions","list-ingress-v1beta1-extensions","read-ingress-v1beta1-extensions","-strong-read-operations-ingress-v1beta1-extensions-strong-","delete-collection-ingress-v1beta1-extensions","delete-ingress-v1beta1-extensions","replace-ingress-v1beta1-extensions","patch-ingress-v1beta1-extensions","create-ingress-v1beta1-extensions","-strong-write-operations-ingress-v1beta1-extensions-strong-","ingress-v1beta1-extensions","horizontalpodautoscalercondition-v2beta1-autoscaling","replace-status-horizontalpodautoscaler-v2beta1-autoscaling","read-status-horizontalpodautoscaler-v2beta1-autoscaling","patch-status-horizontalpodautoscaler-v2beta1-autoscaling","-strong-status-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","watch-list-all-namespaces-horizontalpodautoscaler-v2beta1-autoscaling","watch-list-horizontalpodautoscaler-v2beta1-autoscaling","watch-horizontalpodautoscaler-v2beta1-autoscaling","list-all-namespaces-horizontalpodautoscaler-v2beta1-autoscaling","list-horizontalpodautoscaler-v2beta1-autoscaling","read-horizontalpodautoscaler-v2beta1-autoscaling","-strong-read-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","delete-collection-horizontalpodautoscaler-v2beta1-autoscaling","delete-horizontalpodautoscaler-v2beta1-autoscaling","replace-horizontalpodautoscaler-v2beta1-autoscaling","patch-horizontalpodautoscaler-v2beta1-autoscaling","create-horizontalpodautoscaler-v2beta1-autoscaling","-strong-write-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","horizontalpodautoscaler-v2beta1-autoscaling","replace-status-horizontalpodautoscaler-v2beta2-autoscaling","read-status-horizontalpodautoscaler-v2beta2-autoscaling","patch-status-horizontalpodautoscaler-v2beta2-autoscaling","-strong-status-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","watch-list-all-namespaces-horizontalpodautoscaler-v2beta2-autoscaling","watch-list-horizontalpodautoscaler-v2beta2-autoscaling","watch-horizontalpodautoscaler-v2beta2-autoscaling","list-all-namespaces-horizontalpodautoscaler-v2beta2-autoscaling","list-horizontalpodautoscaler-v2beta2-autoscaling","read-horizontalpodautoscaler-v2beta2-autoscaling","-strong-read-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","delete-collection-horizontalpodautoscaler-v2beta2-autoscaling","delete-horizontalpodautoscaler-v2beta2-autoscaling","replace-horizontalpodautoscaler-v2beta2-autoscaling","patch-horizontalpodautoscaler-v2beta2-autoscaling","create-horizontalpodautoscaler-v2beta2-autoscaling","-strong-write-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","horizontalpodautoscaler-v2beta2-autoscaling","httpingressrulevalue-v1beta1-networking-k8s-io","httpingressrulevalue-v1beta1-extensions","httpingresspath-v1beta1-networking-k8s-io","httpingresspath-v1beta1-extensions","groupsubject-v1alpha1-flowcontrol-apiserver-k8s-io","flowschemacondition-v1alpha1-flowcontrol-apiserver-k8s-io","replace-status-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","read-status-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","patch-status-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","-strong-status-operations-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","watch-list-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","watch-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","list-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","read-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","-strong-read-operations-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","delete-collection-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","delete-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","replace-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","patch-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","create-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","-strong-write-operations-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","flowdistinguishermethod-v1alpha1-flowcontrol-apiserver-k8s-io","externalmetricstatus-v2beta1-autoscaling","externalmetricsource-v2beta1-autoscaling","externaldocumentation-v1beta1-apiextensions-k8s-io","eventseries-v1beta1-events-k8s-io","eventseries-v1-events-k8s-io","watch-list-all-namespaces-event-v1beta1-events-k8s-io","watch-list-event-v1beta1-events-k8s-io","watch-event-v1beta1-events-k8s-io","list-all-namespaces-event-v1beta1-events-k8s-io","list-event-v1beta1-events-k8s-io","read-event-v1beta1-events-k8s-io","-strong-read-operations-event-v1beta1-events-k8s-io-strong-","delete-collection-event-v1beta1-events-k8s-io","delete-event-v1beta1-events-k8s-io","replace-event-v1beta1-events-k8s-io","patch-event-v1beta1-events-k8s-io","create-event-v1beta1-events-k8s-io","-strong-write-operations-event-v1beta1-events-k8s-io-strong-","event-v1beta1-events-k8s-io","watch-list-all-namespaces-event-v1-events-k8s-io","watch-list-event-v1-events-k8s-io","watch-event-v1-events-k8s-io","list-all-namespaces-event-v1-events-k8s-io","list-event-v1-events-k8s-io","read-event-v1-events-k8s-io","-strong-read-operations-event-v1-events-k8s-io-strong-","delete-collection-event-v1-events-k8s-io","delete-event-v1-events-k8s-io","replace-event-v1-events-k8s-io","patch-event-v1-events-k8s-io","create-event-v1-events-k8s-io","-strong-write-operations-event-v1-events-k8s-io-strong-","event-v1-events-k8s-io","endpointport-v1beta1-discovery-k8s-io","customresourcevalidation-v1beta1-apiextensions-k8s-io","customresourcesubresources-v1beta1-apiextensions-k8s-io","customresourcesubresourcestatus-v1beta1-apiextensions-k8s-io","customresourcesubresourcescale-v1beta1-apiextensions-k8s-io","customresourcedefinitionversion-v1beta1-apiextensions-k8s-io","customresourcedefinitionnames-v1beta1-apiextensions-k8s-io","customresourcedefinitioncondition-v1beta1-apiextensions-k8s-io","replace-status-customresourcedefinition-v1beta1-apiextensions-k8s-io","read-status-customresourcedefinition-v1beta1-apiextensions-k8s-io","patch-status-customresourcedefinition-v1beta1-apiextensions-k8s-io","-strong-status-operations-customresourcedefinition-v1beta1-apiextensions-k8s-io-strong-","watch-list-customresourcedefinition-v1beta1-apiextensions-k8s-io","watch-customresourcedefinition-v1beta1-apiextensions-k8s-io","list-customresourcedefinition-v1beta1-apiextensions-k8s-io","read-customresourcedefinition-v1beta1-apiextensions-k8s-io","-strong-read-operations-customresourcedefinition-v1beta1-apiextensions-k8s-io-strong-","delete-collection-customresourcedefinition-v1beta1-apiextensions-k8s-io","delete-customresourcedefinition-v1beta1-apiextensions-k8s-io","replace-customresourcedefinition-v1beta1-apiextensions-k8s-io","patch-customresourcedefinition-v1beta1-apiextensions-k8s-io","create-customresourcedefinition-v1beta1-apiextensions-k8s-io","-strong-write-operations-customresourcedefinition-v1beta1-apiextensions-k8s-io-strong-","customresourcedefinition-v1beta1-apiextensions-k8s-io","customresourceconversion-v1beta1-apiextensions-k8s-io","customresourcecolumndefinition-v1beta1-apiextensions-k8s-io","crossversionobjectreference-v2beta1-autoscaling","crossversionobjectreference-v2beta2-autoscaling","replace-status-cronjob-v2alpha1-batch","read-status-cronjob-v2alpha1-batch","patch-status-cronjob-v2alpha1-batch","-strong-status-operations-cronjob-v2alpha1-batch-strong-","watch-list-all-namespaces-cronjob-v2alpha1-batch","watch-list-cronjob-v2alpha1-batch","watch-cronjob-v2alpha1-batch","list-all-namespaces-cronjob-v2alpha1-batch","list-cronjob-v2alpha1-batch","read-cronjob-v2alpha1-batch","-strong-read-operations-cronjob-v2alpha1-batch-strong-","delete-collection-cronjob-v2alpha1-batch","delete-cronjob-v2alpha1-batch","replace-cronjob-v2alpha1-batch","patch-cronjob-v2alpha1-batch","create-cronjob-v2alpha1-batch","-strong-write-operations-cronjob-v2alpha1-batch-strong-","cronjob-v2alpha1-batch","containerresourcemetricstatus-v2beta1-autoscaling","containerresourcemetricsource-v2beta1-autoscaling","watch-list-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","watch-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","list-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","read-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","-strong-read-operations-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","delete-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","replace-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","patch-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","create-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","-strong-write-operations-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","watch-list-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","watch-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","list-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","read-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","-strong-read-operations-clusterrolebinding-v1beta1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","delete-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","replace-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","patch-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","create-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","-strong-write-operations-clusterrolebinding-v1beta1-rbac-authorization-k8s-io-strong-","clusterrolebinding-v1beta1-rbac-authorization-k8s-io","watch-list-clusterrole-v1alpha1-rbac-authorization-k8s-io","watch-clusterrole-v1alpha1-rbac-authorization-k8s-io","list-clusterrole-v1alpha1-rbac-authorization-k8s-io","read-clusterrole-v1alpha1-rbac-authorization-k8s-io","-strong-read-operations-clusterrole-v1alpha1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrole-v1alpha1-rbac-authorization-k8s-io","delete-clusterrole-v1alpha1-rbac-authorization-k8s-io","replace-clusterrole-v1alpha1-rbac-authorization-k8s-io","patch-clusterrole-v1alpha1-rbac-authorization-k8s-io","create-clusterrole-v1alpha1-rbac-authorization-k8s-io","-strong-write-operations-clusterrole-v1alpha1-rbac-authorization-k8s-io-strong-","clusterrole-v1alpha1-rbac-authorization-k8s-io","watch-list-clusterrole-v1beta1-rbac-authorization-k8s-io","watch-clusterrole-v1beta1-rbac-authorization-k8s-io","list-clusterrole-v1beta1-rbac-authorization-k8s-io","read-clusterrole-v1beta1-rbac-authorization-k8s-io","-strong-read-operations-clusterrole-v1beta1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrole-v1beta1-rbac-authorization-k8s-io","delete-clusterrole-v1beta1-rbac-authorization-k8s-io","replace-clusterrole-v1beta1-rbac-authorization-k8s-io","patch-clusterrole-v1beta1-rbac-authorization-k8s-io","create-clusterrole-v1beta1-rbac-authorization-k8s-io","-strong-write-operations-clusterrole-v1beta1-rbac-authorization-k8s-io-strong-","clusterrole-v1beta1-rbac-authorization-k8s-io","certificatesigningrequestcondition-v1beta1-certificates-k8s-io","replace-status-certificatesigningrequest-v1beta1-certificates-k8s-io","read-status-certificatesigningrequest-v1beta1-certificates-k8s-io","patch-status-certificatesigningrequest-v1beta1-certificates-k8s-io","-strong-status-operations-certificatesigningrequest-v1beta1-certificates-k8s-io-strong-","watch-list-certificatesigningrequest-v1beta1-certificates-k8s-io","watch-certificatesigningrequest-v1beta1-certificates-k8s-io","list-certificatesigningrequest-v1beta1-certificates-k8s-io","read-certificatesigningrequest-v1beta1-certificates-k8s-io","-strong-read-operations-certificatesigningrequest-v1beta1-certificates-k8s-io-strong-","delete-collection-certificatesigningrequest-v1beta1-certificates-k8s-io","delete-certificatesigningrequest-v1beta1-certificates-k8s-io","replace-certificatesigningrequest-v1beta1-certificates-k8s-io","patch-certificatesigningrequest-v1beta1-certificates-k8s-io","create-certificatesigningrequest-v1beta1-certificates-k8s-io","-strong-write-operations-certificatesigningrequest-v1beta1-certificates-k8s-io-strong-","certificatesigningrequest-v1beta1-certificates-k8s-io","csinodedriver-v1beta1-storage-k8s-io","watch-list-csinode-v1beta1-storage-k8s-io","watch-csinode-v1beta1-storage-k8s-io","list-csinode-v1beta1-storage-k8s-io","read-csinode-v1beta1-storage-k8s-io","-strong-read-operations-csinode-v1beta1-storage-k8s-io-strong-","delete-collection-csinode-v1beta1-storage-k8s-io","delete-csinode-v1beta1-storage-k8s-io","replace-csinode-v1beta1-storage-k8s-io","patch-csinode-v1beta1-storage-k8s-io","create-csinode-v1beta1-storage-k8s-io","-strong-write-operations-csinode-v1beta1-storage-k8s-io-strong-","csinode-v1beta1-storage-k8s-io","watch-list-csidriver-v1beta1-storage-k8s-io","watch-csidriver-v1beta1-storage-k8s-io","list-csidriver-v1beta1-storage-k8s-io","read-csidriver-v1beta1-storage-k8s-io","-strong-read-operations-csidriver-v1beta1-storage-k8s-io-strong-","delete-collection-csidriver-v1beta1-storage-k8s-io","delete-csidriver-v1beta1-storage-k8s-io","replace-csidriver-v1beta1-storage-k8s-io","patch-csidriver-v1beta1-storage-k8s-io","create-csidriver-v1beta1-storage-k8s-io","-strong-write-operations-csidriver-v1beta1-storage-k8s-io-strong-","csidriver-v1beta1-storage-k8s-io","aggregationrule-v1alpha1-rbac-authorization-k8s-io","aggregationrule-v1beta1-rbac-authorization-k8s-io","apiservicecondition-v1beta1-apiregistration-k8s-io","replace-status-apiservice-v1beta1-apiregistration-k8s-io","read-status-apiservice-v1beta1-apiregistration-k8s-io","patch-status-apiservice-v1beta1-apiregistration-k8s-io","-strong-status-operations-apiservice-v1beta1-apiregistration-k8s-io-strong-","watch-list-apiservice-v1beta1-apiregistration-k8s-io","watch-apiservice-v1beta1-apiregistration-k8s-io","list-apiservice-v1beta1-apiregistration-k8s-io","read-apiservice-v1beta1-apiregistration-k8s-io","-strong-read-operations-apiservice-v1beta1-apiregistration-k8s-io-strong-","delete-collection-apiservice-v1beta1-apiregistration-k8s-io","delete-apiservice-v1beta1-apiregistration-k8s-io","replace-apiservice-v1beta1-apiregistration-k8s-io","patch-apiservice-v1beta1-apiregistration-k8s-io","create-apiservice-v1beta1-apiregistration-k8s-io","-strong-write-operations-apiservice-v1beta1-apiregistration-k8s-io-strong-","apiservice-v1beta1-apiregistration-k8s-io","-strong-old-api-versions-strong-","windowssecuritycontextoptions-v1-core","weightedpodaffinityterm-v1-core","webhookconversion-v1-apiextensions-k8s-io","webhookclientconfig-v1-admissionregistration-k8s-io","watchevent-v1-meta","vspherevirtualdiskvolumesource-v1-core","volumeprojection-v1-core","volumenoderesources-v1-storage-k8s-io","volumenodeaffinity-v1-core","volumemount-v1-core","volumeerror-v1-storage-k8s-io","volumedevice-v1-core","volumeattachmentsource-v1-storage-k8s-io","validatingwebhook-v1-admissionregistration-k8s-io","usersubject-v1beta1-flowcontrol-apiserver-k8s-io","userinfo-v1-authentication-k8s-io","typedlocalobjectreference-v1-core","topologyspreadconstraint-v1-core","topologyselectorterm-v1-core","topologyselectorlabelrequirement-v1-core","toleration-v1-core","time-v1-meta","taint-v1-core","tcpsocketaction-v1-core","sysctl-v1-core","supplementalgroupsstrategyoptions-v1beta1-policy","subjectrulesreviewstatus-v1-authorization-k8s-io","subject-v1beta1-flowcontrol-apiserver-k8s-io","storageversioncondition-v1alpha1-internal-apiserver-k8s-io","storageosvolumesource-v1-core","storageospersistentvolumesource-v1-core","statusdetails-v1-meta","statuscause-v1-meta","status-v1-meta","statefulsetupdatestrategy-v1-apps","statefulsetcondition-v1-apps","sessionaffinityconfig-v1-core","servicereference-v1-admissionregistration-k8s-io","serviceport-v1-core","servicebackendport-v1-networking-k8s-io","serviceaccounttokenprojection-v1-core","serviceaccountsubject-v1beta1-flowcontrol-apiserver-k8s-io","serverstorageversion-v1alpha1-internal-apiserver-k8s-io","serveraddressbyclientcidr-v1-meta","securitycontext-v1-core","secretvolumesource-v1-core","secretreference-v1-core","secretprojection-v1-core","secretkeyselector-v1-core","secretenvsource-v1-core","seccompprofile-v1-core","scopedresourceselectorrequirement-v1-core","scopeselector-v1-core","scheduling-v1-node-k8s-io","scaleiovolumesource-v1-core","scaleiopersistentvolumesource-v1-core","scale-v1-autoscaling","selinuxstrategyoptions-v1beta1-policy","selinuxoptions-v1-core","runtimeclassstrategyoptions-v1beta1-policy","runasuserstrategyoptions-v1beta1-policy","runasgroupstrategyoptions-v1beta1-policy","rulewithoperations-v1-admissionregistration-k8s-io","rollingupdatestatefulsetstrategy-v1-apps","roleref-v1-rbac-authorization-k8s-io","resourcerule-v1-authorization-k8s-io","resourcerequirements-v1-core","resourcepolicyrule-v1beta1-flowcontrol-apiserver-k8s-io","resourcemetricstatus-v2beta2-autoscaling","resourcemetricsource-v2beta2-autoscaling","resourcefieldselector-v1-core","resourceattributes-v1-authorization-k8s-io","replicationcontrollercondition-v1-core","replicasetcondition-v1-apps","rbdvolumesource-v1-core","rbdpersistentvolumesource-v1-core","quobytevolumesource-v1-core","queuingconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","quantity-resource-core","projectedvolumesource-v1-core","probe-v1-core","prioritylevelconfigurationreference-v1beta1-flowcontrol-apiserver-k8s-io","prioritylevelconfigurationcondition-v1beta1-flowcontrol-apiserver-k8s-io","preferredschedulingterm-v1-core","preconditions-v1-meta","portworxvolumesource-v1-core","portstatus-v1-core","policyruleswithsubjects-v1beta1-flowcontrol-apiserver-k8s-io","policyrule-v1-rbac-authorization-k8s-io","podsmetricstatus-v2beta2-autoscaling","podsmetricsource-v2beta2-autoscaling","podsecuritycontext-v1-core","podreadinessgate-v1-core","podip-v1-core","poddnsconfigoption-v1-core","poddnsconfig-v1-core","podcondition-v1-core","podantiaffinity-v1-core","podaffinityterm-v1-core","podaffinity-v1-core","photonpersistentdiskvolumesource-v1-core","persistentvolumeclaimvolumesource-v1-core","persistentvolumeclaimtemplate-v1-core","persistentvolumeclaimcondition-v1-core","patch-v1-meta","ownerreference-v1-meta","overhead-v1-node-k8s-io","objectreference-v1-core","objectmetricstatus-v2beta2-autoscaling","objectmetricsource-v2beta2-autoscaling","objectmeta-v1-meta","objectfieldselector-v1-core","nonresourcerule-v1-authorization-k8s-io","nonresourcepolicyrule-v1beta1-flowcontrol-apiserver-k8s-io","nonresourceattributes-v1-authorization-k8s-io","nodesysteminfo-v1-core","nodeselectorterm-v1-core","nodeselectorrequirement-v1-core","nodeselector-v1-core","nodedaemonendpoints-v1-core","nodeconfigstatus-v1-core","nodeconfigsource-v1-core","nodecondition-v1-core","nodeaffinity-v1-core","nodeaddress-v1-core","networkpolicyport-v1-networking-k8s-io","networkpolicypeer-v1-networking-k8s-io","networkpolicyingressrule-v1-networking-k8s-io","networkpolicyegressrule-v1-networking-k8s-io","namespacecondition-v1-core","nfsvolumesource-v1-core","mutatingwebhook-v1-admissionregistration-k8s-io","microtime-v1-meta","metricvaluestatus-v2beta2-autoscaling","metrictarget-v2beta2-autoscaling","metricstatus-v2beta2-autoscaling","metricspec-v2beta2-autoscaling","metricidentifier-v2beta2-autoscaling","managedfieldsentry-v1-meta","localvolumesource-v1-core","localobjectreference-v1-core","loadbalancerstatus-v1-core","loadbalanceringress-v1-core","listmeta-v1-meta","limitedprioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","limitresponse-v1beta1-flowcontrol-apiserver-k8s-io","limitrangeitem-v1-core","lifecycle-v1-core","labelselectorrequirement-v1-meta","labelselector-v1-meta","keytopath-v1-core","jobtemplatespec-v1beta1-batch","jobcondition-v1-batch","jsonschemapropsorbool-v1-apiextensions-k8s-io","jsonschemapropsorarray-v1-apiextensions-k8s-io","jsonschemaprops-v1-apiextensions-k8s-io","json-v1-apiextensions-k8s-io","ingresstls-v1-networking-k8s-io","ingressservicebackend-v1-networking-k8s-io","ingressrule-v1-networking-k8s-io","ingressbackend-v1-networking-k8s-io","iscsivolumesource-v1-core","iscsipersistentvolumesource-v1-core","ipblock-v1-networking-k8s-io","idrange-v1beta1-policy","hostportrange-v1beta1-policy","hostpathvolumesource-v1-core","hostalias-v1-core","horizontalpodautoscalercondition-v2beta2-autoscaling","horizontalpodautoscalerbehavior-v2beta2-autoscaling","handler-v1-core","httpingressrulevalue-v1-networking-k8s-io","httpingresspath-v1-networking-k8s-io","httpheader-v1-core","httpgetaction-v1-core","hpascalingrules-v2beta2-autoscaling","hpascalingpolicy-v2beta2-autoscaling","groupversionfordiscovery-v1-meta","groupsubject-v1beta1-flowcontrol-apiserver-k8s-io","glusterfsvolumesource-v1-core","glusterfspersistentvolumesource-v1-core","gitrepovolumesource-v1-core","gcepersistentdiskvolumesource-v1-core","flowschemacondition-v1beta1-flowcontrol-apiserver-k8s-io","flowdistinguishermethod-v1beta1-flowcontrol-apiserver-k8s-io","flockervolumesource-v1-core","flexvolumesource-v1-core","flexpersistentvolumesource-v1-core","fieldsv1-v1-meta","fsgroupstrategyoptions-v1beta1-policy","fcvolumesource-v1-core","externalmetricstatus-v2beta2-autoscaling","externalmetricsource-v2beta2-autoscaling","externaldocumentation-v1-apiextensions-k8s-io","execaction-v1-core","eviction-v1beta1-policy","eventsource-v1-core","eventseries-v1-core","ephemeralvolumesource-v1-core","ephemeralcontainer-v1-core","envvarsource-v1-core","envvar-v1-core","envfromsource-v1-core","endpointsubset-v1-core","endpointport-v1-core","endpointconditions-v1beta1-discovery-k8s-io","endpointaddress-v1-core","endpoint-v1beta1-discovery-k8s-io","emptydirvolumesource-v1-core","downwardapivolumesource-v1-core","downwardapivolumefile-v1-core","downwardapiprojection-v1-core","deploymentcondition-v1-apps","deleteoptions-v1-meta","daemonsetupdatestrategy-v1-apps","daemonsetcondition-v1-apps","daemonendpoint-v1-core","customresourcevalidation-v1-apiextensions-k8s-io","customresourcesubresources-v1-apiextensions-k8s-io","customresourcesubresourcestatus-v1-apiextensions-k8s-io","customresourcesubresourcescale-v1-apiextensions-k8s-io","customresourcedefinitionversion-v1-apiextensions-k8s-io","customresourcedefinitionnames-v1-apiextensions-k8s-io","customresourcedefinitioncondition-v1-apiextensions-k8s-io","customresourceconversion-v1-apiextensions-k8s-io","customresourcecolumndefinition-v1-apiextensions-k8s-io","crossversionobjectreference-v1-autoscaling","containerstatewaiting-v1-core","containerstateterminated-v1-core","containerstaterunning-v1-core","containerstate-v1-core","containerresourcemetricstatus-v2beta2-autoscaling","containerresourcemetricsource-v2beta2-autoscaling","containerport-v1-core","containerimage-v1-core","configmapvolumesource-v1-core","configmapprojection-v1-core","configmapnodeconfigsource-v1-core","configmapkeyselector-v1-core","configmapenvsource-v1-core","condition-v1-meta","componentcondition-v1-core","clientipconfig-v1-core","cindervolumesource-v1-core","cinderpersistentvolumesource-v1-core","certificatesigningrequestcondition-v1-certificates-k8s-io","cephfsvolumesource-v1-core","cephfspersistentvolumesource-v1-core","capabilities-v1-core","csivolumesource-v1-core","csipersistentvolumesource-v1-core","csinodedriver-v1-storage-k8s-io","boundobjectreference-v1-authentication-k8s-io","azurefilevolumesource-v1-core","azurefilepersistentvolumesource-v1-core","azurediskvolumesource-v1-core","attachedvolume-v1-core","allowedhostpath-v1beta1-policy","allowedflexvolume-v1beta1-policy","allowedcsidriver-v1beta1-policy","aggregationrule-v1-rbac-authorization-k8s-io","affinity-v1-core","awselasticblockstorevolumesource-v1-core","apiversions-v1-meta","apiservicecondition-v1-apiregistration-k8s-io","apiresource-v1-meta","apigroup-v1-meta","-strong-definitions-strong-","watch-list-all-namespaces-networkpolicy-v1-networking-k8s-io","watch-list-networkpolicy-v1-networking-k8s-io","watch-networkpolicy-v1-networking-k8s-io","list-all-namespaces-networkpolicy-v1-networking-k8s-io","list-networkpolicy-v1-networking-k8s-io","read-networkpolicy-v1-networking-k8s-io","-strong-read-operations-networkpolicy-v1-networking-k8s-io-strong-","delete-collection-networkpolicy-v1-networking-k8s-io","delete-networkpolicy-v1-networking-k8s-io","replace-networkpolicy-v1-networking-k8s-io","patch-networkpolicy-v1-networking-k8s-io","create-networkpolicy-v1-networking-k8s-io","-strong-write-operations-networkpolicy-v1-networking-k8s-io-strong-","networkpolicy-v1-networking-k8s-io","create-tokenreview-v1-authentication-k8s-io","-strong-write-operations-tokenreview-v1-authentication-k8s-io-strong-","tokenreview-v1-authentication-k8s-io","tokenrequest-v1-authentication-k8s-io","create-subjectaccessreview-v1-authorization-k8s-io","-strong-write-operations-subjectaccessreview-v1-authorization-k8s-io-strong-","subjectaccessreview-v1-authorization-k8s-io","replace-status-storageversion-v1alpha1-internal-apiserver-k8s-io","read-status-storageversion-v1alpha1-internal-apiserver-k8s-io","patch-status-storageversion-v1alpha1-internal-apiserver-k8s-io","-strong-status-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","watch-list-storageversion-v1alpha1-internal-apiserver-k8s-io","watch-storageversion-v1alpha1-internal-apiserver-k8s-io","list-storageversion-v1alpha1-internal-apiserver-k8s-io","read-storageversion-v1alpha1-internal-apiserver-k8s-io","-strong-read-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","delete-collection-storageversion-v1alpha1-internal-apiserver-k8s-io","delete-storageversion-v1alpha1-internal-apiserver-k8s-io","replace-storageversion-v1alpha1-internal-apiserver-k8s-io","patch-storageversion-v1alpha1-internal-apiserver-k8s-io","create-storageversion-v1alpha1-internal-apiserver-k8s-io","-strong-write-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","storageversion-v1alpha1-internal-apiserver-k8s-io","watch-list-all-namespaces-serviceaccount-v1-core","watch-list-serviceaccount-v1-core","watch-serviceaccount-v1-core","list-all-namespaces-serviceaccount-v1-core","list-serviceaccount-v1-core","read-serviceaccount-v1-core","-strong-read-operations-serviceaccount-v1-core-strong-","delete-collection-serviceaccount-v1-core","delete-serviceaccount-v1-core","replace-serviceaccount-v1-core","patch-serviceaccount-v1-core","create-serviceaccount-v1-core","-strong-write-operations-serviceaccount-v1-core-strong-","serviceaccount-v1-core","create-selfsubjectrulesreview-v1-authorization-k8s-io","-strong-write-operations-selfsubjectrulesreview-v1-authorization-k8s-io-strong-","selfsubjectrulesreview-v1-authorization-k8s-io","create-selfsubjectaccessreview-v1-authorization-k8s-io","-strong-write-operations-selfsubjectaccessreview-v1-authorization-k8s-io-strong-","selfsubjectaccessreview-v1-authorization-k8s-io","watch-list-runtimeclass-v1-node-k8s-io","watch-runtimeclass-v1-node-k8s-io","list-runtimeclass-v1-node-k8s-io","read-runtimeclass-v1-node-k8s-io","-strong-read-operations-runtimeclass-v1-node-k8s-io-strong-","delete-collection-runtimeclass-v1-node-k8s-io","delete-runtimeclass-v1-node-k8s-io","replace-runtimeclass-v1-node-k8s-io","patch-runtimeclass-v1-node-k8s-io","create-runtimeclass-v1-node-k8s-io","-strong-write-operations-runtimeclass-v1-node-k8s-io-strong-","runtimeclass-v1-node-k8s-io","watch-list-all-namespaces-rolebinding-v1-rbac-authorization-k8s-io","watch-list-rolebinding-v1-rbac-authorization-k8s-io","watch-rolebinding-v1-rbac-authorization-k8s-io","list-all-namespaces-rolebinding-v1-rbac-authorization-k8s-io","list-rolebinding-v1-rbac-authorization-k8s-io","read-rolebinding-v1-rbac-authorization-k8s-io","-strong-read-operations-rolebinding-v1-rbac-authorization-k8s-io-strong-","delete-collection-rolebinding-v1-rbac-authorization-k8s-io","delete-rolebinding-v1-rbac-authorization-k8s-io","replace-rolebinding-v1-rbac-authorization-k8s-io","patch-rolebinding-v1-rbac-authorization-k8s-io","create-rolebinding-v1-rbac-authorization-k8s-io","-strong-write-operations-rolebinding-v1-rbac-authorization-k8s-io-strong-","rolebinding-v1-rbac-authorization-k8s-io","watch-list-all-namespaces-role-v1-rbac-authorization-k8s-io","watch-list-role-v1-rbac-authorization-k8s-io","watch-role-v1-rbac-authorization-k8s-io","list-all-namespaces-role-v1-rbac-authorization-k8s-io","list-role-v1-rbac-authorization-k8s-io","read-role-v1-rbac-authorization-k8s-io","-strong-read-operations-role-v1-rbac-authorization-k8s-io-strong-","delete-collection-role-v1-rbac-authorization-k8s-io","delete-role-v1-rbac-authorization-k8s-io","replace-role-v1-rbac-authorization-k8s-io","patch-role-v1-rbac-authorization-k8s-io","create-role-v1-rbac-authorization-k8s-io","-strong-write-operations-role-v1-rbac-authorization-k8s-io-strong-","role-v1-rbac-authorization-k8s-io","replace-status-resourcequota-v1-core","read-status-resourcequota-v1-core","patch-status-resourcequota-v1-core","-strong-status-operations-resourcequota-v1-core-strong-","watch-list-all-namespaces-resourcequota-v1-core","watch-list-resourcequota-v1-core","watch-resourcequota-v1-core","list-all-namespaces-resourcequota-v1-core","list-resourcequota-v1-core","read-resourcequota-v1-core","-strong-read-operations-resourcequota-v1-core-strong-","delete-collection-resourcequota-v1-core","delete-resourcequota-v1-core","replace-resourcequota-v1-core","patch-resourcequota-v1-core","create-resourcequota-v1-core","-strong-write-operations-resourcequota-v1-core-strong-","resourcequota-v1-core","replace-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","read-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","patch-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","-strong-status-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","watch-list-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","watch-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","list-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","read-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","-strong-read-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","delete-collection-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","delete-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","replace-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","patch-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","create-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","-strong-write-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","replace-status-persistentvolume-v1-core","read-status-persistentvolume-v1-core","patch-status-persistentvolume-v1-core","-strong-status-operations-persistentvolume-v1-core-strong-","watch-list-persistentvolume-v1-core","watch-persistentvolume-v1-core","list-persistentvolume-v1-core","read-persistentvolume-v1-core","-strong-read-operations-persistentvolume-v1-core-strong-","delete-collection-persistentvolume-v1-core","delete-persistentvolume-v1-core","replace-persistentvolume-v1-core","patch-persistentvolume-v1-core","create-persistentvolume-v1-core","-strong-write-operations-persistentvolume-v1-core-strong-","persistentvolume-v1-core","replace-connect-proxy-path-node-v1-core","replace-connect-proxy-node-v1-core","head-connect-proxy-path-node-v1-core","head-connect-proxy-node-v1-core","get-connect-proxy-path-node-v1-core","get-connect-proxy-node-v1-core","delete-connect-proxy-path-node-v1-core","delete-connect-proxy-node-v1-core","create-connect-proxy-path-node-v1-core","create-connect-proxy-node-v1-core","-strong-proxy-operations-node-v1-core-strong-","replace-status-node-v1-core","read-status-node-v1-core","patch-status-node-v1-core","-strong-status-operations-node-v1-core-strong-","watch-list-node-v1-core","watch-node-v1-core","list-node-v1-core","read-node-v1-core","-strong-read-operations-node-v1-core-strong-","delete-collection-node-v1-core","delete-node-v1-core","replace-node-v1-core","patch-node-v1-core","create-node-v1-core","-strong-write-operations-node-v1-core-strong-","node-v1-core","replace-status-namespace-v1-core","read-status-namespace-v1-core","patch-status-namespace-v1-core","-strong-status-operations-namespace-v1-core-strong-","watch-list-namespace-v1-core","watch-namespace-v1-core","list-namespace-v1-core","read-namespace-v1-core","-strong-read-operations-namespace-v1-core-strong-","delete-namespace-v1-core","replace-namespace-v1-core","patch-namespace-v1-core","create-namespace-v1-core","-strong-write-operations-namespace-v1-core-strong-","namespace-v1-core","create-localsubjectaccessreview-v1-authorization-k8s-io","-strong-write-operations-localsubjectaccessreview-v1-authorization-k8s-io-strong-","localsubjectaccessreview-v1-authorization-k8s-io","watch-list-all-namespaces-lease-v1-coordination-k8s-io","watch-list-lease-v1-coordination-k8s-io","watch-lease-v1-coordination-k8s-io","list-all-namespaces-lease-v1-coordination-k8s-io","list-lease-v1-coordination-k8s-io","read-lease-v1-coordination-k8s-io","-strong-read-operations-lease-v1-coordination-k8s-io-strong-","delete-collection-lease-v1-coordination-k8s-io","delete-lease-v1-coordination-k8s-io","replace-lease-v1-coordination-k8s-io","patch-lease-v1-coordination-k8s-io","create-lease-v1-coordination-k8s-io","-strong-write-operations-lease-v1-coordination-k8s-io-strong-","lease-v1-coordination-k8s-io","replace-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","read-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","patch-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","-strong-status-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","watch-list-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","watch-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","list-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","read-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","-strong-read-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","delete-collection-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","delete-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","replace-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","patch-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","create-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","-strong-write-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","flowschema-v1beta1-flowcontrol-apiserver-k8s-io","list-componentstatus-v1-core","read-componentstatus-v1-core","-strong-read-operations-componentstatus-v1-core-strong-","componentstatus-v1-core","watch-list-clusterrolebinding-v1-rbac-authorization-k8s-io","watch-clusterrolebinding-v1-rbac-authorization-k8s-io","list-clusterrolebinding-v1-rbac-authorization-k8s-io","read-clusterrolebinding-v1-rbac-authorization-k8s-io","-strong-read-operations-clusterrolebinding-v1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrolebinding-v1-rbac-authorization-k8s-io","delete-clusterrolebinding-v1-rbac-authorization-k8s-io","replace-clusterrolebinding-v1-rbac-authorization-k8s-io","patch-clusterrolebinding-v1-rbac-authorization-k8s-io","create-clusterrolebinding-v1-rbac-authorization-k8s-io","-strong-write-operations-clusterrolebinding-v1-rbac-authorization-k8s-io-strong-","clusterrolebinding-v1-rbac-authorization-k8s-io","watch-list-clusterrole-v1-rbac-authorization-k8s-io","watch-clusterrole-v1-rbac-authorization-k8s-io","list-clusterrole-v1-rbac-authorization-k8s-io","read-clusterrole-v1-rbac-authorization-k8s-io","-strong-read-operations-clusterrole-v1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrole-v1-rbac-authorization-k8s-io","delete-clusterrole-v1-rbac-authorization-k8s-io","replace-clusterrole-v1-rbac-authorization-k8s-io","patch-clusterrole-v1-rbac-authorization-k8s-io","create-clusterrole-v1-rbac-authorization-k8s-io","-strong-write-operations-clusterrole-v1-rbac-authorization-k8s-io-strong-","clusterrole-v1-rbac-authorization-k8s-io","replace-status-certificatesigningrequest-v1-certificates-k8s-io","read-status-certificatesigningrequest-v1-certificates-k8s-io","patch-status-certificatesigningrequest-v1-certificates-k8s-io","-strong-status-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","watch-list-certificatesigningrequest-v1-certificates-k8s-io","watch-certificatesigningrequest-v1-certificates-k8s-io","list-certificatesigningrequest-v1-certificates-k8s-io","read-certificatesigningrequest-v1-certificates-k8s-io","-strong-read-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","delete-collection-certificatesigningrequest-v1-certificates-k8s-io","delete-certificatesigningrequest-v1-certificates-k8s-io","replace-certificatesigningrequest-v1-certificates-k8s-io","patch-certificatesigningrequest-v1-certificates-k8s-io","create-certificatesigningrequest-v1-certificates-k8s-io","-strong-write-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","certificatesigningrequest-v1-certificates-k8s-io","create-binding-v1-core","-strong-write-operations-binding-v1-core-strong-","binding-v1-core","replace-status-apiservice-v1-apiregistration-k8s-io","read-status-apiservice-v1-apiregistration-k8s-io","patch-status-apiservice-v1-apiregistration-k8s-io","-strong-status-operations-apiservice-v1-apiregistration-k8s-io-strong-","watch-list-apiservice-v1-apiregistration-k8s-io","watch-apiservice-v1-apiregistration-k8s-io","list-apiservice-v1-apiregistration-k8s-io","read-apiservice-v1-apiregistration-k8s-io","-strong-read-operations-apiservice-v1-apiregistration-k8s-io-strong-","delete-collection-apiservice-v1-apiregistration-k8s-io","delete-apiservice-v1-apiregistration-k8s-io","replace-apiservice-v1-apiregistration-k8s-io","patch-apiservice-v1-apiregistration-k8s-io","create-apiservice-v1-apiregistration-k8s-io","-strong-write-operations-apiservice-v1-apiregistration-k8s-io-strong-","apiservice-v1-apiregistration-k8s-io","-strong-cluster-apis-strong-","watch-list-podsecuritypolicy-v1beta1-policy","watch-podsecuritypolicy-v1beta1-policy","list-podsecuritypolicy-v1beta1-policy","read-podsecuritypolicy-v1beta1-policy","-strong-read-operations-podsecuritypolicy-v1beta1-policy-strong-","delete-collection-podsecuritypolicy-v1beta1-policy","delete-podsecuritypolicy-v1beta1-policy","replace-podsecuritypolicy-v1beta1-policy","patch-podsecuritypolicy-v1beta1-policy","create-podsecuritypolicy-v1beta1-policy","-strong-write-operations-podsecuritypolicy-v1beta1-policy-strong-","podsecuritypolicy-v1beta1-policy","watch-list-priorityclass-v1-scheduling-k8s-io","watch-priorityclass-v1-scheduling-k8s-io","list-priorityclass-v1-scheduling-k8s-io","read-priorityclass-v1-scheduling-k8s-io","-strong-read-operations-priorityclass-v1-scheduling-k8s-io-strong-","delete-collection-priorityclass-v1-scheduling-k8s-io","delete-priorityclass-v1-scheduling-k8s-io","replace-priorityclass-v1-scheduling-k8s-io","patch-priorityclass-v1-scheduling-k8s-io","create-priorityclass-v1-scheduling-k8s-io","-strong-write-operations-priorityclass-v1-scheduling-k8s-io-strong-","priorityclass-v1-scheduling-k8s-io","replace-status-poddisruptionbudget-v1beta1-policy","read-status-poddisruptionbudget-v1beta1-policy","patch-status-poddisruptionbudget-v1beta1-policy","-strong-status-operations-poddisruptionbudget-v1beta1-policy-strong-","watch-list-all-namespaces-poddisruptionbudget-v1beta1-policy","watch-list-poddisruptionbudget-v1beta1-policy","watch-poddisruptionbudget-v1beta1-policy","list-all-namespaces-poddisruptionbudget-v1beta1-policy","list-poddisruptionbudget-v1beta1-policy","read-poddisruptionbudget-v1beta1-policy","-strong-read-operations-poddisruptionbudget-v1beta1-policy-strong-","delete-collection-poddisruptionbudget-v1beta1-policy","delete-poddisruptionbudget-v1beta1-policy","replace-poddisruptionbudget-v1beta1-policy","patch-poddisruptionbudget-v1beta1-policy","create-poddisruptionbudget-v1beta1-policy","-strong-write-operations-poddisruptionbudget-v1beta1-policy-strong-","poddisruptionbudget-v1beta1-policy","watch-list-all-namespaces-podtemplate-v1-core","watch-list-podtemplate-v1-core","watch-podtemplate-v1-core","list-all-namespaces-podtemplate-v1-core","list-podtemplate-v1-core","read-podtemplate-v1-core","-strong-read-operations-podtemplate-v1-core-strong-","delete-collection-podtemplate-v1-core","delete-podtemplate-v1-core","replace-podtemplate-v1-core","patch-podtemplate-v1-core","create-podtemplate-v1-core","-strong-write-operations-podtemplate-v1-core-strong-","podtemplate-v1-core","watch-list-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","watch-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","list-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","read-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","-strong-read-operations-validatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","delete-collection-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","delete-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","replace-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","patch-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","create-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","-strong-write-operations-validatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","validatingwebhookconfiguration-v1-admissionregistration-k8s-io","watch-list-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","watch-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","list-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","read-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","-strong-read-operations-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","delete-collection-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","delete-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","replace-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","patch-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","create-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","-strong-write-operations-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","replace-status-horizontalpodautoscaler-v1-autoscaling","read-status-horizontalpodautoscaler-v1-autoscaling","patch-status-horizontalpodautoscaler-v1-autoscaling","-strong-status-operations-horizontalpodautoscaler-v1-autoscaling-strong-","watch-list-all-namespaces-horizontalpodautoscaler-v1-autoscaling","watch-list-horizontalpodautoscaler-v1-autoscaling","watch-horizontalpodautoscaler-v1-autoscaling","list-all-namespaces-horizontalpodautoscaler-v1-autoscaling","list-horizontalpodautoscaler-v1-autoscaling","read-horizontalpodautoscaler-v1-autoscaling","-strong-read-operations-horizontalpodautoscaler-v1-autoscaling-strong-","delete-collection-horizontalpodautoscaler-v1-autoscaling","delete-horizontalpodautoscaler-v1-autoscaling","replace-horizontalpodautoscaler-v1-autoscaling","patch-horizontalpodautoscaler-v1-autoscaling","create-horizontalpodautoscaler-v1-autoscaling","-strong-write-operations-horizontalpodautoscaler-v1-autoscaling-strong-","horizontalpodautoscaler-v1-autoscaling","watch-list-all-namespaces-limitrange-v1-core","watch-list-limitrange-v1-core","watch-limitrange-v1-core","list-all-namespaces-limitrange-v1-core","list-limitrange-v1-core","read-limitrange-v1-core","-strong-read-operations-limitrange-v1-core-strong-","delete-collection-limitrange-v1-core","delete-limitrange-v1-core","replace-limitrange-v1-core","patch-limitrange-v1-core","create-limitrange-v1-core","-strong-write-operations-limitrange-v1-core-strong-","limitrange-v1-core","watch-list-all-namespaces-event-v1-core","watch-list-event-v1-core","watch-event-v1-core","list-all-namespaces-event-v1-core","list-event-v1-core","read-event-v1-core","-strong-read-operations-event-v1-core-strong-","delete-collection-event-v1-core","delete-event-v1-core","replace-event-v1-core","patch-event-v1-core","create-event-v1-core","-strong-write-operations-event-v1-core-strong-","event-v1-core","replace-status-customresourcedefinition-v1-apiextensions-k8s-io","read-status-customresourcedefinition-v1-apiextensions-k8s-io","patch-status-customresourcedefinition-v1-apiextensions-k8s-io","-strong-status-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","watch-list-customresourcedefinition-v1-apiextensions-k8s-io","watch-customresourcedefinition-v1-apiextensions-k8s-io","list-customresourcedefinition-v1-apiextensions-k8s-io","read-customresourcedefinition-v1-apiextensions-k8s-io","-strong-read-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","delete-collection-customresourcedefinition-v1-apiextensions-k8s-io","delete-customresourcedefinition-v1-apiextensions-k8s-io","replace-customresourcedefinition-v1-apiextensions-k8s-io","patch-customresourcedefinition-v1-apiextensions-k8s-io","create-customresourcedefinition-v1-apiextensions-k8s-io","-strong-write-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","customresourcedefinition-v1-apiextensions-k8s-io","watch-list-all-namespaces-controllerrevision-v1-apps","watch-list-controllerrevision-v1-apps","watch-controllerrevision-v1-apps","list-all-namespaces-controllerrevision-v1-apps","list-controllerrevision-v1-apps","read-controllerrevision-v1-apps","-strong-read-operations-controllerrevision-v1-apps-strong-","delete-collection-controllerrevision-v1-apps","delete-controllerrevision-v1-apps","replace-controllerrevision-v1-apps","patch-controllerrevision-v1-apps","create-controllerrevision-v1-apps","-strong-write-operations-controllerrevision-v1-apps-strong-","controllerrevision-v1-apps","-strong-metadata-apis-strong-","replace-status-volumeattachment-v1-storage-k8s-io","read-status-volumeattachment-v1-storage-k8s-io","patch-status-volumeattachment-v1-storage-k8s-io","-strong-status-operations-volumeattachment-v1-storage-k8s-io-strong-","watch-list-volumeattachment-v1-storage-k8s-io","watch-volumeattachment-v1-storage-k8s-io","list-volumeattachment-v1-storage-k8s-io","read-volumeattachment-v1-storage-k8s-io","-strong-read-operations-volumeattachment-v1-storage-k8s-io-strong-","delete-collection-volumeattachment-v1-storage-k8s-io","delete-volumeattachment-v1-storage-k8s-io","replace-volumeattachment-v1-storage-k8s-io","patch-volumeattachment-v1-storage-k8s-io","create-volumeattachment-v1-storage-k8s-io","-strong-write-operations-volumeattachment-v1-storage-k8s-io-strong-","volumeattachment-v1-storage-k8s-io","volume-v1-core","watch-list-storageclass-v1-storage-k8s-io","watch-storageclass-v1-storage-k8s-io","list-storageclass-v1-storage-k8s-io","read-storageclass-v1-storage-k8s-io","-strong-read-operations-storageclass-v1-storage-k8s-io-strong-","delete-collection-storageclass-v1-storage-k8s-io","delete-storageclass-v1-storage-k8s-io","replace-storageclass-v1-storage-k8s-io","patch-storageclass-v1-storage-k8s-io","create-storageclass-v1-storage-k8s-io","-strong-write-operations-storageclass-v1-storage-k8s-io-strong-","storageclass-v1-storage-k8s-io","replace-status-persistentvolumeclaim-v1-core","read-status-persistentvolumeclaim-v1-core","patch-status-persistentvolumeclaim-v1-core","-strong-status-operations-persistentvolumeclaim-v1-core-strong-","watch-list-all-namespaces-persistentvolumeclaim-v1-core","watch-list-persistentvolumeclaim-v1-core","watch-persistentvolumeclaim-v1-core","list-all-namespaces-persistentvolumeclaim-v1-core","list-persistentvolumeclaim-v1-core","read-persistentvolumeclaim-v1-core","-strong-read-operations-persistentvolumeclaim-v1-core-strong-","delete-collection-persistentvolumeclaim-v1-core","delete-persistentvolumeclaim-v1-core","replace-persistentvolumeclaim-v1-core","patch-persistentvolumeclaim-v1-core","create-persistentvolumeclaim-v1-core","-strong-write-operations-persistentvolumeclaim-v1-core-strong-","persistentvolumeclaim-v1-core","watch-list-all-namespaces-secret-v1-core","watch-list-secret-v1-core","watch-secret-v1-core","list-all-namespaces-secret-v1-core","list-secret-v1-core","read-secret-v1-core","-strong-read-operations-secret-v1-core-strong-","delete-collection-secret-v1-core","delete-secret-v1-core","replace-secret-v1-core","patch-secret-v1-core","create-secret-v1-core","-strong-write-operations-secret-v1-core-strong-","secret-v1-core","watch-list-csinode-v1-storage-k8s-io","watch-csinode-v1-storage-k8s-io","list-csinode-v1-storage-k8s-io","read-csinode-v1-storage-k8s-io","-strong-read-operations-csinode-v1-storage-k8s-io-strong-","delete-collection-csinode-v1-storage-k8s-io","delete-csinode-v1-storage-k8s-io","replace-csinode-v1-storage-k8s-io","patch-csinode-v1-storage-k8s-io","create-csinode-v1-storage-k8s-io","-strong-write-operations-csinode-v1-storage-k8s-io-strong-","csinode-v1-storage-k8s-io","watch-list-csidriver-v1-storage-k8s-io","watch-csidriver-v1-storage-k8s-io","list-csidriver-v1-storage-k8s-io","read-csidriver-v1-storage-k8s-io","-strong-read-operations-csidriver-v1-storage-k8s-io-strong-","delete-collection-csidriver-v1-storage-k8s-io","delete-csidriver-v1-storage-k8s-io","replace-csidriver-v1-storage-k8s-io","patch-csidriver-v1-storage-k8s-io","create-csidriver-v1-storage-k8s-io","-strong-write-operations-csidriver-v1-storage-k8s-io-strong-","csidriver-v1-storage-k8s-io","watch-list-all-namespaces-configmap-v1-core","watch-list-configmap-v1-core","watch-configmap-v1-core","list-all-namespaces-configmap-v1-core","list-configmap-v1-core","read-configmap-v1-core","-strong-read-operations-configmap-v1-core-strong-","delete-collection-configmap-v1-core","delete-configmap-v1-core","replace-configmap-v1-core","patch-configmap-v1-core","create-configmap-v1-core","-strong-write-operations-configmap-v1-core-strong-","configmap-v1-core","-strong-config-and-storage-apis-strong-","replace-connect-proxy-path-service-v1-core","replace-connect-proxy-service-v1-core","head-connect-proxy-path-service-v1-core","head-connect-proxy-service-v1-core","get-connect-proxy-path-service-v1-core","get-connect-proxy-service-v1-core","delete-connect-proxy-path-service-v1-core","delete-connect-proxy-service-v1-core","create-connect-proxy-path-service-v1-core","create-connect-proxy-service-v1-core","-strong-proxy-operations-service-v1-core-strong-","replace-status-service-v1-core","read-status-service-v1-core","patch-status-service-v1-core","-strong-status-operations-service-v1-core-strong-","watch-list-all-namespaces-service-v1-core","watch-list-service-v1-core","watch-service-v1-core","list-all-namespaces-service-v1-core","list-service-v1-core","read-service-v1-core","-strong-read-operations-service-v1-core-strong-","delete-service-v1-core","replace-service-v1-core","patch-service-v1-core","create-service-v1-core","-strong-write-operations-service-v1-core-strong-","service-v1-core","watch-list-ingressclass-v1-networking-k8s-io","watch-ingressclass-v1-networking-k8s-io","list-ingressclass-v1-networking-k8s-io","read-ingressclass-v1-networking-k8s-io","-strong-read-operations-ingressclass-v1-networking-k8s-io-strong-","delete-collection-ingressclass-v1-networking-k8s-io","delete-ingressclass-v1-networking-k8s-io","replace-ingressclass-v1-networking-k8s-io","patch-ingressclass-v1-networking-k8s-io","create-ingressclass-v1-networking-k8s-io","-strong-write-operations-ingressclass-v1-networking-k8s-io-strong-","ingressclass-v1-networking-k8s-io","replace-status-ingress-v1-networking-k8s-io","read-status-ingress-v1-networking-k8s-io","patch-status-ingress-v1-networking-k8s-io","-strong-status-operations-ingress-v1-networking-k8s-io-strong-","watch-list-all-namespaces-ingress-v1-networking-k8s-io","watch-list-ingress-v1-networking-k8s-io","watch-ingress-v1-networking-k8s-io","list-all-namespaces-ingress-v1-networking-k8s-io","list-ingress-v1-networking-k8s-io","read-ingress-v1-networking-k8s-io","-strong-read-operations-ingress-v1-networking-k8s-io-strong-","delete-collection-ingress-v1-networking-k8s-io","delete-ingress-v1-networking-k8s-io","replace-ingress-v1-networking-k8s-io","patch-ingress-v1-networking-k8s-io","create-ingress-v1-networking-k8s-io","-strong-write-operations-ingress-v1-networking-k8s-io-strong-","ingress-v1-networking-k8s-io","watch-list-all-namespaces-endpointslice-v1beta1-discovery-k8s-io","watch-list-endpointslice-v1beta1-discovery-k8s-io","watch-endpointslice-v1beta1-discovery-k8s-io","list-all-namespaces-endpointslice-v1beta1-discovery-k8s-io","list-endpointslice-v1beta1-discovery-k8s-io","read-endpointslice-v1beta1-discovery-k8s-io","-strong-read-operations-endpointslice-v1beta1-discovery-k8s-io-strong-","delete-collection-endpointslice-v1beta1-discovery-k8s-io","delete-endpointslice-v1beta1-discovery-k8s-io","replace-endpointslice-v1beta1-discovery-k8s-io","patch-endpointslice-v1beta1-discovery-k8s-io","create-endpointslice-v1beta1-discovery-k8s-io","-strong-write-operations-endpointslice-v1beta1-discovery-k8s-io-strong-","endpointslice-v1beta1-discovery-k8s-io","watch-list-all-namespaces-endpoints-v1-core","watch-list-endpoints-v1-core","watch-endpoints-v1-core","list-all-namespaces-endpoints-v1-core","list-endpoints-v1-core","read-endpoints-v1-core","-strong-read-operations-endpoints-v1-core-strong-","delete-collection-endpoints-v1-core","delete-endpoints-v1-core","replace-endpoints-v1-core","patch-endpoints-v1-core","create-endpoints-v1-core","-strong-write-operations-endpoints-v1-core-strong-","endpoints-v1-core","-strong-service-apis-strong-","patch-scale-statefulset-v1-apps","replace-scale-statefulset-v1-apps","read-scale-statefulset-v1-apps","-strong-misc-operations-statefulset-v1-apps-strong-","replace-status-statefulset-v1-apps","read-status-statefulset-v1-apps","patch-status-statefulset-v1-apps","-strong-status-operations-statefulset-v1-apps-strong-","watch-list-all-namespaces-statefulset-v1-apps","watch-list-statefulset-v1-apps","watch-statefulset-v1-apps","list-all-namespaces-statefulset-v1-apps","list-statefulset-v1-apps","read-statefulset-v1-apps","-strong-read-operations-statefulset-v1-apps-strong-","delete-collection-statefulset-v1-apps","delete-statefulset-v1-apps","replace-statefulset-v1-apps","patch-statefulset-v1-apps","create-statefulset-v1-apps","-strong-write-operations-statefulset-v1-apps-strong-","statefulset-v1-apps","patch-scale-replicationcontroller-v1-core","replace-scale-replicationcontroller-v1-core","read-scale-replicationcontroller-v1-core","-strong-misc-operations-replicationcontroller-v1-core-strong-","replace-status-replicationcontroller-v1-core","read-status-replicationcontroller-v1-core","patch-status-replicationcontroller-v1-core","-strong-status-operations-replicationcontroller-v1-core-strong-","watch-list-all-namespaces-replicationcontroller-v1-core","watch-list-replicationcontroller-v1-core","watch-replicationcontroller-v1-core","list-all-namespaces-replicationcontroller-v1-core","list-replicationcontroller-v1-core","read-replicationcontroller-v1-core","-strong-read-operations-replicationcontroller-v1-core-strong-","delete-collection-replicationcontroller-v1-core","delete-replicationcontroller-v1-core","replace-replicationcontroller-v1-core","patch-replicationcontroller-v1-core","create-replicationcontroller-v1-core","-strong-write-operations-replicationcontroller-v1-core-strong-","replicationcontroller-v1-core","patch-scale-replicaset-v1-apps","replace-scale-replicaset-v1-apps","read-scale-replicaset-v1-apps","-strong-misc-operations-replicaset-v1-apps-strong-","replace-status-replicaset-v1-apps","read-status-replicaset-v1-apps","patch-status-replicaset-v1-apps","-strong-status-operations-replicaset-v1-apps-strong-","watch-list-all-namespaces-replicaset-v1-apps","watch-list-replicaset-v1-apps","watch-replicaset-v1-apps","list-all-namespaces-replicaset-v1-apps","list-replicaset-v1-apps","read-replicaset-v1-apps","-strong-read-operations-replicaset-v1-apps-strong-","delete-collection-replicaset-v1-apps","delete-replicaset-v1-apps","replace-replicaset-v1-apps","patch-replicaset-v1-apps","create-replicaset-v1-apps","-strong-write-operations-replicaset-v1-apps-strong-","replicaset-v1-apps","read-log-pod-v1-core","-strong-misc-operations-pod-v1-core-strong-","replace-connect-proxy-path-pod-v1-core","replace-connect-proxy-pod-v1-core","head-connect-proxy-path-pod-v1-core","head-connect-proxy-pod-v1-core","get-connect-proxy-path-pod-v1-core","get-connect-proxy-pod-v1-core","get-connect-portforward-pod-v1-core","delete-connect-proxy-path-pod-v1-core","delete-connect-proxy-pod-v1-core","create-connect-proxy-path-pod-v1-core","create-connect-proxy-pod-v1-core","create-connect-portforward-pod-v1-core","-strong-proxy-operations-pod-v1-core-strong-","replace-status-pod-v1-core","read-status-pod-v1-core","patch-status-pod-v1-core","-strong-status-operations-pod-v1-core-strong-","watch-list-all-namespaces-pod-v1-core","watch-list-pod-v1-core","watch-pod-v1-core","list-all-namespaces-pod-v1-core","list-pod-v1-core","read-pod-v1-core","-strong-read-operations-pod-v1-core-strong-","delete-collection-pod-v1-core","delete-pod-v1-core","replace-pod-v1-core","patch-pod-v1-core","create-eviction-pod-v1-core","create-pod-v1-core","-strong-write-operations-pod-v1-core-strong-","pod-v1-core","replace-status-job-v1-batch","read-status-job-v1-batch","patch-status-job-v1-batch","-strong-status-operations-job-v1-batch-strong-","watch-list-all-namespaces-job-v1-batch","watch-list-job-v1-batch","watch-job-v1-batch","list-all-namespaces-job-v1-batch","list-job-v1-batch","read-job-v1-batch","-strong-read-operations-job-v1-batch-strong-","delete-collection-job-v1-batch","delete-job-v1-batch","replace-job-v1-batch","patch-job-v1-batch","create-job-v1-batch","-strong-write-operations-job-v1-batch-strong-","job-v1-batch","patch-scale-deployment-v1-apps","replace-scale-deployment-v1-apps","read-scale-deployment-v1-apps","-strong-misc-operations-deployment-v1-apps-strong-","replace-status-deployment-v1-apps","read-status-deployment-v1-apps","patch-status-deployment-v1-apps","-strong-status-operations-deployment-v1-apps-strong-","watch-list-all-namespaces-deployment-v1-apps","watch-list-deployment-v1-apps","watch-deployment-v1-apps","list-all-namespaces-deployment-v1-apps","list-deployment-v1-apps","read-deployment-v1-apps","-strong-read-operations-deployment-v1-apps-strong-","delete-collection-deployment-v1-apps","delete-deployment-v1-apps","replace-deployment-v1-apps","patch-deployment-v1-apps","create-deployment-v1-apps","-strong-write-operations-deployment-v1-apps-strong-","deployment-v1-apps","replace-status-daemonset-v1-apps","read-status-daemonset-v1-apps","patch-status-daemonset-v1-apps","-strong-status-operations-daemonset-v1-apps-strong-","watch-list-all-namespaces-daemonset-v1-apps","watch-list-daemonset-v1-apps","watch-daemonset-v1-apps","list-all-namespaces-daemonset-v1-apps","list-daemonset-v1-apps","read-daemonset-v1-apps","-strong-read-operations-daemonset-v1-apps-strong-","delete-collection-daemonset-v1-apps","delete-daemonset-v1-apps","replace-daemonset-v1-apps","patch-daemonset-v1-apps","create-daemonset-v1-apps","-strong-write-operations-daemonset-v1-apps-strong-","daemonset-v1-apps","replace-status-cronjob-v1beta1-batch","read-status-cronjob-v1beta1-batch","patch-status-cronjob-v1beta1-batch","-strong-status-operations-cronjob-v1beta1-batch-strong-","watch-list-all-namespaces-cronjob-v1beta1-batch","watch-list-cronjob-v1beta1-batch","watch-cronjob-v1beta1-batch","list-all-namespaces-cronjob-v1beta1-batch","list-cronjob-v1beta1-batch","read-cronjob-v1beta1-batch","-strong-read-operations-cronjob-v1beta1-batch-strong-","delete-collection-cronjob-v1beta1-batch","delete-cronjob-v1beta1-batch","replace-cronjob-v1beta1-batch","patch-cronjob-v1beta1-batch","create-cronjob-v1beta1-batch","-strong-write-operations-cronjob-v1beta1-batch-strong-","cronjob-v1beta1-batch","container-v1-core","-strong-workloads-apis-strong-","-strong-api-groups-strong-","-strong-api-overview-strong-"]};})();
\ No newline at end of file
+(function(){navData={"toc":[{"section":"webhookclientconfig-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"webhookclientconfig-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"webhookclientconfig-v1-apiextensions-k8s-io","subsections":[]},{"section":"volumenoderesources-v1beta1-storage-k8s-io","subsections":[]},{"section":"volumeerror-v1alpha1-storage-k8s-io","subsections":[]},{"section":"volumeerror-v1beta1-storage-k8s-io","subsections":[]},{"section":"volumeattachmentsource-v1alpha1-storage-k8s-io","subsections":[]},{"section":"volumeattachmentsource-v1beta1-storage-k8s-io","subsections":[]},{"section":"volumeattachment-v1alpha1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-volumeattachment-v1alpha1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"watch-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"list-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"read-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-volumeattachment-v1alpha1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"delete-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"replace-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"patch-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"create-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]}]}]},{"section":"volumeattachment-v1beta1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-volumeattachment-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-volumeattachment-v1beta1-storage-k8s-io","subsections":[]},{"section":"watch-volumeattachment-v1beta1-storage-k8s-io","subsections":[]},{"section":"list-volumeattachment-v1beta1-storage-k8s-io","subsections":[]},{"section":"read-volumeattachment-v1beta1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-volumeattachment-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-volumeattachment-v1beta1-storage-k8s-io","subsections":[]},{"section":"delete-volumeattachment-v1beta1-storage-k8s-io","subsections":[]},{"section":"replace-volumeattachment-v1beta1-storage-k8s-io","subsections":[]},{"section":"patch-volumeattachment-v1beta1-storage-k8s-io","subsections":[]},{"section":"create-volumeattachment-v1beta1-storage-k8s-io","subsections":[]}]}]},{"section":"validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[{"section":"-strong-read-operations-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","subsections":[{"section":"watch-list-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"watch-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"list-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"read-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"delete-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"replace-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"patch-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"create-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]}]}]},{"section":"validatingwebhook-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"usersubject-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"userinfo-v1beta1-authentication-k8s-io","subsections":[]},{"section":"tokenreview-v1beta1-authentication-k8s-io","subsections":[{"section":"-strong-write-operations-tokenreview-v1beta1-authentication-k8s-io-strong-","subsections":[{"section":"create-tokenreview-v1beta1-authentication-k8s-io","subsections":[]}]}]},{"section":"tokenrequest-v1beta1-storage-k8s-io","subsections":[]},{"section":"tokenrequest-v1-storage-k8s-io","subsections":[]},{"section":"subjectrulesreviewstatus-v1beta1-authorization-k8s-io","subsections":[]},{"section":"subjectaccessreview-v1beta1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-subjectaccessreview-v1beta1-authorization-k8s-io-strong-","subsections":[{"section":"create-subjectaccessreview-v1beta1-authorization-k8s-io","subsections":[]}]}]},{"section":"subject-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"subject-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"subject-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"subject-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"storageclass-v1beta1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-storageclass-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-storageclass-v1beta1-storage-k8s-io","subsections":[]},{"section":"watch-storageclass-v1beta1-storage-k8s-io","subsections":[]},{"section":"list-storageclass-v1beta1-storage-k8s-io","subsections":[]},{"section":"read-storageclass-v1beta1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-storageclass-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-storageclass-v1beta1-storage-k8s-io","subsections":[]},{"section":"delete-storageclass-v1beta1-storage-k8s-io","subsections":[]},{"section":"replace-storageclass-v1beta1-storage-k8s-io","subsections":[]},{"section":"patch-storageclass-v1beta1-storage-k8s-io","subsections":[]},{"section":"create-storageclass-v1beta1-storage-k8s-io","subsections":[]}]}]},{"section":"servicereference-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"servicereference-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"servicereference-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"servicereference-v1-apiregistration-k8s-io","subsections":[]},{"section":"servicereference-v1-apiextensions-k8s-io","subsections":[]},{"section":"serviceaccountsubject-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"selfsubjectrulesreview-v1beta1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-selfsubjectrulesreview-v1beta1-authorization-k8s-io-strong-","subsections":[{"section":"create-selfsubjectrulesreview-v1beta1-authorization-k8s-io","subsections":[]}]}]},{"section":"selfsubjectaccessreview-v1beta1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-selfsubjectaccessreview-v1beta1-authorization-k8s-io-strong-","subsections":[{"section":"create-selfsubjectaccessreview-v1beta1-authorization-k8s-io","subsections":[]}]}]},{"section":"scheduling-v1alpha1-node-k8s-io","subsections":[]},{"section":"scheduling-v1beta1-node-k8s-io","subsections":[]},{"section":"runtimeclass-v1alpha1-node-k8s-io","subsections":[{"section":"-strong-read-operations-runtimeclass-v1alpha1-node-k8s-io-strong-","subsections":[{"section":"watch-list-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"watch-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"list-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"read-runtimeclass-v1alpha1-node-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-runtimeclass-v1alpha1-node-k8s-io-strong-","subsections":[{"section":"delete-collection-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"delete-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"replace-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"patch-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"create-runtimeclass-v1alpha1-node-k8s-io","subsections":[]}]}]},{"section":"runtimeclass-v1beta1-node-k8s-io","subsections":[{"section":"-strong-read-operations-runtimeclass-v1beta1-node-k8s-io-strong-","subsections":[{"section":"watch-list-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"watch-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"list-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"read-runtimeclass-v1beta1-node-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-runtimeclass-v1beta1-node-k8s-io-strong-","subsections":[{"section":"delete-collection-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"delete-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"replace-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"patch-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"create-runtimeclass-v1beta1-node-k8s-io","subsections":[]}]}]},{"section":"rulewithoperations-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"roleref-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"roleref-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-rolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-rolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-rolebinding-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-rolebinding-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-rolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"role-v1alpha1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-role-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-role-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"role-v1beta1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-role-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-role-v1beta1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-role-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-role-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-role-v1beta1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"resourcerule-v1beta1-authorization-k8s-io","subsections":[]},{"section":"resourcepolicyrule-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"resourcemetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"resourcemetricsource-v2beta1-autoscaling","subsections":[]},{"section":"resourceattributes-v1beta1-authorization-k8s-io","subsections":[]},{"section":"queuingconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"prioritylevelconfigurationreference-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"prioritylevelconfigurationcondition-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[{"section":"-strong-status-operations-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"replace-status-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-status-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-status-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"watch-list-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"watch-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"list-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"delete-collection-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"delete-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"replace-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"create-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]}]}]},{"section":"priorityclass-v1alpha1-scheduling-k8s-io","subsections":[{"section":"-strong-read-operations-priorityclass-v1alpha1-scheduling-k8s-io-strong-","subsections":[{"section":"watch-list-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"watch-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"list-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"read-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-priorityclass-v1alpha1-scheduling-k8s-io-strong-","subsections":[{"section":"delete-collection-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"delete-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"replace-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"patch-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"create-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]}]}]},{"section":"priorityclass-v1beta1-scheduling-k8s-io","subsections":[{"section":"-strong-read-operations-priorityclass-v1beta1-scheduling-k8s-io-strong-","subsections":[{"section":"watch-list-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]},{"section":"watch-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]},{"section":"list-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]},{"section":"read-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-priorityclass-v1beta1-scheduling-k8s-io-strong-","subsections":[{"section":"delete-collection-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]},{"section":"delete-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]},{"section":"replace-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]},{"section":"patch-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]},{"section":"create-priorityclass-v1beta1-scheduling-k8s-io","subsections":[]}]}]},{"section":"policyruleswithsubjects-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"policyrule-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"policyrule-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"podsmetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"podsmetricsource-v2beta1-autoscaling","subsections":[]},{"section":"overhead-v1alpha1-node-k8s-io","subsections":[]},{"section":"overhead-v1beta1-node-k8s-io","subsections":[]},{"section":"objectmetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"objectmetricsource-v2beta1-autoscaling","subsections":[]},{"section":"nonresourcerule-v1beta1-authorization-k8s-io","subsections":[]},{"section":"nonresourcepolicyrule-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"nonresourceattributes-v1beta1-authorization-k8s-io","subsections":[]},{"section":"mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[{"section":"-strong-read-operations-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","subsections":[{"section":"watch-list-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"watch-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"list-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"read-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"delete-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"replace-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"patch-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"create-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","subsections":[]}]}]},{"section":"mutatingwebhook-v1beta1-admissionregistration-k8s-io","subsections":[]},{"section":"metricstatus-v2beta1-autoscaling","subsections":[]},{"section":"metricspec-v2beta1-autoscaling","subsections":[]},{"section":"localsubjectaccessreview-v1beta1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-localsubjectaccessreview-v1beta1-authorization-k8s-io-strong-","subsections":[{"section":"create-localsubjectaccessreview-v1beta1-authorization-k8s-io","subsections":[]}]}]},{"section":"limitedprioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"limitresponse-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"lease-v1beta1-coordination-k8s-io","subsections":[{"section":"-strong-read-operations-lease-v1beta1-coordination-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"watch-list-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"watch-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"list-all-namespaces-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"list-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"read-lease-v1beta1-coordination-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-lease-v1beta1-coordination-k8s-io-strong-","subsections":[{"section":"delete-collection-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"delete-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"replace-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"patch-lease-v1beta1-coordination-k8s-io","subsections":[]},{"section":"create-lease-v1beta1-coordination-k8s-io","subsections":[]}]}]},{"section":"jobtemplatespec-v2alpha1-batch","subsections":[]},{"section":"jsonschemapropsorbool-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"jsonschemapropsorarray-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"jsonschemaprops-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"json-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"ingresstls-v1beta1-networking-k8s-io","subsections":[]},{"section":"ingresstls-v1beta1-extensions","subsections":[]},{"section":"ingressrule-v1beta1-networking-k8s-io","subsections":[]},{"section":"ingressrule-v1beta1-extensions","subsections":[]},{"section":"ingressclass-v1beta1-networking-k8s-io","subsections":[{"section":"-strong-read-operations-ingressclass-v1beta1-networking-k8s-io-strong-","subsections":[{"section":"watch-list-ingressclass-v1beta1-networking-k8s-io","subsections":[]},{"section":"watch-ingressclass-v1beta1-networking-k8s-io","subsections":[]},{"section":"list-ingressclass-v1beta1-networking-k8s-io","subsections":[]},{"section":"read-ingressclass-v1beta1-networking-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-ingressclass-v1beta1-networking-k8s-io-strong-","subsections":[{"section":"delete-collection-ingressclass-v1beta1-networking-k8s-io","subsections":[]},{"section":"delete-ingressclass-v1beta1-networking-k8s-io","subsections":[]},{"section":"replace-ingressclass-v1beta1-networking-k8s-io","subsections":[]},{"section":"patch-ingressclass-v1beta1-networking-k8s-io","subsections":[]},{"section":"create-ingressclass-v1beta1-networking-k8s-io","subsections":[]}]}]},{"section":"ingressbackend-v1beta1-networking-k8s-io","subsections":[]},{"section":"ingressbackend-v1beta1-extensions","subsections":[]},{"section":"ingress-v1beta1-networking-k8s-io","subsections":[{"section":"-strong-status-operations-ingress-v1beta1-networking-k8s-io-strong-","subsections":[{"section":"replace-status-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"read-status-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"patch-status-ingress-v1beta1-networking-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-ingress-v1beta1-networking-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"watch-list-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"watch-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"list-all-namespaces-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"list-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"read-ingress-v1beta1-networking-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-ingress-v1beta1-networking-k8s-io-strong-","subsections":[{"section":"delete-collection-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"delete-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"replace-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"patch-ingress-v1beta1-networking-k8s-io","subsections":[]},{"section":"create-ingress-v1beta1-networking-k8s-io","subsections":[]}]}]},{"section":"ingress-v1beta1-extensions","subsections":[{"section":"-strong-status-operations-ingress-v1beta1-extensions-strong-","subsections":[{"section":"replace-status-ingress-v1beta1-extensions","subsections":[]},{"section":"read-status-ingress-v1beta1-extensions","subsections":[]},{"section":"patch-status-ingress-v1beta1-extensions","subsections":[]}]},{"section":"-strong-read-operations-ingress-v1beta1-extensions-strong-","subsections":[{"section":"watch-list-all-namespaces-ingress-v1beta1-extensions","subsections":[]},{"section":"watch-list-ingress-v1beta1-extensions","subsections":[]},{"section":"watch-ingress-v1beta1-extensions","subsections":[]},{"section":"list-all-namespaces-ingress-v1beta1-extensions","subsections":[]},{"section":"list-ingress-v1beta1-extensions","subsections":[]},{"section":"read-ingress-v1beta1-extensions","subsections":[]}]},{"section":"-strong-write-operations-ingress-v1beta1-extensions-strong-","subsections":[{"section":"delete-collection-ingress-v1beta1-extensions","subsections":[]},{"section":"delete-ingress-v1beta1-extensions","subsections":[]},{"section":"replace-ingress-v1beta1-extensions","subsections":[]},{"section":"patch-ingress-v1beta1-extensions","subsections":[]},{"section":"create-ingress-v1beta1-extensions","subsections":[]}]}]},{"section":"horizontalpodautoscalercondition-v2beta1-autoscaling","subsections":[]},{"section":"horizontalpodautoscaler-v2beta1-autoscaling","subsections":[{"section":"-strong-status-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","subsections":[{"section":"replace-status-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"read-status-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"patch-status-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]}]},{"section":"-strong-read-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","subsections":[{"section":"watch-list-all-namespaces-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"watch-list-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"watch-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"list-all-namespaces-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"list-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"read-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]}]},{"section":"-strong-write-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","subsections":[{"section":"delete-collection-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"delete-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"replace-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"patch-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"create-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]}]}]},{"section":"horizontalpodautoscaler-v2beta2-autoscaling","subsections":[{"section":"-strong-status-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","subsections":[{"section":"replace-status-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"read-status-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"patch-status-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]}]},{"section":"-strong-read-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","subsections":[{"section":"watch-list-all-namespaces-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"watch-list-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"watch-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"list-all-namespaces-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"list-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"read-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]}]},{"section":"-strong-write-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","subsections":[{"section":"delete-collection-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"delete-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"replace-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"patch-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"create-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]}]}]},{"section":"httpingressrulevalue-v1beta1-networking-k8s-io","subsections":[]},{"section":"httpingressrulevalue-v1beta1-extensions","subsections":[]},{"section":"httpingresspath-v1beta1-networking-k8s-io","subsections":[]},{"section":"httpingresspath-v1beta1-extensions","subsections":[]},{"section":"groupsubject-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"flowschemacondition-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[{"section":"-strong-status-operations-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"replace-status-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-status-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-status-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"watch-list-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"watch-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"list-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"delete-collection-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"delete-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"replace-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"create-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]}]}]},{"section":"flowdistinguishermethod-v1alpha1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"externalmetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"externalmetricsource-v2beta1-autoscaling","subsections":[]},{"section":"externaldocumentation-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"eventseries-v1beta1-events-k8s-io","subsections":[]},{"section":"eventseries-v1-core","subsections":[]},{"section":"event-v1beta1-events-k8s-io","subsections":[{"section":"-strong-read-operations-event-v1beta1-events-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-event-v1beta1-events-k8s-io","subsections":[]},{"section":"watch-list-event-v1beta1-events-k8s-io","subsections":[]},{"section":"watch-event-v1beta1-events-k8s-io","subsections":[]},{"section":"list-all-namespaces-event-v1beta1-events-k8s-io","subsections":[]},{"section":"list-event-v1beta1-events-k8s-io","subsections":[]},{"section":"read-event-v1beta1-events-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-event-v1beta1-events-k8s-io-strong-","subsections":[{"section":"delete-collection-event-v1beta1-events-k8s-io","subsections":[]},{"section":"delete-event-v1beta1-events-k8s-io","subsections":[]},{"section":"replace-event-v1beta1-events-k8s-io","subsections":[]},{"section":"patch-event-v1beta1-events-k8s-io","subsections":[]},{"section":"create-event-v1beta1-events-k8s-io","subsections":[]}]}]},{"section":"event-v1-core","subsections":[{"section":"-strong-read-operations-event-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-event-v1-core","subsections":[]},{"section":"watch-list-event-v1-core","subsections":[]},{"section":"watch-event-v1-core","subsections":[]},{"section":"list-all-namespaces-event-v1-core","subsections":[]},{"section":"list-event-v1-core","subsections":[]},{"section":"read-event-v1-core","subsections":[]}]},{"section":"-strong-write-operations-event-v1-core-strong-","subsections":[{"section":"delete-collection-event-v1-core","subsections":[]},{"section":"delete-event-v1-core","subsections":[]},{"section":"replace-event-v1-core","subsections":[]},{"section":"patch-event-v1-core","subsections":[]},{"section":"create-event-v1-core","subsections":[]}]}]},{"section":"endpointport-v1beta1-discovery-k8s-io","subsections":[]},{"section":"customresourcevalidation-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresources-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresourcestatus-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresourcescale-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitionversion-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitionnames-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitioncondition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[{"section":"-strong-status-operations-customresourcedefinition-v1beta1-apiextensions-k8s-io-strong-","subsections":[{"section":"replace-status-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"read-status-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"patch-status-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-customresourcedefinition-v1beta1-apiextensions-k8s-io-strong-","subsections":[{"section":"watch-list-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"watch-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"list-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"read-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-customresourcedefinition-v1beta1-apiextensions-k8s-io-strong-","subsections":[{"section":"delete-collection-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"delete-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"replace-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"patch-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"create-customresourcedefinition-v1beta1-apiextensions-k8s-io","subsections":[]}]}]},{"section":"customresourceconversion-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcecolumndefinition-v1beta1-apiextensions-k8s-io","subsections":[]},{"section":"crossversionobjectreference-v2beta1-autoscaling","subsections":[]},{"section":"crossversionobjectreference-v2beta2-autoscaling","subsections":[]},{"section":"cronjob-v2alpha1-batch","subsections":[{"section":"-strong-status-operations-cronjob-v2alpha1-batch-strong-","subsections":[{"section":"replace-status-cronjob-v2alpha1-batch","subsections":[]},{"section":"read-status-cronjob-v2alpha1-batch","subsections":[]},{"section":"patch-status-cronjob-v2alpha1-batch","subsections":[]}]},{"section":"-strong-read-operations-cronjob-v2alpha1-batch-strong-","subsections":[{"section":"watch-list-all-namespaces-cronjob-v2alpha1-batch","subsections":[]},{"section":"watch-list-cronjob-v2alpha1-batch","subsections":[]},{"section":"watch-cronjob-v2alpha1-batch","subsections":[]},{"section":"list-all-namespaces-cronjob-v2alpha1-batch","subsections":[]},{"section":"list-cronjob-v2alpha1-batch","subsections":[]},{"section":"read-cronjob-v2alpha1-batch","subsections":[]}]},{"section":"-strong-write-operations-cronjob-v2alpha1-batch-strong-","subsections":[{"section":"delete-collection-cronjob-v2alpha1-batch","subsections":[]},{"section":"delete-cronjob-v2alpha1-batch","subsections":[]},{"section":"replace-cronjob-v2alpha1-batch","subsections":[]},{"section":"patch-cronjob-v2alpha1-batch","subsections":[]},{"section":"create-cronjob-v2alpha1-batch","subsections":[]}]}]},{"section":"containerresourcemetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"containerresourcemetricsource-v2beta1-autoscaling","subsections":[]},{"section":"clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrolebinding-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrolebinding-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrole-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrole-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrole-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrole-v1beta1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrole-v1beta1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"certificatesigningrequestcondition-v1beta1-certificates-k8s-io","subsections":[]},{"section":"certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[{"section":"-strong-status-operations-certificatesigningrequest-v1beta1-certificates-k8s-io-strong-","subsections":[{"section":"replace-status-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"read-status-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"patch-status-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-certificatesigningrequest-v1beta1-certificates-k8s-io-strong-","subsections":[{"section":"watch-list-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"watch-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"list-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"read-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-certificatesigningrequest-v1beta1-certificates-k8s-io-strong-","subsections":[{"section":"delete-collection-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"delete-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"replace-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"patch-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]},{"section":"create-certificatesigningrequest-v1beta1-certificates-k8s-io","subsections":[]}]}]},{"section":"csinodedriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"csinode-v1beta1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-csinode-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-csinode-v1beta1-storage-k8s-io","subsections":[]},{"section":"watch-csinode-v1beta1-storage-k8s-io","subsections":[]},{"section":"list-csinode-v1beta1-storage-k8s-io","subsections":[]},{"section":"read-csinode-v1beta1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-csinode-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-csinode-v1beta1-storage-k8s-io","subsections":[]},{"section":"delete-csinode-v1beta1-storage-k8s-io","subsections":[]},{"section":"replace-csinode-v1beta1-storage-k8s-io","subsections":[]},{"section":"patch-csinode-v1beta1-storage-k8s-io","subsections":[]},{"section":"create-csinode-v1beta1-storage-k8s-io","subsections":[]}]}]},{"section":"csidriver-v1beta1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-csidriver-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-csidriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"watch-csidriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"list-csidriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"read-csidriver-v1beta1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-csidriver-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-csidriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"delete-csidriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"replace-csidriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"patch-csidriver-v1beta1-storage-k8s-io","subsections":[]},{"section":"create-csidriver-v1beta1-storage-k8s-io","subsections":[]}]}]},{"section":"aggregationrule-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"aggregationrule-v1beta1-rbac-authorization-k8s-io","subsections":[]},{"section":"apiservicecondition-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"apiservice-v1beta1-apiregistration-k8s-io","subsections":[{"section":"-strong-status-operations-apiservice-v1beta1-apiregistration-k8s-io-strong-","subsections":[{"section":"replace-status-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"read-status-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"patch-status-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-apiservice-v1beta1-apiregistration-k8s-io-strong-","subsections":[{"section":"watch-list-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"watch-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"list-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"read-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-apiservice-v1beta1-apiregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"delete-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"replace-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"patch-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]},{"section":"create-apiservice-v1beta1-apiregistration-k8s-io","subsections":[]}]}]},{"section":"-strong-old-api-versions-strong-","subsections":[]},{"section":"windowssecuritycontextoptions-v1-core","subsections":[]},{"section":"weightedpodaffinityterm-v1-core","subsections":[]},{"section":"webhookconversion-v1-apiextensions-k8s-io","subsections":[]},{"section":"webhookclientconfig-v1-admissionregistration-k8s-io","subsections":[]},{"section":"watchevent-v1-meta","subsections":[]},{"section":"vspherevirtualdiskvolumesource-v1-core","subsections":[]},{"section":"volumeprojection-v1-core","subsections":[]},{"section":"volumenoderesources-v1-storage-k8s-io","subsections":[]},{"section":"volumenodeaffinity-v1-core","subsections":[]},{"section":"volumemount-v1-core","subsections":[]},{"section":"volumeerror-v1-storage-k8s-io","subsections":[]},{"section":"volumedevice-v1-core","subsections":[]},{"section":"volumeattachmentsource-v1-storage-k8s-io","subsections":[]},{"section":"validatingwebhook-v1-admissionregistration-k8s-io","subsections":[]},{"section":"usersubject-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"userinfo-v1-authentication-k8s-io","subsections":[]},{"section":"typedlocalobjectreference-v1-core","subsections":[]},{"section":"topologyspreadconstraint-v1-core","subsections":[]},{"section":"topologyselectorterm-v1-core","subsections":[]},{"section":"topologyselectorlabelrequirement-v1-core","subsections":[]},{"section":"toleration-v1-core","subsections":[]},{"section":"time-v1-meta","subsections":[]},{"section":"taint-v1-core","subsections":[]},{"section":"tcpsocketaction-v1-core","subsections":[]},{"section":"sysctl-v1-core","subsections":[]},{"section":"supplementalgroupsstrategyoptions-v1beta1-policy","subsections":[]},{"section":"subjectrulesreviewstatus-v1-authorization-k8s-io","subsections":[]},{"section":"subject-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"storageversioncondition-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"storageosvolumesource-v1-core","subsections":[]},{"section":"storageospersistentvolumesource-v1-core","subsections":[]},{"section":"statusdetails-v1-meta","subsections":[]},{"section":"statuscause-v1-meta","subsections":[]},{"section":"status-v1-meta","subsections":[]},{"section":"statefulsetupdatestrategy-v1-apps","subsections":[]},{"section":"statefulsetcondition-v1-apps","subsections":[]},{"section":"sessionaffinityconfig-v1-core","subsections":[]},{"section":"servicereference-v1-admissionregistration-k8s-io","subsections":[]},{"section":"serviceport-v1-core","subsections":[]},{"section":"servicebackendport-v1-networking-k8s-io","subsections":[]},{"section":"serviceaccounttokenprojection-v1-core","subsections":[]},{"section":"serviceaccountsubject-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"serverstorageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"serveraddressbyclientcidr-v1-meta","subsections":[]},{"section":"securitycontext-v1-core","subsections":[]},{"section":"secretvolumesource-v1-core","subsections":[]},{"section":"secretreference-v1-core","subsections":[]},{"section":"secretprojection-v1-core","subsections":[]},{"section":"secretkeyselector-v1-core","subsections":[]},{"section":"secretenvsource-v1-core","subsections":[]},{"section":"seccompprofile-v1-core","subsections":[]},{"section":"scopedresourceselectorrequirement-v1-core","subsections":[]},{"section":"scopeselector-v1-core","subsections":[]},{"section":"scheduling-v1-node-k8s-io","subsections":[]},{"section":"scaleiovolumesource-v1-core","subsections":[]},{"section":"scaleiopersistentvolumesource-v1-core","subsections":[]},{"section":"scale-v1-autoscaling","subsections":[]},{"section":"selinuxstrategyoptions-v1beta1-policy","subsections":[]},{"section":"selinuxoptions-v1-core","subsections":[]},{"section":"runtimeclassstrategyoptions-v1beta1-policy","subsections":[]},{"section":"runasuserstrategyoptions-v1beta1-policy","subsections":[]},{"section":"runasgroupstrategyoptions-v1beta1-policy","subsections":[]},{"section":"rulewithoperations-v1-admissionregistration-k8s-io","subsections":[]},{"section":"rollingupdatestatefulsetstrategy-v1-apps","subsections":[]},{"section":"roleref-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"resourcerule-v1-authorization-k8s-io","subsections":[]},{"section":"resourcerequirements-v1-core","subsections":[]},{"section":"resourcepolicyrule-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"resourcemetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"resourcemetricsource-v2beta2-autoscaling","subsections":[]},{"section":"resourcefieldselector-v1-core","subsections":[]},{"section":"resourceattributes-v1-authorization-k8s-io","subsections":[]},{"section":"replicationcontrollercondition-v1-core","subsections":[]},{"section":"replicasetcondition-v1-apps","subsections":[]},{"section":"rbdvolumesource-v1-core","subsections":[]},{"section":"rbdpersistentvolumesource-v1-core","subsections":[]},{"section":"quobytevolumesource-v1-core","subsections":[]},{"section":"queuingconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"quantity-resource-core","subsections":[]},{"section":"projectedvolumesource-v1-core","subsections":[]},{"section":"probe-v1-core","subsections":[]},{"section":"prioritylevelconfigurationreference-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"prioritylevelconfigurationcondition-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"preferredschedulingterm-v1-core","subsections":[]},{"section":"preconditions-v1-meta","subsections":[]},{"section":"portworxvolumesource-v1-core","subsections":[]},{"section":"portstatus-v1-core","subsections":[]},{"section":"policyruleswithsubjects-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"policyrule-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"podsmetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"podsmetricsource-v2beta2-autoscaling","subsections":[]},{"section":"podsecuritycontext-v1-core","subsections":[]},{"section":"podreadinessgate-v1-core","subsections":[]},{"section":"podip-v1-core","subsections":[]},{"section":"poddnsconfigoption-v1-core","subsections":[]},{"section":"poddnsconfig-v1-core","subsections":[]},{"section":"podcondition-v1-core","subsections":[]},{"section":"podantiaffinity-v1-core","subsections":[]},{"section":"podaffinityterm-v1-core","subsections":[]},{"section":"podaffinity-v1-core","subsections":[]},{"section":"photonpersistentdiskvolumesource-v1-core","subsections":[]},{"section":"persistentvolumeclaimvolumesource-v1-core","subsections":[]},{"section":"persistentvolumeclaimtemplate-v1-core","subsections":[]},{"section":"persistentvolumeclaimcondition-v1-core","subsections":[]},{"section":"patch-v1-meta","subsections":[]},{"section":"ownerreference-v1-meta","subsections":[]},{"section":"overhead-v1-node-k8s-io","subsections":[]},{"section":"objectreference-v1-core","subsections":[]},{"section":"objectmetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"objectmetricsource-v2beta2-autoscaling","subsections":[]},{"section":"objectmeta-v1-meta","subsections":[]},{"section":"objectfieldselector-v1-core","subsections":[]},{"section":"nonresourcerule-v1-authorization-k8s-io","subsections":[]},{"section":"nonresourcepolicyrule-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"nonresourceattributes-v1-authorization-k8s-io","subsections":[]},{"section":"nodesysteminfo-v1-core","subsections":[]},{"section":"nodeselectorterm-v1-core","subsections":[]},{"section":"nodeselectorrequirement-v1-core","subsections":[]},{"section":"nodeselector-v1-core","subsections":[]},{"section":"nodedaemonendpoints-v1-core","subsections":[]},{"section":"nodeconfigstatus-v1-core","subsections":[]},{"section":"nodeconfigsource-v1-core","subsections":[]},{"section":"nodecondition-v1-core","subsections":[]},{"section":"nodeaffinity-v1-core","subsections":[]},{"section":"nodeaddress-v1-core","subsections":[]},{"section":"networkpolicyport-v1-networking-k8s-io","subsections":[]},{"section":"networkpolicypeer-v1-networking-k8s-io","subsections":[]},{"section":"networkpolicyingressrule-v1-networking-k8s-io","subsections":[]},{"section":"networkpolicyegressrule-v1-networking-k8s-io","subsections":[]},{"section":"namespacecondition-v1-core","subsections":[]},{"section":"nfsvolumesource-v1-core","subsections":[]},{"section":"mutatingwebhook-v1-admissionregistration-k8s-io","subsections":[]},{"section":"microtime-v1-meta","subsections":[]},{"section":"metricvaluestatus-v2beta2-autoscaling","subsections":[]},{"section":"metrictarget-v2beta2-autoscaling","subsections":[]},{"section":"metricstatus-v2beta2-autoscaling","subsections":[]},{"section":"metricspec-v2beta2-autoscaling","subsections":[]},{"section":"metricidentifier-v2beta2-autoscaling","subsections":[]},{"section":"managedfieldsentry-v1-meta","subsections":[]},{"section":"localvolumesource-v1-core","subsections":[]},{"section":"localobjectreference-v1-core","subsections":[]},{"section":"loadbalancerstatus-v1-core","subsections":[]},{"section":"loadbalanceringress-v1-core","subsections":[]},{"section":"listmeta-v1-meta","subsections":[]},{"section":"limitedprioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"limitresponse-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"limitrangeitem-v1-core","subsections":[]},{"section":"lifecycle-v1-core","subsections":[]},{"section":"labelselectorrequirement-v1-meta","subsections":[]},{"section":"labelselector-v1-meta","subsections":[]},{"section":"keytopath-v1-core","subsections":[]},{"section":"jobtemplatespec-v1beta1-batch","subsections":[]},{"section":"jobcondition-v1-batch","subsections":[]},{"section":"jsonschemapropsorbool-v1-apiextensions-k8s-io","subsections":[]},{"section":"jsonschemapropsorarray-v1-apiextensions-k8s-io","subsections":[]},{"section":"jsonschemaprops-v1-apiextensions-k8s-io","subsections":[]},{"section":"json-v1-apiextensions-k8s-io","subsections":[]},{"section":"ingresstls-v1-networking-k8s-io","subsections":[]},{"section":"ingressservicebackend-v1-networking-k8s-io","subsections":[]},{"section":"ingressrule-v1-networking-k8s-io","subsections":[]},{"section":"ingressbackend-v1-networking-k8s-io","subsections":[]},{"section":"iscsivolumesource-v1-core","subsections":[]},{"section":"iscsipersistentvolumesource-v1-core","subsections":[]},{"section":"ipblock-v1-networking-k8s-io","subsections":[]},{"section":"idrange-v1beta1-policy","subsections":[]},{"section":"hostportrange-v1beta1-policy","subsections":[]},{"section":"hostpathvolumesource-v1-core","subsections":[]},{"section":"hostalias-v1-core","subsections":[]},{"section":"horizontalpodautoscalercondition-v2beta2-autoscaling","subsections":[]},{"section":"horizontalpodautoscalerbehavior-v2beta2-autoscaling","subsections":[]},{"section":"handler-v1-core","subsections":[]},{"section":"httpingressrulevalue-v1-networking-k8s-io","subsections":[]},{"section":"httpingresspath-v1-networking-k8s-io","subsections":[]},{"section":"httpheader-v1-core","subsections":[]},{"section":"httpgetaction-v1-core","subsections":[]},{"section":"hpascalingrules-v2beta2-autoscaling","subsections":[]},{"section":"hpascalingpolicy-v2beta2-autoscaling","subsections":[]},{"section":"groupversionfordiscovery-v1-meta","subsections":[]},{"section":"groupsubject-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"glusterfsvolumesource-v1-core","subsections":[]},{"section":"glusterfspersistentvolumesource-v1-core","subsections":[]},{"section":"gitrepovolumesource-v1-core","subsections":[]},{"section":"gcepersistentdiskvolumesource-v1-core","subsections":[]},{"section":"flowschemacondition-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"flowdistinguishermethod-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"flockervolumesource-v1-core","subsections":[]},{"section":"flexvolumesource-v1-core","subsections":[]},{"section":"flexpersistentvolumesource-v1-core","subsections":[]},{"section":"fieldsv1-v1-meta","subsections":[]},{"section":"fsgroupstrategyoptions-v1beta1-policy","subsections":[]},{"section":"fcvolumesource-v1-core","subsections":[]},{"section":"externalmetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"externalmetricsource-v2beta2-autoscaling","subsections":[]},{"section":"externaldocumentation-v1-apiextensions-k8s-io","subsections":[]},{"section":"execaction-v1-core","subsections":[]},{"section":"eviction-v1beta1-policy","subsections":[]},{"section":"eventsource-v1-core","subsections":[]},{"section":"eventseries-v1-events-k8s-io","subsections":[]},{"section":"ephemeralvolumesource-v1-core","subsections":[]},{"section":"ephemeralcontainer-v1-core","subsections":[]},{"section":"envvarsource-v1-core","subsections":[]},{"section":"envvar-v1-core","subsections":[]},{"section":"envfromsource-v1-core","subsections":[]},{"section":"endpointsubset-v1-core","subsections":[]},{"section":"endpointport-v1-core","subsections":[]},{"section":"endpointconditions-v1beta1-discovery-k8s-io","subsections":[]},{"section":"endpointaddress-v1-core","subsections":[]},{"section":"endpoint-v1beta1-discovery-k8s-io","subsections":[]},{"section":"emptydirvolumesource-v1-core","subsections":[]},{"section":"downwardapivolumesource-v1-core","subsections":[]},{"section":"downwardapivolumefile-v1-core","subsections":[]},{"section":"downwardapiprojection-v1-core","subsections":[]},{"section":"deploymentcondition-v1-apps","subsections":[]},{"section":"deleteoptions-v1-meta","subsections":[]},{"section":"daemonsetupdatestrategy-v1-apps","subsections":[]},{"section":"daemonsetcondition-v1-apps","subsections":[]},{"section":"daemonendpoint-v1-core","subsections":[]},{"section":"customresourcevalidation-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresources-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresourcestatus-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresourcescale-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitionversion-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitionnames-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitioncondition-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourceconversion-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcecolumndefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"crossversionobjectreference-v1-autoscaling","subsections":[]},{"section":"containerstatewaiting-v1-core","subsections":[]},{"section":"containerstateterminated-v1-core","subsections":[]},{"section":"containerstaterunning-v1-core","subsections":[]},{"section":"containerstate-v1-core","subsections":[]},{"section":"containerresourcemetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"containerresourcemetricsource-v2beta2-autoscaling","subsections":[]},{"section":"containerport-v1-core","subsections":[]},{"section":"containerimage-v1-core","subsections":[]},{"section":"configmapvolumesource-v1-core","subsections":[]},{"section":"configmapprojection-v1-core","subsections":[]},{"section":"configmapnodeconfigsource-v1-core","subsections":[]},{"section":"configmapkeyselector-v1-core","subsections":[]},{"section":"configmapenvsource-v1-core","subsections":[]},{"section":"condition-v1-meta","subsections":[]},{"section":"componentcondition-v1-core","subsections":[]},{"section":"clientipconfig-v1-core","subsections":[]},{"section":"cindervolumesource-v1-core","subsections":[]},{"section":"cinderpersistentvolumesource-v1-core","subsections":[]},{"section":"certificatesigningrequestcondition-v1-certificates-k8s-io","subsections":[]},{"section":"cephfsvolumesource-v1-core","subsections":[]},{"section":"cephfspersistentvolumesource-v1-core","subsections":[]},{"section":"capabilities-v1-core","subsections":[]},{"section":"csivolumesource-v1-core","subsections":[]},{"section":"csipersistentvolumesource-v1-core","subsections":[]},{"section":"csinodedriver-v1-storage-k8s-io","subsections":[]},{"section":"boundobjectreference-v1-authentication-k8s-io","subsections":[]},{"section":"azurefilevolumesource-v1-core","subsections":[]},{"section":"azurefilepersistentvolumesource-v1-core","subsections":[]},{"section":"azurediskvolumesource-v1-core","subsections":[]},{"section":"attachedvolume-v1-core","subsections":[]},{"section":"allowedhostpath-v1beta1-policy","subsections":[]},{"section":"allowedflexvolume-v1beta1-policy","subsections":[]},{"section":"allowedcsidriver-v1beta1-policy","subsections":[]},{"section":"aggregationrule-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"affinity-v1-core","subsections":[]},{"section":"awselasticblockstorevolumesource-v1-core","subsections":[]},{"section":"apiversions-v1-meta","subsections":[]},{"section":"apiservicecondition-v1-apiregistration-k8s-io","subsections":[]},{"section":"apiresource-v1-meta","subsections":[]},{"section":"apigroup-v1-meta","subsections":[]},{"section":"-strong-definitions-strong-","subsections":[]},{"section":"networkpolicy-v1-networking-k8s-io","subsections":[{"section":"-strong-read-operations-networkpolicy-v1-networking-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"watch-list-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"watch-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"list-all-namespaces-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"list-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"read-networkpolicy-v1-networking-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-networkpolicy-v1-networking-k8s-io-strong-","subsections":[{"section":"delete-collection-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"delete-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"replace-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"patch-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"create-networkpolicy-v1-networking-k8s-io","subsections":[]}]}]},{"section":"tokenreview-v1-authentication-k8s-io","subsections":[{"section":"-strong-write-operations-tokenreview-v1-authentication-k8s-io-strong-","subsections":[{"section":"create-tokenreview-v1-authentication-k8s-io","subsections":[]}]}]},{"section":"tokenrequest-v1-authentication-k8s-io","subsections":[]},{"section":"subjectaccessreview-v1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-subjectaccessreview-v1-authorization-k8s-io-strong-","subsections":[{"section":"create-subjectaccessreview-v1-authorization-k8s-io","subsections":[]}]}]},{"section":"storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[{"section":"-strong-status-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","subsections":[{"section":"replace-status-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"read-status-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"patch-status-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","subsections":[{"section":"watch-list-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"watch-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"list-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"read-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","subsections":[{"section":"delete-collection-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"delete-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"replace-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"patch-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"create-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]}]}]},{"section":"serviceaccount-v1-core","subsections":[{"section":"-strong-read-operations-serviceaccount-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-serviceaccount-v1-core","subsections":[]},{"section":"watch-list-serviceaccount-v1-core","subsections":[]},{"section":"watch-serviceaccount-v1-core","subsections":[]},{"section":"list-all-namespaces-serviceaccount-v1-core","subsections":[]},{"section":"list-serviceaccount-v1-core","subsections":[]},{"section":"read-serviceaccount-v1-core","subsections":[]}]},{"section":"-strong-write-operations-serviceaccount-v1-core-strong-","subsections":[{"section":"delete-collection-serviceaccount-v1-core","subsections":[]},{"section":"delete-serviceaccount-v1-core","subsections":[]},{"section":"replace-serviceaccount-v1-core","subsections":[]},{"section":"patch-serviceaccount-v1-core","subsections":[]},{"section":"create-serviceaccount-v1-core","subsections":[]}]}]},{"section":"selfsubjectrulesreview-v1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-selfsubjectrulesreview-v1-authorization-k8s-io-strong-","subsections":[{"section":"create-selfsubjectrulesreview-v1-authorization-k8s-io","subsections":[]}]}]},{"section":"selfsubjectaccessreview-v1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-selfsubjectaccessreview-v1-authorization-k8s-io-strong-","subsections":[{"section":"create-selfsubjectaccessreview-v1-authorization-k8s-io","subsections":[]}]}]},{"section":"runtimeclass-v1-node-k8s-io","subsections":[{"section":"-strong-read-operations-runtimeclass-v1-node-k8s-io-strong-","subsections":[{"section":"watch-list-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"watch-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"list-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"read-runtimeclass-v1-node-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-runtimeclass-v1-node-k8s-io-strong-","subsections":[{"section":"delete-collection-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"delete-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"replace-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"patch-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"create-runtimeclass-v1-node-k8s-io","subsections":[]}]}]},{"section":"rolebinding-v1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-rolebinding-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-rolebinding-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"role-v1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-role-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-role-v1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-role-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-role-v1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"resourcequota-v1-core","subsections":[{"section":"-strong-status-operations-resourcequota-v1-core-strong-","subsections":[{"section":"replace-status-resourcequota-v1-core","subsections":[]},{"section":"read-status-resourcequota-v1-core","subsections":[]},{"section":"patch-status-resourcequota-v1-core","subsections":[]}]},{"section":"-strong-read-operations-resourcequota-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-resourcequota-v1-core","subsections":[]},{"section":"watch-list-resourcequota-v1-core","subsections":[]},{"section":"watch-resourcequota-v1-core","subsections":[]},{"section":"list-all-namespaces-resourcequota-v1-core","subsections":[]},{"section":"list-resourcequota-v1-core","subsections":[]},{"section":"read-resourcequota-v1-core","subsections":[]}]},{"section":"-strong-write-operations-resourcequota-v1-core-strong-","subsections":[{"section":"delete-collection-resourcequota-v1-core","subsections":[]},{"section":"delete-resourcequota-v1-core","subsections":[]},{"section":"replace-resourcequota-v1-core","subsections":[]},{"section":"patch-resourcequota-v1-core","subsections":[]},{"section":"create-resourcequota-v1-core","subsections":[]}]}]},{"section":"prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[{"section":"-strong-status-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"replace-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"watch-list-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"watch-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"list-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"delete-collection-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"delete-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"replace-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"create-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]}]},{"section":"persistentvolume-v1-core","subsections":[{"section":"-strong-status-operations-persistentvolume-v1-core-strong-","subsections":[{"section":"replace-status-persistentvolume-v1-core","subsections":[]},{"section":"read-status-persistentvolume-v1-core","subsections":[]},{"section":"patch-status-persistentvolume-v1-core","subsections":[]}]},{"section":"-strong-read-operations-persistentvolume-v1-core-strong-","subsections":[{"section":"watch-list-persistentvolume-v1-core","subsections":[]},{"section":"watch-persistentvolume-v1-core","subsections":[]},{"section":"list-persistentvolume-v1-core","subsections":[]},{"section":"read-persistentvolume-v1-core","subsections":[]}]},{"section":"-strong-write-operations-persistentvolume-v1-core-strong-","subsections":[{"section":"delete-collection-persistentvolume-v1-core","subsections":[]},{"section":"delete-persistentvolume-v1-core","subsections":[]},{"section":"replace-persistentvolume-v1-core","subsections":[]},{"section":"patch-persistentvolume-v1-core","subsections":[]},{"section":"create-persistentvolume-v1-core","subsections":[]}]}]},{"section":"node-v1-core","subsections":[{"section":"-strong-proxy-operations-node-v1-core-strong-","subsections":[{"section":"replace-connect-proxy-path-node-v1-core","subsections":[]},{"section":"replace-connect-proxy-node-v1-core","subsections":[]},{"section":"head-connect-proxy-path-node-v1-core","subsections":[]},{"section":"head-connect-proxy-node-v1-core","subsections":[]},{"section":"get-connect-proxy-path-node-v1-core","subsections":[]},{"section":"get-connect-proxy-node-v1-core","subsections":[]},{"section":"delete-connect-proxy-path-node-v1-core","subsections":[]},{"section":"delete-connect-proxy-node-v1-core","subsections":[]},{"section":"create-connect-proxy-path-node-v1-core","subsections":[]},{"section":"create-connect-proxy-node-v1-core","subsections":[]}]},{"section":"-strong-status-operations-node-v1-core-strong-","subsections":[{"section":"replace-status-node-v1-core","subsections":[]},{"section":"read-status-node-v1-core","subsections":[]},{"section":"patch-status-node-v1-core","subsections":[]}]},{"section":"-strong-read-operations-node-v1-core-strong-","subsections":[{"section":"watch-list-node-v1-core","subsections":[]},{"section":"watch-node-v1-core","subsections":[]},{"section":"list-node-v1-core","subsections":[]},{"section":"read-node-v1-core","subsections":[]}]},{"section":"-strong-write-operations-node-v1-core-strong-","subsections":[{"section":"delete-collection-node-v1-core","subsections":[]},{"section":"delete-node-v1-core","subsections":[]},{"section":"replace-node-v1-core","subsections":[]},{"section":"patch-node-v1-core","subsections":[]},{"section":"create-node-v1-core","subsections":[]}]}]},{"section":"namespace-v1-core","subsections":[{"section":"-strong-status-operations-namespace-v1-core-strong-","subsections":[{"section":"replace-status-namespace-v1-core","subsections":[]},{"section":"read-status-namespace-v1-core","subsections":[]},{"section":"patch-status-namespace-v1-core","subsections":[]}]},{"section":"-strong-read-operations-namespace-v1-core-strong-","subsections":[{"section":"watch-list-namespace-v1-core","subsections":[]},{"section":"watch-namespace-v1-core","subsections":[]},{"section":"list-namespace-v1-core","subsections":[]},{"section":"read-namespace-v1-core","subsections":[]}]},{"section":"-strong-write-operations-namespace-v1-core-strong-","subsections":[{"section":"delete-namespace-v1-core","subsections":[]},{"section":"replace-namespace-v1-core","subsections":[]},{"section":"patch-namespace-v1-core","subsections":[]},{"section":"create-namespace-v1-core","subsections":[]}]}]},{"section":"localsubjectaccessreview-v1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-localsubjectaccessreview-v1-authorization-k8s-io-strong-","subsections":[{"section":"create-localsubjectaccessreview-v1-authorization-k8s-io","subsections":[]}]}]},{"section":"lease-v1-coordination-k8s-io","subsections":[{"section":"-strong-read-operations-lease-v1-coordination-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-lease-v1-coordination-k8s-io","subsections":[]},{"section":"watch-list-lease-v1-coordination-k8s-io","subsections":[]},{"section":"watch-lease-v1-coordination-k8s-io","subsections":[]},{"section":"list-all-namespaces-lease-v1-coordination-k8s-io","subsections":[]},{"section":"list-lease-v1-coordination-k8s-io","subsections":[]},{"section":"read-lease-v1-coordination-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-lease-v1-coordination-k8s-io-strong-","subsections":[{"section":"delete-collection-lease-v1-coordination-k8s-io","subsections":[]},{"section":"delete-lease-v1-coordination-k8s-io","subsections":[]},{"section":"replace-lease-v1-coordination-k8s-io","subsections":[]},{"section":"patch-lease-v1-coordination-k8s-io","subsections":[]},{"section":"create-lease-v1-coordination-k8s-io","subsections":[]}]}]},{"section":"flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[{"section":"-strong-status-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"replace-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"watch-list-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"watch-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"list-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"delete-collection-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"delete-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"replace-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"create-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]}]},{"section":"componentstatus-v1-core","subsections":[{"section":"-strong-read-operations-componentstatus-v1-core-strong-","subsections":[{"section":"list-componentstatus-v1-core","subsections":[]},{"section":"read-componentstatus-v1-core","subsections":[]}]}]},{"section":"clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrolebinding-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrolebinding-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"clusterrole-v1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrole-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrole-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"certificatesigningrequest-v1-certificates-k8s-io","subsections":[{"section":"-strong-status-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","subsections":[{"section":"replace-status-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"read-status-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"patch-status-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","subsections":[{"section":"watch-list-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"watch-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"list-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"read-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","subsections":[{"section":"delete-collection-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"delete-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"replace-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"patch-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"create-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]}]}]},{"section":"binding-v1-core","subsections":[{"section":"-strong-write-operations-binding-v1-core-strong-","subsections":[{"section":"create-binding-v1-core","subsections":[]}]}]},{"section":"apiservice-v1-apiregistration-k8s-io","subsections":[{"section":"-strong-status-operations-apiservice-v1-apiregistration-k8s-io-strong-","subsections":[{"section":"replace-status-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"read-status-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"patch-status-apiservice-v1-apiregistration-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-apiservice-v1-apiregistration-k8s-io-strong-","subsections":[{"section":"watch-list-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"watch-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"list-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"read-apiservice-v1-apiregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-apiservice-v1-apiregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"delete-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"replace-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"patch-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"create-apiservice-v1-apiregistration-k8s-io","subsections":[]}]}]},{"section":"-strong-cluster-apis-strong-","subsections":[]},{"section":"podsecuritypolicy-v1beta1-policy","subsections":[{"section":"-strong-read-operations-podsecuritypolicy-v1beta1-policy-strong-","subsections":[{"section":"watch-list-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"watch-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"list-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"read-podsecuritypolicy-v1beta1-policy","subsections":[]}]},{"section":"-strong-write-operations-podsecuritypolicy-v1beta1-policy-strong-","subsections":[{"section":"delete-collection-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"delete-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"replace-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"patch-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"create-podsecuritypolicy-v1beta1-policy","subsections":[]}]}]},{"section":"priorityclass-v1-scheduling-k8s-io","subsections":[{"section":"-strong-read-operations-priorityclass-v1-scheduling-k8s-io-strong-","subsections":[{"section":"watch-list-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"watch-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"list-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"read-priorityclass-v1-scheduling-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-priorityclass-v1-scheduling-k8s-io-strong-","subsections":[{"section":"delete-collection-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"delete-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"replace-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"patch-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"create-priorityclass-v1-scheduling-k8s-io","subsections":[]}]}]},{"section":"poddisruptionbudget-v1beta1-policy","subsections":[{"section":"-strong-status-operations-poddisruptionbudget-v1beta1-policy-strong-","subsections":[{"section":"replace-status-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"read-status-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"patch-status-poddisruptionbudget-v1beta1-policy","subsections":[]}]},{"section":"-strong-read-operations-poddisruptionbudget-v1beta1-policy-strong-","subsections":[{"section":"watch-list-all-namespaces-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"watch-list-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"watch-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"list-all-namespaces-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"list-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"read-poddisruptionbudget-v1beta1-policy","subsections":[]}]},{"section":"-strong-write-operations-poddisruptionbudget-v1beta1-policy-strong-","subsections":[{"section":"delete-collection-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"delete-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"replace-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"patch-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"create-poddisruptionbudget-v1beta1-policy","subsections":[]}]}]},{"section":"podtemplate-v1-core","subsections":[{"section":"-strong-read-operations-podtemplate-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-podtemplate-v1-core","subsections":[]},{"section":"watch-list-podtemplate-v1-core","subsections":[]},{"section":"watch-podtemplate-v1-core","subsections":[]},{"section":"list-all-namespaces-podtemplate-v1-core","subsections":[]},{"section":"list-podtemplate-v1-core","subsections":[]},{"section":"read-podtemplate-v1-core","subsections":[]}]},{"section":"-strong-write-operations-podtemplate-v1-core-strong-","subsections":[{"section":"delete-collection-podtemplate-v1-core","subsections":[]},{"section":"delete-podtemplate-v1-core","subsections":[]},{"section":"replace-podtemplate-v1-core","subsections":[]},{"section":"patch-podtemplate-v1-core","subsections":[]},{"section":"create-podtemplate-v1-core","subsections":[]}]}]},{"section":"validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[{"section":"-strong-read-operations-validatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","subsections":[{"section":"watch-list-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"watch-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"list-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"read-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-validatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"delete-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"replace-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"patch-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"create-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]}]}]},{"section":"mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[{"section":"-strong-read-operations-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","subsections":[{"section":"watch-list-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"watch-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"list-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"read-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"delete-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"replace-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"patch-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"create-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]}]}]},{"section":"horizontalpodautoscaler-v1-autoscaling","subsections":[{"section":"-strong-status-operations-horizontalpodautoscaler-v1-autoscaling-strong-","subsections":[{"section":"replace-status-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"read-status-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"patch-status-horizontalpodautoscaler-v1-autoscaling","subsections":[]}]},{"section":"-strong-read-operations-horizontalpodautoscaler-v1-autoscaling-strong-","subsections":[{"section":"watch-list-all-namespaces-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"watch-list-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"watch-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"list-all-namespaces-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"list-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"read-horizontalpodautoscaler-v1-autoscaling","subsections":[]}]},{"section":"-strong-write-operations-horizontalpodautoscaler-v1-autoscaling-strong-","subsections":[{"section":"delete-collection-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"delete-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"replace-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"patch-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"create-horizontalpodautoscaler-v1-autoscaling","subsections":[]}]}]},{"section":"limitrange-v1-core","subsections":[{"section":"-strong-read-operations-limitrange-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-limitrange-v1-core","subsections":[]},{"section":"watch-list-limitrange-v1-core","subsections":[]},{"section":"watch-limitrange-v1-core","subsections":[]},{"section":"list-all-namespaces-limitrange-v1-core","subsections":[]},{"section":"list-limitrange-v1-core","subsections":[]},{"section":"read-limitrange-v1-core","subsections":[]}]},{"section":"-strong-write-operations-limitrange-v1-core-strong-","subsections":[{"section":"delete-collection-limitrange-v1-core","subsections":[]},{"section":"delete-limitrange-v1-core","subsections":[]},{"section":"replace-limitrange-v1-core","subsections":[]},{"section":"patch-limitrange-v1-core","subsections":[]},{"section":"create-limitrange-v1-core","subsections":[]}]}]},{"section":"event-v1-events-k8s-io","subsections":[{"section":"-strong-read-operations-event-v1-events-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-event-v1-events-k8s-io","subsections":[]},{"section":"watch-list-event-v1-events-k8s-io","subsections":[]},{"section":"watch-event-v1-events-k8s-io","subsections":[]},{"section":"list-all-namespaces-event-v1-events-k8s-io","subsections":[]},{"section":"list-event-v1-events-k8s-io","subsections":[]},{"section":"read-event-v1-events-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-event-v1-events-k8s-io-strong-","subsections":[{"section":"delete-collection-event-v1-events-k8s-io","subsections":[]},{"section":"delete-event-v1-events-k8s-io","subsections":[]},{"section":"replace-event-v1-events-k8s-io","subsections":[]},{"section":"patch-event-v1-events-k8s-io","subsections":[]},{"section":"create-event-v1-events-k8s-io","subsections":[]}]}]},{"section":"customresourcedefinition-v1-apiextensions-k8s-io","subsections":[{"section":"-strong-status-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","subsections":[{"section":"replace-status-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"read-status-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"patch-status-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","subsections":[{"section":"watch-list-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"watch-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"list-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"read-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","subsections":[{"section":"delete-collection-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"delete-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"replace-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"patch-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"create-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]}]}]},{"section":"controllerrevision-v1-apps","subsections":[{"section":"-strong-read-operations-controllerrevision-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-controllerrevision-v1-apps","subsections":[]},{"section":"watch-list-controllerrevision-v1-apps","subsections":[]},{"section":"watch-controllerrevision-v1-apps","subsections":[]},{"section":"list-all-namespaces-controllerrevision-v1-apps","subsections":[]},{"section":"list-controllerrevision-v1-apps","subsections":[]},{"section":"read-controllerrevision-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-controllerrevision-v1-apps-strong-","subsections":[{"section":"delete-collection-controllerrevision-v1-apps","subsections":[]},{"section":"delete-controllerrevision-v1-apps","subsections":[]},{"section":"replace-controllerrevision-v1-apps","subsections":[]},{"section":"patch-controllerrevision-v1-apps","subsections":[]},{"section":"create-controllerrevision-v1-apps","subsections":[]}]}]},{"section":"-strong-metadata-apis-strong-","subsections":[]},{"section":"volumeattachment-v1-storage-k8s-io","subsections":[{"section":"-strong-status-operations-volumeattachment-v1-storage-k8s-io-strong-","subsections":[{"section":"replace-status-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"read-status-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"patch-status-volumeattachment-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-volumeattachment-v1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"watch-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"list-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"read-volumeattachment-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-volumeattachment-v1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"delete-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"replace-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"patch-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"create-volumeattachment-v1-storage-k8s-io","subsections":[]}]}]},{"section":"volume-v1-core","subsections":[]},{"section":"storageclass-v1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-storageclass-v1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"watch-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"list-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"read-storageclass-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-storageclass-v1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"delete-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"replace-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"patch-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"create-storageclass-v1-storage-k8s-io","subsections":[]}]}]},{"section":"persistentvolumeclaim-v1-core","subsections":[{"section":"-strong-status-operations-persistentvolumeclaim-v1-core-strong-","subsections":[{"section":"replace-status-persistentvolumeclaim-v1-core","subsections":[]},{"section":"read-status-persistentvolumeclaim-v1-core","subsections":[]},{"section":"patch-status-persistentvolumeclaim-v1-core","subsections":[]}]},{"section":"-strong-read-operations-persistentvolumeclaim-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-persistentvolumeclaim-v1-core","subsections":[]},{"section":"watch-list-persistentvolumeclaim-v1-core","subsections":[]},{"section":"watch-persistentvolumeclaim-v1-core","subsections":[]},{"section":"list-all-namespaces-persistentvolumeclaim-v1-core","subsections":[]},{"section":"list-persistentvolumeclaim-v1-core","subsections":[]},{"section":"read-persistentvolumeclaim-v1-core","subsections":[]}]},{"section":"-strong-write-operations-persistentvolumeclaim-v1-core-strong-","subsections":[{"section":"delete-collection-persistentvolumeclaim-v1-core","subsections":[]},{"section":"delete-persistentvolumeclaim-v1-core","subsections":[]},{"section":"replace-persistentvolumeclaim-v1-core","subsections":[]},{"section":"patch-persistentvolumeclaim-v1-core","subsections":[]},{"section":"create-persistentvolumeclaim-v1-core","subsections":[]}]}]},{"section":"secret-v1-core","subsections":[{"section":"-strong-read-operations-secret-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-secret-v1-core","subsections":[]},{"section":"watch-list-secret-v1-core","subsections":[]},{"section":"watch-secret-v1-core","subsections":[]},{"section":"list-all-namespaces-secret-v1-core","subsections":[]},{"section":"list-secret-v1-core","subsections":[]},{"section":"read-secret-v1-core","subsections":[]}]},{"section":"-strong-write-operations-secret-v1-core-strong-","subsections":[{"section":"delete-collection-secret-v1-core","subsections":[]},{"section":"delete-secret-v1-core","subsections":[]},{"section":"replace-secret-v1-core","subsections":[]},{"section":"patch-secret-v1-core","subsections":[]},{"section":"create-secret-v1-core","subsections":[]}]}]},{"section":"csinode-v1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-csinode-v1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-csinode-v1-storage-k8s-io","subsections":[]},{"section":"watch-csinode-v1-storage-k8s-io","subsections":[]},{"section":"list-csinode-v1-storage-k8s-io","subsections":[]},{"section":"read-csinode-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-csinode-v1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-csinode-v1-storage-k8s-io","subsections":[]},{"section":"delete-csinode-v1-storage-k8s-io","subsections":[]},{"section":"replace-csinode-v1-storage-k8s-io","subsections":[]},{"section":"patch-csinode-v1-storage-k8s-io","subsections":[]},{"section":"create-csinode-v1-storage-k8s-io","subsections":[]}]}]},{"section":"csidriver-v1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-csidriver-v1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"watch-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"list-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"read-csidriver-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-csidriver-v1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"delete-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"replace-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"patch-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"create-csidriver-v1-storage-k8s-io","subsections":[]}]}]},{"section":"configmap-v1-core","subsections":[{"section":"-strong-read-operations-configmap-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-configmap-v1-core","subsections":[]},{"section":"watch-list-configmap-v1-core","subsections":[]},{"section":"watch-configmap-v1-core","subsections":[]},{"section":"list-all-namespaces-configmap-v1-core","subsections":[]},{"section":"list-configmap-v1-core","subsections":[]},{"section":"read-configmap-v1-core","subsections":[]}]},{"section":"-strong-write-operations-configmap-v1-core-strong-","subsections":[{"section":"delete-collection-configmap-v1-core","subsections":[]},{"section":"delete-configmap-v1-core","subsections":[]},{"section":"replace-configmap-v1-core","subsections":[]},{"section":"patch-configmap-v1-core","subsections":[]},{"section":"create-configmap-v1-core","subsections":[]}]}]},{"section":"-strong-config-and-storage-apis-strong-","subsections":[]},{"section":"service-v1-core","subsections":[{"section":"-strong-proxy-operations-service-v1-core-strong-","subsections":[{"section":"replace-connect-proxy-path-service-v1-core","subsections":[]},{"section":"replace-connect-proxy-service-v1-core","subsections":[]},{"section":"head-connect-proxy-path-service-v1-core","subsections":[]},{"section":"head-connect-proxy-service-v1-core","subsections":[]},{"section":"get-connect-proxy-path-service-v1-core","subsections":[]},{"section":"get-connect-proxy-service-v1-core","subsections":[]},{"section":"delete-connect-proxy-path-service-v1-core","subsections":[]},{"section":"delete-connect-proxy-service-v1-core","subsections":[]},{"section":"create-connect-proxy-path-service-v1-core","subsections":[]},{"section":"create-connect-proxy-service-v1-core","subsections":[]}]},{"section":"-strong-status-operations-service-v1-core-strong-","subsections":[{"section":"replace-status-service-v1-core","subsections":[]},{"section":"read-status-service-v1-core","subsections":[]},{"section":"patch-status-service-v1-core","subsections":[]}]},{"section":"-strong-read-operations-service-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-service-v1-core","subsections":[]},{"section":"watch-list-service-v1-core","subsections":[]},{"section":"watch-service-v1-core","subsections":[]},{"section":"list-all-namespaces-service-v1-core","subsections":[]},{"section":"list-service-v1-core","subsections":[]},{"section":"read-service-v1-core","subsections":[]}]},{"section":"-strong-write-operations-service-v1-core-strong-","subsections":[{"section":"delete-service-v1-core","subsections":[]},{"section":"replace-service-v1-core","subsections":[]},{"section":"patch-service-v1-core","subsections":[]},{"section":"create-service-v1-core","subsections":[]}]}]},{"section":"ingressclass-v1-networking-k8s-io","subsections":[{"section":"-strong-read-operations-ingressclass-v1-networking-k8s-io-strong-","subsections":[{"section":"watch-list-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"watch-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"list-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"read-ingressclass-v1-networking-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-ingressclass-v1-networking-k8s-io-strong-","subsections":[{"section":"delete-collection-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"delete-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"replace-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"patch-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"create-ingressclass-v1-networking-k8s-io","subsections":[]}]}]},{"section":"ingress-v1-networking-k8s-io","subsections":[{"section":"-strong-status-operations-ingress-v1-networking-k8s-io-strong-","subsections":[{"section":"replace-status-ingress-v1-networking-k8s-io","subsections":[]},{"section":"read-status-ingress-v1-networking-k8s-io","subsections":[]},{"section":"patch-status-ingress-v1-networking-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-ingress-v1-networking-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-ingress-v1-networking-k8s-io","subsections":[]},{"section":"watch-list-ingress-v1-networking-k8s-io","subsections":[]},{"section":"watch-ingress-v1-networking-k8s-io","subsections":[]},{"section":"list-all-namespaces-ingress-v1-networking-k8s-io","subsections":[]},{"section":"list-ingress-v1-networking-k8s-io","subsections":[]},{"section":"read-ingress-v1-networking-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-ingress-v1-networking-k8s-io-strong-","subsections":[{"section":"delete-collection-ingress-v1-networking-k8s-io","subsections":[]},{"section":"delete-ingress-v1-networking-k8s-io","subsections":[]},{"section":"replace-ingress-v1-networking-k8s-io","subsections":[]},{"section":"patch-ingress-v1-networking-k8s-io","subsections":[]},{"section":"create-ingress-v1-networking-k8s-io","subsections":[]}]}]},{"section":"endpointslice-v1beta1-discovery-k8s-io","subsections":[{"section":"-strong-read-operations-endpointslice-v1beta1-discovery-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"watch-list-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"watch-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"list-all-namespaces-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"list-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"read-endpointslice-v1beta1-discovery-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-endpointslice-v1beta1-discovery-k8s-io-strong-","subsections":[{"section":"delete-collection-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"delete-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"replace-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"patch-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"create-endpointslice-v1beta1-discovery-k8s-io","subsections":[]}]}]},{"section":"endpoints-v1-core","subsections":[{"section":"-strong-read-operations-endpoints-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-endpoints-v1-core","subsections":[]},{"section":"watch-list-endpoints-v1-core","subsections":[]},{"section":"watch-endpoints-v1-core","subsections":[]},{"section":"list-all-namespaces-endpoints-v1-core","subsections":[]},{"section":"list-endpoints-v1-core","subsections":[]},{"section":"read-endpoints-v1-core","subsections":[]}]},{"section":"-strong-write-operations-endpoints-v1-core-strong-","subsections":[{"section":"delete-collection-endpoints-v1-core","subsections":[]},{"section":"delete-endpoints-v1-core","subsections":[]},{"section":"replace-endpoints-v1-core","subsections":[]},{"section":"patch-endpoints-v1-core","subsections":[]},{"section":"create-endpoints-v1-core","subsections":[]}]}]},{"section":"-strong-service-apis-strong-","subsections":[]},{"section":"statefulset-v1-apps","subsections":[{"section":"-strong-misc-operations-statefulset-v1-apps-strong-","subsections":[{"section":"patch-scale-statefulset-v1-apps","subsections":[]},{"section":"replace-scale-statefulset-v1-apps","subsections":[]},{"section":"read-scale-statefulset-v1-apps","subsections":[]}]},{"section":"-strong-status-operations-statefulset-v1-apps-strong-","subsections":[{"section":"replace-status-statefulset-v1-apps","subsections":[]},{"section":"read-status-statefulset-v1-apps","subsections":[]},{"section":"patch-status-statefulset-v1-apps","subsections":[]}]},{"section":"-strong-read-operations-statefulset-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-statefulset-v1-apps","subsections":[]},{"section":"watch-list-statefulset-v1-apps","subsections":[]},{"section":"watch-statefulset-v1-apps","subsections":[]},{"section":"list-all-namespaces-statefulset-v1-apps","subsections":[]},{"section":"list-statefulset-v1-apps","subsections":[]},{"section":"read-statefulset-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-statefulset-v1-apps-strong-","subsections":[{"section":"delete-collection-statefulset-v1-apps","subsections":[]},{"section":"delete-statefulset-v1-apps","subsections":[]},{"section":"replace-statefulset-v1-apps","subsections":[]},{"section":"patch-statefulset-v1-apps","subsections":[]},{"section":"create-statefulset-v1-apps","subsections":[]}]}]},{"section":"replicationcontroller-v1-core","subsections":[{"section":"-strong-misc-operations-replicationcontroller-v1-core-strong-","subsections":[{"section":"patch-scale-replicationcontroller-v1-core","subsections":[]},{"section":"replace-scale-replicationcontroller-v1-core","subsections":[]},{"section":"read-scale-replicationcontroller-v1-core","subsections":[]}]},{"section":"-strong-status-operations-replicationcontroller-v1-core-strong-","subsections":[{"section":"replace-status-replicationcontroller-v1-core","subsections":[]},{"section":"read-status-replicationcontroller-v1-core","subsections":[]},{"section":"patch-status-replicationcontroller-v1-core","subsections":[]}]},{"section":"-strong-read-operations-replicationcontroller-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-replicationcontroller-v1-core","subsections":[]},{"section":"watch-list-replicationcontroller-v1-core","subsections":[]},{"section":"watch-replicationcontroller-v1-core","subsections":[]},{"section":"list-all-namespaces-replicationcontroller-v1-core","subsections":[]},{"section":"list-replicationcontroller-v1-core","subsections":[]},{"section":"read-replicationcontroller-v1-core","subsections":[]}]},{"section":"-strong-write-operations-replicationcontroller-v1-core-strong-","subsections":[{"section":"delete-collection-replicationcontroller-v1-core","subsections":[]},{"section":"delete-replicationcontroller-v1-core","subsections":[]},{"section":"replace-replicationcontroller-v1-core","subsections":[]},{"section":"patch-replicationcontroller-v1-core","subsections":[]},{"section":"create-replicationcontroller-v1-core","subsections":[]}]}]},{"section":"replicaset-v1-apps","subsections":[{"section":"-strong-misc-operations-replicaset-v1-apps-strong-","subsections":[{"section":"patch-scale-replicaset-v1-apps","subsections":[]},{"section":"replace-scale-replicaset-v1-apps","subsections":[]},{"section":"read-scale-replicaset-v1-apps","subsections":[]}]},{"section":"-strong-status-operations-replicaset-v1-apps-strong-","subsections":[{"section":"replace-status-replicaset-v1-apps","subsections":[]},{"section":"read-status-replicaset-v1-apps","subsections":[]},{"section":"patch-status-replicaset-v1-apps","subsections":[]}]},{"section":"-strong-read-operations-replicaset-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-replicaset-v1-apps","subsections":[]},{"section":"watch-list-replicaset-v1-apps","subsections":[]},{"section":"watch-replicaset-v1-apps","subsections":[]},{"section":"list-all-namespaces-replicaset-v1-apps","subsections":[]},{"section":"list-replicaset-v1-apps","subsections":[]},{"section":"read-replicaset-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-replicaset-v1-apps-strong-","subsections":[{"section":"delete-collection-replicaset-v1-apps","subsections":[]},{"section":"delete-replicaset-v1-apps","subsections":[]},{"section":"replace-replicaset-v1-apps","subsections":[]},{"section":"patch-replicaset-v1-apps","subsections":[]},{"section":"create-replicaset-v1-apps","subsections":[]}]}]},{"section":"pod-v1-core","subsections":[{"section":"-strong-misc-operations-pod-v1-core-strong-","subsections":[{"section":"read-log-pod-v1-core","subsections":[]}]},{"section":"-strong-proxy-operations-pod-v1-core-strong-","subsections":[{"section":"replace-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"replace-connect-proxy-pod-v1-core","subsections":[]},{"section":"head-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"head-connect-proxy-pod-v1-core","subsections":[]},{"section":"get-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"get-connect-proxy-pod-v1-core","subsections":[]},{"section":"get-connect-portforward-pod-v1-core","subsections":[]},{"section":"delete-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"delete-connect-proxy-pod-v1-core","subsections":[]},{"section":"create-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"create-connect-proxy-pod-v1-core","subsections":[]},{"section":"create-connect-portforward-pod-v1-core","subsections":[]}]},{"section":"-strong-status-operations-pod-v1-core-strong-","subsections":[{"section":"replace-status-pod-v1-core","subsections":[]},{"section":"read-status-pod-v1-core","subsections":[]},{"section":"patch-status-pod-v1-core","subsections":[]}]},{"section":"-strong-read-operations-pod-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-pod-v1-core","subsections":[]},{"section":"watch-list-pod-v1-core","subsections":[]},{"section":"watch-pod-v1-core","subsections":[]},{"section":"list-all-namespaces-pod-v1-core","subsections":[]},{"section":"list-pod-v1-core","subsections":[]},{"section":"read-pod-v1-core","subsections":[]}]},{"section":"-strong-write-operations-pod-v1-core-strong-","subsections":[{"section":"delete-collection-pod-v1-core","subsections":[]},{"section":"delete-pod-v1-core","subsections":[]},{"section":"replace-pod-v1-core","subsections":[]},{"section":"patch-pod-v1-core","subsections":[]},{"section":"create-eviction-pod-v1-core","subsections":[]},{"section":"create-pod-v1-core","subsections":[]}]}]},{"section":"job-v1-batch","subsections":[{"section":"-strong-status-operations-job-v1-batch-strong-","subsections":[{"section":"replace-status-job-v1-batch","subsections":[]},{"section":"read-status-job-v1-batch","subsections":[]},{"section":"patch-status-job-v1-batch","subsections":[]}]},{"section":"-strong-read-operations-job-v1-batch-strong-","subsections":[{"section":"watch-list-all-namespaces-job-v1-batch","subsections":[]},{"section":"watch-list-job-v1-batch","subsections":[]},{"section":"watch-job-v1-batch","subsections":[]},{"section":"list-all-namespaces-job-v1-batch","subsections":[]},{"section":"list-job-v1-batch","subsections":[]},{"section":"read-job-v1-batch","subsections":[]}]},{"section":"-strong-write-operations-job-v1-batch-strong-","subsections":[{"section":"delete-collection-job-v1-batch","subsections":[]},{"section":"delete-job-v1-batch","subsections":[]},{"section":"replace-job-v1-batch","subsections":[]},{"section":"patch-job-v1-batch","subsections":[]},{"section":"create-job-v1-batch","subsections":[]}]}]},{"section":"deployment-v1-apps","subsections":[{"section":"-strong-misc-operations-deployment-v1-apps-strong-","subsections":[{"section":"patch-scale-deployment-v1-apps","subsections":[]},{"section":"replace-scale-deployment-v1-apps","subsections":[]},{"section":"read-scale-deployment-v1-apps","subsections":[]}]},{"section":"-strong-status-operations-deployment-v1-apps-strong-","subsections":[{"section":"replace-status-deployment-v1-apps","subsections":[]},{"section":"read-status-deployment-v1-apps","subsections":[]},{"section":"patch-status-deployment-v1-apps","subsections":[]}]},{"section":"-strong-read-operations-deployment-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-deployment-v1-apps","subsections":[]},{"section":"watch-list-deployment-v1-apps","subsections":[]},{"section":"watch-deployment-v1-apps","subsections":[]},{"section":"list-all-namespaces-deployment-v1-apps","subsections":[]},{"section":"list-deployment-v1-apps","subsections":[]},{"section":"read-deployment-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-deployment-v1-apps-strong-","subsections":[{"section":"delete-collection-deployment-v1-apps","subsections":[]},{"section":"delete-deployment-v1-apps","subsections":[]},{"section":"replace-deployment-v1-apps","subsections":[]},{"section":"patch-deployment-v1-apps","subsections":[]},{"section":"create-deployment-v1-apps","subsections":[]}]}]},{"section":"daemonset-v1-apps","subsections":[{"section":"-strong-status-operations-daemonset-v1-apps-strong-","subsections":[{"section":"replace-status-daemonset-v1-apps","subsections":[]},{"section":"read-status-daemonset-v1-apps","subsections":[]},{"section":"patch-status-daemonset-v1-apps","subsections":[]}]},{"section":"-strong-read-operations-daemonset-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-daemonset-v1-apps","subsections":[]},{"section":"watch-list-daemonset-v1-apps","subsections":[]},{"section":"watch-daemonset-v1-apps","subsections":[]},{"section":"list-all-namespaces-daemonset-v1-apps","subsections":[]},{"section":"list-daemonset-v1-apps","subsections":[]},{"section":"read-daemonset-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-daemonset-v1-apps-strong-","subsections":[{"section":"delete-collection-daemonset-v1-apps","subsections":[]},{"section":"delete-daemonset-v1-apps","subsections":[]},{"section":"replace-daemonset-v1-apps","subsections":[]},{"section":"patch-daemonset-v1-apps","subsections":[]},{"section":"create-daemonset-v1-apps","subsections":[]}]}]},{"section":"cronjob-v1beta1-batch","subsections":[{"section":"-strong-status-operations-cronjob-v1beta1-batch-strong-","subsections":[{"section":"replace-status-cronjob-v1beta1-batch","subsections":[]},{"section":"read-status-cronjob-v1beta1-batch","subsections":[]},{"section":"patch-status-cronjob-v1beta1-batch","subsections":[]}]},{"section":"-strong-read-operations-cronjob-v1beta1-batch-strong-","subsections":[{"section":"watch-list-all-namespaces-cronjob-v1beta1-batch","subsections":[]},{"section":"watch-list-cronjob-v1beta1-batch","subsections":[]},{"section":"watch-cronjob-v1beta1-batch","subsections":[]},{"section":"list-all-namespaces-cronjob-v1beta1-batch","subsections":[]},{"section":"list-cronjob-v1beta1-batch","subsections":[]},{"section":"read-cronjob-v1beta1-batch","subsections":[]}]},{"section":"-strong-write-operations-cronjob-v1beta1-batch-strong-","subsections":[{"section":"delete-collection-cronjob-v1beta1-batch","subsections":[]},{"section":"delete-cronjob-v1beta1-batch","subsections":[]},{"section":"replace-cronjob-v1beta1-batch","subsections":[]},{"section":"patch-cronjob-v1beta1-batch","subsections":[]},{"section":"create-cronjob-v1beta1-batch","subsections":[]}]}]},{"section":"container-v1-core","subsections":[]},{"section":"-strong-workloads-apis-strong-","subsections":[]},{"section":"-strong-api-groups-strong-","subsections":[]},{"section":"-strong-api-overview-strong-","subsections":[]}],"flatToc":["webhookclientconfig-v1beta1-apiextensions-k8s-io","webhookclientconfig-v1beta1-admissionregistration-k8s-io","webhookclientconfig-v1-apiextensions-k8s-io","volumenoderesources-v1beta1-storage-k8s-io","volumeerror-v1alpha1-storage-k8s-io","volumeerror-v1beta1-storage-k8s-io","volumeattachmentsource-v1alpha1-storage-k8s-io","volumeattachmentsource-v1beta1-storage-k8s-io","watch-list-volumeattachment-v1alpha1-storage-k8s-io","watch-volumeattachment-v1alpha1-storage-k8s-io","list-volumeattachment-v1alpha1-storage-k8s-io","read-volumeattachment-v1alpha1-storage-k8s-io","-strong-read-operations-volumeattachment-v1alpha1-storage-k8s-io-strong-","delete-collection-volumeattachment-v1alpha1-storage-k8s-io","delete-volumeattachment-v1alpha1-storage-k8s-io","replace-volumeattachment-v1alpha1-storage-k8s-io","patch-volumeattachment-v1alpha1-storage-k8s-io","create-volumeattachment-v1alpha1-storage-k8s-io","-strong-write-operations-volumeattachment-v1alpha1-storage-k8s-io-strong-","volumeattachment-v1alpha1-storage-k8s-io","watch-list-volumeattachment-v1beta1-storage-k8s-io","watch-volumeattachment-v1beta1-storage-k8s-io","list-volumeattachment-v1beta1-storage-k8s-io","read-volumeattachment-v1beta1-storage-k8s-io","-strong-read-operations-volumeattachment-v1beta1-storage-k8s-io-strong-","delete-collection-volumeattachment-v1beta1-storage-k8s-io","delete-volumeattachment-v1beta1-storage-k8s-io","replace-volumeattachment-v1beta1-storage-k8s-io","patch-volumeattachment-v1beta1-storage-k8s-io","create-volumeattachment-v1beta1-storage-k8s-io","-strong-write-operations-volumeattachment-v1beta1-storage-k8s-io-strong-","volumeattachment-v1beta1-storage-k8s-io","watch-list-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","watch-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","list-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","read-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","-strong-read-operations-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","delete-collection-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","delete-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","replace-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","patch-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","create-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","-strong-write-operations-validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","validatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","validatingwebhook-v1beta1-admissionregistration-k8s-io","usersubject-v1alpha1-flowcontrol-apiserver-k8s-io","userinfo-v1beta1-authentication-k8s-io","create-tokenreview-v1beta1-authentication-k8s-io","-strong-write-operations-tokenreview-v1beta1-authentication-k8s-io-strong-","tokenreview-v1beta1-authentication-k8s-io","tokenrequest-v1beta1-storage-k8s-io","tokenrequest-v1-storage-k8s-io","subjectrulesreviewstatus-v1beta1-authorization-k8s-io","create-subjectaccessreview-v1beta1-authorization-k8s-io","-strong-write-operations-subjectaccessreview-v1beta1-authorization-k8s-io-strong-","subjectaccessreview-v1beta1-authorization-k8s-io","subject-v1alpha1-rbac-authorization-k8s-io","subject-v1alpha1-flowcontrol-apiserver-k8s-io","subject-v1beta1-rbac-authorization-k8s-io","subject-v1-rbac-authorization-k8s-io","watch-list-storageclass-v1beta1-storage-k8s-io","watch-storageclass-v1beta1-storage-k8s-io","list-storageclass-v1beta1-storage-k8s-io","read-storageclass-v1beta1-storage-k8s-io","-strong-read-operations-storageclass-v1beta1-storage-k8s-io-strong-","delete-collection-storageclass-v1beta1-storage-k8s-io","delete-storageclass-v1beta1-storage-k8s-io","replace-storageclass-v1beta1-storage-k8s-io","patch-storageclass-v1beta1-storage-k8s-io","create-storageclass-v1beta1-storage-k8s-io","-strong-write-operations-storageclass-v1beta1-storage-k8s-io-strong-","storageclass-v1beta1-storage-k8s-io","servicereference-v1beta1-apiregistration-k8s-io","servicereference-v1beta1-apiextensions-k8s-io","servicereference-v1beta1-admissionregistration-k8s-io","servicereference-v1-apiregistration-k8s-io","servicereference-v1-apiextensions-k8s-io","serviceaccountsubject-v1alpha1-flowcontrol-apiserver-k8s-io","create-selfsubjectrulesreview-v1beta1-authorization-k8s-io","-strong-write-operations-selfsubjectrulesreview-v1beta1-authorization-k8s-io-strong-","selfsubjectrulesreview-v1beta1-authorization-k8s-io","create-selfsubjectaccessreview-v1beta1-authorization-k8s-io","-strong-write-operations-selfsubjectaccessreview-v1beta1-authorization-k8s-io-strong-","selfsubjectaccessreview-v1beta1-authorization-k8s-io","scheduling-v1alpha1-node-k8s-io","scheduling-v1beta1-node-k8s-io","watch-list-runtimeclass-v1alpha1-node-k8s-io","watch-runtimeclass-v1alpha1-node-k8s-io","list-runtimeclass-v1alpha1-node-k8s-io","read-runtimeclass-v1alpha1-node-k8s-io","-strong-read-operations-runtimeclass-v1alpha1-node-k8s-io-strong-","delete-collection-runtimeclass-v1alpha1-node-k8s-io","delete-runtimeclass-v1alpha1-node-k8s-io","replace-runtimeclass-v1alpha1-node-k8s-io","patch-runtimeclass-v1alpha1-node-k8s-io","create-runtimeclass-v1alpha1-node-k8s-io","-strong-write-operations-runtimeclass-v1alpha1-node-k8s-io-strong-","runtimeclass-v1alpha1-node-k8s-io","watch-list-runtimeclass-v1beta1-node-k8s-io","watch-runtimeclass-v1beta1-node-k8s-io","list-runtimeclass-v1beta1-node-k8s-io","read-runtimeclass-v1beta1-node-k8s-io","-strong-read-operations-runtimeclass-v1beta1-node-k8s-io-strong-","delete-collection-runtimeclass-v1beta1-node-k8s-io","delete-runtimeclass-v1beta1-node-k8s-io","replace-runtimeclass-v1beta1-node-k8s-io","patch-runtimeclass-v1beta1-node-k8s-io","create-runtimeclass-v1beta1-node-k8s-io","-strong-write-operations-runtimeclass-v1beta1-node-k8s-io-strong-","runtimeclass-v1beta1-node-k8s-io","rulewithoperations-v1beta1-admissionregistration-k8s-io","roleref-v1alpha1-rbac-authorization-k8s-io","roleref-v1beta1-rbac-authorization-k8s-io","watch-list-all-namespaces-rolebinding-v1alpha1-rbac-authorization-k8s-io","watch-list-rolebinding-v1alpha1-rbac-authorization-k8s-io","watch-rolebinding-v1alpha1-rbac-authorization-k8s-io","list-all-namespaces-rolebinding-v1alpha1-rbac-authorization-k8s-io","list-rolebinding-v1alpha1-rbac-authorization-k8s-io","read-rolebinding-v1alpha1-rbac-authorization-k8s-io","-strong-read-operations-rolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","delete-collection-rolebinding-v1alpha1-rbac-authorization-k8s-io","delete-rolebinding-v1alpha1-rbac-authorization-k8s-io","replace-rolebinding-v1alpha1-rbac-authorization-k8s-io","patch-rolebinding-v1alpha1-rbac-authorization-k8s-io","create-rolebinding-v1alpha1-rbac-authorization-k8s-io","-strong-write-operations-rolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","rolebinding-v1alpha1-rbac-authorization-k8s-io","watch-list-all-namespaces-rolebinding-v1beta1-rbac-authorization-k8s-io","watch-list-rolebinding-v1beta1-rbac-authorization-k8s-io","watch-rolebinding-v1beta1-rbac-authorization-k8s-io","list-all-namespaces-rolebinding-v1beta1-rbac-authorization-k8s-io","list-rolebinding-v1beta1-rbac-authorization-k8s-io","read-rolebinding-v1beta1-rbac-authorization-k8s-io","-strong-read-operations-rolebinding-v1beta1-rbac-authorization-k8s-io-strong-","delete-collection-rolebinding-v1beta1-rbac-authorization-k8s-io","delete-rolebinding-v1beta1-rbac-authorization-k8s-io","replace-rolebinding-v1beta1-rbac-authorization-k8s-io","patch-rolebinding-v1beta1-rbac-authorization-k8s-io","create-rolebinding-v1beta1-rbac-authorization-k8s-io","-strong-write-operations-rolebinding-v1beta1-rbac-authorization-k8s-io-strong-","rolebinding-v1beta1-rbac-authorization-k8s-io","watch-list-all-namespaces-role-v1alpha1-rbac-authorization-k8s-io","watch-list-role-v1alpha1-rbac-authorization-k8s-io","watch-role-v1alpha1-rbac-authorization-k8s-io","list-all-namespaces-role-v1alpha1-rbac-authorization-k8s-io","list-role-v1alpha1-rbac-authorization-k8s-io","read-role-v1alpha1-rbac-authorization-k8s-io","-strong-read-operations-role-v1alpha1-rbac-authorization-k8s-io-strong-","delete-collection-role-v1alpha1-rbac-authorization-k8s-io","delete-role-v1alpha1-rbac-authorization-k8s-io","replace-role-v1alpha1-rbac-authorization-k8s-io","patch-role-v1alpha1-rbac-authorization-k8s-io","create-role-v1alpha1-rbac-authorization-k8s-io","-strong-write-operations-role-v1alpha1-rbac-authorization-k8s-io-strong-","role-v1alpha1-rbac-authorization-k8s-io","watch-list-all-namespaces-role-v1beta1-rbac-authorization-k8s-io","watch-list-role-v1beta1-rbac-authorization-k8s-io","watch-role-v1beta1-rbac-authorization-k8s-io","list-all-namespaces-role-v1beta1-rbac-authorization-k8s-io","list-role-v1beta1-rbac-authorization-k8s-io","read-role-v1beta1-rbac-authorization-k8s-io","-strong-read-operations-role-v1beta1-rbac-authorization-k8s-io-strong-","delete-collection-role-v1beta1-rbac-authorization-k8s-io","delete-role-v1beta1-rbac-authorization-k8s-io","replace-role-v1beta1-rbac-authorization-k8s-io","patch-role-v1beta1-rbac-authorization-k8s-io","create-role-v1beta1-rbac-authorization-k8s-io","-strong-write-operations-role-v1beta1-rbac-authorization-k8s-io-strong-","role-v1beta1-rbac-authorization-k8s-io","resourcerule-v1beta1-authorization-k8s-io","resourcepolicyrule-v1alpha1-flowcontrol-apiserver-k8s-io","resourcemetricstatus-v2beta1-autoscaling","resourcemetricsource-v2beta1-autoscaling","resourceattributes-v1beta1-authorization-k8s-io","queuingconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","prioritylevelconfigurationreference-v1alpha1-flowcontrol-apiserver-k8s-io","prioritylevelconfigurationcondition-v1alpha1-flowcontrol-apiserver-k8s-io","replace-status-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","read-status-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","patch-status-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","-strong-status-operations-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","watch-list-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","watch-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","list-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","read-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","-strong-read-operations-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","delete-collection-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","delete-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","replace-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","patch-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","create-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","-strong-write-operations-prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","prioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","watch-list-priorityclass-v1alpha1-scheduling-k8s-io","watch-priorityclass-v1alpha1-scheduling-k8s-io","list-priorityclass-v1alpha1-scheduling-k8s-io","read-priorityclass-v1alpha1-scheduling-k8s-io","-strong-read-operations-priorityclass-v1alpha1-scheduling-k8s-io-strong-","delete-collection-priorityclass-v1alpha1-scheduling-k8s-io","delete-priorityclass-v1alpha1-scheduling-k8s-io","replace-priorityclass-v1alpha1-scheduling-k8s-io","patch-priorityclass-v1alpha1-scheduling-k8s-io","create-priorityclass-v1alpha1-scheduling-k8s-io","-strong-write-operations-priorityclass-v1alpha1-scheduling-k8s-io-strong-","priorityclass-v1alpha1-scheduling-k8s-io","watch-list-priorityclass-v1beta1-scheduling-k8s-io","watch-priorityclass-v1beta1-scheduling-k8s-io","list-priorityclass-v1beta1-scheduling-k8s-io","read-priorityclass-v1beta1-scheduling-k8s-io","-strong-read-operations-priorityclass-v1beta1-scheduling-k8s-io-strong-","delete-collection-priorityclass-v1beta1-scheduling-k8s-io","delete-priorityclass-v1beta1-scheduling-k8s-io","replace-priorityclass-v1beta1-scheduling-k8s-io","patch-priorityclass-v1beta1-scheduling-k8s-io","create-priorityclass-v1beta1-scheduling-k8s-io","-strong-write-operations-priorityclass-v1beta1-scheduling-k8s-io-strong-","priorityclass-v1beta1-scheduling-k8s-io","policyruleswithsubjects-v1alpha1-flowcontrol-apiserver-k8s-io","policyrule-v1alpha1-rbac-authorization-k8s-io","policyrule-v1beta1-rbac-authorization-k8s-io","podsmetricstatus-v2beta1-autoscaling","podsmetricsource-v2beta1-autoscaling","overhead-v1alpha1-node-k8s-io","overhead-v1beta1-node-k8s-io","objectmetricstatus-v2beta1-autoscaling","objectmetricsource-v2beta1-autoscaling","nonresourcerule-v1beta1-authorization-k8s-io","nonresourcepolicyrule-v1alpha1-flowcontrol-apiserver-k8s-io","nonresourceattributes-v1beta1-authorization-k8s-io","watch-list-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","watch-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","list-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","read-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","-strong-read-operations-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","delete-collection-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","delete-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","replace-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","patch-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","create-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","-strong-write-operations-mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io-strong-","mutatingwebhookconfiguration-v1beta1-admissionregistration-k8s-io","mutatingwebhook-v1beta1-admissionregistration-k8s-io","metricstatus-v2beta1-autoscaling","metricspec-v2beta1-autoscaling","create-localsubjectaccessreview-v1beta1-authorization-k8s-io","-strong-write-operations-localsubjectaccessreview-v1beta1-authorization-k8s-io-strong-","localsubjectaccessreview-v1beta1-authorization-k8s-io","limitedprioritylevelconfiguration-v1alpha1-flowcontrol-apiserver-k8s-io","limitresponse-v1alpha1-flowcontrol-apiserver-k8s-io","watch-list-all-namespaces-lease-v1beta1-coordination-k8s-io","watch-list-lease-v1beta1-coordination-k8s-io","watch-lease-v1beta1-coordination-k8s-io","list-all-namespaces-lease-v1beta1-coordination-k8s-io","list-lease-v1beta1-coordination-k8s-io","read-lease-v1beta1-coordination-k8s-io","-strong-read-operations-lease-v1beta1-coordination-k8s-io-strong-","delete-collection-lease-v1beta1-coordination-k8s-io","delete-lease-v1beta1-coordination-k8s-io","replace-lease-v1beta1-coordination-k8s-io","patch-lease-v1beta1-coordination-k8s-io","create-lease-v1beta1-coordination-k8s-io","-strong-write-operations-lease-v1beta1-coordination-k8s-io-strong-","lease-v1beta1-coordination-k8s-io","jobtemplatespec-v2alpha1-batch","jsonschemapropsorbool-v1beta1-apiextensions-k8s-io","jsonschemapropsorarray-v1beta1-apiextensions-k8s-io","jsonschemaprops-v1beta1-apiextensions-k8s-io","json-v1beta1-apiextensions-k8s-io","ingresstls-v1beta1-networking-k8s-io","ingresstls-v1beta1-extensions","ingressrule-v1beta1-networking-k8s-io","ingressrule-v1beta1-extensions","watch-list-ingressclass-v1beta1-networking-k8s-io","watch-ingressclass-v1beta1-networking-k8s-io","list-ingressclass-v1beta1-networking-k8s-io","read-ingressclass-v1beta1-networking-k8s-io","-strong-read-operations-ingressclass-v1beta1-networking-k8s-io-strong-","delete-collection-ingressclass-v1beta1-networking-k8s-io","delete-ingressclass-v1beta1-networking-k8s-io","replace-ingressclass-v1beta1-networking-k8s-io","patch-ingressclass-v1beta1-networking-k8s-io","create-ingressclass-v1beta1-networking-k8s-io","-strong-write-operations-ingressclass-v1beta1-networking-k8s-io-strong-","ingressclass-v1beta1-networking-k8s-io","ingressbackend-v1beta1-networking-k8s-io","ingressbackend-v1beta1-extensions","replace-status-ingress-v1beta1-networking-k8s-io","read-status-ingress-v1beta1-networking-k8s-io","patch-status-ingress-v1beta1-networking-k8s-io","-strong-status-operations-ingress-v1beta1-networking-k8s-io-strong-","watch-list-all-namespaces-ingress-v1beta1-networking-k8s-io","watch-list-ingress-v1beta1-networking-k8s-io","watch-ingress-v1beta1-networking-k8s-io","list-all-namespaces-ingress-v1beta1-networking-k8s-io","list-ingress-v1beta1-networking-k8s-io","read-ingress-v1beta1-networking-k8s-io","-strong-read-operations-ingress-v1beta1-networking-k8s-io-strong-","delete-collection-ingress-v1beta1-networking-k8s-io","delete-ingress-v1beta1-networking-k8s-io","replace-ingress-v1beta1-networking-k8s-io","patch-ingress-v1beta1-networking-k8s-io","create-ingress-v1beta1-networking-k8s-io","-strong-write-operations-ingress-v1beta1-networking-k8s-io-strong-","ingress-v1beta1-networking-k8s-io","replace-status-ingress-v1beta1-extensions","read-status-ingress-v1beta1-extensions","patch-status-ingress-v1beta1-extensions","-strong-status-operations-ingress-v1beta1-extensions-strong-","watch-list-all-namespaces-ingress-v1beta1-extensions","watch-list-ingress-v1beta1-extensions","watch-ingress-v1beta1-extensions","list-all-namespaces-ingress-v1beta1-extensions","list-ingress-v1beta1-extensions","read-ingress-v1beta1-extensions","-strong-read-operations-ingress-v1beta1-extensions-strong-","delete-collection-ingress-v1beta1-extensions","delete-ingress-v1beta1-extensions","replace-ingress-v1beta1-extensions","patch-ingress-v1beta1-extensions","create-ingress-v1beta1-extensions","-strong-write-operations-ingress-v1beta1-extensions-strong-","ingress-v1beta1-extensions","horizontalpodautoscalercondition-v2beta1-autoscaling","replace-status-horizontalpodautoscaler-v2beta1-autoscaling","read-status-horizontalpodautoscaler-v2beta1-autoscaling","patch-status-horizontalpodautoscaler-v2beta1-autoscaling","-strong-status-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","watch-list-all-namespaces-horizontalpodautoscaler-v2beta1-autoscaling","watch-list-horizontalpodautoscaler-v2beta1-autoscaling","watch-horizontalpodautoscaler-v2beta1-autoscaling","list-all-namespaces-horizontalpodautoscaler-v2beta1-autoscaling","list-horizontalpodautoscaler-v2beta1-autoscaling","read-horizontalpodautoscaler-v2beta1-autoscaling","-strong-read-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","delete-collection-horizontalpodautoscaler-v2beta1-autoscaling","delete-horizontalpodautoscaler-v2beta1-autoscaling","replace-horizontalpodautoscaler-v2beta1-autoscaling","patch-horizontalpodautoscaler-v2beta1-autoscaling","create-horizontalpodautoscaler-v2beta1-autoscaling","-strong-write-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","horizontalpodautoscaler-v2beta1-autoscaling","replace-status-horizontalpodautoscaler-v2beta2-autoscaling","read-status-horizontalpodautoscaler-v2beta2-autoscaling","patch-status-horizontalpodautoscaler-v2beta2-autoscaling","-strong-status-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","watch-list-all-namespaces-horizontalpodautoscaler-v2beta2-autoscaling","watch-list-horizontalpodautoscaler-v2beta2-autoscaling","watch-horizontalpodautoscaler-v2beta2-autoscaling","list-all-namespaces-horizontalpodautoscaler-v2beta2-autoscaling","list-horizontalpodautoscaler-v2beta2-autoscaling","read-horizontalpodautoscaler-v2beta2-autoscaling","-strong-read-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","delete-collection-horizontalpodautoscaler-v2beta2-autoscaling","delete-horizontalpodautoscaler-v2beta2-autoscaling","replace-horizontalpodautoscaler-v2beta2-autoscaling","patch-horizontalpodautoscaler-v2beta2-autoscaling","create-horizontalpodautoscaler-v2beta2-autoscaling","-strong-write-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","horizontalpodautoscaler-v2beta2-autoscaling","httpingressrulevalue-v1beta1-networking-k8s-io","httpingressrulevalue-v1beta1-extensions","httpingresspath-v1beta1-networking-k8s-io","httpingresspath-v1beta1-extensions","groupsubject-v1alpha1-flowcontrol-apiserver-k8s-io","flowschemacondition-v1alpha1-flowcontrol-apiserver-k8s-io","replace-status-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","read-status-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","patch-status-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","-strong-status-operations-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","watch-list-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","watch-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","list-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","read-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","-strong-read-operations-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","delete-collection-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","delete-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","replace-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","patch-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","create-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","-strong-write-operations-flowschema-v1alpha1-flowcontrol-apiserver-k8s-io-strong-","flowschema-v1alpha1-flowcontrol-apiserver-k8s-io","flowdistinguishermethod-v1alpha1-flowcontrol-apiserver-k8s-io","externalmetricstatus-v2beta1-autoscaling","externalmetricsource-v2beta1-autoscaling","externaldocumentation-v1beta1-apiextensions-k8s-io","eventseries-v1beta1-events-k8s-io","eventseries-v1-core","watch-list-all-namespaces-event-v1beta1-events-k8s-io","watch-list-event-v1beta1-events-k8s-io","watch-event-v1beta1-events-k8s-io","list-all-namespaces-event-v1beta1-events-k8s-io","list-event-v1beta1-events-k8s-io","read-event-v1beta1-events-k8s-io","-strong-read-operations-event-v1beta1-events-k8s-io-strong-","delete-collection-event-v1beta1-events-k8s-io","delete-event-v1beta1-events-k8s-io","replace-event-v1beta1-events-k8s-io","patch-event-v1beta1-events-k8s-io","create-event-v1beta1-events-k8s-io","-strong-write-operations-event-v1beta1-events-k8s-io-strong-","event-v1beta1-events-k8s-io","watch-list-all-namespaces-event-v1-core","watch-list-event-v1-core","watch-event-v1-core","list-all-namespaces-event-v1-core","list-event-v1-core","read-event-v1-core","-strong-read-operations-event-v1-core-strong-","delete-collection-event-v1-core","delete-event-v1-core","replace-event-v1-core","patch-event-v1-core","create-event-v1-core","-strong-write-operations-event-v1-core-strong-","event-v1-core","endpointport-v1beta1-discovery-k8s-io","customresourcevalidation-v1beta1-apiextensions-k8s-io","customresourcesubresources-v1beta1-apiextensions-k8s-io","customresourcesubresourcestatus-v1beta1-apiextensions-k8s-io","customresourcesubresourcescale-v1beta1-apiextensions-k8s-io","customresourcedefinitionversion-v1beta1-apiextensions-k8s-io","customresourcedefinitionnames-v1beta1-apiextensions-k8s-io","customresourcedefinitioncondition-v1beta1-apiextensions-k8s-io","replace-status-customresourcedefinition-v1beta1-apiextensions-k8s-io","read-status-customresourcedefinition-v1beta1-apiextensions-k8s-io","patch-status-customresourcedefinition-v1beta1-apiextensions-k8s-io","-strong-status-operations-customresourcedefinition-v1beta1-apiextensions-k8s-io-strong-","watch-list-customresourcedefinition-v1beta1-apiextensions-k8s-io","watch-customresourcedefinition-v1beta1-apiextensions-k8s-io","list-customresourcedefinition-v1beta1-apiextensions-k8s-io","read-customresourcedefinition-v1beta1-apiextensions-k8s-io","-strong-read-operations-customresourcedefinition-v1beta1-apiextensions-k8s-io-strong-","delete-collection-customresourcedefinition-v1beta1-apiextensions-k8s-io","delete-customresourcedefinition-v1beta1-apiextensions-k8s-io","replace-customresourcedefinition-v1beta1-apiextensions-k8s-io","patch-customresourcedefinition-v1beta1-apiextensions-k8s-io","create-customresourcedefinition-v1beta1-apiextensions-k8s-io","-strong-write-operations-customresourcedefinition-v1beta1-apiextensions-k8s-io-strong-","customresourcedefinition-v1beta1-apiextensions-k8s-io","customresourceconversion-v1beta1-apiextensions-k8s-io","customresourcecolumndefinition-v1beta1-apiextensions-k8s-io","crossversionobjectreference-v2beta1-autoscaling","crossversionobjectreference-v2beta2-autoscaling","replace-status-cronjob-v2alpha1-batch","read-status-cronjob-v2alpha1-batch","patch-status-cronjob-v2alpha1-batch","-strong-status-operations-cronjob-v2alpha1-batch-strong-","watch-list-all-namespaces-cronjob-v2alpha1-batch","watch-list-cronjob-v2alpha1-batch","watch-cronjob-v2alpha1-batch","list-all-namespaces-cronjob-v2alpha1-batch","list-cronjob-v2alpha1-batch","read-cronjob-v2alpha1-batch","-strong-read-operations-cronjob-v2alpha1-batch-strong-","delete-collection-cronjob-v2alpha1-batch","delete-cronjob-v2alpha1-batch","replace-cronjob-v2alpha1-batch","patch-cronjob-v2alpha1-batch","create-cronjob-v2alpha1-batch","-strong-write-operations-cronjob-v2alpha1-batch-strong-","cronjob-v2alpha1-batch","containerresourcemetricstatus-v2beta1-autoscaling","containerresourcemetricsource-v2beta1-autoscaling","watch-list-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","watch-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","list-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","read-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","-strong-read-operations-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","delete-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","replace-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","patch-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","create-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","-strong-write-operations-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","watch-list-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","watch-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","list-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","read-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","-strong-read-operations-clusterrolebinding-v1beta1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","delete-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","replace-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","patch-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","create-clusterrolebinding-v1beta1-rbac-authorization-k8s-io","-strong-write-operations-clusterrolebinding-v1beta1-rbac-authorization-k8s-io-strong-","clusterrolebinding-v1beta1-rbac-authorization-k8s-io","watch-list-clusterrole-v1alpha1-rbac-authorization-k8s-io","watch-clusterrole-v1alpha1-rbac-authorization-k8s-io","list-clusterrole-v1alpha1-rbac-authorization-k8s-io","read-clusterrole-v1alpha1-rbac-authorization-k8s-io","-strong-read-operations-clusterrole-v1alpha1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrole-v1alpha1-rbac-authorization-k8s-io","delete-clusterrole-v1alpha1-rbac-authorization-k8s-io","replace-clusterrole-v1alpha1-rbac-authorization-k8s-io","patch-clusterrole-v1alpha1-rbac-authorization-k8s-io","create-clusterrole-v1alpha1-rbac-authorization-k8s-io","-strong-write-operations-clusterrole-v1alpha1-rbac-authorization-k8s-io-strong-","clusterrole-v1alpha1-rbac-authorization-k8s-io","watch-list-clusterrole-v1beta1-rbac-authorization-k8s-io","watch-clusterrole-v1beta1-rbac-authorization-k8s-io","list-clusterrole-v1beta1-rbac-authorization-k8s-io","read-clusterrole-v1beta1-rbac-authorization-k8s-io","-strong-read-operations-clusterrole-v1beta1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrole-v1beta1-rbac-authorization-k8s-io","delete-clusterrole-v1beta1-rbac-authorization-k8s-io","replace-clusterrole-v1beta1-rbac-authorization-k8s-io","patch-clusterrole-v1beta1-rbac-authorization-k8s-io","create-clusterrole-v1beta1-rbac-authorization-k8s-io","-strong-write-operations-clusterrole-v1beta1-rbac-authorization-k8s-io-strong-","clusterrole-v1beta1-rbac-authorization-k8s-io","certificatesigningrequestcondition-v1beta1-certificates-k8s-io","replace-status-certificatesigningrequest-v1beta1-certificates-k8s-io","read-status-certificatesigningrequest-v1beta1-certificates-k8s-io","patch-status-certificatesigningrequest-v1beta1-certificates-k8s-io","-strong-status-operations-certificatesigningrequest-v1beta1-certificates-k8s-io-strong-","watch-list-certificatesigningrequest-v1beta1-certificates-k8s-io","watch-certificatesigningrequest-v1beta1-certificates-k8s-io","list-certificatesigningrequest-v1beta1-certificates-k8s-io","read-certificatesigningrequest-v1beta1-certificates-k8s-io","-strong-read-operations-certificatesigningrequest-v1beta1-certificates-k8s-io-strong-","delete-collection-certificatesigningrequest-v1beta1-certificates-k8s-io","delete-certificatesigningrequest-v1beta1-certificates-k8s-io","replace-certificatesigningrequest-v1beta1-certificates-k8s-io","patch-certificatesigningrequest-v1beta1-certificates-k8s-io","create-certificatesigningrequest-v1beta1-certificates-k8s-io","-strong-write-operations-certificatesigningrequest-v1beta1-certificates-k8s-io-strong-","certificatesigningrequest-v1beta1-certificates-k8s-io","csinodedriver-v1beta1-storage-k8s-io","watch-list-csinode-v1beta1-storage-k8s-io","watch-csinode-v1beta1-storage-k8s-io","list-csinode-v1beta1-storage-k8s-io","read-csinode-v1beta1-storage-k8s-io","-strong-read-operations-csinode-v1beta1-storage-k8s-io-strong-","delete-collection-csinode-v1beta1-storage-k8s-io","delete-csinode-v1beta1-storage-k8s-io","replace-csinode-v1beta1-storage-k8s-io","patch-csinode-v1beta1-storage-k8s-io","create-csinode-v1beta1-storage-k8s-io","-strong-write-operations-csinode-v1beta1-storage-k8s-io-strong-","csinode-v1beta1-storage-k8s-io","watch-list-csidriver-v1beta1-storage-k8s-io","watch-csidriver-v1beta1-storage-k8s-io","list-csidriver-v1beta1-storage-k8s-io","read-csidriver-v1beta1-storage-k8s-io","-strong-read-operations-csidriver-v1beta1-storage-k8s-io-strong-","delete-collection-csidriver-v1beta1-storage-k8s-io","delete-csidriver-v1beta1-storage-k8s-io","replace-csidriver-v1beta1-storage-k8s-io","patch-csidriver-v1beta1-storage-k8s-io","create-csidriver-v1beta1-storage-k8s-io","-strong-write-operations-csidriver-v1beta1-storage-k8s-io-strong-","csidriver-v1beta1-storage-k8s-io","aggregationrule-v1alpha1-rbac-authorization-k8s-io","aggregationrule-v1beta1-rbac-authorization-k8s-io","apiservicecondition-v1beta1-apiregistration-k8s-io","replace-status-apiservice-v1beta1-apiregistration-k8s-io","read-status-apiservice-v1beta1-apiregistration-k8s-io","patch-status-apiservice-v1beta1-apiregistration-k8s-io","-strong-status-operations-apiservice-v1beta1-apiregistration-k8s-io-strong-","watch-list-apiservice-v1beta1-apiregistration-k8s-io","watch-apiservice-v1beta1-apiregistration-k8s-io","list-apiservice-v1beta1-apiregistration-k8s-io","read-apiservice-v1beta1-apiregistration-k8s-io","-strong-read-operations-apiservice-v1beta1-apiregistration-k8s-io-strong-","delete-collection-apiservice-v1beta1-apiregistration-k8s-io","delete-apiservice-v1beta1-apiregistration-k8s-io","replace-apiservice-v1beta1-apiregistration-k8s-io","patch-apiservice-v1beta1-apiregistration-k8s-io","create-apiservice-v1beta1-apiregistration-k8s-io","-strong-write-operations-apiservice-v1beta1-apiregistration-k8s-io-strong-","apiservice-v1beta1-apiregistration-k8s-io","-strong-old-api-versions-strong-","windowssecuritycontextoptions-v1-core","weightedpodaffinityterm-v1-core","webhookconversion-v1-apiextensions-k8s-io","webhookclientconfig-v1-admissionregistration-k8s-io","watchevent-v1-meta","vspherevirtualdiskvolumesource-v1-core","volumeprojection-v1-core","volumenoderesources-v1-storage-k8s-io","volumenodeaffinity-v1-core","volumemount-v1-core","volumeerror-v1-storage-k8s-io","volumedevice-v1-core","volumeattachmentsource-v1-storage-k8s-io","validatingwebhook-v1-admissionregistration-k8s-io","usersubject-v1beta1-flowcontrol-apiserver-k8s-io","userinfo-v1-authentication-k8s-io","typedlocalobjectreference-v1-core","topologyspreadconstraint-v1-core","topologyselectorterm-v1-core","topologyselectorlabelrequirement-v1-core","toleration-v1-core","time-v1-meta","taint-v1-core","tcpsocketaction-v1-core","sysctl-v1-core","supplementalgroupsstrategyoptions-v1beta1-policy","subjectrulesreviewstatus-v1-authorization-k8s-io","subject-v1beta1-flowcontrol-apiserver-k8s-io","storageversioncondition-v1alpha1-internal-apiserver-k8s-io","storageosvolumesource-v1-core","storageospersistentvolumesource-v1-core","statusdetails-v1-meta","statuscause-v1-meta","status-v1-meta","statefulsetupdatestrategy-v1-apps","statefulsetcondition-v1-apps","sessionaffinityconfig-v1-core","servicereference-v1-admissionregistration-k8s-io","serviceport-v1-core","servicebackendport-v1-networking-k8s-io","serviceaccounttokenprojection-v1-core","serviceaccountsubject-v1beta1-flowcontrol-apiserver-k8s-io","serverstorageversion-v1alpha1-internal-apiserver-k8s-io","serveraddressbyclientcidr-v1-meta","securitycontext-v1-core","secretvolumesource-v1-core","secretreference-v1-core","secretprojection-v1-core","secretkeyselector-v1-core","secretenvsource-v1-core","seccompprofile-v1-core","scopedresourceselectorrequirement-v1-core","scopeselector-v1-core","scheduling-v1-node-k8s-io","scaleiovolumesource-v1-core","scaleiopersistentvolumesource-v1-core","scale-v1-autoscaling","selinuxstrategyoptions-v1beta1-policy","selinuxoptions-v1-core","runtimeclassstrategyoptions-v1beta1-policy","runasuserstrategyoptions-v1beta1-policy","runasgroupstrategyoptions-v1beta1-policy","rulewithoperations-v1-admissionregistration-k8s-io","rollingupdatestatefulsetstrategy-v1-apps","roleref-v1-rbac-authorization-k8s-io","resourcerule-v1-authorization-k8s-io","resourcerequirements-v1-core","resourcepolicyrule-v1beta1-flowcontrol-apiserver-k8s-io","resourcemetricstatus-v2beta2-autoscaling","resourcemetricsource-v2beta2-autoscaling","resourcefieldselector-v1-core","resourceattributes-v1-authorization-k8s-io","replicationcontrollercondition-v1-core","replicasetcondition-v1-apps","rbdvolumesource-v1-core","rbdpersistentvolumesource-v1-core","quobytevolumesource-v1-core","queuingconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","quantity-resource-core","projectedvolumesource-v1-core","probe-v1-core","prioritylevelconfigurationreference-v1beta1-flowcontrol-apiserver-k8s-io","prioritylevelconfigurationcondition-v1beta1-flowcontrol-apiserver-k8s-io","preferredschedulingterm-v1-core","preconditions-v1-meta","portworxvolumesource-v1-core","portstatus-v1-core","policyruleswithsubjects-v1beta1-flowcontrol-apiserver-k8s-io","policyrule-v1-rbac-authorization-k8s-io","podsmetricstatus-v2beta2-autoscaling","podsmetricsource-v2beta2-autoscaling","podsecuritycontext-v1-core","podreadinessgate-v1-core","podip-v1-core","poddnsconfigoption-v1-core","poddnsconfig-v1-core","podcondition-v1-core","podantiaffinity-v1-core","podaffinityterm-v1-core","podaffinity-v1-core","photonpersistentdiskvolumesource-v1-core","persistentvolumeclaimvolumesource-v1-core","persistentvolumeclaimtemplate-v1-core","persistentvolumeclaimcondition-v1-core","patch-v1-meta","ownerreference-v1-meta","overhead-v1-node-k8s-io","objectreference-v1-core","objectmetricstatus-v2beta2-autoscaling","objectmetricsource-v2beta2-autoscaling","objectmeta-v1-meta","objectfieldselector-v1-core","nonresourcerule-v1-authorization-k8s-io","nonresourcepolicyrule-v1beta1-flowcontrol-apiserver-k8s-io","nonresourceattributes-v1-authorization-k8s-io","nodesysteminfo-v1-core","nodeselectorterm-v1-core","nodeselectorrequirement-v1-core","nodeselector-v1-core","nodedaemonendpoints-v1-core","nodeconfigstatus-v1-core","nodeconfigsource-v1-core","nodecondition-v1-core","nodeaffinity-v1-core","nodeaddress-v1-core","networkpolicyport-v1-networking-k8s-io","networkpolicypeer-v1-networking-k8s-io","networkpolicyingressrule-v1-networking-k8s-io","networkpolicyegressrule-v1-networking-k8s-io","namespacecondition-v1-core","nfsvolumesource-v1-core","mutatingwebhook-v1-admissionregistration-k8s-io","microtime-v1-meta","metricvaluestatus-v2beta2-autoscaling","metrictarget-v2beta2-autoscaling","metricstatus-v2beta2-autoscaling","metricspec-v2beta2-autoscaling","metricidentifier-v2beta2-autoscaling","managedfieldsentry-v1-meta","localvolumesource-v1-core","localobjectreference-v1-core","loadbalancerstatus-v1-core","loadbalanceringress-v1-core","listmeta-v1-meta","limitedprioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","limitresponse-v1beta1-flowcontrol-apiserver-k8s-io","limitrangeitem-v1-core","lifecycle-v1-core","labelselectorrequirement-v1-meta","labelselector-v1-meta","keytopath-v1-core","jobtemplatespec-v1beta1-batch","jobcondition-v1-batch","jsonschemapropsorbool-v1-apiextensions-k8s-io","jsonschemapropsorarray-v1-apiextensions-k8s-io","jsonschemaprops-v1-apiextensions-k8s-io","json-v1-apiextensions-k8s-io","ingresstls-v1-networking-k8s-io","ingressservicebackend-v1-networking-k8s-io","ingressrule-v1-networking-k8s-io","ingressbackend-v1-networking-k8s-io","iscsivolumesource-v1-core","iscsipersistentvolumesource-v1-core","ipblock-v1-networking-k8s-io","idrange-v1beta1-policy","hostportrange-v1beta1-policy","hostpathvolumesource-v1-core","hostalias-v1-core","horizontalpodautoscalercondition-v2beta2-autoscaling","horizontalpodautoscalerbehavior-v2beta2-autoscaling","handler-v1-core","httpingressrulevalue-v1-networking-k8s-io","httpingresspath-v1-networking-k8s-io","httpheader-v1-core","httpgetaction-v1-core","hpascalingrules-v2beta2-autoscaling","hpascalingpolicy-v2beta2-autoscaling","groupversionfordiscovery-v1-meta","groupsubject-v1beta1-flowcontrol-apiserver-k8s-io","glusterfsvolumesource-v1-core","glusterfspersistentvolumesource-v1-core","gitrepovolumesource-v1-core","gcepersistentdiskvolumesource-v1-core","flowschemacondition-v1beta1-flowcontrol-apiserver-k8s-io","flowdistinguishermethod-v1beta1-flowcontrol-apiserver-k8s-io","flockervolumesource-v1-core","flexvolumesource-v1-core","flexpersistentvolumesource-v1-core","fieldsv1-v1-meta","fsgroupstrategyoptions-v1beta1-policy","fcvolumesource-v1-core","externalmetricstatus-v2beta2-autoscaling","externalmetricsource-v2beta2-autoscaling","externaldocumentation-v1-apiextensions-k8s-io","execaction-v1-core","eviction-v1beta1-policy","eventsource-v1-core","eventseries-v1-events-k8s-io","ephemeralvolumesource-v1-core","ephemeralcontainer-v1-core","envvarsource-v1-core","envvar-v1-core","envfromsource-v1-core","endpointsubset-v1-core","endpointport-v1-core","endpointconditions-v1beta1-discovery-k8s-io","endpointaddress-v1-core","endpoint-v1beta1-discovery-k8s-io","emptydirvolumesource-v1-core","downwardapivolumesource-v1-core","downwardapivolumefile-v1-core","downwardapiprojection-v1-core","deploymentcondition-v1-apps","deleteoptions-v1-meta","daemonsetupdatestrategy-v1-apps","daemonsetcondition-v1-apps","daemonendpoint-v1-core","customresourcevalidation-v1-apiextensions-k8s-io","customresourcesubresources-v1-apiextensions-k8s-io","customresourcesubresourcestatus-v1-apiextensions-k8s-io","customresourcesubresourcescale-v1-apiextensions-k8s-io","customresourcedefinitionversion-v1-apiextensions-k8s-io","customresourcedefinitionnames-v1-apiextensions-k8s-io","customresourcedefinitioncondition-v1-apiextensions-k8s-io","customresourceconversion-v1-apiextensions-k8s-io","customresourcecolumndefinition-v1-apiextensions-k8s-io","crossversionobjectreference-v1-autoscaling","containerstatewaiting-v1-core","containerstateterminated-v1-core","containerstaterunning-v1-core","containerstate-v1-core","containerresourcemetricstatus-v2beta2-autoscaling","containerresourcemetricsource-v2beta2-autoscaling","containerport-v1-core","containerimage-v1-core","configmapvolumesource-v1-core","configmapprojection-v1-core","configmapnodeconfigsource-v1-core","configmapkeyselector-v1-core","configmapenvsource-v1-core","condition-v1-meta","componentcondition-v1-core","clientipconfig-v1-core","cindervolumesource-v1-core","cinderpersistentvolumesource-v1-core","certificatesigningrequestcondition-v1-certificates-k8s-io","cephfsvolumesource-v1-core","cephfspersistentvolumesource-v1-core","capabilities-v1-core","csivolumesource-v1-core","csipersistentvolumesource-v1-core","csinodedriver-v1-storage-k8s-io","boundobjectreference-v1-authentication-k8s-io","azurefilevolumesource-v1-core","azurefilepersistentvolumesource-v1-core","azurediskvolumesource-v1-core","attachedvolume-v1-core","allowedhostpath-v1beta1-policy","allowedflexvolume-v1beta1-policy","allowedcsidriver-v1beta1-policy","aggregationrule-v1-rbac-authorization-k8s-io","affinity-v1-core","awselasticblockstorevolumesource-v1-core","apiversions-v1-meta","apiservicecondition-v1-apiregistration-k8s-io","apiresource-v1-meta","apigroup-v1-meta","-strong-definitions-strong-","watch-list-all-namespaces-networkpolicy-v1-networking-k8s-io","watch-list-networkpolicy-v1-networking-k8s-io","watch-networkpolicy-v1-networking-k8s-io","list-all-namespaces-networkpolicy-v1-networking-k8s-io","list-networkpolicy-v1-networking-k8s-io","read-networkpolicy-v1-networking-k8s-io","-strong-read-operations-networkpolicy-v1-networking-k8s-io-strong-","delete-collection-networkpolicy-v1-networking-k8s-io","delete-networkpolicy-v1-networking-k8s-io","replace-networkpolicy-v1-networking-k8s-io","patch-networkpolicy-v1-networking-k8s-io","create-networkpolicy-v1-networking-k8s-io","-strong-write-operations-networkpolicy-v1-networking-k8s-io-strong-","networkpolicy-v1-networking-k8s-io","create-tokenreview-v1-authentication-k8s-io","-strong-write-operations-tokenreview-v1-authentication-k8s-io-strong-","tokenreview-v1-authentication-k8s-io","tokenrequest-v1-authentication-k8s-io","create-subjectaccessreview-v1-authorization-k8s-io","-strong-write-operations-subjectaccessreview-v1-authorization-k8s-io-strong-","subjectaccessreview-v1-authorization-k8s-io","replace-status-storageversion-v1alpha1-internal-apiserver-k8s-io","read-status-storageversion-v1alpha1-internal-apiserver-k8s-io","patch-status-storageversion-v1alpha1-internal-apiserver-k8s-io","-strong-status-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","watch-list-storageversion-v1alpha1-internal-apiserver-k8s-io","watch-storageversion-v1alpha1-internal-apiserver-k8s-io","list-storageversion-v1alpha1-internal-apiserver-k8s-io","read-storageversion-v1alpha1-internal-apiserver-k8s-io","-strong-read-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","delete-collection-storageversion-v1alpha1-internal-apiserver-k8s-io","delete-storageversion-v1alpha1-internal-apiserver-k8s-io","replace-storageversion-v1alpha1-internal-apiserver-k8s-io","patch-storageversion-v1alpha1-internal-apiserver-k8s-io","create-storageversion-v1alpha1-internal-apiserver-k8s-io","-strong-write-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","storageversion-v1alpha1-internal-apiserver-k8s-io","watch-list-all-namespaces-serviceaccount-v1-core","watch-list-serviceaccount-v1-core","watch-serviceaccount-v1-core","list-all-namespaces-serviceaccount-v1-core","list-serviceaccount-v1-core","read-serviceaccount-v1-core","-strong-read-operations-serviceaccount-v1-core-strong-","delete-collection-serviceaccount-v1-core","delete-serviceaccount-v1-core","replace-serviceaccount-v1-core","patch-serviceaccount-v1-core","create-serviceaccount-v1-core","-strong-write-operations-serviceaccount-v1-core-strong-","serviceaccount-v1-core","create-selfsubjectrulesreview-v1-authorization-k8s-io","-strong-write-operations-selfsubjectrulesreview-v1-authorization-k8s-io-strong-","selfsubjectrulesreview-v1-authorization-k8s-io","create-selfsubjectaccessreview-v1-authorization-k8s-io","-strong-write-operations-selfsubjectaccessreview-v1-authorization-k8s-io-strong-","selfsubjectaccessreview-v1-authorization-k8s-io","watch-list-runtimeclass-v1-node-k8s-io","watch-runtimeclass-v1-node-k8s-io","list-runtimeclass-v1-node-k8s-io","read-runtimeclass-v1-node-k8s-io","-strong-read-operations-runtimeclass-v1-node-k8s-io-strong-","delete-collection-runtimeclass-v1-node-k8s-io","delete-runtimeclass-v1-node-k8s-io","replace-runtimeclass-v1-node-k8s-io","patch-runtimeclass-v1-node-k8s-io","create-runtimeclass-v1-node-k8s-io","-strong-write-operations-runtimeclass-v1-node-k8s-io-strong-","runtimeclass-v1-node-k8s-io","watch-list-all-namespaces-rolebinding-v1-rbac-authorization-k8s-io","watch-list-rolebinding-v1-rbac-authorization-k8s-io","watch-rolebinding-v1-rbac-authorization-k8s-io","list-all-namespaces-rolebinding-v1-rbac-authorization-k8s-io","list-rolebinding-v1-rbac-authorization-k8s-io","read-rolebinding-v1-rbac-authorization-k8s-io","-strong-read-operations-rolebinding-v1-rbac-authorization-k8s-io-strong-","delete-collection-rolebinding-v1-rbac-authorization-k8s-io","delete-rolebinding-v1-rbac-authorization-k8s-io","replace-rolebinding-v1-rbac-authorization-k8s-io","patch-rolebinding-v1-rbac-authorization-k8s-io","create-rolebinding-v1-rbac-authorization-k8s-io","-strong-write-operations-rolebinding-v1-rbac-authorization-k8s-io-strong-","rolebinding-v1-rbac-authorization-k8s-io","watch-list-all-namespaces-role-v1-rbac-authorization-k8s-io","watch-list-role-v1-rbac-authorization-k8s-io","watch-role-v1-rbac-authorization-k8s-io","list-all-namespaces-role-v1-rbac-authorization-k8s-io","list-role-v1-rbac-authorization-k8s-io","read-role-v1-rbac-authorization-k8s-io","-strong-read-operations-role-v1-rbac-authorization-k8s-io-strong-","delete-collection-role-v1-rbac-authorization-k8s-io","delete-role-v1-rbac-authorization-k8s-io","replace-role-v1-rbac-authorization-k8s-io","patch-role-v1-rbac-authorization-k8s-io","create-role-v1-rbac-authorization-k8s-io","-strong-write-operations-role-v1-rbac-authorization-k8s-io-strong-","role-v1-rbac-authorization-k8s-io","replace-status-resourcequota-v1-core","read-status-resourcequota-v1-core","patch-status-resourcequota-v1-core","-strong-status-operations-resourcequota-v1-core-strong-","watch-list-all-namespaces-resourcequota-v1-core","watch-list-resourcequota-v1-core","watch-resourcequota-v1-core","list-all-namespaces-resourcequota-v1-core","list-resourcequota-v1-core","read-resourcequota-v1-core","-strong-read-operations-resourcequota-v1-core-strong-","delete-collection-resourcequota-v1-core","delete-resourcequota-v1-core","replace-resourcequota-v1-core","patch-resourcequota-v1-core","create-resourcequota-v1-core","-strong-write-operations-resourcequota-v1-core-strong-","resourcequota-v1-core","replace-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","read-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","patch-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","-strong-status-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","watch-list-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","watch-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","list-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","read-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","-strong-read-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","delete-collection-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","delete-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","replace-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","patch-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","create-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","-strong-write-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","replace-status-persistentvolume-v1-core","read-status-persistentvolume-v1-core","patch-status-persistentvolume-v1-core","-strong-status-operations-persistentvolume-v1-core-strong-","watch-list-persistentvolume-v1-core","watch-persistentvolume-v1-core","list-persistentvolume-v1-core","read-persistentvolume-v1-core","-strong-read-operations-persistentvolume-v1-core-strong-","delete-collection-persistentvolume-v1-core","delete-persistentvolume-v1-core","replace-persistentvolume-v1-core","patch-persistentvolume-v1-core","create-persistentvolume-v1-core","-strong-write-operations-persistentvolume-v1-core-strong-","persistentvolume-v1-core","replace-connect-proxy-path-node-v1-core","replace-connect-proxy-node-v1-core","head-connect-proxy-path-node-v1-core","head-connect-proxy-node-v1-core","get-connect-proxy-path-node-v1-core","get-connect-proxy-node-v1-core","delete-connect-proxy-path-node-v1-core","delete-connect-proxy-node-v1-core","create-connect-proxy-path-node-v1-core","create-connect-proxy-node-v1-core","-strong-proxy-operations-node-v1-core-strong-","replace-status-node-v1-core","read-status-node-v1-core","patch-status-node-v1-core","-strong-status-operations-node-v1-core-strong-","watch-list-node-v1-core","watch-node-v1-core","list-node-v1-core","read-node-v1-core","-strong-read-operations-node-v1-core-strong-","delete-collection-node-v1-core","delete-node-v1-core","replace-node-v1-core","patch-node-v1-core","create-node-v1-core","-strong-write-operations-node-v1-core-strong-","node-v1-core","replace-status-namespace-v1-core","read-status-namespace-v1-core","patch-status-namespace-v1-core","-strong-status-operations-namespace-v1-core-strong-","watch-list-namespace-v1-core","watch-namespace-v1-core","list-namespace-v1-core","read-namespace-v1-core","-strong-read-operations-namespace-v1-core-strong-","delete-namespace-v1-core","replace-namespace-v1-core","patch-namespace-v1-core","create-namespace-v1-core","-strong-write-operations-namespace-v1-core-strong-","namespace-v1-core","create-localsubjectaccessreview-v1-authorization-k8s-io","-strong-write-operations-localsubjectaccessreview-v1-authorization-k8s-io-strong-","localsubjectaccessreview-v1-authorization-k8s-io","watch-list-all-namespaces-lease-v1-coordination-k8s-io","watch-list-lease-v1-coordination-k8s-io","watch-lease-v1-coordination-k8s-io","list-all-namespaces-lease-v1-coordination-k8s-io","list-lease-v1-coordination-k8s-io","read-lease-v1-coordination-k8s-io","-strong-read-operations-lease-v1-coordination-k8s-io-strong-","delete-collection-lease-v1-coordination-k8s-io","delete-lease-v1-coordination-k8s-io","replace-lease-v1-coordination-k8s-io","patch-lease-v1-coordination-k8s-io","create-lease-v1-coordination-k8s-io","-strong-write-operations-lease-v1-coordination-k8s-io-strong-","lease-v1-coordination-k8s-io","replace-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","read-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","patch-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","-strong-status-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","watch-list-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","watch-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","list-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","read-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","-strong-read-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","delete-collection-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","delete-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","replace-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","patch-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","create-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","-strong-write-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","flowschema-v1beta1-flowcontrol-apiserver-k8s-io","list-componentstatus-v1-core","read-componentstatus-v1-core","-strong-read-operations-componentstatus-v1-core-strong-","componentstatus-v1-core","watch-list-clusterrolebinding-v1-rbac-authorization-k8s-io","watch-clusterrolebinding-v1-rbac-authorization-k8s-io","list-clusterrolebinding-v1-rbac-authorization-k8s-io","read-clusterrolebinding-v1-rbac-authorization-k8s-io","-strong-read-operations-clusterrolebinding-v1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrolebinding-v1-rbac-authorization-k8s-io","delete-clusterrolebinding-v1-rbac-authorization-k8s-io","replace-clusterrolebinding-v1-rbac-authorization-k8s-io","patch-clusterrolebinding-v1-rbac-authorization-k8s-io","create-clusterrolebinding-v1-rbac-authorization-k8s-io","-strong-write-operations-clusterrolebinding-v1-rbac-authorization-k8s-io-strong-","clusterrolebinding-v1-rbac-authorization-k8s-io","watch-list-clusterrole-v1-rbac-authorization-k8s-io","watch-clusterrole-v1-rbac-authorization-k8s-io","list-clusterrole-v1-rbac-authorization-k8s-io","read-clusterrole-v1-rbac-authorization-k8s-io","-strong-read-operations-clusterrole-v1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrole-v1-rbac-authorization-k8s-io","delete-clusterrole-v1-rbac-authorization-k8s-io","replace-clusterrole-v1-rbac-authorization-k8s-io","patch-clusterrole-v1-rbac-authorization-k8s-io","create-clusterrole-v1-rbac-authorization-k8s-io","-strong-write-operations-clusterrole-v1-rbac-authorization-k8s-io-strong-","clusterrole-v1-rbac-authorization-k8s-io","replace-status-certificatesigningrequest-v1-certificates-k8s-io","read-status-certificatesigningrequest-v1-certificates-k8s-io","patch-status-certificatesigningrequest-v1-certificates-k8s-io","-strong-status-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","watch-list-certificatesigningrequest-v1-certificates-k8s-io","watch-certificatesigningrequest-v1-certificates-k8s-io","list-certificatesigningrequest-v1-certificates-k8s-io","read-certificatesigningrequest-v1-certificates-k8s-io","-strong-read-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","delete-collection-certificatesigningrequest-v1-certificates-k8s-io","delete-certificatesigningrequest-v1-certificates-k8s-io","replace-certificatesigningrequest-v1-certificates-k8s-io","patch-certificatesigningrequest-v1-certificates-k8s-io","create-certificatesigningrequest-v1-certificates-k8s-io","-strong-write-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","certificatesigningrequest-v1-certificates-k8s-io","create-binding-v1-core","-strong-write-operations-binding-v1-core-strong-","binding-v1-core","replace-status-apiservice-v1-apiregistration-k8s-io","read-status-apiservice-v1-apiregistration-k8s-io","patch-status-apiservice-v1-apiregistration-k8s-io","-strong-status-operations-apiservice-v1-apiregistration-k8s-io-strong-","watch-list-apiservice-v1-apiregistration-k8s-io","watch-apiservice-v1-apiregistration-k8s-io","list-apiservice-v1-apiregistration-k8s-io","read-apiservice-v1-apiregistration-k8s-io","-strong-read-operations-apiservice-v1-apiregistration-k8s-io-strong-","delete-collection-apiservice-v1-apiregistration-k8s-io","delete-apiservice-v1-apiregistration-k8s-io","replace-apiservice-v1-apiregistration-k8s-io","patch-apiservice-v1-apiregistration-k8s-io","create-apiservice-v1-apiregistration-k8s-io","-strong-write-operations-apiservice-v1-apiregistration-k8s-io-strong-","apiservice-v1-apiregistration-k8s-io","-strong-cluster-apis-strong-","watch-list-podsecuritypolicy-v1beta1-policy","watch-podsecuritypolicy-v1beta1-policy","list-podsecuritypolicy-v1beta1-policy","read-podsecuritypolicy-v1beta1-policy","-strong-read-operations-podsecuritypolicy-v1beta1-policy-strong-","delete-collection-podsecuritypolicy-v1beta1-policy","delete-podsecuritypolicy-v1beta1-policy","replace-podsecuritypolicy-v1beta1-policy","patch-podsecuritypolicy-v1beta1-policy","create-podsecuritypolicy-v1beta1-policy","-strong-write-operations-podsecuritypolicy-v1beta1-policy-strong-","podsecuritypolicy-v1beta1-policy","watch-list-priorityclass-v1-scheduling-k8s-io","watch-priorityclass-v1-scheduling-k8s-io","list-priorityclass-v1-scheduling-k8s-io","read-priorityclass-v1-scheduling-k8s-io","-strong-read-operations-priorityclass-v1-scheduling-k8s-io-strong-","delete-collection-priorityclass-v1-scheduling-k8s-io","delete-priorityclass-v1-scheduling-k8s-io","replace-priorityclass-v1-scheduling-k8s-io","patch-priorityclass-v1-scheduling-k8s-io","create-priorityclass-v1-scheduling-k8s-io","-strong-write-operations-priorityclass-v1-scheduling-k8s-io-strong-","priorityclass-v1-scheduling-k8s-io","replace-status-poddisruptionbudget-v1beta1-policy","read-status-poddisruptionbudget-v1beta1-policy","patch-status-poddisruptionbudget-v1beta1-policy","-strong-status-operations-poddisruptionbudget-v1beta1-policy-strong-","watch-list-all-namespaces-poddisruptionbudget-v1beta1-policy","watch-list-poddisruptionbudget-v1beta1-policy","watch-poddisruptionbudget-v1beta1-policy","list-all-namespaces-poddisruptionbudget-v1beta1-policy","list-poddisruptionbudget-v1beta1-policy","read-poddisruptionbudget-v1beta1-policy","-strong-read-operations-poddisruptionbudget-v1beta1-policy-strong-","delete-collection-poddisruptionbudget-v1beta1-policy","delete-poddisruptionbudget-v1beta1-policy","replace-poddisruptionbudget-v1beta1-policy","patch-poddisruptionbudget-v1beta1-policy","create-poddisruptionbudget-v1beta1-policy","-strong-write-operations-poddisruptionbudget-v1beta1-policy-strong-","poddisruptionbudget-v1beta1-policy","watch-list-all-namespaces-podtemplate-v1-core","watch-list-podtemplate-v1-core","watch-podtemplate-v1-core","list-all-namespaces-podtemplate-v1-core","list-podtemplate-v1-core","read-podtemplate-v1-core","-strong-read-operations-podtemplate-v1-core-strong-","delete-collection-podtemplate-v1-core","delete-podtemplate-v1-core","replace-podtemplate-v1-core","patch-podtemplate-v1-core","create-podtemplate-v1-core","-strong-write-operations-podtemplate-v1-core-strong-","podtemplate-v1-core","watch-list-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","watch-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","list-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","read-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","-strong-read-operations-validatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","delete-collection-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","delete-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","replace-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","patch-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","create-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","-strong-write-operations-validatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","validatingwebhookconfiguration-v1-admissionregistration-k8s-io","watch-list-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","watch-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","list-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","read-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","-strong-read-operations-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","delete-collection-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","delete-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","replace-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","patch-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","create-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","-strong-write-operations-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","replace-status-horizontalpodautoscaler-v1-autoscaling","read-status-horizontalpodautoscaler-v1-autoscaling","patch-status-horizontalpodautoscaler-v1-autoscaling","-strong-status-operations-horizontalpodautoscaler-v1-autoscaling-strong-","watch-list-all-namespaces-horizontalpodautoscaler-v1-autoscaling","watch-list-horizontalpodautoscaler-v1-autoscaling","watch-horizontalpodautoscaler-v1-autoscaling","list-all-namespaces-horizontalpodautoscaler-v1-autoscaling","list-horizontalpodautoscaler-v1-autoscaling","read-horizontalpodautoscaler-v1-autoscaling","-strong-read-operations-horizontalpodautoscaler-v1-autoscaling-strong-","delete-collection-horizontalpodautoscaler-v1-autoscaling","delete-horizontalpodautoscaler-v1-autoscaling","replace-horizontalpodautoscaler-v1-autoscaling","patch-horizontalpodautoscaler-v1-autoscaling","create-horizontalpodautoscaler-v1-autoscaling","-strong-write-operations-horizontalpodautoscaler-v1-autoscaling-strong-","horizontalpodautoscaler-v1-autoscaling","watch-list-all-namespaces-limitrange-v1-core","watch-list-limitrange-v1-core","watch-limitrange-v1-core","list-all-namespaces-limitrange-v1-core","list-limitrange-v1-core","read-limitrange-v1-core","-strong-read-operations-limitrange-v1-core-strong-","delete-collection-limitrange-v1-core","delete-limitrange-v1-core","replace-limitrange-v1-core","patch-limitrange-v1-core","create-limitrange-v1-core","-strong-write-operations-limitrange-v1-core-strong-","limitrange-v1-core","watch-list-all-namespaces-event-v1-events-k8s-io","watch-list-event-v1-events-k8s-io","watch-event-v1-events-k8s-io","list-all-namespaces-event-v1-events-k8s-io","list-event-v1-events-k8s-io","read-event-v1-events-k8s-io","-strong-read-operations-event-v1-events-k8s-io-strong-","delete-collection-event-v1-events-k8s-io","delete-event-v1-events-k8s-io","replace-event-v1-events-k8s-io","patch-event-v1-events-k8s-io","create-event-v1-events-k8s-io","-strong-write-operations-event-v1-events-k8s-io-strong-","event-v1-events-k8s-io","replace-status-customresourcedefinition-v1-apiextensions-k8s-io","read-status-customresourcedefinition-v1-apiextensions-k8s-io","patch-status-customresourcedefinition-v1-apiextensions-k8s-io","-strong-status-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","watch-list-customresourcedefinition-v1-apiextensions-k8s-io","watch-customresourcedefinition-v1-apiextensions-k8s-io","list-customresourcedefinition-v1-apiextensions-k8s-io","read-customresourcedefinition-v1-apiextensions-k8s-io","-strong-read-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","delete-collection-customresourcedefinition-v1-apiextensions-k8s-io","delete-customresourcedefinition-v1-apiextensions-k8s-io","replace-customresourcedefinition-v1-apiextensions-k8s-io","patch-customresourcedefinition-v1-apiextensions-k8s-io","create-customresourcedefinition-v1-apiextensions-k8s-io","-strong-write-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","customresourcedefinition-v1-apiextensions-k8s-io","watch-list-all-namespaces-controllerrevision-v1-apps","watch-list-controllerrevision-v1-apps","watch-controllerrevision-v1-apps","list-all-namespaces-controllerrevision-v1-apps","list-controllerrevision-v1-apps","read-controllerrevision-v1-apps","-strong-read-operations-controllerrevision-v1-apps-strong-","delete-collection-controllerrevision-v1-apps","delete-controllerrevision-v1-apps","replace-controllerrevision-v1-apps","patch-controllerrevision-v1-apps","create-controllerrevision-v1-apps","-strong-write-operations-controllerrevision-v1-apps-strong-","controllerrevision-v1-apps","-strong-metadata-apis-strong-","replace-status-volumeattachment-v1-storage-k8s-io","read-status-volumeattachment-v1-storage-k8s-io","patch-status-volumeattachment-v1-storage-k8s-io","-strong-status-operations-volumeattachment-v1-storage-k8s-io-strong-","watch-list-volumeattachment-v1-storage-k8s-io","watch-volumeattachment-v1-storage-k8s-io","list-volumeattachment-v1-storage-k8s-io","read-volumeattachment-v1-storage-k8s-io","-strong-read-operations-volumeattachment-v1-storage-k8s-io-strong-","delete-collection-volumeattachment-v1-storage-k8s-io","delete-volumeattachment-v1-storage-k8s-io","replace-volumeattachment-v1-storage-k8s-io","patch-volumeattachment-v1-storage-k8s-io","create-volumeattachment-v1-storage-k8s-io","-strong-write-operations-volumeattachment-v1-storage-k8s-io-strong-","volumeattachment-v1-storage-k8s-io","volume-v1-core","watch-list-storageclass-v1-storage-k8s-io","watch-storageclass-v1-storage-k8s-io","list-storageclass-v1-storage-k8s-io","read-storageclass-v1-storage-k8s-io","-strong-read-operations-storageclass-v1-storage-k8s-io-strong-","delete-collection-storageclass-v1-storage-k8s-io","delete-storageclass-v1-storage-k8s-io","replace-storageclass-v1-storage-k8s-io","patch-storageclass-v1-storage-k8s-io","create-storageclass-v1-storage-k8s-io","-strong-write-operations-storageclass-v1-storage-k8s-io-strong-","storageclass-v1-storage-k8s-io","replace-status-persistentvolumeclaim-v1-core","read-status-persistentvolumeclaim-v1-core","patch-status-persistentvolumeclaim-v1-core","-strong-status-operations-persistentvolumeclaim-v1-core-strong-","watch-list-all-namespaces-persistentvolumeclaim-v1-core","watch-list-persistentvolumeclaim-v1-core","watch-persistentvolumeclaim-v1-core","list-all-namespaces-persistentvolumeclaim-v1-core","list-persistentvolumeclaim-v1-core","read-persistentvolumeclaim-v1-core","-strong-read-operations-persistentvolumeclaim-v1-core-strong-","delete-collection-persistentvolumeclaim-v1-core","delete-persistentvolumeclaim-v1-core","replace-persistentvolumeclaim-v1-core","patch-persistentvolumeclaim-v1-core","create-persistentvolumeclaim-v1-core","-strong-write-operations-persistentvolumeclaim-v1-core-strong-","persistentvolumeclaim-v1-core","watch-list-all-namespaces-secret-v1-core","watch-list-secret-v1-core","watch-secret-v1-core","list-all-namespaces-secret-v1-core","list-secret-v1-core","read-secret-v1-core","-strong-read-operations-secret-v1-core-strong-","delete-collection-secret-v1-core","delete-secret-v1-core","replace-secret-v1-core","patch-secret-v1-core","create-secret-v1-core","-strong-write-operations-secret-v1-core-strong-","secret-v1-core","watch-list-csinode-v1-storage-k8s-io","watch-csinode-v1-storage-k8s-io","list-csinode-v1-storage-k8s-io","read-csinode-v1-storage-k8s-io","-strong-read-operations-csinode-v1-storage-k8s-io-strong-","delete-collection-csinode-v1-storage-k8s-io","delete-csinode-v1-storage-k8s-io","replace-csinode-v1-storage-k8s-io","patch-csinode-v1-storage-k8s-io","create-csinode-v1-storage-k8s-io","-strong-write-operations-csinode-v1-storage-k8s-io-strong-","csinode-v1-storage-k8s-io","watch-list-csidriver-v1-storage-k8s-io","watch-csidriver-v1-storage-k8s-io","list-csidriver-v1-storage-k8s-io","read-csidriver-v1-storage-k8s-io","-strong-read-operations-csidriver-v1-storage-k8s-io-strong-","delete-collection-csidriver-v1-storage-k8s-io","delete-csidriver-v1-storage-k8s-io","replace-csidriver-v1-storage-k8s-io","patch-csidriver-v1-storage-k8s-io","create-csidriver-v1-storage-k8s-io","-strong-write-operations-csidriver-v1-storage-k8s-io-strong-","csidriver-v1-storage-k8s-io","watch-list-all-namespaces-configmap-v1-core","watch-list-configmap-v1-core","watch-configmap-v1-core","list-all-namespaces-configmap-v1-core","list-configmap-v1-core","read-configmap-v1-core","-strong-read-operations-configmap-v1-core-strong-","delete-collection-configmap-v1-core","delete-configmap-v1-core","replace-configmap-v1-core","patch-configmap-v1-core","create-configmap-v1-core","-strong-write-operations-configmap-v1-core-strong-","configmap-v1-core","-strong-config-and-storage-apis-strong-","replace-connect-proxy-path-service-v1-core","replace-connect-proxy-service-v1-core","head-connect-proxy-path-service-v1-core","head-connect-proxy-service-v1-core","get-connect-proxy-path-service-v1-core","get-connect-proxy-service-v1-core","delete-connect-proxy-path-service-v1-core","delete-connect-proxy-service-v1-core","create-connect-proxy-path-service-v1-core","create-connect-proxy-service-v1-core","-strong-proxy-operations-service-v1-core-strong-","replace-status-service-v1-core","read-status-service-v1-core","patch-status-service-v1-core","-strong-status-operations-service-v1-core-strong-","watch-list-all-namespaces-service-v1-core","watch-list-service-v1-core","watch-service-v1-core","list-all-namespaces-service-v1-core","list-service-v1-core","read-service-v1-core","-strong-read-operations-service-v1-core-strong-","delete-service-v1-core","replace-service-v1-core","patch-service-v1-core","create-service-v1-core","-strong-write-operations-service-v1-core-strong-","service-v1-core","watch-list-ingressclass-v1-networking-k8s-io","watch-ingressclass-v1-networking-k8s-io","list-ingressclass-v1-networking-k8s-io","read-ingressclass-v1-networking-k8s-io","-strong-read-operations-ingressclass-v1-networking-k8s-io-strong-","delete-collection-ingressclass-v1-networking-k8s-io","delete-ingressclass-v1-networking-k8s-io","replace-ingressclass-v1-networking-k8s-io","patch-ingressclass-v1-networking-k8s-io","create-ingressclass-v1-networking-k8s-io","-strong-write-operations-ingressclass-v1-networking-k8s-io-strong-","ingressclass-v1-networking-k8s-io","replace-status-ingress-v1-networking-k8s-io","read-status-ingress-v1-networking-k8s-io","patch-status-ingress-v1-networking-k8s-io","-strong-status-operations-ingress-v1-networking-k8s-io-strong-","watch-list-all-namespaces-ingress-v1-networking-k8s-io","watch-list-ingress-v1-networking-k8s-io","watch-ingress-v1-networking-k8s-io","list-all-namespaces-ingress-v1-networking-k8s-io","list-ingress-v1-networking-k8s-io","read-ingress-v1-networking-k8s-io","-strong-read-operations-ingress-v1-networking-k8s-io-strong-","delete-collection-ingress-v1-networking-k8s-io","delete-ingress-v1-networking-k8s-io","replace-ingress-v1-networking-k8s-io","patch-ingress-v1-networking-k8s-io","create-ingress-v1-networking-k8s-io","-strong-write-operations-ingress-v1-networking-k8s-io-strong-","ingress-v1-networking-k8s-io","watch-list-all-namespaces-endpointslice-v1beta1-discovery-k8s-io","watch-list-endpointslice-v1beta1-discovery-k8s-io","watch-endpointslice-v1beta1-discovery-k8s-io","list-all-namespaces-endpointslice-v1beta1-discovery-k8s-io","list-endpointslice-v1beta1-discovery-k8s-io","read-endpointslice-v1beta1-discovery-k8s-io","-strong-read-operations-endpointslice-v1beta1-discovery-k8s-io-strong-","delete-collection-endpointslice-v1beta1-discovery-k8s-io","delete-endpointslice-v1beta1-discovery-k8s-io","replace-endpointslice-v1beta1-discovery-k8s-io","patch-endpointslice-v1beta1-discovery-k8s-io","create-endpointslice-v1beta1-discovery-k8s-io","-strong-write-operations-endpointslice-v1beta1-discovery-k8s-io-strong-","endpointslice-v1beta1-discovery-k8s-io","watch-list-all-namespaces-endpoints-v1-core","watch-list-endpoints-v1-core","watch-endpoints-v1-core","list-all-namespaces-endpoints-v1-core","list-endpoints-v1-core","read-endpoints-v1-core","-strong-read-operations-endpoints-v1-core-strong-","delete-collection-endpoints-v1-core","delete-endpoints-v1-core","replace-endpoints-v1-core","patch-endpoints-v1-core","create-endpoints-v1-core","-strong-write-operations-endpoints-v1-core-strong-","endpoints-v1-core","-strong-service-apis-strong-","patch-scale-statefulset-v1-apps","replace-scale-statefulset-v1-apps","read-scale-statefulset-v1-apps","-strong-misc-operations-statefulset-v1-apps-strong-","replace-status-statefulset-v1-apps","read-status-statefulset-v1-apps","patch-status-statefulset-v1-apps","-strong-status-operations-statefulset-v1-apps-strong-","watch-list-all-namespaces-statefulset-v1-apps","watch-list-statefulset-v1-apps","watch-statefulset-v1-apps","list-all-namespaces-statefulset-v1-apps","list-statefulset-v1-apps","read-statefulset-v1-apps","-strong-read-operations-statefulset-v1-apps-strong-","delete-collection-statefulset-v1-apps","delete-statefulset-v1-apps","replace-statefulset-v1-apps","patch-statefulset-v1-apps","create-statefulset-v1-apps","-strong-write-operations-statefulset-v1-apps-strong-","statefulset-v1-apps","patch-scale-replicationcontroller-v1-core","replace-scale-replicationcontroller-v1-core","read-scale-replicationcontroller-v1-core","-strong-misc-operations-replicationcontroller-v1-core-strong-","replace-status-replicationcontroller-v1-core","read-status-replicationcontroller-v1-core","patch-status-replicationcontroller-v1-core","-strong-status-operations-replicationcontroller-v1-core-strong-","watch-list-all-namespaces-replicationcontroller-v1-core","watch-list-replicationcontroller-v1-core","watch-replicationcontroller-v1-core","list-all-namespaces-replicationcontroller-v1-core","list-replicationcontroller-v1-core","read-replicationcontroller-v1-core","-strong-read-operations-replicationcontroller-v1-core-strong-","delete-collection-replicationcontroller-v1-core","delete-replicationcontroller-v1-core","replace-replicationcontroller-v1-core","patch-replicationcontroller-v1-core","create-replicationcontroller-v1-core","-strong-write-operations-replicationcontroller-v1-core-strong-","replicationcontroller-v1-core","patch-scale-replicaset-v1-apps","replace-scale-replicaset-v1-apps","read-scale-replicaset-v1-apps","-strong-misc-operations-replicaset-v1-apps-strong-","replace-status-replicaset-v1-apps","read-status-replicaset-v1-apps","patch-status-replicaset-v1-apps","-strong-status-operations-replicaset-v1-apps-strong-","watch-list-all-namespaces-replicaset-v1-apps","watch-list-replicaset-v1-apps","watch-replicaset-v1-apps","list-all-namespaces-replicaset-v1-apps","list-replicaset-v1-apps","read-replicaset-v1-apps","-strong-read-operations-replicaset-v1-apps-strong-","delete-collection-replicaset-v1-apps","delete-replicaset-v1-apps","replace-replicaset-v1-apps","patch-replicaset-v1-apps","create-replicaset-v1-apps","-strong-write-operations-replicaset-v1-apps-strong-","replicaset-v1-apps","read-log-pod-v1-core","-strong-misc-operations-pod-v1-core-strong-","replace-connect-proxy-path-pod-v1-core","replace-connect-proxy-pod-v1-core","head-connect-proxy-path-pod-v1-core","head-connect-proxy-pod-v1-core","get-connect-proxy-path-pod-v1-core","get-connect-proxy-pod-v1-core","get-connect-portforward-pod-v1-core","delete-connect-proxy-path-pod-v1-core","delete-connect-proxy-pod-v1-core","create-connect-proxy-path-pod-v1-core","create-connect-proxy-pod-v1-core","create-connect-portforward-pod-v1-core","-strong-proxy-operations-pod-v1-core-strong-","replace-status-pod-v1-core","read-status-pod-v1-core","patch-status-pod-v1-core","-strong-status-operations-pod-v1-core-strong-","watch-list-all-namespaces-pod-v1-core","watch-list-pod-v1-core","watch-pod-v1-core","list-all-namespaces-pod-v1-core","list-pod-v1-core","read-pod-v1-core","-strong-read-operations-pod-v1-core-strong-","delete-collection-pod-v1-core","delete-pod-v1-core","replace-pod-v1-core","patch-pod-v1-core","create-eviction-pod-v1-core","create-pod-v1-core","-strong-write-operations-pod-v1-core-strong-","pod-v1-core","replace-status-job-v1-batch","read-status-job-v1-batch","patch-status-job-v1-batch","-strong-status-operations-job-v1-batch-strong-","watch-list-all-namespaces-job-v1-batch","watch-list-job-v1-batch","watch-job-v1-batch","list-all-namespaces-job-v1-batch","list-job-v1-batch","read-job-v1-batch","-strong-read-operations-job-v1-batch-strong-","delete-collection-job-v1-batch","delete-job-v1-batch","replace-job-v1-batch","patch-job-v1-batch","create-job-v1-batch","-strong-write-operations-job-v1-batch-strong-","job-v1-batch","patch-scale-deployment-v1-apps","replace-scale-deployment-v1-apps","read-scale-deployment-v1-apps","-strong-misc-operations-deployment-v1-apps-strong-","replace-status-deployment-v1-apps","read-status-deployment-v1-apps","patch-status-deployment-v1-apps","-strong-status-operations-deployment-v1-apps-strong-","watch-list-all-namespaces-deployment-v1-apps","watch-list-deployment-v1-apps","watch-deployment-v1-apps","list-all-namespaces-deployment-v1-apps","list-deployment-v1-apps","read-deployment-v1-apps","-strong-read-operations-deployment-v1-apps-strong-","delete-collection-deployment-v1-apps","delete-deployment-v1-apps","replace-deployment-v1-apps","patch-deployment-v1-apps","create-deployment-v1-apps","-strong-write-operations-deployment-v1-apps-strong-","deployment-v1-apps","replace-status-daemonset-v1-apps","read-status-daemonset-v1-apps","patch-status-daemonset-v1-apps","-strong-status-operations-daemonset-v1-apps-strong-","watch-list-all-namespaces-daemonset-v1-apps","watch-list-daemonset-v1-apps","watch-daemonset-v1-apps","list-all-namespaces-daemonset-v1-apps","list-daemonset-v1-apps","read-daemonset-v1-apps","-strong-read-operations-daemonset-v1-apps-strong-","delete-collection-daemonset-v1-apps","delete-daemonset-v1-apps","replace-daemonset-v1-apps","patch-daemonset-v1-apps","create-daemonset-v1-apps","-strong-write-operations-daemonset-v1-apps-strong-","daemonset-v1-apps","replace-status-cronjob-v1beta1-batch","read-status-cronjob-v1beta1-batch","patch-status-cronjob-v1beta1-batch","-strong-status-operations-cronjob-v1beta1-batch-strong-","watch-list-all-namespaces-cronjob-v1beta1-batch","watch-list-cronjob-v1beta1-batch","watch-cronjob-v1beta1-batch","list-all-namespaces-cronjob-v1beta1-batch","list-cronjob-v1beta1-batch","read-cronjob-v1beta1-batch","-strong-read-operations-cronjob-v1beta1-batch-strong-","delete-collection-cronjob-v1beta1-batch","delete-cronjob-v1beta1-batch","replace-cronjob-v1beta1-batch","patch-cronjob-v1beta1-batch","create-cronjob-v1beta1-batch","-strong-write-operations-cronjob-v1beta1-batch-strong-","cronjob-v1beta1-batch","container-v1-core","-strong-workloads-apis-strong-","-strong-api-groups-strong-","-strong-api-overview-strong-"]};})();
\ No newline at end of file
diff --git a/static/docs/reference/generated/kubernetes-api/v1.21/index.html b/static/docs/reference/generated/kubernetes-api/v1.21/index.html
index 8eee575dd4..b5e02991ad 100644
--- a/static/docs/reference/generated/kubernetes-api/v1.21/index.html
+++ b/static/docs/reference/generated/kubernetes-api/v1.21/index.html
@@ -805,27 +805,27 @@
What action was taken/failed regarding to the Regarding object.
+
action string
action is what action was taken/failed regarding to the regarding object. It is machine-readable. This field cannot be empty for new Events and it can have at most 128 characters.
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
eventTime is the time when this Event was first observed. It is required.
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
The component reporting this event. Should be a short machine understandable string.
-
type string
Type of this event (Normal, Warning), new types could be added in the future
+
note string
note is a human-readable description of the status of this operation. Maximal length of the note is 1kB, but libraries should be prepared to handle values up to 64kB.
+
reason string
reason is why the action was taken. It is human-readable. This field cannot be empty for new Events and it can have at most 128 characters.
regarding contains the object this Event is about. In most cases it's an Object reporting controller implements, e.g. ReplicaSetController implements ReplicaSets and this event is emitted because it acts on some changes in a ReplicaSet object.
related is the optional secondary object for more complex actions. E.g. when regarding object triggers a creation or deletion of related object.
+
reportingController string
reportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. This field cannot be empty for new Events.
+
reportingInstance string
reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`. This field cannot be empty for new Events and it can have at most 128 characters.
series is data about the Event series this event represents or nil if it's a singleton Event.
+
type string
type is the type of this event (Normal, Warning), new types could be added in the future. It is machine-readable. This field cannot be empty for new Events.
-
EventList v1 core
+
EventList v1 events
Field
Description
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
watch changes to an object of kind Event. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. Required, must not be nil.
-
EventSeries v1 core
+
EventSeries v1 events.k8s.io
Group
Version
Kind
-
core
v1
EventSeries
+
events.k8s.io
v1
EventSeries
-
EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time.
+
EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time. How often to update the EventSeries is up to the event reporters. The default event reporter in "k8s.io/client-go/tools/events/event_broadcaster.go" shows how this struct is updated on heartbeats and can guide customized reporter implementations.
action is what action was taken/failed regarding to the regarding object. It is machine-readable. This field cannot be empty for new Events and it can have at most 128 characters.
+
action string
What action was taken/failed regarding to the Regarding object.
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-
deprecatedCount integer
deprecatedCount is the deprecated field assuring backward compatibility with core.v1 Event type.
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
-
note string
note is a human-readable description of the status of this operation. Maximal length of the note is 1kB, but libraries should be prepared to handle values up to 64kB.
-
reason string
reason is why the action was taken. It is human-readable. This field cannot be empty for new Events and it can have at most 128 characters.
regarding contains the object this Event is about. In most cases it's an Object reporting controller implements, e.g. ReplicaSetController implements ReplicaSets and this event is emitted because it acts on some changes in a ReplicaSet object.
related is the optional secondary object for more complex actions. E.g. when regarding object triggers a creation or deletion of related object.
-
reportingController string
reportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. This field cannot be empty for new Events.
-
reportingInstance string
reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`. This field cannot be empty for new Events and it can have at most 128 characters.
series is data about the Event series this event represents or nil if it's a singleton Event.
-
type string
type is the type of this event (Normal, Warning), new types could be added in the future. It is machine-readable. This field cannot be empty for new Events.
+
reason string
This should be a short, machine understandable string that gives the reason for the transition into the object's current status.
The component reporting this event. Should be a short machine understandable string.
+
type string
Type of this event (Normal, Warning), new types could be added in the future
-
EventList v1 events
+
EventList v1 core
Field
Description
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
watch changes to an object of kind Event. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
Welcome to the Kubernetes API. You can use the Kubernetes API to read
+and write Kubernetes resource objects via a Kubernetes API endpoint.
+
+
Resource Categories
+
+
This is a high-level overview of the basic types of resources provide by the Kubernetes API and their primary functions.
+
Workloads are objects you use to manage and run your containers on the cluster.
+
Discovery & LB resources are objects you use to "stitch" your workloads together into an externally accessible, load-balanced Service.
+
Config & Storage resources are objects you use to inject initialization data into your applications, and to persist data that is external to your container.
+
Cluster resources objects define how the cluster itself is configured; these are typically used only by cluster operators.
+
Metadata resources are objects you use to configure the behavior of other resources within the cluster, such as HorizontalPodAutoscaler for scaling workloads.
+
+
+
+
Resource Objects
+
+
Resource objects typically have 3 components:
+
+
Resource ObjectMeta: This is metadata about the resource, such as its name, type, api version, annotations, and labels. This contains
+fields that maybe updated both by the end user and the system (e.g. annotations).
+
ResourceSpec: This is defined by the user and describes the desired state of system. Fill this in when creating or updating an object.
+
ResourceStatus: This is filled in by the server and reports the current state of the system. In most cases, users don't need to change this.
+
+
+
+
+
Resource Operations
+
+
Most resources provide the following Operations:
+
+
Create
+
+
Create operations will create the resource in the storage backend. After a resource is create the system will apply
+the desired state.
+
+
Update
+
+
Updates come in 2 forms: Replace and Patch:
+
+
+
Replace:
+Replacing a resource object will update the resource by replacing the existing spec with the provided one. For
+read-then-write operations this is safe because an optimistic lock failure will occur if the resource was modified
+between the read and write. Note: The ResourceStatus will be ignored by the system and will not be updated.
+To update the status, one must invoke the specific status update operation.
+
+Note: Replacing a resource object may not result immediately in changes being propagated to downstream objects. For instance
+replacing a ConfigMap or Secret resource will not result in all Pods seeing the changes unless the Pods are
+restarted out of band.
+
+
Patch:
+Patch will apply a change to a specific field. How the change is merged is defined per field. Lists may either be
+replaced or merged. Merging lists will not preserve ordering.
+
+Patches will never cause optimistic locking failures, and the last write will win. Patches are recommended
+when the full state is not read before an update, or when failing on optimistic locking is undesirable. When patching
+complex types, arrays and maps, how the patch is applied is defined on a per-field basis and may either replace
+the field's current value, or merge the contents into the current value.
+
+
+
Read
+
+
Reads come in 3 forms: Get, List and Watch:
+
+
+
Get: Get will retrieve a specific resource object by name.
+
List: List will retrieve all resource objects of a specific type within a namespace, and the results can be restricted to resources matching a selector query.
+List All Namespaces: Like List but retrieves resources across all namespaces.
+
Watch: Watch will stream results for an object(s) as it is updated. Similar to a callback, watch is used to respond to resource changes.
+
+
+
Delete
+
+
Delete will delete a resource. Depending on the specific resource, child objects may or may not be garbage collected by the server. See
+notes on specific resource objects for details.
+
+
Additional Operations
+
+
Resources may define additional operations specific to that resource type.
+
+
+
Rollback: Rollback a PodTemplate to a previous version. Only available for some resource types.
+
Read / Write Scale: Read or Update the number of replicas for the given resource. Only available for some resource types.
+
Read / Write Status: Read or Update the Status for a resource object. The Status can only changed through these update operations.
+
+
+
API Groups
+
The API Groups and their versions are summarized in the following table.
+
Group
Version
+
+
admissionregistration.k8s.io
v1
+
apiextensions.k8s.io
v1
+
apiregistration.k8s.io
v1
+
apps
v1
+
authentication.k8s.io
v1
+
authorization.k8s.io
v1
+
autoscaling
v1, v2beta2, v2beta1
+
batch
v1, v1beta1
+
certificates.k8s.io
v1
+
coordination.k8s.io
v1
+
core
v1
+
discovery.k8s.io
v1, v1beta1
+
events.k8s.io
v1, v1beta1
+
flowcontrol.apiserver.k8s.io
v1beta1
+
internal.apiserver.k8s.io
v1alpha1
+
networking.k8s.io
v1
+
node.k8s.io
v1, v1beta1, v1alpha1
+
policy
v1, v1beta1
+
rbac.authorization.k8s.io
v1, v1alpha1
+
scheduling.k8s.io
v1, v1alpha1
+
storage.k8s.io
v1, v1beta1, v1alpha1
+
+
+
WORKLOADS
+
+
Workloads resources are responsible for managing and running your containers on the cluster. Containers are created
+by Controllers through Pods. Pods run Containers and provide environmental dependencies such as shared or
+persistent storage Volumes and Configuration or Secret
+data injected into the container.
+
+
The most common Controllers are:
+
+
Deployments for stateless persistent apps (e.g. HTTP servers).
+
StatefulSets for stateful persistent apps (e.g. databases).
+
Jobs for run-to-completion apps (e.g. batch Jobs).
+
+
+
+
Container v1 core
+
+
+
+
Container Config to run nginx (must be embedded in a PodSpec to run).
+
+
+name: nginx
+# Run the nginx:1.14 image
+image: nginx:1.14
+
+
+
+
Group
Version
Kind
+
+
core
v1
Container
+
+
+
Warning:
Containers are only ever created within the context of a Pod. This is usually done using a Controller. See Controllers: Deployment, Job, or StatefulSet
Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
command string array
Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
env EnvVar array patch strategy: merge patch merge key: name
List of environment variables to set in the container. Cannot be updated.
List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+
image string
Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
+
imagePullPolicy string
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
name string
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.
Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
stdin boolean
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+
stdinOnce boolean
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+
terminationMessagePath string
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+
terminationMessagePolicy string
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+
tty boolean
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
Pod volumes to mount into the container's filesystem. Cannot be updated.
+
workingDir string
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
Details about the container's last termination condition.
+
name string
This must be a DNS_LABEL. Each container in a pod must have a unique name. Cannot be updated.
+
ready boolean
Specifies whether the container has passed its readiness probe.
+
restartCount integer
The number of times the container has been restarted, currently based on the number of dead containers that have not yet been removed. Note that this is calculated from dead containers. But those containers are subject to garbage collection. This value will get capped at 5 by GC.
+
started boolean
Specifies whether the container has passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. Is always true when no startupProbe is defined.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Specification of the desired behavior of a cron job, including the schedule. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Specifies how to treat concurrent executions of a Job. Valid values are: - "Allow" (default): allows CronJobs to run concurrently; - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - "Replace": cancels currently running job and replaces it with a new one
+
failedJobsHistoryLimit integer
The number of failed finished jobs to retain. Value must be non-negative integer. Defaults to 1.
Information when was the last time the job successfully completed.
+
+
+
CronJobList v1 batch
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind CronJob. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of CronJob. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/batch/v1/watch/cronjobs
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
The desired behavior of this daemon set. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
The current status of this daemon set. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
The minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).
+
revisionHistoryLimit integer
The number of old history to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.
A label query over pods that are managed by the daemon set. Must match in order to be controlled. It must match the pod template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
An object that describes the pod that will be created. The DaemonSet will create exactly one copy of this pod on every node that matches the template's node selector (or on every node if no node selector is specified). More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
Count of hash collisions for the DaemonSet. The DaemonSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.
+
conditions DaemonSetCondition array patch strategy: merge patch merge key: type
Represents the latest available observations of a DaemonSet's current state.
+
currentNumberScheduled integer
The number of nodes that are running at least 1 daemon pod and are supposed to run the daemon pod. More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
+
desiredNumberScheduled integer
The total number of nodes that should be running the daemon pod (including nodes correctly running the daemon pod). More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
+
numberAvailable integer
The number of nodes that should be running the daemon pod and have one or more of the daemon pod running and available (ready for at least spec.minReadySeconds)
+
numberMisscheduled integer
The number of nodes that are running the daemon pod, but are not supposed to run the daemon pod. More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
+
numberReady integer
The number of nodes that should be running the daemon pod and have one or more of the daemon pod running and ready.
+
numberUnavailable integer
The number of nodes that should be running the daemon pod and have none of the daemon pod running and available (ready for at least spec.minReadySeconds)
+
observedGeneration integer
The most recent generation observed by the daemon set controller.
+
updatedNumberScheduled integer
The total number of nodes that are running updated daemon pod
+
+
+
DaemonSetList v1 apps
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption. This is beta field and enabled/disabled by DaemonSetUpdateSurge feature gate.
+
maxUnavailable
The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind DaemonSet. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of DaemonSet. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/apps/v1/watch/daemonsets
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
+
paused boolean
Indicates that the deployment is paused.
+
progressDeadlineSeconds integer
The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s.
+
replicas integer
Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.
+
revisionHistoryLimit integer
The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.
Label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels.
Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.
+
collisionCount integer
Count of hash collisions for the Deployment. The Deployment controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ReplicaSet.
+
conditions DeploymentCondition array patch strategy: merge patch merge key: type
Represents the latest available observations of a deployment's current state.
+
observedGeneration integer
The generation observed by the deployment controller.
+
readyReplicas integer
Total number of ready pods targeted by this deployment.
+
replicas integer
Total number of non-terminated pods targeted by this deployment (their labels match the selector).
+
unavailableReplicas integer
Total number of unavailable pods targeted by this deployment. This is the total number of pods that are still required for the deployment to have 100% available capacity. They may either be pods that are running but not yet available or pods that still have not been created.
+
updatedReplicas integer
Total number of non-terminated pods targeted by this deployment that have the desired template spec.
+
+
+
DeploymentList v1 apps
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.
+
maxUnavailable
The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Deployment. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of Deployment. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/apps/v1/watch/deployments
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Specification of the desired behavior of a job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.
+
backoffLimit integer
Specifies the number of retries before marking this job failed. Defaults to 6
+
completionMode string
CompletionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`. `NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. Each Pod completion is homologous to each other. `Indexed` means that the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1), available in the annotation batch.kubernetes.io/job-completion-index. The Job is considered complete when there is one successfully completed Pod for each index. When value is `Indexed`, .spec.completions must be specified and `.spec.parallelism` must be less than or equal to 10^5. In addition, The Pod name takes the form `$(job-name)-$(index)-$(random-string)`, the Pod hostname takes the form `$(job-name)-$(index)`. This field is beta-level. More completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, the controller skips updates for the Job.
+
completions integer
Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+
manualSelector boolean
manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
+
parallelism integer
Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+
suspend boolean
Suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false. This field is beta-level, gated by SuspendJob feature flag (enabled by default).
Describes the pod that will be created when executing a job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+
ttlSecondsAfterFinished integer
ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature.
CompletedIndexes holds the completed indexes when .spec.completionMode = "Indexed" in a text format. The indexes are represented as decimal integers separated by commas. The numbers are listed in increasing order. Three or more consecutive numbers are compressed and represented by the first and last element of the series, separated by a hyphen. For example, if the completed indexes are 1, 3, 4, 5 and 7, they are represented as "1,3-5,7".
Represents time when the job was completed. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC. The completion time is only set when the job finishes successfully.
+
conditions JobCondition array patch strategy: merge patch merge key: type
The latest available observations of an object's current state. When a Job fails, one of the conditions will have type "Failed" and status true. When a Job is suspended, one of the conditions will have type "Suspended" and status true; when the Job is resumed, the status of this condition will become false. When a Job is completed, one of the conditions will have type "Complete" and status true. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
Represents time when the job controller started processing a job. When a Job is created in the suspended state, this field is not set until the first time it is resumed. This field is reset every time a Job is resumed from suspension. It is represented in RFC3339 form and is in UTC.
UncountedTerminatedPods holds the UIDs of Pods that have terminated but the job controller hasn't yet accounted for in the status counters. The job controller creates pods with a finalizer. When a pod terminates (succeeded or failed), the controller does three steps to account for it in the job status: (1) Add the pod UID to the arrays in this field. (2) Remove the pod finalizer. (3) Remove the pod UID from the arrays while increasing the corresponding counter. This field is alpha-level. The job controller only makes use of this field when the feature gate PodTrackingWithFinalizers is enabled. Old jobs might not be tracked using this field, in which case the field remains null.
+
+
+
JobList v1 batch
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Job. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of Job. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/batch/v1/watch/jobs
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+
containers Container array patch strategy: merge patch merge key: name
List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.
+
dnsPolicy string
Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
+
enableServiceLinks boolean
EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.
+
ephemeralContainers EphemeralContainer array patch strategy: merge patch merge key: name
List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.
+
hostAliases HostAlias array patch strategy: merge patch merge key: ip
HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.
+
hostIPC boolean
Use the host's ipc namespace. Optional: Default to false.
+
hostNetwork boolean
Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false.
+
hostPID boolean
Use the host's pid namespace. Optional: Default to false.
+
hostname string
Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.
+
imagePullSecrets LocalObjectReference array patch strategy: merge patch merge key: name
ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+
initContainers Container array patch strategy: merge patch merge key: name
List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+
nodeName string
NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
+
nodeSelector object
NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+
overhead object
Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md This field is beta-level as of Kubernetes v1.18, and is only honored by servers that enable the PodOverhead feature.
+
preemptionPolicy string
PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is beta-level, gated by the NonPreemptingPriority feature-gate.
+
priority integer
The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.
+
priorityClassName string
If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+
restartPolicy string
Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+
runtimeClassName string
RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class This is a beta feature as of Kubernetes v1.14.
+
schedulerName string
If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.
+
serviceAccount string
DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.
+
serviceAccountName string
ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+
setHostnameAsFQDN boolean
If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.
+
shareProcessNamespace boolean
Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.
+
subdomain string
If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.
+
terminationGracePeriodSeconds integer
Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.
TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
+
volumes Volume array patch strategy: merge,retainKeys patch merge key: name
List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes
The list has one entry per container in the manifest. Each entry is currently the output of `docker inspect`. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
Status for any ephemeral containers that have run in this pod. This field is alpha-level and is only populated by servers that enable the EphemeralContainers feature.
+
hostIP string
IP address of the host to which the pod is assigned. Empty if not yet scheduled.
The list has one entry per init container in the manifest. The most recent successful init container will have ready = true, the most recently started container will have startTime set. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
+
message string
A human readable message indicating details about why the pod is in this condition.
+
nominatedNodeName string
nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be scheduled right away as preemption victims receive their graceful termination periods. This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to give the resources on this node to a higher priority pod that is created after preemption. As a result, this field may be different than PodSpec.nodeName when the pod is scheduled.
+
phase string
The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. The conditions array, the reason and message fields, and the individual container status arrays contain more detail about the pod's status. There are five possible phase values: Pending: The pod has been accepted by the Kubernetes system, but one or more of the container images has not been created. This includes time before being scheduled as well as time spent downloading images over the network, which could take a while. Running: The pod has been bound to a node, and all of the containers have been created. At least one container is still running, or is in the process of starting or restarting. Succeeded: All containers in the pod have terminated in success, and will not be restarted. Failed: All containers in the pod have terminated, and at least one container has terminated in failure. The container either exited with non-zero status or was terminated by the system. Unknown: For some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase
+
podIP string
IP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.
+
podIPs PodIP array patch strategy: merge patch merge key: ip
podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list is empty if no IPs have been allocated yet.
+
qosClass string
The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://git.k8s.io/community/contributors/design-proposals/node/resource-qos.md
+
reason string
A brief CamelCase message indicating details about why the pod is in this state. e.g. 'Evicted'
RFC 3339 date and time at which the object was acknowledged by the Kubelet. This is before the Kubelet pulled the container image(s) for the pod.
+
+
+
PodList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
List of pods. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+
+
Write Operations
+
Create
+
create a Pod
+
HTTP Request
+POST /api/v1/namespaces/{namespace}/pods
+
Path Parameters
+
+
Parameter
Description
+
+
namespace
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Pod. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of Pod. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/namespaces/{namespace}/pods
+
Path Parameters
+
+
Parameter
Description
+
+
namespace
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of Pod. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/pods
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
container
The container for which to stream logs. Defaults to only container if there is one container in the pod.
+
follow
Follow the log stream of the pod. Defaults to false.
+
insecureSkipTLSVerifyBackend
insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept the actual log data coming from the real kubelet).
+
limitBytes
If set, the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.
+
pretty
If 'true', then the output is pretty printed.
+
previous
Return previous terminated container logs. Defaults to false.
+
sinceSeconds
A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.
+
tailLines
If set, the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime
+
timestamps
If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.
+
+
+
Response
+
+
Code
Description
+
+
200 string
OK
+
+
+
ReplicaSet v1 apps
+
+
+
+
ReplicaSet Config to run 3 nginx instances.
+
+
+apiVersion: apps/v1
+kind: ReplicaSet
+metadata:
+ # Unique key of the ReplicaSet instance
+ name: replicaset-example
+spec:
+ # 3 Pods should exist at all times.
+ replicas: 3
+ selector:
+ matchLabels:
+ app: nginx
+ template:
+ metadata:
+ labels:
+ app: nginx
+ spec:
+ containers:
+ # Run the nginx image
+ - name: nginx
+ image: nginx:1.14
+
+
+
+
Group
Version
Kind
+
+
apps
v1
ReplicaSet
+
+
+
Warning:
In many cases it is recommended to create a Deployment instead of ReplicaSet.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
If the Labels of a ReplicaSet are empty, they are defaulted to be the same as the Pod(s) that the ReplicaSet manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Spec defines the specification of the desired behavior of the ReplicaSet. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Status is the most recently observed status of the ReplicaSet. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
+
replicas integer
Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
Selector is a label query over pods that should match the replica count. Label keys and values that must match in order to be controlled by this replica set. It must match the pod template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
Template is the object that describes the pod that will be created if insufficient replicas are detected. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
The number of available replicas (ready for at least minReadySeconds) for this replica set.
+
conditions ReplicaSetCondition array patch strategy: merge patch merge key: type
Represents the latest available observations of a replica set's current state.
+
fullyLabeledReplicas integer
The number of pods that have labels matching the labels of the pod template of the replicaset.
+
observedGeneration integer
ObservedGeneration reflects the generation of the most recently observed ReplicaSet.
+
readyReplicas integer
The number of ready replicas for this replica set.
+
replicas integer
Replicas is the most recently oberved number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
+
+
+
ReplicaSetList v1 apps
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
List of ReplicaSets. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind ReplicaSet. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of ReplicaSet. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/apps/v1/watch/replicasets
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
If the Labels of a ReplicationController are empty, they are defaulted to be the same as the Pod(s) that the replication controller manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Spec defines the specification of the desired behavior of the replication controller. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Status is the most recently observed status of the replication controller. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
+
replicas integer
Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
+
selector object
Selector is a label query over pods that should match the Replicas count. If Selector is empty, it is defaulted to the labels present on the Pod template. Label keys and values that must match in order to be controlled by this replication controller, if empty defaulted to labels on Pod template. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
Template is the object that describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
Represents the latest available observations of a replication controller's current state.
+
fullyLabeledReplicas integer
The number of pods that have labels matching the labels of the pod template of the replication controller.
+
observedGeneration integer
ObservedGeneration reflects the generation of the most recently observed replication controller.
+
readyReplicas integer
The number of ready replicas for this replication controller.
+
replicas integer
Replicas is the most recently oberved number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
+
+
+
ReplicationControllerList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
List of replication controllers. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
list or watch objects of kind ReplicationController
+
HTTP Request
+GET /api/v1/replicationcontrollers
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind ReplicationController. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of ReplicationController. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/replicationcontrollers
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.
+
podManagementPolicy string
podManagementPolicy controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once.
+
replicas integer
replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1.
+
revisionHistoryLimit integer
revisionHistoryLimit is the maximum number of revisions that will be maintained in the StatefulSet's revision history. The revision history consists of all revisions not represented by a currently applied StatefulSetSpec version. The default value is 10.
selector is a label query over pods that should match the replica count. It must match the pod template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+
serviceName string
serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.
template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet.
volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name.
Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset. This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate. Remove omitempty when graduating to beta
+
collisionCount integer
collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.
+
conditions StatefulSetCondition array patch strategy: merge patch merge key: type
Represents the latest available observations of a statefulset's current state.
+
currentReplicas integer
currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by currentRevision.
+
currentRevision string
currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence [0,currentReplicas).
+
observedGeneration integer
observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the StatefulSet's generation, which is updated on mutation by the API Server.
+
readyReplicas integer
readyReplicas is the number of Pods created by the StatefulSet controller that have a Ready Condition.
+
replicas integer
replicas is the number of Pods created by the StatefulSet controller.
+
updateRevision string
updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence [replicas-updatedReplicas,replicas)
+
updatedReplicas integer
updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by updateRevision.
+
+
+
StatefulSetList v1 apps
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind StatefulSet. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of StatefulSet. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/apps/v1/watch/statefulsets
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
Service API resources are responsible for stitching your workloads together into an accessible Loadbalanced Service. By default,
+Workloads are only accessible within the cluster, and they must be exposed externally using a either
+a *LoadBalancer* or *NodePort* Service. For development, internally accessible
+Workloads can be accessed via proxy through the api master using the kubectl proxy command.
+
+
Common resource types:
+
+
+
Services for providing a single ip endpoint loadbalanced across multiple Workload replicas.
+
Ingress for providing a https(s) endpoint http(s) routed to one or more *Services*.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
The set of all endpoints is the union of all subsets. Addresses are placed into subsets according to the IPs they share. A single address with multiple ports, some of which are ready and some of which are not (because they come from different containers) will result in the address being displayed in different subsets for the different ports. No address will appear in both Addresses and NotReadyAddresses in the same subset. Sets of addresses and ports that comprise a service.
+
+
+
EndpointsList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+
+
Write Operations
+
Create
+
create Endpoints
+
HTTP Request
+POST /api/v1/namespaces/{namespace}/endpoints
+
Path Parameters
+
+
Parameter
Description
+
+
namespace
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Endpoints. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of Endpoints. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/endpoints
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
addressType specifies the type of address carried by this EndpointSlice. All addresses in this slice must be the same type. This field is immutable after creation. The following address types are currently supported: * IPv4: Represents an IPv4 Address. * IPv6: Represents an IPv6 Address. * FQDN: Represents a Fully Qualified Domain Name.
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
endpoints is a list of unique endpoints in this slice. Each slice may include a maximum of 1000 endpoints.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
ports specifies the list of network ports exposed by each endpoint in this slice. Each port must have a unique name. When ports is empty, it indicates that there are no defined ports. When a port is defined with a nil port value, it indicates "all ports". Each slice may include a maximum of 100 ports.
+
+
+
EndpointSliceList v1 discovery
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind EndpointSlice. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Spec is the desired state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Status is the current state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
DefaultBackend is the backend that should handle requests that don't match any rule. If Rules are not specified, DefaultBackend must be specified. If DefaultBackend is not set, the handling of requests that do not match any of the rules will be up to the Ingress controller.
+
ingressClassName string
IngressClassName is the name of the IngressClass cluster resource. The associated IngressClass defines which controller will implement the resource. This replaces the deprecated `kubernetes.io/ingress.class` annotation. For backwards compatibility, when that annotation is set, it must be given precedence over this field. The controller may emit a warning if the field and annotation have different values. Implementations of this API should ignore Ingresses without a class specified. An IngressClass resource may be marked as default, which can be used to set a default value for this field. For more information, refer to the IngressClass documentation.
TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.
LoadBalancer contains the current status of the load-balancer.
+
+
+
IngressList v1 networking
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Ingress. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of Ingress. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/networking.k8s.io/v1/watch/ingresses
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Spec is the desired state of the IngressClass. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Controller refers to the name of the controller that should handle this class. This allows for different "flavors" that are controlled by the same controller. For example, you may have different Parameters for the same implementing controller. This should be specified as a domain-prefixed path no more than 250 characters in length, e.g. "acme.io/ingress-controller". This field is immutable.
Parameters is a link to a custom resource containing additional configuration for the controller. This is optional if the controller does not require extra parameters.
+
+
+
IngressClassList v1 networking
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind IngressClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
Service Config to load balance traffic across all Pods with the app=nginx label. Receives on and sends to port 80. Exposes an externally accessible endpoint.
+
+
+kind: Service
+apiVersion: v1
+metadata:
+ # Unique key of the Service instance
+ name: service-example
+spec:
+ ports:
+ # Accept traffic sent to port 80
+ - name: http
+ port: 80
+ targetPort: 80
+ selector:
+ # Loadbalance traffic across Pods matching
+ # this label selector
+ app: nginx
+ # Create an HA proxy in the cloud provider
+ # with an External IP address - *Only supported
+ # by some cloud providers*
+ type: LoadBalancer
+
+
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Most recently observed status of the service. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature.
+
clusterIP string
clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+
clusterIPs string array
ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. Unless the "IPv6DualStack" feature gate is enabled, this field is limited to one value, which must be the same as the clusterIP field. If the feature gate is enabled, this field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+
externalIPs string array
externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.
+
externalName string
externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+
externalTrafficPolicy string
externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.
+
healthCheckNodePort integer
healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type).
+
internalTrafficPolicy string
InternalTrafficPolicy specifies if the cluster internal traffic should be routed to all endpoints or node-local endpoints only. "Cluster" routes internal traffic to a Service to all endpoints. "Local" routes traffic to node-local endpoints only, traffic is dropped if no node-local endpoints are ready. The default value is "Cluster".
+
ipFamilies string array
IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service, and is gated by the "IPv6DualStack" feature gate. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are "IPv4" and "IPv6". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to "headless" services. This field will be wiped when updating a Service to type ExternalName. This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
+
ipFamilyPolicy string
IPFamilyPolicy represents the dual-stack-ness requested or required by this Service, and is gated by the "IPv6DualStack" feature gate. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.
+
loadBalancerClass string
loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+
loadBalancerIP string
Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.
+
loadBalancerSourceRanges string array
If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
+
ports ServicePort array patch strategy: merge patch merge key: port
The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+
publishNotReadyAddresses boolean
publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.
+
selector object
Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/
+
sessionAffinity string
Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
sessionAffinityConfig contains the configurations of session affinity.
+
type string
type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
LoadBalancer contains the current status of the load-balancer, if one is present.
+
+
+
ServiceList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
curl command (requires kubectl proxy to be running)
+
+
+$ kubectl proxy
+$ curl -X GET 'http://127.0.0.1:8001/api/v1/namespaces/default/services'
+
+
list or watch objects of kind Service
+
HTTP Request
+GET /api/v1/namespaces/{namespace}/services
+
Path Parameters
+
+
Parameter
Description
+
+
namespace
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Service. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of Service. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/services
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
path
Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.
object name and auth scope, such as for teams and projects
+
path
path to the resource
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
path
Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
path
Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.
object name and auth scope, such as for teams and projects
+
path
path to the resource
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
path
Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
path
Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.
object name and auth scope, such as for teams and projects
+
path
path to the resource
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
path
Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
path
Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.
object name and auth scope, such as for teams and projects
+
path
path to the resource
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
path
Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
path
Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.
object name and auth scope, such as for teams and projects
+
path
path to the resource
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
path
Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.
+
+
+
Response
+
+
Code
Description
+
+
200 string
OK
+
+
+
CONFIG & STORAGE
+
+
Config and Storage resources are responsible for injecting data into your applications and persisting data externally to your container.
+
+
Common resource types:
+
+
ConfigMaps for providing text key value pairs injected into the application through environment variables, command line arguments, or files
+
Secrets for providing binary data injected into the application through files
+
Volumes for providing a filesystem external to the Container. Maybe shared across Containers within the same Pod and have a lifetime persisting beyond a Container or Pod.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
binaryData object
BinaryData contains the binary data. Each key must consist of alphanumeric characters, '-', '_' or '.'. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process. Using this field will require 1.10+ apiserver and kubelet.
+
data object
Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.
+
immutable boolean
Immutable, if set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+
+
ConfigMapList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+
+
Write Operations
+
Create
+
create a ConfigMap
+
HTTP Request
+POST /api/v1/namespaces/{namespace}/configmaps
+
Path Parameters
+
+
Parameter
Description
+
+
namespace
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind ConfigMap. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of ConfigMap. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/configmaps
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard object metadata. metadata.Name indicates the name of the CSI driver that this object refers to; it MUST be the same name returned by the CSI GetPluginName() call for that driver. The driver name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), dots (.), and alphanumerics between. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
attachRequired indicates this CSI volume driver requires an attach operation (because it implements the CSI ControllerPublishVolume() method), and that the Kubernetes attach detach controller should call the attach volume interface which checks the volumeattachment status and waits until the volume is attached before proceeding to mounting. The CSI external-attacher coordinates with CSI volume driver and updates the volumeattachment status when the attach operation is complete. If the CSIDriverRegistry feature gate is enabled and the value is specified to false, the attach operation will be skipped. Otherwise the attach operation will be called. This field is immutable.
+
fsGroupPolicy string
Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details. This field is beta, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate. This field is immutable. Defaults to ReadWriteOnceWithFSType, which will examine each volume to determine if Kubernetes should modify ownership and permissions of the volume. With the default policy the defined fsGroup will only be applied if a fstype is defined and the volume's access mode contains ReadWriteOnce.
+
podInfoOnMount boolean
If set to true, podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations. If set to false, pod information will not be passed on mount. Default is false. The CSI driver specifies podInfoOnMount as part of driver deployment. If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. The following VolumeConext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. "csi.storage.k8s.io/pod.name": pod.Name "csi.storage.k8s.io/pod.namespace": pod.Namespace "csi.storage.k8s.io/pod.uid": string(pod.UID) "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume defined by a CSIVolumeSource, otherwise "false" "csi.storage.k8s.io/ephemeral" is a new feature in Kubernetes 1.16. It is only required for drivers which support both the "Persistent" and "Ephemeral" VolumeLifecycleMode. Other drivers can leave pod info disabled and/or ignore this field. As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when deployed on such a cluster and the deployment determines which mode that is, for example via a command line parameter of the driver. This field is immutable.
+
requiresRepublish boolean
RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false. Note: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.
+
storageCapacity boolean
If set to true, storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information. The check can be enabled immediately when deploying a driver. In that case, provisioning new volumes with late binding will pause until the driver deployment has published some suitable CSIStorageCapacity object. Alternatively, the driver can be deployed with the field unset or false and it can be flipped later when storage capacity information has been published. This field is immutable. This is a beta field and only available when the CSIStorageCapacity feature is enabled. The default is false.
TokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: "csi.storage.k8s.io/serviceAccount.tokens": { "<audience>": { "token": <token>, "expirationTimestamp": <expiration timestamp in RFC3339>, }, ... } Note: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.
+
volumeLifecycleModes string array
volumeLifecycleModes defines what kind of volumes this CSI volume driver supports. The default if the list is empty is "Persistent", which is the usage defined by the CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism. The other mode is "Ephemeral". In this mode, volumes are defined inline inside the pod spec with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume. For more information about implementing this mode, see https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html A driver can support one or more of these modes and more modes may be added in the future. This field is beta. This field is immutable.
+
+
+
CSIDriverList v1 storage
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+
+
Write Operations
+
Create
+
create a CSIDriver
+
HTTP Request
+POST /apis/storage.k8s.io/v1/csidrivers
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind CSIDriver. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of CSIDriver. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/storage.k8s.io/v1/watch/csidrivers
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
drivers CSINodeDriver array patch strategy: merge patch merge key: name
drivers is a list of information of all CSI Drivers existing on a node. If all drivers in the list are uninstalled, this can become empty.
+
+
+
CSINodeList v1 storage
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+
+
Write Operations
+
Create
+
create a CSINode
+
HTTP Request
+POST /apis/storage.k8s.io/v1/csinodes
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind CSINode. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of CSINode. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/storage.k8s.io/v1/watch/csinodes
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
data object
Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4
+
immutable boolean
Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
stringData object
stringData allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API.
+
type string
Used to facilitate programmatic handling of secret data.
+
+
+
SecretList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+
+
Write Operations
+
Create
+
create a Secret
+
HTTP Request
+POST /api/v1/namespaces/{namespace}/secrets
+
Path Parameters
+
+
Parameter
Description
+
+
namespace
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Secret. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of Secret. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/secrets
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.
Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+
capacity object
Represents the actual resources of the underlying volume.
Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
+
phase string
Phase represents the current phase of PersistentVolumeClaim.
+
+
+
PersistentVolumeClaimList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
A list of persistent volume claims. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
list or watch objects of kind PersistentVolumeClaim
+
HTTP Request
+GET /api/v1/persistentvolumeclaims
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind PersistentVolumeClaim. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of PersistentVolumeClaim. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/persistentvolumeclaims
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
Restrict the node topologies where volumes can be dynamically provisioned. Each volume plugin defines its own supported topology specifications. An empty TopologySelectorTerm list means there is no topology restriction. This field is only honored by servers that enable the VolumeScheduling feature.
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
mountOptions string array
Dynamically provisioned PersistentVolumes of this storage class are created with these mountOptions, e.g. ["ro", "soft"]. Not validated - mount of the PVs will simply fail if one is invalid.
+
parameters object
Parameters holds the parameters for the provisioner that should create volumes of this storage class.
+
provisioner string
Provisioner indicates the type of the provisioner.
+
reclaimPolicy string
Dynamically provisioned PersistentVolumes of this storage class are created with this reclaimPolicy. Defaults to Delete.
+
volumeBindingMode string
VolumeBindingMode indicates how PersistentVolumeClaims should be provisioned and bound. When unset, VolumeBindingImmediate is used. This field is only honored by servers that enable the VolumeScheduling feature.
+
+
+
StorageClassList v1 storage
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+
+
Write Operations
+
Create
+
create a StorageClass
+
HTTP Request
+POST /apis/storage.k8s.io/v1/storageclasses
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind StorageClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Capacity is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields. The semantic is currently (CSI spec 1.2) defined as: The available capacity, in bytes, of the storage that can be used to provision volumes. If not set, that information is currently unavailable and treated like zero capacity.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
MaximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields. This is defined since CSI spec 1.4.0 as the largest size that may be used in a CreateVolumeRequest.capacity_range.required_bytes field to create a volume with the same parameters as those in GetCapacityRequest. The corresponding value in the Kubernetes API is ResourceRequirements.Requests in a volume claim.
Standard object's metadata. The name has no particular meaning. It must be be a DNS subdomain (dots allowed, 253 characters). To ensure that there are no conflicts with other CSI drivers on the cluster, the recommendation is to use csisc-<uuid>, a generated name, or a reverse-domain name which ends with the unique CSI driver name. Objects are namespaced. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
NodeTopology defines which nodes have access to the storage for which capacity was reported. If not set, the storage is not accessible from any node in the cluster. If empty, the storage is accessible from all nodes. This field is immutable.
+
storageClassName string
The name of the StorageClass that the reported capacity applies to. It must meet the same requirements as the name of a StorageClass object (non-empty, DNS subdomain). If that object no longer exists, the CSIStorageCapacity object is obsolete and should be removed by its creator. This field is immutable.
+
+
+
CSIStorageCapacityList v1beta1 storage
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind CSIStorageCapacity. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
Ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. A pod can use both types of ephemeral volumes and persistent volumes at the same time. This is a beta feature and only available when the GenericEphemeralVolume feature gate is enabled.
GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md
+
name string
Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
The last error encountered during attach operation, if any. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.
+
attached boolean
Indicates the volume is successfully attached. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.
+
attachmentMetadata object
Upon successful attach, this field is populated with any information returned by the attach operation that must be passed into subsequent WaitForAttach or Mount calls. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.
The last error encountered during detach operation, if any. This field must only be set by the entity completing the detach operation, i.e. the external-attacher.
+
+
+
VolumeAttachmentList v1 storage
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+
+
Write Operations
+
Create
+
create a VolumeAttachment
+
HTTP Request
+POST /apis/storage.k8s.io/v1/volumeattachments
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind VolumeAttachment. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
data
Data is the serialized representation of the state.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
revision integer
Revision indicates the revision of the state represented by Data.
+
+
+
ControllerRevisionList v1 apps
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind ControllerRevision. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of ControllerRevision. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/apps/v1/watch/controllerrevisions
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
conversion defines conversion settings for the CRD.
+
group string
group is the API group of the defined custom resource. The custom resources are served under `/apis/<group>/...`. Must match the name of the CustomResourceDefinition (in the form `<names.plural>.<group>`).
names specify the resource and kind names for the custom resource.
+
preserveUnknownFields boolean
preserveUnknownFields indicates that object fields which are not specified in the OpenAPI schema should be preserved when persisting to storage. apiVersion, kind, metadata and known fields inside metadata are always preserved. This field is deprecated in favor of setting `x-preserve-unknown-fields` to true in `spec.versions[*].schema.openAPIV3Schema`. See https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#pruning-versus-preserving-unknown-fields for details.
+
scope string
scope indicates whether the defined custom resource is cluster- or namespace-scoped. Allowed values are `Cluster` and `Namespaced`.
versions is the list of all API versions of the defined custom resource. Version names are used to compute the order in which served versions are listed in API discovery. If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major version, then minor version. An example sorted list of versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
conditions indicate state for particular aspects of a CustomResourceDefinition
+
storedVersions string array
storedVersions lists all versions of CustomResources that were ever persisted. Tracking these versions allows a migration path for stored versions in etcd. The field is mutable so a migration controller can finish a migration to another version (ensuring no old objects are left in storage), and then remove the rest of the versions from this list. Versions may not be removed from `spec.versions` while they exist in this list.
+
+
+
CustomResourceDefinitionList v1 apiextensions
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
items list individual CustomResourceDefinition objects
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind CustomResourceDefinition. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
action is what action was taken/failed regarding to the regarding object. It is machine-readable. This field cannot be empty for new Events and it can have at most 128 characters.
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
deprecatedCount integer
deprecatedCount is the deprecated field assuring backward compatibility with core.v1 Event type.
eventTime is the time when this Event was first observed. It is required.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
note string
note is a human-readable description of the status of this operation. Maximal length of the note is 1kB, but libraries should be prepared to handle values up to 64kB.
+
reason string
reason is why the action was taken. It is human-readable. This field cannot be empty for new Events and it can have at most 128 characters.
regarding contains the object this Event is about. In most cases it's an Object reporting controller implements, e.g. ReplicaSetController implements ReplicaSets and this event is emitted because it acts on some changes in a ReplicaSet object.
related is the optional secondary object for more complex actions. E.g. when regarding object triggers a creation or deletion of related object.
+
reportingController string
reportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. This field cannot be empty for new Events.
+
reportingInstance string
reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`. This field cannot be empty for new Events and it can have at most 128 characters.
series is data about the Event series this event represents or nil if it's a singleton Event.
+
type string
type is the type of this event (Normal, Warning), new types could be added in the future. It is machine-readable. This field cannot be empty for new Events.
+
+
+
EventList v1 events
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Event. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/events.k8s.io/v1/watch/events
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Limits is the list of LimitRangeItem objects that are enforced.
+
+
+
LimitRangeList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Items is a list of LimitRange objects. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind LimitRange. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of LimitRange. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/limitranges
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
upper limit for the number of pods that can be set by the autoscaler; cannot be smaller than MinReplicas.
+
minReplicas integer
minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available.
reference to scaled resource; horizontal pod autoscaler will learn the current resource consumption and will set the desired number of pods by using its Scale subresource.
+
targetCPUUtilizationPercentage integer
target average CPU utilization (represented as a percentage of requested CPU) over all the pods; if not specified the default autoscaling policy will be used.
current average CPU utilization over all pods, represented as a percentage of requested CPU, e.g. 70 means that an average pod is using now 70% of its requested CPU.
+
currentReplicas integer
current number of replicas of pods managed by this autoscaler.
+
desiredReplicas integer
desired number of replicas of pods managed by this autoscaler.
last time the HorizontalPodAutoscaler scaled the number of pods; used by the autoscaler to control how often the number of pods is changed.
+
observedGeneration integer
most recent generation observed by this autoscaler.
+
+
+
HorizontalPodAutoscalerList v1 autoscaling
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind HorizontalPodAutoscaler. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind MutatingWebhookConfiguration. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind ValidatingWebhookConfiguration. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Template defines the pods that will be created from this pod template. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+
+
PodTemplateList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind PodTemplate. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of PodTemplate. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/podtemplates
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
+
minAvailable
An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%".
Label query over pods whose evictions are managed by the disruption budget. A null selector will match no pods, while an empty ({}) selector will select all pods within the namespace.
conditions Condition array patch strategy: merge patch merge key: type
Conditions contain conditions for PDB. The disruption controller sets the DisruptionAllowed condition. The following are known values for the reason field (additional reasons could be added in the future): - SyncFailed: The controller encountered an error and wasn't able to compute the number of allowed disruptions. Therefore no disruptions are allowed and the status of the condition will be False. - InsufficientPods: The number of pods are either at or below the number required by the PodDisruptionBudget. No disruptions are allowed and the status of the condition will be False. - SufficientPods: There are more pods than required by the PodDisruptionBudget. The condition will be True, and the number of allowed disruptions are provided by the disruptionsAllowed property.
+
currentHealthy integer
current number of healthy pods
+
desiredHealthy integer
minimum desired number of healthy pods
+
disruptedPods object
DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
+
disruptionsAllowed integer
Number of pod disruptions that are currently allowed.
+
expectedPods integer
total number of pods counted by this disruption budget
+
observedGeneration integer
Most recent generation observed when updating this PDB status. DisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
+
+
+
PodDisruptionBudgetList v1 policy
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/policy/v1/watch/poddisruptionbudgets
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
description string
description is an arbitrary string that usually provides guidelines on when this priority class should be used.
+
globalDefault boolean
globalDefault specifies whether this PriorityClass should be considered as the default priority for pods that do not have any priority class. Only one PriorityClass can be marked as `globalDefault`. However, if more than one PriorityClasses exists with their `globalDefault` field set to true, the smallest value of such global default PriorityClasses will be used as the default priority.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
preemptionPolicy string
PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is beta-level, gated by the NonPreemptingPriority feature-gate.
+
value integer
The value of this priority class. This is the actual priority that pods receive when they have the name of this class in their pod spec.
+
+
+
PriorityClassList v1 scheduling
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind PriorityClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes. This is a beta field, and is only honored if the API server enables the CSIInlineVolume feature gate.
+
allowedCapabilities string array
allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
allowedFlexVolumes is an allowlist of Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the "volumes" field.
allowedHostPaths is an allowlist of host paths. Empty indicates that all host paths may be used.
+
allowedProcMountTypes string array
AllowedProcMountTypes is an allowlist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.
+
allowedUnsafeSysctls string array
allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to allowlist all allowed unsafe sysctls explicitly to avoid rejection. Examples: e.g. "foo/*" allows "foo/bar", "foo/baz", etc. e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
+
defaultAddCapabilities string array
defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
+
defaultAllowPrivilegeEscalation boolean
defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
+
forbiddenSysctls string array
forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. Examples: e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
hostPorts determines which host port ranges are allowed to be exposed.
+
privileged boolean
privileged determines if a pod can request to be run as privileged.
+
readOnlyRootFilesystem boolean
readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
+
requiredDropCapabilities string array
requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.
RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.
runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod. If this field is omitted, the pod's runtimeClassName field is unrestricted. Enforcement of this field depends on the RuntimeClass feature gate being enabled.
supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
+
volumes string array
volumes is an allowlist of volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '\*'.
+
+
+
PodSecurityPolicyList v1beta1 policy
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+
+
Write Operations
+
Create
+
create a PodSecurityPolicy
+
HTTP Request
+POST /apis/policy/v1beta1/podsecuritypolicies
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind PodSecurityPolicy. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate. If unspecified, system trust roots on the apiserver are used.
+
group string
Group is the API group name this server hosts
+
groupPriorityMinimum integer
GroupPriorityMininum is the priority this group should have at least. Higher priority means that the group is preferred by clients over lower priority ones. Note that other versions of this group might specify even higher GroupPriorityMininum values such that the whole group gets a higher priority. The primary sort is based on GroupPriorityMinimum, ordered highest number to lowest (20 before 10). The secondary sort is based on the alphabetical comparison of the name of the object. (v1.bar before v1.foo) We'd recommend something like: *.k8s.io (except extensions) at 18000 and PaaSes (OpenShift, Deis) are recommended to be in the 2000s
+
insecureSkipTLSVerify boolean
InsecureSkipTLSVerify disables TLS certificate verification when communicating with this server. This is strongly discouraged. You should use the CABundle instead.
Service is a reference to the service for this API server. It must communicate on port 443. If the Service is nil, that means the handling for the API groupversion is handled locally on this server. The call will simply delegate to the normal handler chain to be fulfilled.
+
version string
Version is the API version this server hosts. For example, "v1"
+
versionPriority integer
VersionPriority controls the ordering of this API version inside of its group. Must be greater than zero. The primary sort is based on VersionPriority, ordered highest to lowest (20 before 10). Since it's inside of a group, the number can be small, probably in the 10s. In case of equal version priorities, the version string will be used to compute the order inside a group. If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major version, then minor version. An example sorted list of versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
conditions APIServiceCondition array patch strategy: merge patch merge key: type
Current service state of apiService.
+
+
+
APIServiceList v1 apiregistration
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind APIService. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
The target object that you want to bind to the standard object.
+
+
+
Write Operations
+
Create
+
create a Binding
+
HTTP Request
+POST /api/v1/namespaces/{namespace}/bindings
+
Path Parameters
+
+
Parameter
Description
+
+
namespace
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
spec contains the certificate request, and is immutable after creation. Only the request, signerName, expirationSeconds, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users.
status contains information about whether the request is approved or denied, and the certificate issued by the signer, or the failure condition indicating signer failure.
expirationSeconds is the requested duration of validity of the issued certificate. The certificate signer may issue a certificate with a different validity duration so a client must check the delta between the notBefore and and notAfter fields in the issued certificate to determine the actual duration. The v1.22+ in-tree implementations of the well-known Kubernetes signers will honor this field as long as the requested duration is not greater than the maximum duration they will honor per the --cluster-signing-duration CLI flag to the Kubernetes controller manager. Certificate signers may not honor this field for various reasons: 1. Old signer that is unaware of the field (such as the in-tree implementations prior to v1.22) 2. Signer whose configured maximum is shorter than the requested duration 3. Signer whose configured minimum is longer than the requested duration The minimum valid value for expirationSeconds is 600, i.e. 10 minutes. As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
+
extra object
extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
+
groups string array
groups contains group membership of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
+
request string
request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block. When serialized as JSON or YAML, the data is additionally base64-encoded.
+
signerName string
signerName indicates the requested signer, and is a qualified name. List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector. Well-known Kubernetes signers are: 1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver. Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager. 2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver. Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager. 3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely. Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager. More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers Custom signerNames can also be specified. The signer defines: 1. Trust distribution: how trust (CA bundles) are distributed. 2. Permitted subjects: and behavior when a disallowed subject is requested. 3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested. 4. Required, permitted, or forbidden key usages / extended key usages. 5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin. 6. Whether or not requests for CA certificates are allowed.
+
uid string
uid contains the uid of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
+
usages string array
usages specifies a set of key usages requested in the issued certificate. Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth". Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth". Valid values are: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
+
username string
username contains the name of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
certificate is populated with an issued certificate by the signer after an Approved condition is present. This field is set via the /status subresource. Once populated, this field is immutable. If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty. If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty. Validation requirements: 1. certificate must contain one or more PEM blocks. 2. All PEM blocks must have the "CERTIFICATE" label, contain no headers, and the encoded data must be a BER-encoded ASN.1 Certificate structure as described in section 4 of RFC5280. 3. Non-PEM content may appear before or after the "CERTIFICATE" PEM blocks and is unvalidated, to allow for explanatory text as described in section 5.2 of RFC7468. If more than one PEM block is present, and the definition of the requested spec.signerName does not indicate otherwise, the first block is the issued certificate, and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes. The certificate is encoded in PEM format. When serialized as JSON or YAML, the data is additionally base64-encoded, so it consists of: base64( -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- )
conditions applied to the request. Known conditions are "Approved", "Denied", and "Failed".
+
+
+
CertificateSigningRequestList v1 certificates
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
items is a collection of CertificateSigningRequest objects
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind CertificateSigningRequest. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Rules holds all the PolicyRules for this ClusterRole
+
+
+
ClusterRoleList v1 rbac
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind ClusterRole. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Subjects holds references to the objects the role applies to.
+
+
+
ClusterRoleBindingList v1 rbac
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind ClusterRoleBinding. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
conditions ComponentCondition array patch strategy: merge patch merge key: type
List of component conditions observed
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+
+
ComponentStatusList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
`spec` is the specification of the desired behavior of a FlowSchema. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
`status` is the current status of a FlowSchema. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
`distinguisherMethod` defines how to compute the flow distinguisher for requests that match this schema. `nil` specifies that the distinguisher is disabled and thus will always be the empty string.
+
matchingPrecedence integer
`matchingPrecedence` is used to choose among the FlowSchemas that match a given request. The chosen FlowSchema is among those with the numerically lowest (which we take to be logically highest) MatchingPrecedence. Each MatchingPrecedence value must be ranged in [1,10000]. Note that if the precedence is not specified, it will be set to 1000 as default.
`priorityLevelConfiguration` should reference a PriorityLevelConfiguration in the cluster. If the reference cannot be resolved, the FlowSchema will be ignored and marked as invalid in its status. Required.
`rules` describes which requests will match this flow schema. This FlowSchema matches a request if and only if at least one member of rules matches the request. if it is an empty slice, there will be no requests matching the FlowSchema.
`conditions` is a list of the current states of FlowSchema.
+
+
+
FlowSchemaList v1beta1 flowcontrol
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind FlowSchema. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
acquireTime is a time when the current lease was acquired.
+
holderIdentity string
holderIdentity contains the identity of the holder of a current lease.
+
leaseDurationSeconds integer
leaseDurationSeconds is a duration that candidates for a lease need to wait to force acquire it. This is measure against time of last observed RenewTime.
+
leaseTransitions integer
leaseTransitions is the number of transitions of a lease between holders.
renewTime is a time when the current holder of a lease has last updated the lease.
+
+
+
LeaseList v1 coordination
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Lease. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of Lease. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/coordination.k8s.io/v1/watch/leases
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Spec defines the behavior of the Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Status describes the current status of a Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Finalizers is an opaque list of values that must be empty to permanently remove object from storage. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
conditions NamespaceCondition array patch strategy: merge patch merge key: type
Represents the latest available observations of a namespace's current state.
+
phase string
Phase is the current lifecycle phase of the namespace. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
+
+
+
NamespaceList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Items is the list of Namespace objects in the list. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+
+
Write Operations
+
Create
+
create a Namespace
+
HTTP Request
+POST /api/v1/namespaces
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Namespace. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
+
HTTP Request
+GET /api/v1/watch/namespaces/{name}
+
Path Parameters
+
+
Parameter
Description
+
+
name
name of the Namespace
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of Namespace. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/namespaces
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
partially update status of the specified Namespace
+
HTTP Request
+PATCH /api/v1/namespaces/{name}/status
+
Path Parameters
+
+
Parameter
Description
+
+
name
name of the Namespace
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Most recently observed status of the node. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Deprecated. If specified, the source of the node's configuration. The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field. This field is deprecated as of 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
+
externalID string
Deprecated. Not all kubelets will set this field. Remove field after 1.13. see: https://issues.k8s.io/61966
+
podCIDR string
PodCIDR represents the pod IP range assigned to the node.
+
podCIDRs string array patch strategy: merge
podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for each of IPv4 and IPv6.
+
providerID string
ID of the node assigned by the cloud provider in the format: <ProviderName>://<ProviderSpecificNodeID>
Unschedulable controls node schedulability of new pods. By default, node is schedulable. More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration
addresses NodeAddress array patch strategy: merge patch merge key: type
List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See http://pr.k8s.io/79391 for an example.
+
allocatable object
Allocatable represents the resources of a node that are available for scheduling. Defaults to Capacity.
+
capacity object
Capacity represents the total resources of a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
+
conditions NodeCondition array patch strategy: merge patch merge key: type
Conditions is an array of current observed node conditions. More info: https://kubernetes.io/docs/concepts/nodes/node/#condition
Set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info
+
phase string
NodePhase is the recently observed lifecycle phase of the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#phase The field is never populated, and now is deprecated.
List of attachable volumes in use (mounted) by the node.
+
+
+
NodeList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+
+
Write Operations
+
Create
+
create a Node
+
HTTP Request
+POST /api/v1/nodes
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Node. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
+
HTTP Request
+GET /api/v1/watch/nodes/{name}
+
Path Parameters
+
+
Parameter
Description
+
+
name
name of the Node
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of Node. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/nodes
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Spec defines a specification of a persistent volume owned by the cluster. Provisioned by an administrator. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
Status represents the current information/status for the persistent volume. Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
ClaimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding
Flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running
GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
Glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. More info: https://examples.k8s.io/volumes/glusterfs/README.md
HostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
Local represents directly-attached storage with node affinity
+
mountOptions string array
A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options
NodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume.
+
persistentVolumeReclaimPolicy string
What happens to a persistent volume when released from its claim. Valid options are Retain (default for manually created PersistentVolumes), Delete (default for dynamically provisioned PersistentVolumes), and Recycle (deprecated). Recycle must be supported by the volume plugin underlying this PersistentVolume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
StorageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod More info: https://examples.k8s.io/volumes/storageos/README.md
+
volumeMode string
volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec.
A human-readable message indicating details about why the volume is in this state.
+
phase string
Phase indicates if a volume is available, bound to a claim, or released by a claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase
+
reason string
Reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.
+
+
+
PersistentVolumeList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
List of persistent volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+
+
Write Operations
+
Create
+
create a PersistentVolume
+
HTTP Request
+POST /api/v1/persistentvolumes
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind PersistentVolume. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
+
HTTP Request
+GET /api/v1/watch/persistentvolumes/{name}
+
Path Parameters
+
+
Parameter
Description
+
+
name
name of the PersistentVolume
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of PersistentVolume. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/persistentvolumes
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
partially update status of the specified PersistentVolume
+
HTTP Request
+PATCH /api/v1/persistentvolumes/{name}/status
+
Path Parameters
+
+
Parameter
Description
+
+
name
name of the PersistentVolume
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
`spec` is the specification of the desired behavior of a "request-priority". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
`status` is the current status of a "request-priority". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
`limited` specifies how requests are handled for a Limited priority level. This field must be non-empty if and only if `type` is `"Limited"`.
+
type string
`type` indicates whether this priority level is subject to limitation on request execution. A value of `"Exempt"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels. A value of `"Limited"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind PriorityLevelConfiguration. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Status defines the actual enforced quota and its current usage. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
+
scopes string array
A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.
Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
+
used object
Used is the current observed total usage of the resource in the namespace.
+
+
+
ResourceQuotaList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Items is a list of ResourceQuota objects. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind ResourceQuota. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of ResourceQuota. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/resourcequotas
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Role. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.
Subjects holds references to the objects the role applies to.
+
+
+
RoleBindingList v1 rbac
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind RoleBinding. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
handler string
Handler specifies the underlying runtime and configuration that the CRI implementation will use to handle pods of this class. The possible values are specific to the node & CRI configuration. It is assumed that all handlers are available on every node, and handlers of the same name are equivalent on every node. For example, a handler called "runc" might specify that the runc OCI runtime (using native Linux containers) will be used to run the containers in a pod. The Handler must be lowercase, conform to the DNS Label (RFC 1123) requirements, and is immutable.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. For more details, see https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/ This field is in beta starting v1.18 and is only honored by servers that enable the PodOverhead feature.
Scheduling holds the scheduling constraints to ensure that pods running with this RuntimeClass are scheduled to nodes that support it. If scheduling is nil, this RuntimeClass is assumed to be supported by all nodes.
+
+
+
RuntimeClassList v1 node
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+
+
Write Operations
+
Create
+
create a RuntimeClass
+
HTTP Request
+POST /apis/node.k8s.io/v1/runtimeclasses
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind RuntimeClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of RuntimeClass. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/node.k8s.io/v1/watch/runtimeclasses
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
automountServiceAccountToken boolean
AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
secrets ObjectReference array patch strategy: merge patch merge key: name
Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. More info: https://kubernetes.io/docs/concepts/configuration/secret
+
+
+
ServiceAccountList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
List of ServiceAccounts. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind ServiceAccount. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of ServiceAccount. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/serviceaccounts
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
If all API server instances agree on the same encoding storage version, then this field is set to that version. Otherwise this field is left empty. API servers should finish updating its storageVersionStatus entry before serving write operations, so that this field will be in sync with the reality.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind StorageVersion. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Allowed is required. True if the action would be allowed, false otherwise.
+
denied boolean
Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.
+
evaluationError string
EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
+
reason string
Reason is optional. It indicates why a request was allowed or denied.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Audiences are the intendend audiences of the token. A recipient of a token must identitfy themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.
BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound object exists. NOTE: The API server's TokenReview endpoint will validate the BoundObjectRef, but other audiences may not. Keep ExpirationSeconds small if you want prompt revocation.
+
expirationSeconds integer
ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.
ExpirationTimestamp is the time of expiration of the returned token.
+
token string
Token is the opaque bearer token.
+
+
+
TokenReview v1 authentication.k8s.io
+
+
Group
Version
Kind
+
+
authentication.k8s.io
v1
TokenReview
+
+
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.
Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is "true", the token is valid against the audience of the Kubernetes API server.
+
authenticated boolean
Authenticated indicates that the token was associated with a known user.
+
error string
Error indicates that the token couldn't be checked
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8
List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)
Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.
+
policyTypes string array
List of rule types that the NetworkPolicy relates to. Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"]. If this field is not specified, it will default based on the existence of Ingress or Egress rules; policies that contain an Egress section are assumed to affect Egress, and all policies (whether or not they contain an Ingress section) are assumed to affect Ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include "Egress" (since such a policy would not include an Egress section and would otherwise default to just [ "Ingress" ]). This field is beta-level in 1.8
+
+
+
NetworkPolicyList v1 networking
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.
categories is a list of the grouped resources this resource belongs to (e.g. 'all')
+
group string
group is the preferred group of the resource. Empty implies the group of the containing resource list. For subresources, this may have a different value, for example: Scale".
+
kind string
kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo')
+
name string
name is the plural name of the resource.
+
namespaced boolean
namespaced indicates if a resource is namespaced or not.
+
shortNames string array
shortNames is a list of suggested short names of the resource.
+
singularName string
singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. The singularName is more correct for reporting status on a single item and both singular and plural are allowed from the kubectl CLI interface.
+
storageVersionHash string
The hash value of the storage version, the version this resource is converted to when written to the data store. Value must be treated as opaque by clients. Only equality comparison on the value is valid. This is an alpha feature and may change or be removed in the future. The field is populated by the apiserver only if the StorageVersionHash feature gate is enabled. This field will remain optional even if it graduates.
+
verbs string array
verbs is a list of supported kube verbs (this includes get, list, watch, create, update, patch, delete, deletecollection, and proxy)
+
version string
version is the preferred version of the resource. Empty implies the version of the containing resource list For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)".
+
+
+
APIServiceCondition v1 apiregistration.k8s.io
+
+
Group
Version
Kind
+
+
apiregistration.k8s.io
v1
APIServiceCondition
+
+
+
APIServiceCondition describes the state of an APIService at a particular point
Last time the condition transitioned from one status to another.
+
message string
Human-readable message indicating details about last transition.
+
reason string
Unique, one-word, CamelCase reason for the condition's last transition.
+
status string
Status is the status of the condition. Can be True, False, Unknown.
+
type string
Type is the type of the condition.
+
+
+
APIVersions v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
APIVersions
+
+
+
APIVersions lists the versions that are available, to allow clients to discover the API at /api, which is the root path of the legacy v1 API.
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.
+
versions string array
versions are the api versions that are available.
+
+
+
AWSElasticBlockStoreVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
AWSElasticBlockStoreVolumeSource
+
+
+
Represents a Persistent Disk resource in AWS.
+
+An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
partition integer
The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+
readOnly boolean
Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+
volumeID string
Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be added
+
+
+
AllowedCSIDriver v1beta1 policy
+
+
Group
Version
Kind
+
+
policy
v1beta1
AllowedCSIDriver
+
+
+
AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.
pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path. Examples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`
+
readOnly boolean
when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
+
+
+
AttachedVolume v1 core
+
+
Group
Version
Kind
+
+
core
v1
AttachedVolume
+
+
+
AttachedVolume describes a volume attached to a node
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
kind string
Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
+
readOnly boolean
Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+
+
AzureFilePersistentVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
AzureFilePersistentVolumeSource
+
+
+
AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
allocatable represents the volume resources of a node that are available for scheduling. This field is beta.
+
name string
This is the name of the CSI driver that this object refers to. This MUST be the same name returned by the CSI GetPluginName() call for that driver.
+
nodeID string
nodeID of the node from the driver point of view. This field enables Kubernetes to communicate with storage systems that do not share the same nomenclature for nodes. For example, Kubernetes may refer to a given node as "node1", but the storage system may refer to the same node as "nodeA". When Kubernetes issues a command to the storage system to attach a volume to a specific node, it can use this field to refer to the node name using the ID that the storage system will understand, e.g. "nodeA" instead of "node1". This field is required.
+
topologyKeys string array
topologyKeys is the list of keys supported by the driver. When a driver is initialized on a cluster, it provides a set of topology keys that it understands (e.g. "company.com/zone", "company.com/region"). When a driver is initialized on a node, it provides the same topology keys along with values. Kubelet will expose these topology keys as labels on its own node object. When Kubernetes does topology aware provisioning, it can use this list to determine which labels it should retrieve from the node object and pass back to the driver. It is possible for different nodes to use different topology keys. This can be empty if driver does not support topology.
+
+
+
CSIPersistentVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
CSIPersistentVolumeSource
+
+
+
Represents storage that is managed by an external CSI volume driver (Beta feature)
ControllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This is an alpha field and requires enabling ExpandCSIVolumes feature gate. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.
ControllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.
+
driver string
Driver is the name of the driver to use for this volume. Required.
+
fsType string
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs".
NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.
NodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.
+
readOnly boolean
Optional: The value to pass to ControllerPublishVolumeRequest. Defaults to false (read/write).
+
volumeAttributes object
Attributes of the volume to publish.
+
volumeHandle string
VolumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required.
+
+
+
CSIVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
CSIVolumeSource
+
+
+
Represents a source location of a volume to mount, managed by an external CSI driver
Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
+
fsType string
Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
+
readOnly boolean
Specifies a read-only configuration for the volume. Defaults to false (read/write).
+
volumeAttributes object
VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
+
+
+
Capabilities v1 core
+
+
Group
Version
Kind
+
+
core
v1
Capabilities
+
+
+
Adds and removes POSIX capabilities from running containers.
Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
path string
Optional: Used as the mounted root, rather than the full Ceph tree, default is /
+
readOnly boolean
Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
secretFile string
Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
user string
Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
+
+
CephFSVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
CephFSVolumeSource
+
+
+
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
path string
Optional: Used as the mounted root, rather than the full Ceph tree, default is /
+
readOnly boolean
Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
secretFile string
Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+
user string
Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
lastTransitionTime is the time the condition last transitioned from one status to another. If unset, when a new condition type is added or an existing condition's status is changed, the server defaults this to the current time.
lastUpdateTime is the time of the last update to this condition
+
message string
message contains a human readable message with details about the request state
+
reason string
reason indicates a brief reason for the request state
+
status string
status of the condition, one of True, False, Unknown. Approved, Denied, and Failed conditions may not be "False" or "Unknown".
+
type string
type of the condition. Known conditions are "Approved", "Denied", and "Failed". An "Approved" condition is added via the /approval subresource, indicating the request was approved and should be issued by the signer. A "Denied" condition is added via the /approval subresource, indicating the request was denied and should not be issued by the signer. A "Failed" condition is added via the /status subresource, indicating the signer failed to issue the certificate. Approved and Denied conditions are mutually exclusive. Approved, Denied, and Failed conditions cannot be removed once added. Only one condition of a given type is allowed.
+
+
+
CinderPersistentVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
CinderPersistentVolumeSource
+
+
+
Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
readOnly boolean
Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
Optional: points to a secret object containing parameters used to connect to OpenStack.
+
volumeID string
volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
+
+
CinderVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
CinderVolumeSource
+
+
+
Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
readOnly boolean
Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+
message string
message is a human readable message indicating details about the transition. This may be an empty string.
+
observedGeneration integer
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+
reason string
reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+
status string
status of the condition, one of True, False, Unknown.
+
type string
type of condition in CamelCase or in foo.example.com/CamelCase.
+
+
+
ConfigMapEnvSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
ConfigMapEnvSource
+
+
+
ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
+
+The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
optional boolean
Specify whether the ConfigMap or its key must be defined
+
+
+
ConfigMapNodeConfigSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
ConfigMapNodeConfigSource
+
+
+
ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.
+
name string
Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.
+
namespace string
Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.
+
resourceVersion string
ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.
+
uid string
UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.
+
+
+
ConfigMapProjection v1 core
+
+
Group
Version
Kind
+
+
core
v1
ConfigMapProjection
+
+
+
Adapts a ConfigMap into a projected volume.
+
+The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
name string
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
optional boolean
Specify whether the ConfigMap or its keys must be defined
+
+
+
ConfigMapVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
ConfigMapVolumeSource
+
+
+
Adapts a ConfigMap into a volume.
+
+The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.
Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
name string
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
optional boolean
Specify whether the ConfigMap or its keys must be defined
Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
+
hostIP string
What host IP to bind the external port to.
+
hostPort integer
Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
+
name string
If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
+
protocol string
Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
+
+
+
ContainerResourceMetricSource v2beta2 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta2
ContainerResourceMetricSource
+
+
+
ContainerResourceMetricSource indicates how to scale on a resource metric known to Kubernetes, as specified in requests and limits, describing each pod in the current scale target (e.g. CPU or memory). The values will be averaged together before being compared to the target. Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source. Only one "target" type should be set.
+
Other API versions of this object exist:
+v2beta1
+
target specifies the target value for the given metric
+
+
+
ContainerResourceMetricStatus v2beta2 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta2
ContainerResourceMetricStatus
+
+
+
ContainerResourceMetricStatus indicates the current value of a resource metric known to Kubernetes, as specified in requests and limits, describing a single container in each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+
Other API versions of this object exist:
+v2beta1
+
current contains the current value for the given metric
+
name string
Name is the name of the resource in question.
+
+
+
ContainerState v1 core
+
+
Group
Version
Kind
+
+
core
v1
ContainerState
+
+
+
ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.
description is a human readable description of this column.
+
format string
format is an optional OpenAPI type definition for this column. The 'name' format is applied to the primary identifier column to assist in clients identifying column is the resource name. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
+
jsonPath string
jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against each custom resource to produce the value for this column.
+
name string
name is a human readable name for the column.
+
priority integer
priority is an integer defining the relative importance of this column compared to others. Lower numbers are considered higher priority. Columns that may be omitted in limited space scenarios should be given a priority greater than 0.
+
type string
type is an OpenAPI type definition for this column. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.
+
+
+
CustomResourceConversion v1 apiextensions.k8s.io
+
+
Group
Version
Kind
+
+
apiextensions.k8s.io
v1
CustomResourceConversion
+
+
+
CustomResourceConversion describes how to convert different versions of a CR.
strategy specifies how custom resources are converted between versions. Allowed values are: - `None`: The converter only change the apiVersion and would not touch any other field in the custom resource. - `Webhook`: API Server will call to an external webhook to do the conversion. Additional information is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set.
categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). This is published in API discovery documents, and used by clients to support invocations like `kubectl get all`.
+
kind string
kind is the serialized kind of the resource. It is normally CamelCase and singular. Custom resource instances will use this value as the `kind` attribute in API calls.
+
listKind string
listKind is the serialized kind of the list for this resource. Defaults to "`kind`List".
+
plural string
plural is the plural name of the resource to serve. The custom resources are served under `/apis/<group>/<version>/.../<plural>`. Must match the name of the CustomResourceDefinition (in the form `<names.plural>.<group>`). Must be all lowercase.
+
shortNames string array
shortNames are short names for the resource, exposed in API discovery documents, and used by clients to support invocations like `kubectl get <shortname>`. It must be all lowercase.
+
singular string
singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`.
additionalPrinterColumns specifies additional columns returned in Table output. See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details. If no columns are specified, a single column displaying the age of the custom resource is used.
+
deprecated boolean
deprecated indicates this version of the custom resource API is deprecated. When set to true, API requests to this version receive a warning header in the server response. Defaults to false.
+
deprecationWarning string
deprecationWarning overrides the default warning returned to API clients. May only be set when `deprecated` is true. The default warning indicates this version is deprecated and recommends use of the newest served version of equal or greater stability, if one exists.
+
name string
name is the version name, e.g. “v1”, “v2beta1”, etc. The custom resources are served under this version at `/apis/<group>/<version>/...` if `served` is true.
labelSelectorPath defines the JSON path inside of a custom resource that corresponds to Scale `status.selector`. Only JSON paths without the array notation are allowed. Must be a JSON Path under `.status` or `.spec`. Must be set to work with HorizontalPodAutoscaler. The field pointed by this JSON path must be a string field (not a complex selector struct) which contains a serialized label selector in string form. More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource If there is no value under the given path in the custom resource, the `status.selector` value in the `/scale` subresource will default to the empty string.
+
specReplicasPath string
specReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `spec.replicas`. Only JSON paths without the array notation are allowed. Must be a JSON Path under `.spec`. If there is no value under the given path in the custom resource, the `/scale` subresource will return an error on GET.
+
statusReplicasPath string
statusReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `status.replicas`. Only JSON paths without the array notation are allowed. Must be a JSON Path under `.status`. If there is no value under the given path in the custom resource, the `status.replicas` value in the `/scale` subresource will default to 0.
CustomResourceSubresourceStatus defines how to serve the status subresource for CustomResources. Status is represented by the `.status` JSON path inside of a CustomResource. When set, * exposes a /status subresource for the custom resource * PUT requests to the /status subresource take a custom resource object, and ignore changes to anything except the status stanza * PUT/POST/PATCH requests to the custom resource ignore changes to the status stanza
status indicates the custom resource should serve a `/status` subresource. When enabled: 1. requests to the custom resource primary endpoint ignore changes to the `status` stanza of the object. 2. requests to the custom resource `/status` subresource ignore changes to anything other than the `status` stanza of the object.
+
+
+
CustomResourceValidation v1 apiextensions.k8s.io
+
+
Group
Version
Kind
+
+
apiextensions.k8s.io
v1
CustomResourceValidation
+
+
+
CustomResourceValidation is a list of validation methods for CustomResources.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
dryRun string array
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds integer
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
orphanDependents boolean
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned.
+
propagationPolicy string
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
+
+
DeploymentCondition v1 apps
+
+
Group
Version
Kind
+
+
apps
v1
DeploymentCondition
+
+
+
DeploymentCondition describes the state of a deployment at a certain point.
A human readable message indicating details about the transition.
+
reason string
The reason for the condition's last transition.
+
status string
Status of the condition, one of True, False, Unknown.
+
type string
Type of deployment condition.
+
+
+
DownwardAPIProjection v1 core
+
+
Group
Version
Kind
+
+
core
v1
DownwardAPIProjection
+
+
+
Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.
Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+
mode integer
Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
path string
Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+
+
+
DownwardAPIVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
DownwardAPIVolumeSource
+
+
+
DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.
Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
What type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir
+
+
+
Endpoint v1 discovery.k8s.io
+
+
Group
Version
Kind
+
+
discovery.k8s.io
v1
Endpoint
+
+
+
Endpoint represents a single logical "backend" implementing a service.
+
Other API versions of this object exist:
+v1beta1
+
addresses of this endpoint. The contents of this field are interpreted according to the corresponding EndpointSlice addressType field. Consumers must handle different types of addresses in the context of their own capabilities. This must contain at least one address but no more than 100.
conditions contains information about the current status of the endpoint.
+
deprecatedTopology object
deprecatedTopology contains topology information part of the v1beta1 API. This field is deprecated, and will be removed when the v1beta1 API is removed (no sooner than kubernetes v1.24). While this field can hold values, it is not writable through the v1 API, and any attempts to write to it will be silently ignored. Topology information can be found in the zone and nodeName fields instead.
hints contains information associated with how an endpoint should be consumed.
+
hostname string
hostname of this endpoint. This field may be used by consumers of endpoints to distinguish endpoints from each other (e.g. in DNS names). Multiple endpoints which use the same hostname should be considered fungible (e.g. multiple A values in DNS). Must be lowercase and pass DNS Label (RFC 1123) validation.
+
nodeName string
nodeName represents the name of the Node hosting this endpoint. This can be used to determine endpoints local to a Node. This field can be enabled with the EndpointSliceNodeName feature gate.
The IP of this endpoint. May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16), or link-local multicast ((224.0.0.0/24). IPv6 is also accepted but not fully supported on all platforms. Also, certain kubernetes components, like kube-proxy, are not IPv6 ready.
+
nodeName string
Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.
ready indicates that this endpoint is prepared to receive traffic, according to whatever system is managing the endpoint. A nil value indicates an unknown state. In most cases consumers should interpret this unknown state as ready. For compatibility reasons, ready should never be "true" for terminating endpoints.
+
serving boolean
serving is identical to ready except that it is set regardless of the terminating state of endpoints. This condition should be set to true for a ready endpoint that is terminating. If nil, consumers should defer to the ready condition. This field can be enabled with the EndpointSliceTerminatingCondition feature gate.
+
terminating boolean
terminating indicates that this endpoint is terminating. A nil value indicates an unknown state. Consumers should interpret this unknown state to mean that the endpoint is not terminating. This field can be enabled with the EndpointSliceTerminatingCondition feature gate.
+
+
+
EndpointHints v1 discovery.k8s.io
+
+
Group
Version
Kind
+
+
discovery.k8s.io
v1
EndpointHints
+
+
+
EndpointHints provides hints describing how an endpoint should be consumed.
+
Other API versions of this object exist:
+v1beta1
+
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+
name string
The name of this port. This must match the 'name' field in the corresponding ServicePort. Must be a DNS_LABEL. Optional only if one port is defined.
+
port integer
The port number of the endpoint.
+
protocol string
The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.
+
+
+
EndpointSubset v1 core
+
+
Group
Version
Kind
+
+
core
v1
EndpointSubset
+
+
+
EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:
+ {
+ Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
+ Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
+ }
+The resulting set of endpoints can be viewed as:
+ a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
+ b: [ 10.10.1.1:309, 10.10.2.2:309 ]
IP addresses which offer the related ports that are marked as ready. These endpoints should be considered safe for load balancers and clients to utilize.
IP addresses which offer the related ports but are not currently marked as ready because they have not yet finished starting, have recently failed a readiness check, or have recently failed a liveness check.
Name of the environment variable. Must be a C_IDENTIFIER.
+
value string
Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag.
Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
command string array
Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+
env EnvVar array patch strategy: merge patch merge key: name
List of environment variables to set in the container. Cannot be updated.
List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
+
image string
Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
+
imagePullPolicy string
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
+
stdinOnce boolean
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
+
targetContainerName string
If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.
+
terminationMessagePath string
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
+
terminationMessagePolicy string
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
+
tty boolean
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
Pod volumes to mount into the container's filesystem. Cannot be updated.
+
workingDir string
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
+
+
+
EphemeralVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
EphemeralVolumeSource
+
+
+
Represents an ephemeral volume that is handled by a normal storage driver.
Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. Required, must not be nil.
+
+
+
EventSeries v1 events.k8s.io
+
+
Group
Version
Kind
+
+
events.k8s.io
v1
EventSeries
+
+
+
EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time. How often to update the EventSeries is up to the event reporters. The default event reporter in "k8s.io/client-go/tools/events/event_broadcaster.go" shows how this struct is updated on heartbeats and can guide customized reporter implementations.
+
Other API versions of this object exist:
+v1beta1
+
Eviction evicts a pod from its node subject to certain policies and safety constraints. This is a subresource of Pod. A request to cause such an eviction is created by POSTing to .../pods/<pod name>/evictions.
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+
+
+
ExternalDocumentation v1 apiextensions.k8s.io
+
+
Group
Version
Kind
+
+
apiextensions.k8s.io
v1
ExternalDocumentation
+
+
+
ExternalDocumentation allows referencing an external resource for extended documentation.
ExternalMetricSource indicates how to scale on a metric not associated with any Kubernetes object (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster).
+
Other API versions of this object exist:
+v2beta1
+
metric identifies the target metric by name and selector
+
+
+
FCVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
FCVolumeSource
+
+
+
Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
lun integer
Optional: FC target lun number
+
readOnly boolean
Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
targetWWNs string array
Optional: FC target worldwide names (WWNs)
+
wwids string array
Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+
+
+
FSGroupStrategyOptions v1beta1 policy
+
+
Group
Version
Kind
+
+
policy
v1beta1
FSGroupStrategyOptions
+
+
+
FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
+
rule string
rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
+
+
+
FieldsV1 v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
FieldsV1
+
+
+
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.
+
+Each key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:<name>', where <name> is the name of a field in a struct, or key in a map 'v:<value>', where <value> is the exact json formatted value of a list item 'i:<index>', where <index> is position of a item in a list 'k:<keys>', where <keys> is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.
+
+The exact format is defined in sigs.k8s.io/structured-merge-diff
Driver is the name of the driver to use for this volume.
+
fsType string
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+
options object
Optional: Extra command options if any.
+
readOnly boolean
Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+
+
+
FlexVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
FlexVolumeSource
+
+
+
FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
Driver is the name of the driver to use for this volume.
+
fsType string
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+
options object
Optional: Extra command options if any.
+
readOnly boolean
Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.
+
+
+
FlockerVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
FlockerVolumeSource
+
+
+
Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.
Represents a Persistent Disk resource in Google Compute Engine.
+
+A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.
Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
partition integer
The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
pdName string
Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
readOnly boolean
ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+
+
GitRepoVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
GitRepoVolumeSource
+
+
+
Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.
+
+DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
+
repository string
Repository URL
+
revision string
Commit hash for the specified revision.
+
+
+
GlusterfsPersistentVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
GlusterfsPersistentVolumeSource
+
+
+
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.
EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
endpointsNamespace string
EndpointsNamespace is the namespace that contains Glusterfs endpoint. If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
path string
Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
readOnly boolean
ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+
+
GlusterfsVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
GlusterfsVolumeSource
+
+
+
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.
EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
path string
Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
readOnly boolean
ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+
+
+
GroupSubject v1beta1 flowcontrol.apiserver.k8s.io
+
+
Group
Version
Kind
+
+
flowcontrol.apiserver.k8s.io
v1beta1
GroupSubject
+
+
+
GroupSubject holds detailed information for group-kind subject.
name is the user group that matches, or "*" to match all user groups. See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some well-known group names. Required.
+
+
+
GroupVersionForDiscovery v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
GroupVersionForDiscovery
+
+
+
GroupVersion contains the "group/version" and "version" string of a version. It is made a struct to keep extensibility.
PeriodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
+
type string
Type is used to specify the scaling policy.
+
value integer
Value contains the amount of change which is permitted by the policy. It must be greater than zero
+
+
+
HPAScalingRules v2beta2 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta2
HPAScalingRules
+
+
+
HPAScalingRules configures the scaling behavior for one direction. These Rules are applied after calculating DesiredReplicas from metrics for the HPA. They can limit the scaling velocity by specifying scaling policies. They can prevent flapping by specifying the stabilization window, so that the number of replicas is not set instantly, instead, the safest value from the stabilization window is chosen.
policies is a list of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
+
selectPolicy string
selectPolicy is used to specify which policy should be used. If not set, the default value MaxPolicySelect is used.
+
stabilizationWindowSeconds integer
StabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). If not set, use the default values: - For scale up: 0 (i.e. no stabilization is done). - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
+
+
+
HTTPGetAction v1 core
+
+
Group
Version
Kind
+
+
core
v1
HTTPGetAction
+
+
+
HTTPGetAction describes an action based on HTTP Get requests.
Backend defines the referenced service endpoint to which the traffic will be forwarded to.
+
path string
Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix".
+
pathType string
PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is done on a path element by element basis. A path element refers is the list of labels in the path split by the '/' separator. A request is a match for path p if every p is an element-wise prefix of p of the request path. Note that if the last element of the path is a substring of the last element in request path, it is not a match (e.g. /foo/bar matches /foo/bar/baz, but does not match /foo/barbaz). * ImplementationSpecific: Interpretation of the Path matching is up to the IngressClass. Implementations can treat this as a separate PathType or treat it identically to Prefix or Exact path types. Implementations are required to support all path types.
+
+
+
HTTPIngressRuleValue v1 networking.k8s.io
+
+
Group
Version
Kind
+
+
networking.k8s.io
v1
HTTPIngressRuleValue
+
+
+
HTTPIngressRuleValue is a list of http selectors pointing to backends. In the example: http://<host>/<path>?<searchpart> -> backend where where parts of the url correspond to RFC 3986, this resource will be used to match against everything after the last '/' and before the first '?' or '#'.
HorizontalPodAutoscalerBehavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively).
scaleDown is scaling policy for scaling Down. If not set, the default value is to allow to scale down to minReplicas pods, with a 300 second stabilization window (i.e., the highest recommendation for the last 300sec is used).
scaleUp is scaling policy for scaling Up. If not set, the default value is the higher of: * increase no more than 4 pods per 60 seconds * double the number of pods per 60 seconds No stabilization is used.
Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
type string
Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+
+
+
HostPortRange v1beta1 policy
+
+
Group
Version
Kind
+
+
policy
v1beta1
HostPortRange
+
+
+
HostPortRange defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.
IPBlock describes a particular CIDR (Ex. "192.168.1.1/24","2001:db9::/64") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.
CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64"
+
except string array
Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" Except values will be rejected if they are outside the CIDR range
+
+
+
ISCSIPersistentVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
ISCSIPersistentVolumeSource
+
+
+
ISCSIPersistentVolumeSource represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
whether support iSCSI Discovery CHAP authentication
+
chapAuthSession boolean
whether support iSCSI Session CHAP authentication
+
fsType string
Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+
initiatorName string
Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
+
iqn string
Target iSCSI Qualified Name.
+
iscsiInterface string
iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
lun integer
iSCSI Target Lun number.
+
portals string array
iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
readOnly boolean
ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
whether support iSCSI Discovery CHAP authentication
+
chapAuthSession boolean
whether support iSCSI Session CHAP authentication
+
fsType string
Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+
initiatorName string
Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
+
iqn string
Target iSCSI Qualified Name.
+
iscsiInterface string
iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
lun integer
iSCSI Target Lun number.
+
portals string array
iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
+
readOnly boolean
ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, a service.Name and service.Port must not be specified. This is a mutually exclusive setting with "Service".
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
kind string
Kind is the type of resource being referenced.
+
name string
Name is the name of resource being referenced.
+
namespace string
Namespace is the namespace of the resource being referenced. This field is required when scope is set to "Namespace" and must be unset when scope is set to "Cluster".
+
scope string
Scope represents if this refers to a cluster or namespace scoped resource. This may be set to "Cluster" (default) or "Namespace". Field can be enabled with IngressClassNamespacedParams feature gate.
+
+
+
IngressRule v1 networking.k8s.io
+
+
Group
Version
Kind
+
+
networking.k8s.io
v1
IngressRule
+
+
+
IngressRule represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching IngressRuleValue.
Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in RFC 3986: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. Host can be "precise" which is a domain name without the terminating dot of a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name prefixed with a single wildcard label (e.g. "*.foo.com"). The wildcard character '\*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). Requests will be matched against the Host field in the following way: 1. If Host is precise, the request matches this rule if the http host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule.
Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.
+
secretName string
SecretName is the name of the secret used to terminate TLS traffic on port 443. Field is left optional to allow TLS routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing.
+
+
+
JSON v1 apiextensions.k8s.io
+
+
Group
Version
Kind
+
+
apiextensions.k8s.io
v1
JSON
+
+
+
JSON represents any valid JSON value. These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil.
default is a default value for undefined object fields. Defaulting is a beta feature under the CustomResourceDefaulting feature gate. Defaulting requires spec.preserveUnknownFields to be false.
format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated: - bsonobjectid: a bson object ID, i.e. a 24 characters hex string - uri: an URI as parsed by Golang net/url.ParseRequestURI - email: an email address as parsed by Golang net/mail.ParseAddress - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. - ipv4: an IPv4 IP as parsed by Golang net.ParseIP - ipv6: an IPv6 IP as parsed by Golang net.ParseIP - cidr: a CIDR as parsed by Golang net.ParseCIDR - mac: a MAC address as parsed by Golang net.ParseMAC - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041" - isbn10: an ISBN10 number string like "0321751043" - isbn13: an ISBN13 number string like "978-0321751041" - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})$ with any non digit characters mixed in - ssn: a U.S. social security number following the regex ^\d{3}[- ]?\d{2}[- ]?\d{4}$ - hexcolor: an hexadecimal color code like "#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ - rgbcolor: an RGB color code like rgb like "rgb(255,255,2559" - byte: base64 encoded binary data - password: any kind of string - date: a date string like "2006-01-02" as defined by full-date in RFC3339 - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339.
x-kubernetes-embedded-resource defines that the value is an embedded Kubernetes runtime.Object, with TypeMeta and ObjectMeta. The type must be object. It is allowed to further restrict the embedded object. kind, apiVersion and metadata are validated automatically. x-kubernetes-preserve-unknown-fields is allowed to be true, but does not have to be if the object is fully specified (up to kind, apiVersion, metadata).
+
x-kubernetes-int-or-string boolean
x-kubernetes-int-or-string specifies that this value is either an integer or a string. If this is true, an empty type is allowed and type as child of anyOf is permitted if following one of the following patterns: 1) anyOf: - type: integer - type: string 2) allOf: - anyOf: - type: integer - type: string - ... zero or more
+
x-kubernetes-list-map-keys string array
x-kubernetes-list-map-keys annotates an array with the x-kubernetes-list-type `map` by specifying the keys used as the index of the map. This tag MUST only be used on lists that have the "x-kubernetes-list-type" extension set to "map". Also, the values specified for this attribute must be a scalar typed field of the child structure (no nesting is supported). The properties specified must either be required or have a default value, to ensure those properties are present for all list items.
+
x-kubernetes-list-type string
x-kubernetes-list-type annotates an array to further describe its topology. This extension must only be used on lists and may have 3 possible values: 1) `atomic`: the list is treated as a single entity, like a scalar. Atomic lists will be entirely replaced when updated. This extension may be used on any type of list (struct, scalar, ...). 2) `set`: Sets are lists that must not have multiple items with the same value. Each value must be a scalar, an object with x-kubernetes-map-type `atomic` or an array with x-kubernetes-list-type `atomic`. 3) `map`: These lists are like maps in that their elements have a non-index key used to identify them. Order is preserved upon merge. The map tag must only be used on a list with elements of type object. Defaults to atomic for arrays.
+
x-kubernetes-map-type string
x-kubernetes-map-type annotates an object to further describe its topology. This extension must only be used when type is object and may have 2 possible values: 1) `granular`: These maps are actual maps (key-value pairs) and each fields are independent from each other (they can each be manipulated by separate actors). This is the default behaviour for all maps. 2) `atomic`: the list is treated as a single entity, like a scalar. Atomic maps will be entirely replaced when updated.
+
x-kubernetes-preserve-unknown-fields boolean
x-kubernetes-preserve-unknown-fields stops the API server decoding step from pruning fields which are not specified in the validation schema. This affects fields recursively, but switches back to normal pruning behaviour if nested properties or additionalProperties are specified in the schema. This can either be true or undefined. False is forbidden.
+
+
+
JSONSchemaPropsOrArray v1 apiextensions.k8s.io
+
+
Group
Version
Kind
+
+
apiextensions.k8s.io
v1
JSONSchemaPropsOrArray
+
+
+
JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps or an array of JSONSchemaProps. Mainly here for serialization purposes.
Standard object's metadata of the jobs created from this template. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Specification of the desired behavior of the job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
+
path string
The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
+
+
+
LabelSelector v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
LabelSelector
+
+
+
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions is a list of label selector requirements. The requirements are ANDed.
+
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+
+
+
LabelSelectorRequirement v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
LabelSelectorRequirement
+
+
+
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
key is the label key that the selector applies to.
+
operator string
operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+
values string array
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+
+
Lifecycle v1 core
+
+
Group
Version
Kind
+
+
core
v1
Lifecycle
+
+
+
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+
+
+
LimitRangeItem v1 core
+
+
Group
Version
Kind
+
+
core
v1
LimitRangeItem
+
+
+
LimitRangeItem defines a min/max usage limit for any resource that matches on kind.
Default resource requirement limit value by resource name if resource limit is omitted.
+
defaultRequest object
DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.
+
max object
Max usage constraints on this kind by resource name.
+
maxLimitRequestRatio object
MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.
+
min object
Min usage constraints on this kind by resource name.
`queuing` holds the configuration parameters for queuing. This field may be non-empty only if `type` is `"Queue"`.
+
type string
`type` is "Queue" or "Reject". "Queue" means that requests that can not be executed upon arrival are held in a queue until they can be executed or a queuing limit is reached. "Reject" means that requests that can not be executed upon arrival are rejected. Required.
LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues:
+ * How are requests for this priority level limited?
+ * What should be done with requests that exceed the limit?
`assuredConcurrencyShares` (ACS) configures the execution limit, which is a limit on the number of requests of this priority level that may be exeucting at a given time. ACS must be a positive number. The server's concurrency limit (SCL) is divided among the concurrency-controlled priority levels in proportion to their assured concurrency shares. This produces the assured concurrency value (ACV) --- the number of requests that may be executing at a time --- for each such priority level: ACV(l) = ceil( SCL * ACS(l) / ( sum[priority levels k] ACS(k) ) ) bigger numbers of ACS mean more reserved concurrent requests (at the expense of every other PL). This field has a default value of 30.
`limitResponse` indicates what to do with requests that can not be executed right now
+
+
+
ListMeta v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
ListMeta
+
+
+
ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.
+
remainingItemCount integer
remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.
+
resourceVersion string
String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
selfLink string
selfLink is a URL representing this object. Populated by the system. Read-only. DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+
+
+
LoadBalancerIngress v1 core
+
+
Group
Version
Kind
+
+
core
v1
LoadBalancerIngress
+
+
+
LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.
Filesystem type to mount. It applies only when the Path is a block device. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a fileystem if unspecified.
+
path string
The full path to the volume on the node. It can be either a directory or block device (disk, partition, ...).
+
+
+
ManagedFieldsEntry v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
ManagedFieldsEntry
+
+
+
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.
APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.
+
fieldsType string
FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"
FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.
+
manager string
Manager is an identifier of the workflow managing these fields.
+
operation string
Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.
+
subresource string
Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.
selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics.
+
+
+
MetricSpec v2beta2 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta2
MetricSpec
+
+
+
MetricSpec specifies how to scale based on a single metric (only `type` and one other matching field should be set at once).
+
Other API versions of this object exist:
+v2beta1
+
container resource refers to a resource metric (such as those specified in requests and limits) known to Kubernetes describing a single container in each pod of the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source. This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag.
external refers to a global metric that is not associated with any Kubernetes object. It allows autoscaling based on information coming from components running outside of cluster (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster).
pods refers to a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.
resource refers to a resource metric (such as those specified in requests and limits) known to Kubernetes describing each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+
type string
type is the type of metric source. It should be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object. Note: "ContainerResource" type is available on when the feature-gate HPAContainerMetrics is enabled
+
+
+
MetricStatus v2beta2 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta2
MetricStatus
+
+
+
MetricStatus describes the last-read state of a single metric.
+
Other API versions of this object exist:
+v2beta1
+
container resource refers to a resource metric (such as those specified in requests and limits) known to Kubernetes describing a single container in each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
external refers to a global metric that is not associated with any Kubernetes object. It allows autoscaling based on information coming from components running outside of cluster (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster).
pods refers to a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.
resource refers to a resource metric (such as those specified in requests and limits) known to Kubernetes describing each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+
type string
type is the type of metric source. It will be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each corresponds to a matching field in the object. Note: "ContainerResource" type is available on when the feature-gate HPAContainerMetrics is enabled
+
+
+
MetricTarget v2beta2 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta2
MetricTarget
+
+
+
MetricTarget defines the target value, average value, or average utilization of a specific metric
averageUtilization is the target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. Currently only valid for Resource metric source type
currentAverageUtilization is the current value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.
AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
ClientConfig defines how to communicate with the hook. Required
+
failurePolicy string
FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
+
matchPolicy string
matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent". - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. Defaults to "Equivalent"
+
name string
The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook. For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "runlevel", "operator": "NotIn", "values": [ "0", "1" ] } ] } If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "environment", "operator": "In", "values": [ "prod", "staging" ] } ] } See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors. Default to the empty LabelSelector, which matches everything.
ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
+
reinvocationPolicy string
reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded". Never: the webhook will not be called more than once in a single admission evaluation. IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead. Defaults to "Never".
Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
+
sideEffects string
SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
+
timeoutSeconds integer
TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
+
+
+
NFSVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
NFSVolumeSource
+
+
+
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.
Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
readOnly boolean
ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
server string
Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+
+
+
NamespaceCondition v1 core
+
+
Group
Version
Kind
+
+
core
v1
NamespaceCondition
+
+
+
NamespaceCondition contains details about state of namespace.
Status of the condition, one of True, False, Unknown.
+
type string
Type of namespace controller condition.
+
+
+
NetworkPolicyEgressRule v1 networking.k8s.io
+
+
Group
Version
Kind
+
+
networking.k8s.io
v1
NetworkPolicyEgressRule
+
+
+
NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. This type is beta-level in 1.8
List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.
+
+
+
NetworkPolicyIngressRule v1 networking.k8s.io
+
+
Group
Version
Kind
+
+
networking.k8s.io
v1
NetworkPolicyIngressRule
+
+
+
NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from.
List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.
List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
+
+
+
NetworkPolicyPeer v1 networking.k8s.io
+
+
Group
Version
Kind
+
+
networking.k8s.io
v1
NetworkPolicyPeer
+
+
+
NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of fields are allowed
Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. If PodSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.
This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods. If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.
+
+
+
NetworkPolicyPort v1 networking.k8s.io
+
+
Group
Version
Kind
+
+
networking.k8s.io
v1
NetworkPolicyPort
+
+
+
NetworkPolicyPort describes a port to allow traffic on
If set, indicates that the range of ports from port to endPort, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. This feature is in Beta state and is enabled by default. It can be disabled using the Feature Gate "NetworkPolicyEndPort".
+
port
The port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.
+
protocol string
The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.
+
+
+
NodeAddress v1 core
+
+
Group
Version
Kind
+
+
core
v1
NodeAddress
+
+
+
NodeAddress contains information for the node's address.
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+
+
+
NodeCondition v1 core
+
+
Group
Version
Kind
+
+
core
v1
NodeCondition
+
+
+
NodeCondition contains condition information for a node.
Last time the condition transit from one status to another.
+
message string
Human readable message indicating details about last transition.
+
reason string
(brief) reason for the condition's last transition.
+
status string
Status of the condition, one of True, False, Unknown.
+
type string
Type of node condition.
+
+
+
NodeConfigSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
NodeConfigSource
+
+
+
NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22
Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error.
Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned.
+
error string
Error describes any problems reconciling the Spec.ConfigSource to the Active config. Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting to load or validate the Assigned config, etc. Errors may occur at different points while syncing config. Earlier errors (e.g. download or checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error by fixing the config assigned in Spec.ConfigSource. You can find additional information for debugging by searching the error message in the Kubelet log. Error is a human-readable description of the error state; machines can check whether or not Error is empty, but should not rely on the stability of the Error text across Kubelet versions.
LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future.
+
+
+
NodeDaemonEndpoints v1 core
+
+
Group
Version
Kind
+
+
core
v1
NodeDaemonEndpoints
+
+
+
NodeDaemonEndpoints lists ports opened by daemons running on the Node.
A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+
values string array
An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+
+
+
NodeSelectorTerm v1 core
+
+
Group
Version
Kind
+
+
core
v1
NodeSelectorTerm
+
+
+
A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
ContainerRuntime Version reported by the node through runtime remote API (e.g. docker://1.5.0).
+
kernelVersion string
Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
+
kubeProxyVersion string
KubeProxy Version reported by the node.
+
kubeletVersion string
Kubelet Version reported by the node.
+
machineID string
MachineID reported by the node. For unique machine identification in the cluster this field is preferred. Learn more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html
+
operatingSystem string
The Operating System reported by the node
+
osImage string
OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
+
systemUUID string
SystemUUID reported by the node. For unique machine identification MachineID is preferred. This field is specific to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
+
+
+
NonResourceAttributes v1 authorization.k8s.io
+
+
Group
Version
Kind
+
+
authorization.k8s.io
v1
NonResourceAttributes
+
+
+
NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the target non-resource URL. A NonResourcePolicyRule matches a request if and only if both (a) at least one member of verbs matches the request and (b) at least one member of nonResourceURLs matches the request.
`nonResourceURLs` is a set of url prefixes that a user should have access to and may not be empty. For example: - "/healthz" is legal - "/hea*" is illegal - "/hea" is legal but matches nothing - "/hea/*" also matches nothing - "/healthz/*" matches all per-component health checks. "*" matches all non-resource urls. if it is present, it must be the only entry. Required.
+
verbs string array
`verbs` is a list of matching verbs and may not be empty. "*" matches all verbs. If it is present, it must be the only entry. Required.
+
+
+
NonResourceRule v1 authorization.k8s.io
+
+
Group
Version
Kind
+
+
authorization.k8s.io
v1
NonResourceRule
+
+
+
NonResourceRule holds information that describes a rule for the non-resource
NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path. "*" means all.
+
verbs string array
Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.
+
+
+
ObjectFieldSelector v1 core
+
+
Group
Version
Kind
+
+
core
v1
ObjectFieldSelector
+
+
+
ObjectFieldSelector selects an APIVersioned field of an object.
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+
clusterName string
The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
deletionGracePeriodSeconds integer
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
finalizers string array patch strategy: merge
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
+
generateName string
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
+
generation integer
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
+
labels object
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
+
name string
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+
namespace string
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
+
resourceVersion string
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
selfLink string
SelfLink is a URL representing this object. Populated by the system. Read-only. DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+
uid string
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+
+
+
ObjectMetricSource v2beta2 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta2
ObjectMetricSource
+
+
+
ObjectMetricSource indicates how to scale on a metric describing a kubernetes object (for example, hits-per-second on an Ingress object).
+
Other API versions of this object exist:
+v2beta1
+
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
+
kind string
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
name string
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
namespace string
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
resourceVersion string
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+
uid string
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+
+
+
Overhead v1 node.k8s.io
+
+
Group
Version
Kind
+
+
node.k8s.io
v1
Overhead
+
+
+
Overhead structure represents the resource overhead associated with running a pod.
+
Other API versions of this object exist:
+v1beta1
+v1alpha1
+
PodFixed represents the fixed resource overhead associated with running a pod.
+
+
+
OwnerReference v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
OwnerReference
+
+
+
OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.
If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.
+
controller boolean
If true, this reference points to the managing controller.
+
kind string
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
name string
Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+
uid string
UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+
+
+
Patch v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
Patch
+
+
+
Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.
+
+
Field
Description
+
+
+
+
PersistentVolumeClaimCondition v1 core
+
+
Group
Version
Kind
+
+
core
v1
PersistentVolumeClaimCondition
+
+
+
PersistentVolumeClaimCondition contails details about state of pvc
Last time the condition transitioned from one status to another.
+
message string
Human-readable message indicating details about last transition.
+
reason string
Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized.
+
status string
+
type string
+
+
+
PersistentVolumeClaimTemplate v1 core
+
+
Group
Version
Kind
+
+
core
v1
PersistentVolumeClaimTemplate
+
+
+
PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
+
+
+
PersistentVolumeClaimVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
PersistentVolumeClaimVolumeSource
+
+
+
PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).
ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+
readOnly boolean
Will force the ReadOnly setting in VolumeMounts. Default false.
+
+
+
PhotonPersistentDiskVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
PhotonPersistentDiskVolumeSource
+
+
+
Represents a Photon Controller persistent disk resource.
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
pdID string
ID that identifies Photon Controller persistent disk
+
+
+
PodAffinity v1 core
+
+
Group
Version
Kind
+
+
core
v1
PodAffinity
+
+
+
Pod affinity is a group of inter pod affinity scheduling rules.
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+
+
+
PodAffinityTerm v1 core
+
+
Group
Version
Kind
+
+
core
v1
PodAffinityTerm
+
+
+
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.
+
namespaces string array
namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace"
+
topologyKey string
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+
+
+
PodAntiAffinity v1 core
+
+
Group
Version
Kind
+
+
core
v1
PodAntiAffinity
+
+
+
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+
+
+
PodCondition v1 core
+
+
Group
Version
Kind
+
+
core
v1
PodCondition
+
+
+
PodCondition contains details for the current condition of this pod.
Last time the condition transitioned from one status to another.
+
message string
Human-readable message indicating details about last transition.
+
reason string
Unique, one-word, CamelCase reason for the condition's last transition.
+
status string
Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
+
type string
Type is the type of the condition. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
+
+
+
PodDNSConfig v1 core
+
+
Group
Version
Kind
+
+
core
v1
PodDNSConfig
+
+
+
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
+
searches string array
A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
+
+
+
PodDNSConfigOption v1 core
+
+
Group
Version
Kind
+
+
core
v1
PodDNSConfigOption
+
+
+
PodDNSConfigOption defines DNS resolver options of a pod.
IP address information for entries in the (plural) PodIPs field. Each entry includes:
+ IP: An IP address allocated to the pod. Routable at least within the cluster.
ConditionType refers to a condition in the pod's condition list with matching type.
+
+
+
PodSecurityContext v1 core
+
+
Group
Version
Kind
+
+
core
v1
PodSecurityContext
+
+
+
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume.
+
fsGroupChangePolicy string
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+
runAsGroup integer
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
+
runAsNonRoot boolean
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
runAsUser integer
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.
The seccomp options to use by the containers in this pod.
+
supplementalGroups integer array
A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.
The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+
+
PodsMetricSource v2beta2 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta2
PodsMetricSource
+
+
+
PodsMetricSource indicates how to scale on a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.
+
Other API versions of this object exist:
+v2beta1
+
target specifies the target value for the given metric
+
+
+
PodsMetricStatus v2beta2 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta2
PodsMetricStatus
+
+
+
PodsMetricStatus indicates the current value of a metric describing each pod in the current scale target (for example, transactions-processed-per-second).
+
Other API versions of this object exist:
+v2beta1
+
metric identifies the target metric by name and selector
+
+
+
PolicyRule v1 rbac.authorization.k8s.io
+
+
Group
Version
Kind
+
+
rbac.authorization.k8s.io
v1
PolicyRule
+
+
+
PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
+
Other API versions of this object exist:
+v1alpha1
+
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
+
nonResourceURLs string array
NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
+
resourceNames string array
ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
+
resources string array
Resources is a list of resources this rule applies to. '\*' represents all resources.
+
verbs string array
Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. '\*' represents all verbs.
PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request.
`resourceRules` is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of `resourceRules` and `nonResourceRules` has to be non-empty.
subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required.
Error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase.
+
port integer
Port is the port number of the service port of which status is recorded here
+
protocol string
Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP"
+
+
+
PortworxVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
PortworxVolumeSource
+
+
+
PortworxVolumeSource represents a Portworx volume resource.
FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+
readOnly boolean
Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
volumeID string
VolumeID uniquely identifies a Portworx volume
+
+
+
Preconditions v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
Preconditions
+
+
+
Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.
An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
periodSeconds integer
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
+
successThreshold integer
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported
+
terminationGracePeriodSeconds integer
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
timeoutSeconds integer
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.
+
+The serialization format is:
+
+<quantity> ::= <signedNumber><suffix>
+ (Note that <suffix> may be empty, from the "" case in <decimalSI>.)
+<digit> ::= 0 | 1 | ... | 9 <digits> ::= <digit> | <digit><digits> <number> ::= <digits> | <digits>.<digits> | <digits>. | .<digits> <sign> ::= "+" | "-" <signedNumber> ::= <number> | <sign><number> <suffix> ::= <binarySI> | <decimalExponent> | <decimalSI> <binarySI> ::= Ki | Mi | Gi | Ti | Pi | Ei
+ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)
+<decimalSI> ::= m | "" | k | M | G | T | P | E
+ (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
+<decimalExponent> ::= "e" <signedNumber> | "E" <signedNumber>
+
+No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.
+
+When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.
+
+Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:
+ a. No precision is lost
+ b. No fractional digits will be emitted
+ c. The exponent (or suffix) is as large as possible.
+The sign will be omitted unless the number is negative.
+
+Examples:
+ 1.5 will be serialized as "1500m"
+ 1.5Gi will be serialized as "1536Mi"
+
+Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.
+
+Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)
+
+This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.
`handSize` is a small positive number that configures the shuffle sharding of requests into queues. When enqueuing a request at this priority level the request's flow identifier (a string pair) is hashed and the hash value is used to shuffle the list of queues and deal a hand of the size specified here. The request is put into one of the shortest queues in that hand. `handSize` must be no larger than `queues`, and should be significantly smaller (so that a few heavy flows do not saturate most of the queues). See the user-facing documentation for more extensive guidance on setting this field. This field has a default value of 8.
+
queueLengthLimit integer
`queueLengthLimit` is the maximum number of requests allowed to be waiting in a given queue of this priority level at a time; excess requests are rejected. This value must be positive. If not specified, it will be defaulted to 50.
+
queues integer
`queues` is the number of queues for this priority level. The queues exist independently at each apiserver. The value must be positive. Setting it to 1 effectively precludes shufflesharding and thus makes the distinguisher method of associated flow schemas irrelevant. This field has a default value of 64.
+
+
+
QuobyteVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
QuobyteVolumeSource
+
+
+
Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.
ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
+
registry string
Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
+
tenant string
Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+
user string
User to map volume access to Defaults to serivceaccount user
+
volume string
Volume is a string that references an already created Quobyte volume by name.
+
+
+
RBDPersistentVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
RBDPersistentVolumeSource
+
+
+
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.
Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+
image string
The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
keyring string
Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
monitors string array
A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
pool string
The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
readOnly boolean
ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
user string
The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+
+
RBDVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
RBDVolumeSource
+
+
+
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.
Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+
image string
The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
keyring string
Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
monitors string array
A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
pool string
The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
readOnly boolean
ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
user string
The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+
+
ReplicaSetCondition v1 apps
+
+
Group
Version
Kind
+
+
apps
v1
ReplicaSetCondition
+
+
+
ReplicaSetCondition describes the state of a replica set at a certain point.
Group is the API Group of the Resource. "*" means all.
+
name string
Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
+
namespace string
Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
+
resource string
Resource is one of the existing resource types. "*" means all.
+
subresource string
Subresource is one of the existing resource types. "" means none.
+
verb string
Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.
+
version string
Version is the API Version of the Resource. "*" means all.
+
+
+
ResourceFieldSelector v1 core
+
+
Group
Version
Kind
+
+
core
v1
ResourceFieldSelector
+
+
+
ResourceFieldSelector represents container resources (cpu, memory) and their output format
Specifies the output format of the exposed resources, defaults to "1"
+
resource string
Required: resource to select
+
+
+
ResourceMetricSource v2beta2 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta2
ResourceMetricSource
+
+
+
ResourceMetricSource indicates how to scale on a resource metric known to Kubernetes, as specified in requests and limits, describing each pod in the current scale target (e.g. CPU or memory). The values will be averaged together before being compared to the target. Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source. Only one "target" type should be set.
+
Other API versions of this object exist:
+v2beta1
+
target specifies the target value for the given metric
+
+
+
ResourceMetricStatus v2beta2 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta2
ResourceMetricStatus
+
+
+
ResourceMetricStatus indicates the current value of a resource metric known to Kubernetes, as specified in requests and limits, describing each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+
Other API versions of this object exist:
+v2beta1
+
ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) least one member of namespaces matches the request.
`apiGroups` is a list of matching API groups and may not be empty. "*" matches all API groups and, if present, must be the only entry. Required.
+
clusterScope boolean
`clusterScope` indicates whether to match requests that do not specify a namespace (which happens either because the resource is not namespaced or the request targets all namespaces). If this field is omitted or false then the `namespaces` field must contain a non-empty list.
+
namespaces string array
`namespaces` is a list of target namespaces that restricts matches. A request that specifies a target namespace matches only if either (a) this list contains that target namespace or (b) this list contains "*". Note that "*" matches any specified namespace but does not match a request that _does not specify_ a namespace (see the `clusterScope` field for that). This list may be empty, but only if `clusterScope` is true.
+
resources string array
`resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource. For example, [ "services", "nodes/status" ]. This list may not be empty. "*" matches all resources and, if present, must be the only entry. Required.
+
verbs string array
`verbs` is a list of matching verbs and may not be empty. "*" matches all verbs and, if present, must be the only entry. Required.
+
+
+
ResourceRequirements v1 core
+
+
Group
Version
Kind
+
+
core
v1
ResourceRequirements
+
+
+
ResourceRequirements describes the compute resource requirements.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
requests object
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+
+
+
ResourceRule v1 authorization.k8s.io
+
+
Group
Version
Kind
+
+
authorization.k8s.io
v1
ResourceRule
+
+
+
ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "*" means all.
+
resourceNames string array
ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.
+
resources string array
Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups. "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
+
verbs string array
Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.
+
+
+
RoleRef v1 rbac.authorization.k8s.io
+
+
Group
Version
Kind
+
+
rbac.authorization.k8s.io
v1
RoleRef
+
+
+
RoleRef contains information that points to the role being used
+
Other API versions of this object exist:
+v1alpha1
+
APIGroups is the API groups the resources belong to. '\*' is all groups. If '\*' is present, the length of the slice must be one. Required.
+
apiVersions string array
APIVersions is the API versions the resources belong to. '\*' is all versions. If '\*' is present, the length of the slice must be one. Required.
+
operations string array
Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '\*' is present, the length of the slice must be one. Required.
+
resources string array
Resources is a list of resources this rule applies to. For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '\*' means all resources, but not subresources. 'pods/\*' means all subresources of pods. '\*/scale' means all scale subresources. '\*/\*' means all resources and their subresources. If wildcard is present, the validation rule will ensure resources do not overlap with each other. Depending on the enclosing object, subresources might not be allowed. Required.
+
scope string
scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
+
+
+
RunAsGroupStrategyOptions v1beta1 policy
+
+
Group
Version
Kind
+
+
policy
v1beta1
RunAsGroupStrategyOptions
+
+
+
RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
+
rule string
rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
+
+
+
RunAsUserStrategyOptions v1beta1 policy
+
+
Group
Version
Kind
+
+
policy
v1beta1
RunAsUserStrategyOptions
+
+
+
RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
+
rule string
rule is the strategy that will dictate the allowable RunAsUser values that may be set.
+
+
+
RuntimeClassStrategyOptions v1beta1 policy
+
+
Group
Version
Kind
+
+
policy
v1beta1
RuntimeClassStrategyOptions
+
+
+
RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses for a pod.
allowedRuntimeClassNames is an allowlist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
+
defaultRuntimeClassName string
defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
+
+
+
SELinuxOptions v1 core
+
+
Group
Version
Kind
+
+
core
v1
SELinuxOptions
+
+
+
SELinuxOptions are the labels to be applied to the container
seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+
+
+
Scale v1 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v1
Scale
+
+
+
Scale represents a scaling request for a resource.
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only.
+
+
+
ScaleIOPersistentVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
ScaleIOPersistentVolumeSource
+
+
+
ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume
nodeSelector lists labels that must be present on nodes that support this RuntimeClass. Pods using this RuntimeClass can only be scheduled to a node matched by this selector. The RuntimeClass nodeSelector is merged with a pod's existing nodeSelector. Any conflicts will cause the pod to be rejected in admission.
tolerations are appended (excluding duplicates) to pods running with this RuntimeClass during admission, effectively unioning the set of nodes tolerated by the pod and the RuntimeClass.
+
+
+
ScopeSelector v1 core
+
+
Group
Version
Kind
+
+
core
v1
ScopeSelector
+
+
+
A scope selector represents the AND of the selectors represented by the scoped-resource selector requirements.
Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.
+
scopeName string
The name of the scope that the selector applies to.
+
values string array
An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+
+
+
SeccompProfile v1 core
+
+
Group
Version
Kind
+
+
core
v1
SeccompProfile
+
+
+
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
+
type string
type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
+
+
+
SecretEnvSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
SecretEnvSource
+
+
+
SecretEnvSource selects a Secret to populate the environment variables with.
+
+The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
The key of the secret to select from. Must be a valid secret key.
+
name string
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
optional boolean
Specify whether the Secret or its key must be defined
+
+
+
SecretProjection v1 core
+
+
Group
Version
Kind
+
+
core
v1
SecretProjection
+
+
+
Adapts a secret into a projected volume.
+
+The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
name string
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
optional boolean
Specify whether the Secret or its key must be defined
+
+
+
SecretReference v1 core
+
+
Group
Version
Kind
+
+
core
v1
SecretReference
+
+
+
SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
Name is unique within a namespace to reference a secret resource.
+
namespace string
Namespace defines the space within which the secret name must be unique.
+
+
+
SecretVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
SecretVolumeSource
+
+
+
Adapts a Secret into a volume.
+
+The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.
Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
+
optional boolean
Specify whether the Secret or its keys must be defined
+
secretName string
Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+
+
+
SecurityContext v1 core
+
+
Group
Version
Kind
+
+
core
v1
SecurityContext
+
+
+
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.
+
privileged boolean
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.
+
procMount string
procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.
+
readOnlyRootFilesystem boolean
Whether this container has a read-only root filesystem. Default is false.
+
runAsGroup integer
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
runAsNonRoot boolean
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
runAsUser integer
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options.
The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+
+
ServerAddressByClientCIDR v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
ServerAddressByClientCIDR
+
+
+
ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match.
`name` is the name of matching ServiceAccount objects, or "*" to match regardless of name. Required.
+
namespace string
`namespace` is the namespace of matching ServiceAccount objects. Required.
+
+
+
ServiceAccountTokenProjection v1 core
+
+
Group
Version
Kind
+
+
core
v1
ServiceAccountTokenProjection
+
+
+
ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
+
expirationSeconds integer
ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
+
path string
Path is the path relative to the mount point of the file to project the token into.
+
+
+
ServiceBackendPort v1 networking.k8s.io
+
+
Group
Version
Kind
+
+
networking.k8s.io
v1
ServiceBackendPort
+
+
+
ServiceBackendPort is the service port being referenced.
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+
name string
The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+
nodePort integer
The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+
port integer
The port that will be exposed by this service.
+
protocol string
The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+
targetPort
Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+
+
+
ServiceReference v1 admissionregistration.k8s.io
+
+
Group
Version
Kind
+
+
admissionregistration.k8s.io
v1
ServiceReference
+
+
+
ServiceReference holds a reference to Service.legacy.k8s.io
`namespace` is the namespace of the service. Required
+
path string
`path` is an optional URL path which will be sent in any request to this service.
+
port integer
If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
+
+
+
SessionAffinityConfig v1 core
+
+
Group
Version
Kind
+
+
core
v1
SessionAffinityConfig
+
+
+
SessionAffinityConfig represents the configurations of session affinity.
Last time the condition transitioned from one status to another.
+
message string
A human readable message indicating details about the transition.
+
reason string
The reason for the condition's last transition.
+
status string
Status of the condition, one of True, False, Unknown.
+
type string
Type of statefulset condition.
+
+
+
StatefulSetUpdateStrategy v1 apps
+
+
Group
Version
Kind
+
+
apps
v1
StatefulSetUpdateStrategy
+
+
+
StatefulSetUpdateStrategy indicates the strategy that the StatefulSet controller will use to perform updates. It includes any additional parameters necessary to perform the update for the indicated strategy.
RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.
+
type string
Type indicates the type of the StatefulSetUpdateStrategy. Default is RollingUpdate.
+
+
+
Status v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
Status
+
+
+
Status is a return value for calls that don't return other objects.
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
code integer
Suggested HTTP return code for this status, 0 if not set.
Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
message string
A human-readable description of the status of this operation.
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
reason string
A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it.
+
status string
Status of the operation. One of: "Success" or "Failure". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+
+
StatusCause v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
StatusCause
+
+
+
StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered.
The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. Examples: "name" - the field "name" on the current resource "items[0].name" - the field "name" on the first array entry in "items"
+
message string
A human-readable description of the cause of the error. This field may be presented as-is to a reader.
+
reason string
A machine-readable description of the cause of the error. If this value is empty there is no information available.
+
+
+
StatusDetails v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
StatusDetails
+
+
+
StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined.
The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.
+
group string
The group attribute of the resource associated with the status StatusReason.
+
kind string
The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
name string
The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described).
+
retryAfterSeconds integer
If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action.
+
uid string
UID of the resource. (when there is a single resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+
+
+
StorageOSPersistentVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
StorageOSPersistentVolumeSource
+
+
+
Represents a StorageOS persistent volume resource.
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
readOnly boolean
Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
+
volumeName string
VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
+
volumeNamespace string
VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
+
+
+
StorageOSVolumeSource v1 core
+
+
Group
Version
Kind
+
+
core
v1
StorageOSVolumeSource
+
+
+
Represents a StorageOS persistent volume resource.
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
readOnly boolean
Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
+
volumeName string
VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
+
volumeNamespace string
VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
Last time the condition transitioned from one status to another.
+
message string
A human readable message indicating details about the transition.
+
observedGeneration integer
If set, this represents the .metadata.generation that the condition was set based upon.
+
reason string
The reason for the condition's last transition.
+
status string
Status of the condition, one of True, False, Unknown.
+
type string
Type of the condition.
+
+
+
Subject v1beta1 flowcontrol.apiserver.k8s.io
+
+
Group
Version
Kind
+
+
flowcontrol.apiserver.k8s.io
v1beta1
Subject
+
+
+
Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account.
+
Other API versions of this object exist:
+v1
+v1alpha1
+
SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on the set of authorizers the server is configured with and any errors experienced during evaluation. Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, even if that list is incomplete.
EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.
+
incomplete boolean
Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
+
+
+
SupplementalGroupsStrategyOptions v1beta1 policy
+
+
Group
Version
Kind
+
+
policy
v1beta1
SupplementalGroupsStrategyOptions
+
+
+
SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
+
rule string
rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.
+
value string
The taint value corresponding to the taint key.
+
+
+
Time v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
Time
+
+
+
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+
key string
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+
operator string
Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+
tolerationSeconds integer
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+
value string
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+
+
+
TopologySelectorLabelRequirement v1 core
+
+
Group
Version
Kind
+
+
core
v1
TopologySelectorLabelRequirement
+
+
+
A topology selector requirement is a selector that matches given label. This is an alpha feature and may change in the future.
An array of string values. One value must match the label to be selected. Each entry in Values is ORed.
+
+
+
TopologySelectorTerm v1 core
+
+
Group
Version
Kind
+
+
core
v1
TopologySelectorTerm
+
+
+
A topology selector term represents the result of label queries. A null or empty topology selector term matches no objects. The requirements of them are ANDed. It provides a subset of functionality as NodeSelectorTerm. This is an alpha feature and may change in the future.
LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
+
maxSkew integer
MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.
+
topologyKey string
TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It's a required field.
+
whenUnsatisfiable string
WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assigment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.
+
+
+
TypedLocalObjectReference v1 core
+
+
Group
Version
Kind
+
+
core
v1
TypedLocalObjectReference
+
+
+
TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+
kind string
Kind is the type of resource being referenced
+
name string
Name is the name of resource being referenced
+
+
+
UncountedTerminatedPods v1 batch
+
+
Group
Version
Kind
+
+
batch
v1
UncountedTerminatedPods
+
+
+
UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't been accounted in Job status counters.
Any additional information provided by the authenticator.
+
groups string array
The names of groups this user is a part of.
+
uid string
A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.
+
username string
The name that uniquely identifies this user among all active users.
+
+
+
UserSubject v1beta1 flowcontrol.apiserver.k8s.io
+
+
Group
Version
Kind
+
+
flowcontrol.apiserver.k8s.io
v1beta1
UserSubject
+
+
+
UserSubject holds detailed information for user-kind subject.
AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
ClientConfig defines how to communicate with the hook. Required
+
failurePolicy string
FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
+
matchPolicy string
matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent". - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. Defaults to "Equivalent"
+
name string
The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook. For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "runlevel", "operator": "NotIn", "values": [ "0", "1" ] } ] } If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "environment", "operator": "In", "values": [ "prod", "staging" ] } ] } See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors. Default to the empty LabelSelector, which matches everything.
ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
+
sideEffects string
SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
+
timeoutSeconds integer
TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
+
+
+
VolumeAttachmentSource v1 storage.k8s.io
+
+
Group
Version
Kind
+
+
storage.k8s.io
v1
VolumeAttachmentSource
+
+
+
VolumeAttachmentSource represents a volume that should be attached. Right now only PersistenVolumes can be attached via external attacher, in future we may allow also inline volumes in pods. Exactly one member can be set.
+
Other API versions of this object exist:
+v1alpha1
+
inlineVolumeSpec contains all the information necessary to attach a persistent volume defined by a pod's inline VolumeSource. This field is populated only for the CSIMigration feature. It contains translated fields from a pod's inline VolumeSource to a PersistentVolumeSpec. This field is beta-level and is only honored by servers that enabled the CSIMigration feature.
+
persistentVolumeName string
Name of the persistent volume to attach.
+
+
+
VolumeDevice v1 core
+
+
Group
Version
Kind
+
+
core
v1
VolumeDevice
+
+
+
volumeDevice describes a mapping of a raw block device within a container.
Path within the container at which the volume should be mounted. Must not contain ':'.
+
mountPropagation string
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
+
name string
This must match the Name of a Volume.
+
readOnly boolean
Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
+
subPath string
Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
+
subPathExpr string
Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
+
+
+
VolumeNodeAffinity v1 core
+
+
Group
Version
Kind
+
+
core
v1
VolumeNodeAffinity
+
+
+
VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.
Maximum number of unique volumes managed by the CSI driver that can be used on a node. A volume that is both attached and mounted on a node is considered to be used once, not twice. The same rule applies for a unique volume that is shared among multiple pods on the same node. If this field is not specified, then the supported number of volumes on this node is unbounded.
+
+
+
VolumeProjection v1 core
+
+
Group
Version
Kind
+
+
core
v1
VolumeProjection
+
+
+
Projection that may be projected along with other supported volume types
Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
storagePolicyID string
Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
+
storagePolicyName string
Storage Policy Based Management (SPBM) profile name.
+
volumePath string
Path that identifies vSphere volume vmdk
+
+
+
WatchEvent v1 meta
+
+
Group
Version
Kind
+
+
meta
v1
WatchEvent
+
+
+
Event represents a single event to a watched resource.
+
+
Field
Description
+
+
object
Object is: * If Type is Added or Modified: the new state of the object. * If Type is Deleted: the state of the object immediately before deletion. * If Type is Error: *Status is recommended; other types may make sense depending on context.
`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
`service` is a reference to the service for this webhook. Either `service` or `url` must be specified. If the webhook is running within the cluster, then you should use `service`.
+
url string
`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified. The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address. Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster. The scheme must be "https"; the URL must begin with "https://". A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier. Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
+
+
+
WebhookConversion v1 apiextensions.k8s.io
+
+
Group
Version
Kind
+
+
apiextensions.k8s.io
v1
WebhookConversion
+
+
+
WebhookConversion describes how to call a conversion webhook
clientConfig is the instructions for how to call the webhook if strategy is `Webhook`.
+
conversionReviewVersions string array
conversionReviewVersions is an ordered list of preferred `ConversionReview` versions the Webhook expects. The API server will use the first version in the list which it supports. If none of the versions specified in this list are supported by API server, conversion will fail for the custom resource. If a persisted Webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail.
+
+
+
WeightedPodAffinityTerm v1 core
+
+
Group
Version
Kind
+
+
core
v1
WeightedPodAffinityTerm
+
+
+
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
+
gmsaCredentialSpecName string
GMSACredentialSpecName is the name of the GMSA credential spec to use.
+
hostProcess boolean
HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
+
runAsUserName string
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+
+
+
OLD API VERSIONS
+
+
This section contains older versions of resources shown above.
ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be added
+
+
+
CSIStorageCapacity v1alpha1 storage.k8s.io
+
+
Group
Version
Kind
+
+
storage.k8s.io
v1alpha1
CSIStorageCapacity
+
+
+
Other API versions of this object exist:
+v1beta1
+
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Capacity is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields. The semantic is currently (CSI spec 1.2) defined as: The available capacity, in bytes, of the storage that can be used to provision volumes. If not set, that information is currently unavailable and treated like zero capacity.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
MaximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse for a GetCapacityRequest with topology and parameters that match the previous fields. This is defined since CSI spec 1.4.0 as the largest size that may be used in a CreateVolumeRequest.capacity_range.required_bytes field to create a volume with the same parameters as those in GetCapacityRequest. The corresponding value in the Kubernetes API is ResourceRequirements.Requests in a volume claim.
Standard object's metadata. The name has no particular meaning. It must be be a DNS subdomain (dots allowed, 253 characters). To ensure that there are no conflicts with other CSI drivers on the cluster, the recommendation is to use csisc-<uuid>, a generated name, or a reverse-domain name which ends with the unique CSI driver name. Objects are namespaced. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
NodeTopology defines which nodes have access to the storage for which capacity was reported. If not set, the storage is not accessible from any node in the cluster. If empty, the storage is accessible from all nodes. This field is immutable.
+
storageClassName string
The name of the StorageClass that the reported capacity applies to. It must meet the same requirements as the name of a StorageClass object (non-empty, DNS subdomain). If that object no longer exists, the CSIStorageCapacity object is obsolete and should be removed by its creator. This field is immutable.
+
+
+
CSIStorageCapacityList v1alpha1 storage
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind CSIStorageCapacity. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Rules holds all the PolicyRules for this ClusterRole
+
+
+
ClusterRoleList v1alpha1 rbac
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind ClusterRole. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Subjects holds references to the objects the role applies to.
+
+
+
ClusterRoleBindingList v1alpha1 rbac
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind ClusterRoleBinding. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
container is the name of the container in the pods of the scaling target
+
name string
name is the name of the resource in question.
+
targetAverageUtilization integer
targetAverageUtilization is the target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.
targetAverageValue is the target value of the average of the resource metric across all relevant pods, as a raw value (instead of as a percentage of the request), similar to the "pods" metric source type.
+
+
+
ContainerResourceMetricStatus v2beta1 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta1
ContainerResourceMetricStatus
+
+
+
Other API versions of this object exist:
+v2beta2
+
container is the name of the container in the pods of the scaling target
+
currentAverageUtilization integer
currentAverageUtilization is the current value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. It will only be present if `targetAverageValue` was set in the corresponding metric specification.
currentAverageValue is the current value of the average of the resource metric across all relevant pods, as a raw value (instead of as a percentage of the request), similar to the "pods" metric source type. It will always be set, regardless of the corresponding metric specification.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Specification of the desired behavior of a cron job, including the schedule. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Specifies how to treat concurrent executions of a Job. Valid values are: - "Allow" (default): allows CronJobs to run concurrently; - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - "Replace": cancels currently running job and replaces it with a new one
+
failedJobsHistoryLimit integer
The number of failed finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.
Information when was the last time the job successfully completed.
+
+
+
CronJobList v1beta1 batch
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind CronJob. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of CronJob. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/batch/v1beta1/watch/cronjobs
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
addresses of this endpoint. The contents of this field are interpreted according to the corresponding EndpointSlice addressType field. Consumers must handle different types of addresses in the context of their own capabilities. This must contain at least one address but no more than 100.
hints contains information associated with how an endpoint should be consumed.
+
hostname string
hostname of this endpoint. This field may be used by consumers of endpoints to distinguish endpoints from each other (e.g. in DNS names). Multiple endpoints which use the same hostname should be considered fungible (e.g. multiple A values in DNS). Must be lowercase and pass DNS Label (RFC 1123) validation.
+
nodeName string
nodeName represents the name of the Node hosting this endpoint. This can be used to determine endpoints local to a Node. This field can be enabled with the EndpointSliceNodeName feature gate.
targetRef is a reference to a Kubernetes object that represents this endpoint.
+
topology object
topology contains arbitrary topology information associated with the endpoint. These key/value pairs must conform with the label format. https://kubernetes.io/docs/concepts/overview/working-with-objects/labels Topology may include a maximum of 16 key/value pairs. This includes, but is not limited to the following well known keys: * kubernetes.io/hostname: the value indicates the hostname of the node where the endpoint is located. This should match the corresponding node label. * topology.kubernetes.io/zone: the value indicates the zone where the endpoint is located. This should match the corresponding node label. * topology.kubernetes.io/region: the value indicates the region where the endpoint is located. This should match the corresponding node label. This field is deprecated and will be removed in future api versions.
ready indicates that this endpoint is prepared to receive traffic, according to whatever system is managing the endpoint. A nil value indicates an unknown state. In most cases consumers should interpret this unknown state as ready. For compatibility reasons, ready should never be "true" for terminating endpoints.
+
serving boolean
serving is identical to ready except that it is set regardless of the terminating state of endpoints. This condition should be set to true for a ready endpoint that is terminating. If nil, consumers should defer to the ready condition. This field can be enabled with the EndpointSliceTerminatingCondition feature gate.
+
terminating boolean
terminating indicates that this endpoint is terminating. A nil value indicates an unknown state. Consumers should interpret this unknown state to mean that the endpoint is not terminating. This field can be enabled with the EndpointSliceTerminatingCondition feature gate.
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+
name string
The name of this port. All ports in an EndpointSlice must have a unique name. If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name. Name must either be an empty string or pass DNS_LABEL validation: * must be no more than 63 characters long. * must consist of lower case alphanumeric characters or '-'. * must start and end with an alphanumeric character. Default is empty string.
+
port integer
The port number of the endpoint. If this is not specified, ports are not restricted and must be interpreted in the context of the specific consumer.
+
protocol string
The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.
+
+
+
EndpointPort v1beta1 discovery.k8s.io
+
+
Group
Version
Kind
+
+
discovery.k8s.io
v1beta1
EndpointPort
+
+
+
Other API versions of this object exist:
+v1
+v1
+
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+
name string
The name of this port. All ports in an EndpointSlice must have a unique name. If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name. Name must either be an empty string or pass DNS_LABEL validation: * must be no more than 63 characters long. * must consist of lower case alphanumeric characters or '-'. * must start and end with an alphanumeric character. Default is empty string.
+
port integer
The port number of the endpoint. If this is not specified, ports are not restricted and must be interpreted in the context of the specific consumer.
+
protocol string
The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.
addressType specifies the type of address carried by this EndpointSlice. All addresses in this slice must be the same type. This field is immutable after creation. The following address types are currently supported: * IPv4: Represents an IPv4 Address. * IPv6: Represents an IPv6 Address. * FQDN: Represents a Fully Qualified Domain Name.
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
endpoints is a list of unique endpoints in this slice. Each slice may include a maximum of 1000 endpoints.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
ports specifies the list of network ports exposed by each endpoint in this slice. Each port must have a unique name. When ports is empty, it indicates that there are no defined ports. When a port is defined with a nil port value, it indicates "all ports". Each slice may include a maximum of 100 ports.
+
+
+
EndpointSliceList v1beta1 discovery
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind EndpointSlice. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
What action was taken/failed regarding to the Regarding object.
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
The component reporting this event. Should be a short machine understandable string.
+
type string
Type of this event (Normal, Warning), new types could be added in the future
+
+
+
EventList v1 core
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+
+
+
Write Operations
+
Create
+
create an Event
+
HTTP Request
+POST /api/v1/namespaces/{namespace}/events
+
Path Parameters
+
+
Parameter
Description
+
+
namespace
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Event. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /api/v1/watch/events
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
action is what action was taken/failed regarding to the regarding object. It is machine-readable. This field can have at most 128 characters.
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
deprecatedCount integer
deprecatedCount is the deprecated field assuring backward compatibility with core.v1 Event type.
eventTime is the time when this Event was first observed. It is required.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
note string
note is a human-readable description of the status of this operation. Maximal length of the note is 1kB, but libraries should be prepared to handle values up to 64kB.
+
reason string
reason is why the action was taken. It is human-readable. This field can have at most 128 characters.
regarding contains the object this Event is about. In most cases it's an Object reporting controller implements, e.g. ReplicaSetController implements ReplicaSets and this event is emitted because it acts on some changes in a ReplicaSet object.
related is the optional secondary object for more complex actions. E.g. when regarding object triggers a creation or deletion of related object.
+
reportingController string
reportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. This field cannot be empty for new Events.
+
reportingInstance string
reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`. This field cannot be empty for new Events and it can have at most 128 characters.
series is data about the Event series this event represents or nil if it's a singleton Event.
+
type string
type is the type of this event (Normal, Warning), new types could be added in the future. It is machine-readable.
+
+
+
EventList v1beta1 events
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Event. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.
+
HTTP Request
+GET /apis/events.k8s.io/v1beta1/watch/events
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
spec is the specification for the behaviour of the autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
behavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively). If not set, the default HPAScalingRules for scale up and scale down are used.
+
maxReplicas integer
maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. It cannot be less that minReplicas.
metrics contains the specifications for which to use to calculate the desired replica count (the maximum replica count across all metrics will be used). The desired replica count is calculated multiplying the ratio between the target value and the current value by the current number of pods. Ergo, metrics used must decrease as the pod count is increased, and vice-versa. See the individual metric source types for more information about how each type of metric must respond. If not set, the default metric will be set to 80% average CPU utilization.
+
minReplicas integer
minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available.
scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics should be collected, as well as to actually change the replica count.
lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods, used by the autoscaler to control how often the number of pods is changed.
+
observedGeneration integer
observedGeneration is the most recent generation observed by this autoscaler.
+
+
+
HorizontalPodAutoscalerList v2beta2 autoscaling
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
items is the list of horizontal pod autoscaler objects.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind HorizontalPodAutoscaler. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
spec is the specification for the behaviour of the autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
metrics contains the specifications for which to use to calculate the desired replica count (the maximum replica count across all metrics will be used). The desired replica count is calculated multiplying the ratio between the target value and the current value by the current number of pods. Ergo, metrics used must decrease as the pod count is increased, and vice-versa. See the individual metric source types for more information about how each type of metric must respond.
+
minReplicas integer
minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available.
scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics should be collected, as well as to actually change the replica count.
lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods, used by the autoscaler to control how often the number of pods is changed.
+
observedGeneration integer
observedGeneration is the most recent generation observed by this autoscaler.
+
+
+
HorizontalPodAutoscalerList v2beta1 autoscaling
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
items is the list of horizontal pod autoscaler objects.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind HorizontalPodAutoscaler. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
Standard object's metadata of the jobs created from this template. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Specification of the desired behavior of the job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+
+
MetricSpec v2beta1 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta1
MetricSpec
+
+
+
Other API versions of this object exist:
+v2beta2
+
container resource refers to a resource metric (such as those specified in requests and limits) known to Kubernetes describing a single container in each pod of the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source. This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag.
external refers to a global metric that is not associated with any Kubernetes object. It allows autoscaling based on information coming from components running outside of cluster (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster).
pods refers to a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.
resource refers to a resource metric (such as those specified in requests and limits) known to Kubernetes describing each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+
type string
type is the type of metric source. It should be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object. Note: "ContainerResource" type is available on when the feature-gate HPAContainerMetrics is enabled
+
+
+
MetricStatus v2beta1 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta1
MetricStatus
+
+
+
Other API versions of this object exist:
+v2beta2
+
container resource refers to a resource metric (such as those specified in requests and limits) known to Kubernetes describing a single container in each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
external refers to a global metric that is not associated with any Kubernetes object. It allows autoscaling based on information coming from components running outside of cluster (for example length of queue in cloud messaging service, or QPS from loadbalancer running outside of cluster).
pods refers to a metric describing each pod in the current scale target (for example, transactions-processed-per-second). The values will be averaged together before being compared to the target value.
resource refers to a resource metric (such as those specified in requests and limits) known to Kubernetes describing each pod in the current scale target (e.g. CPU or memory). Such metrics are built in to Kubernetes, and have special scaling options on top of those available to normal per-pod metrics using the "pods" source.
+
type string
type is the type of metric source. It will be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each corresponds to a matching field in the object. Note: "ContainerResource" type is available on when the feature-gate HPAContainerMetrics is enabled
+
+
+
ObjectMetricSource v2beta1 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta1
ObjectMetricSource
+
+
+
Other API versions of this object exist:
+v2beta2
+
selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping When unset, just the metricName will be used to gather metrics.
selector is the string-encoded form of a standard kubernetes label selector for the given metric When set in the ObjectMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
+
minAvailable
An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%".
Label query over pods whose evictions are managed by the disruption budget. A null selector selects no pods. An empty selector ({}) also selects no pods, which differs from standard behavior of selecting all pods. In policy/v1, an empty selector will select all pods in the namespace.
conditions Condition array patch strategy: merge patch merge key: type
Conditions contain conditions for PDB. The disruption controller sets the DisruptionAllowed condition. The following are known values for the reason field (additional reasons could be added in the future): - SyncFailed: The controller encountered an error and wasn't able to compute the number of allowed disruptions. Therefore no disruptions are allowed and the status of the condition will be False. - InsufficientPods: The number of pods are either at or below the number required by the PodDisruptionBudget. No disruptions are allowed and the status of the condition will be False. - SufficientPods: There are more pods than required by the PodDisruptionBudget. The condition will be True, and the number of allowed disruptions are provided by the disruptionsAllowed property.
+
currentHealthy integer
current number of healthy pods
+
desiredHealthy integer
minimum desired number of healthy pods
+
disruptedPods object
DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
+
disruptionsAllowed integer
Number of pod disruptions that are currently allowed.
+
expectedPods integer
total number of pods counted by this disruption budget
+
observedGeneration integer
Most recent generation observed when updating this PDB status. DisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
+
+
+
PodDisruptionBudgetList v1beta1 policy
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
selector is the string-encoded form of a standard kubernetes label selector for the given metric When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping When unset, just the metricName will be used to gather metrics.
selector is the string-encoded form of a standard kubernetes label selector for the given metric When set in the PodsMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping. When unset, just the metricName will be used to gather metrics.
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
+
nonResourceURLs string array
NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
+
resourceNames string array
ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
+
resources string array
Resources is a list of resources this rule applies to. '\*' represents all resources.
+
verbs string array
Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. '\*' represents all verbs.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
description string
description is an arbitrary string that usually provides guidelines on when this priority class should be used.
+
globalDefault boolean
globalDefault specifies whether this PriorityClass should be considered as the default priority for pods that do not have any priority class. Only one PriorityClass can be marked as `globalDefault`. However, if more than one PriorityClasses exists with their `globalDefault` field set to true, the smallest value of such global default PriorityClasses will be used as the default priority.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
preemptionPolicy string
PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is beta-level, gated by the NonPreemptingPriority feature-gate.
+
value integer
The value of this priority class. This is the actual priority that pods receive when they have the name of this class in their pod spec.
+
+
+
PriorityClassList v1alpha1 scheduling
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind PriorityClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
targetAverageUtilization is the target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.
targetAverageValue is the target value of the average of the resource metric across all relevant pods, as a raw value (instead of as a percentage of the request), similar to the "pods" metric source type.
+
+
+
ResourceMetricStatus v2beta1 autoscaling
+
+
Group
Version
Kind
+
+
autoscaling
v2beta1
ResourceMetricStatus
+
+
+
Other API versions of this object exist:
+v2beta2
+
currentAverageUtilization is the current value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods. It will only be present if `targetAverageValue` was set in the corresponding metric specification.
currentAverageValue is the current value of the average of the resource metric across all relevant pods, as a raw value (instead of as a percentage of the request), similar to the "pods" metric source type. It will always be set, regardless of the corresponding metric specification.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind Role. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.
Subjects holds references to the objects the role applies to.
+
+
+
RoleBindingList v1alpha1 rbac
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind RoleBinding. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
object name and auth scope, such as for teams and projects
+
+
+
Query Parameters
+
+
Parameter
Description
+
+
allowWatchBookmarks
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
handler string
Handler specifies the underlying runtime and configuration that the CRI implementation will use to handle pods of this class. The possible values are specific to the node & CRI configuration. It is assumed that all handlers are available on every node, and handlers of the same name are equivalent on every node. For example, a handler called "runc" might specify that the runc OCI runtime (using native Linux containers) will be used to run the containers in a pod. The Handler must be lowercase, conform to the DNS Label (RFC 1123) requirements, and is immutable.
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. For more details, see https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md This field is beta-level as of Kubernetes v1.18, and is only honored by servers that enable the PodOverhead feature.
Scheduling holds the scheduling constraints to ensure that pods running with this RuntimeClass are scheduled to nodes that support it. If scheduling is nil, this RuntimeClass is assumed to be supported by all nodes.
+
+
+
RuntimeClassList v1beta1 node
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+
+
Write Operations
+
Create
+
create a RuntimeClass
+
HTTP Request
+POST /apis/node.k8s.io/v1beta1/runtimeclasses
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind RuntimeClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. For more details, see https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md This field is beta-level as of Kubernetes v1.18, and is only honored by servers that enable the PodOverhead feature.
+
runtimeHandler string
RuntimeHandler specifies the underlying runtime and configuration that the CRI implementation will use to handle pods of this class. The possible values are specific to the node & CRI configuration. It is assumed that all handlers are available on every node, and handlers of the same name are equivalent on every node. For example, a handler called "runc" might specify that the runc OCI runtime (using native Linux containers) will be used to run the containers in a pod. The RuntimeHandler must be lowercase, conform to the DNS Label (RFC 1123) requirements, and is immutable.
Scheduling holds the scheduling constraints to ensure that pods running with this RuntimeClass are scheduled to nodes that support it. If scheduling is nil, this RuntimeClass is assumed to be supported by all nodes.
+
+
+
RuntimeClassList v1alpha1 node
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+
+
+
Write Operations
+
Create
+
create a RuntimeClass
+
HTTP Request
+POST /apis/node.k8s.io/v1alpha1/runtimeclasses
+
Query Parameters
+
+
Parameter
Description
+
+
pretty
If 'true', then the output is pretty printed.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind RuntimeClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
nodeSelector lists labels that must be present on nodes that support this RuntimeClass. Pods using this RuntimeClass can only be scheduled to a node matched by this selector. The RuntimeClass nodeSelector is merged with a pod's existing nodeSelector. Any conflicts will cause the pod to be rejected in admission.
tolerations are appended (excluding duplicates) to pods running with this RuntimeClass during admission, effectively unioning the set of nodes tolerated by the pod and the RuntimeClass.
+
+
+
Scheduling v1alpha1 node.k8s.io
+
+
Group
Version
Kind
+
+
node.k8s.io
v1alpha1
Scheduling
+
+
+
Other API versions of this object exist:
+v1
+v1beta1
+
nodeSelector lists labels that must be present on nodes that support this RuntimeClass. Pods using this RuntimeClass can only be scheduled to a node matched by this selector. The RuntimeClass nodeSelector is merged with a pod's existing nodeSelector. Any conflicts will cause the pod to be rejected in admission.
tolerations are appended (excluding duplicates) to pods running with this RuntimeClass during admission, effectively unioning the set of nodes tolerated by the pod and the RuntimeClass.
namespace is the namespace of the service. Required
+
path string
path is an optional URL path at which the webhook will be contacted.
+
port integer
port is an optional service port at which the webhook will be contacted. `port` should be a valid port number (1-65535, inclusive). Defaults to 443 for backward compatibility.
If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
+
+
+
Subject v1 rbac.authorization.k8s.io
+
+
Group
Version
Kind
+
+
rbac.authorization.k8s.io
v1
Subject
+
+
+
Other API versions of this object exist:
+v1beta1
+v1alpha1
+
APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
+
kind string
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error.
+
name string
Name of the object being referenced.
+
namespace string
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.
+
+
+
Subject v1alpha1 rbac.authorization.k8s.io
+
+
Group
Version
Kind
+
+
rbac.authorization.k8s.io
v1alpha1
Subject
+
+
+
Other API versions of this object exist:
+v1beta1
+v1
+
APIVersion holds the API group and version of the referenced subject. Defaults to "v1" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io/v1alpha1" for User and Group subjects.
+
kind string
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error.
+
name string
Name of the object being referenced.
+
namespace string
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.
Audience is the intended audience of the token in "TokenRequestSpec". It will default to the audiences of kube apiserver.
+
expirationSeconds integer
ExpirationSeconds is the duration of validity of the token in "TokenRequestSpec". It has the same default value of "ExpirationSeconds" in "TokenRequestSpec".
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
The last error encountered during attach operation, if any. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.
+
attached boolean
Indicates the volume is successfully attached. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.
+
attachmentMetadata object
Upon successful attach, this field is populated with any information returned by the attach operation that must be passed into subsequent WaitForAttach or Mount calls. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.
The last error encountered during detach operation, if any. This field must only be set by the entity completing the detach operation, i.e. the external-attacher.
+
+
+
VolumeAttachmentList v1alpha1 storage
+
+
Field
Description
+
+
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
+
force
Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldManager
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
dryRun
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
gracePeriodSeconds
The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
orphanDependents
Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.
+
propagationPolicy
Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
watch changes to an object of kind VolumeAttachment. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.
+
continue
The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
+
fieldSelector
A selector to restrict the list of returned objects by their fields. Defaults to everything.
+
labelSelector
A selector to restrict the list of returned objects by their labels. Defaults to everything.
+
limit
limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
+
pretty
If 'true', then the output is pretty printed.
+
resourceVersion
resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
resourceVersionMatch
resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset
+
timeoutSeconds
Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
+
watch
Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.
inlineVolumeSpec contains all the information necessary to attach a persistent volume defined by a pod's inline VolumeSource. This field is populated only for the CSIMigration feature. It contains translated fields from a pod's inline VolumeSource to a PersistentVolumeSpec. This field is alpha-level and is only honored by servers that enabled the CSIMigration feature.
caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
service is a reference to the service for this webhook. Either service or url must be specified. If the webhook is running within the cluster, then you should use `service`.
+
url string
url gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified. The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address. Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster. The scheme must be "https"; the URL must begin with "https://". A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier. Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/static/docs/reference/generated/kubernetes-api/v1.22/js/navData.js b/static/docs/reference/generated/kubernetes-api/v1.22/js/navData.js
new file mode 100644
index 0000000000..cd194cf369
--- /dev/null
+++ b/static/docs/reference/generated/kubernetes-api/v1.22/js/navData.js
@@ -0,0 +1 @@
+(function(){navData={"toc":[{"section":"webhookclientconfig-v1-apiextensions-k8s-io","subsections":[]},{"section":"volumeerror-v1alpha1-storage-k8s-io","subsections":[]},{"section":"volumeattachmentsource-v1alpha1-storage-k8s-io","subsections":[]},{"section":"volumeattachment-v1alpha1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-volumeattachment-v1alpha1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"watch-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"list-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"read-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-volumeattachment-v1alpha1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"delete-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"replace-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"patch-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]},{"section":"create-volumeattachment-v1alpha1-storage-k8s-io","subsections":[]}]}]},{"section":"tokenrequest-v1-storage-k8s-io","subsections":[]},{"section":"subject-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"subject-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"servicereference-v1-apiregistration-k8s-io","subsections":[]},{"section":"servicereference-v1-apiextensions-k8s-io","subsections":[]},{"section":"scheduling-v1alpha1-node-k8s-io","subsections":[]},{"section":"scheduling-v1beta1-node-k8s-io","subsections":[]},{"section":"runtimeclass-v1alpha1-node-k8s-io","subsections":[{"section":"-strong-read-operations-runtimeclass-v1alpha1-node-k8s-io-strong-","subsections":[{"section":"watch-list-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"watch-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"list-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"read-runtimeclass-v1alpha1-node-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-runtimeclass-v1alpha1-node-k8s-io-strong-","subsections":[{"section":"delete-collection-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"delete-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"replace-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"patch-runtimeclass-v1alpha1-node-k8s-io","subsections":[]},{"section":"create-runtimeclass-v1alpha1-node-k8s-io","subsections":[]}]}]},{"section":"runtimeclass-v1beta1-node-k8s-io","subsections":[{"section":"-strong-read-operations-runtimeclass-v1beta1-node-k8s-io-strong-","subsections":[{"section":"watch-list-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"watch-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"list-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"read-runtimeclass-v1beta1-node-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-runtimeclass-v1beta1-node-k8s-io-strong-","subsections":[{"section":"delete-collection-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"delete-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"replace-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"patch-runtimeclass-v1beta1-node-k8s-io","subsections":[]},{"section":"create-runtimeclass-v1beta1-node-k8s-io","subsections":[]}]}]},{"section":"roleref-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-rolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-rolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-rolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"role-v1alpha1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-role-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-role-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-role-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"resourcemetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"resourcemetricsource-v2beta1-autoscaling","subsections":[]},{"section":"priorityclass-v1alpha1-scheduling-k8s-io","subsections":[{"section":"-strong-read-operations-priorityclass-v1alpha1-scheduling-k8s-io-strong-","subsections":[{"section":"watch-list-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"watch-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"list-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"read-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-priorityclass-v1alpha1-scheduling-k8s-io-strong-","subsections":[{"section":"delete-collection-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"delete-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"replace-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"patch-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]},{"section":"create-priorityclass-v1alpha1-scheduling-k8s-io","subsections":[]}]}]},{"section":"policyrule-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"podsmetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"podsmetricsource-v2beta1-autoscaling","subsections":[]},{"section":"poddisruptionbudget-v1beta1-policy","subsections":[{"section":"-strong-status-operations-poddisruptionbudget-v1beta1-policy-strong-","subsections":[{"section":"replace-status-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"read-status-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"patch-status-poddisruptionbudget-v1beta1-policy","subsections":[]}]},{"section":"-strong-read-operations-poddisruptionbudget-v1beta1-policy-strong-","subsections":[{"section":"watch-list-all-namespaces-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"watch-list-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"watch-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"list-all-namespaces-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"list-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"read-poddisruptionbudget-v1beta1-policy","subsections":[]}]},{"section":"-strong-write-operations-poddisruptionbudget-v1beta1-policy-strong-","subsections":[{"section":"delete-collection-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"delete-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"replace-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"patch-poddisruptionbudget-v1beta1-policy","subsections":[]},{"section":"create-poddisruptionbudget-v1beta1-policy","subsections":[]}]}]},{"section":"overhead-v1alpha1-node-k8s-io","subsections":[]},{"section":"overhead-v1beta1-node-k8s-io","subsections":[]},{"section":"objectmetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"objectmetricsource-v2beta1-autoscaling","subsections":[]},{"section":"metricstatus-v2beta1-autoscaling","subsections":[]},{"section":"metricspec-v2beta1-autoscaling","subsections":[]},{"section":"jobtemplatespec-v1beta1-batch","subsections":[]},{"section":"horizontalpodautoscalercondition-v2beta1-autoscaling","subsections":[]},{"section":"horizontalpodautoscaler-v2beta1-autoscaling","subsections":[{"section":"-strong-status-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","subsections":[{"section":"replace-status-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"read-status-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"patch-status-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]}]},{"section":"-strong-read-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","subsections":[{"section":"watch-list-all-namespaces-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"watch-list-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"watch-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"list-all-namespaces-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"list-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"read-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]}]},{"section":"-strong-write-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","subsections":[{"section":"delete-collection-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"delete-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"replace-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"patch-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]},{"section":"create-horizontalpodautoscaler-v2beta1-autoscaling","subsections":[]}]}]},{"section":"horizontalpodautoscaler-v2beta2-autoscaling","subsections":[{"section":"-strong-status-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","subsections":[{"section":"replace-status-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"read-status-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"patch-status-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]}]},{"section":"-strong-read-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","subsections":[{"section":"watch-list-all-namespaces-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"watch-list-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"watch-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"list-all-namespaces-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"list-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"read-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]}]},{"section":"-strong-write-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","subsections":[{"section":"delete-collection-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"delete-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"replace-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"patch-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]},{"section":"create-horizontalpodautoscaler-v2beta2-autoscaling","subsections":[]}]}]},{"section":"forzone-v1beta1-discovery-k8s-io","subsections":[]},{"section":"externalmetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"externalmetricsource-v2beta1-autoscaling","subsections":[]},{"section":"eventseries-v1beta1-events-k8s-io","subsections":[]},{"section":"eventseries-v1-core","subsections":[]},{"section":"event-v1beta1-events-k8s-io","subsections":[{"section":"-strong-read-operations-event-v1beta1-events-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-event-v1beta1-events-k8s-io","subsections":[]},{"section":"watch-list-event-v1beta1-events-k8s-io","subsections":[]},{"section":"watch-event-v1beta1-events-k8s-io","subsections":[]},{"section":"list-all-namespaces-event-v1beta1-events-k8s-io","subsections":[]},{"section":"list-event-v1beta1-events-k8s-io","subsections":[]},{"section":"read-event-v1beta1-events-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-event-v1beta1-events-k8s-io-strong-","subsections":[{"section":"delete-collection-event-v1beta1-events-k8s-io","subsections":[]},{"section":"delete-event-v1beta1-events-k8s-io","subsections":[]},{"section":"replace-event-v1beta1-events-k8s-io","subsections":[]},{"section":"patch-event-v1beta1-events-k8s-io","subsections":[]},{"section":"create-event-v1beta1-events-k8s-io","subsections":[]}]}]},{"section":"event-v1-core","subsections":[{"section":"-strong-read-operations-event-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-event-v1-core","subsections":[]},{"section":"watch-list-event-v1-core","subsections":[]},{"section":"watch-event-v1-core","subsections":[]},{"section":"list-all-namespaces-event-v1-core","subsections":[]},{"section":"list-event-v1-core","subsections":[]},{"section":"read-event-v1-core","subsections":[]}]},{"section":"-strong-write-operations-event-v1-core-strong-","subsections":[{"section":"delete-collection-event-v1-core","subsections":[]},{"section":"delete-event-v1-core","subsections":[]},{"section":"replace-event-v1-core","subsections":[]},{"section":"patch-event-v1-core","subsections":[]},{"section":"create-event-v1-core","subsections":[]}]}]},{"section":"endpointslice-v1beta1-discovery-k8s-io","subsections":[{"section":"-strong-read-operations-endpointslice-v1beta1-discovery-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"watch-list-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"watch-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"list-all-namespaces-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"list-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"read-endpointslice-v1beta1-discovery-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-endpointslice-v1beta1-discovery-k8s-io-strong-","subsections":[{"section":"delete-collection-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"delete-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"replace-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"patch-endpointslice-v1beta1-discovery-k8s-io","subsections":[]},{"section":"create-endpointslice-v1beta1-discovery-k8s-io","subsections":[]}]}]},{"section":"endpointport-v1beta1-discovery-k8s-io","subsections":[]},{"section":"endpointport-v1-discovery-k8s-io","subsections":[]},{"section":"endpointhints-v1beta1-discovery-k8s-io","subsections":[]},{"section":"endpointconditions-v1beta1-discovery-k8s-io","subsections":[]},{"section":"endpoint-v1beta1-discovery-k8s-io","subsections":[]},{"section":"crossversionobjectreference-v2beta1-autoscaling","subsections":[]},{"section":"crossversionobjectreference-v2beta2-autoscaling","subsections":[]},{"section":"cronjob-v1beta1-batch","subsections":[{"section":"-strong-status-operations-cronjob-v1beta1-batch-strong-","subsections":[{"section":"replace-status-cronjob-v1beta1-batch","subsections":[]},{"section":"read-status-cronjob-v1beta1-batch","subsections":[]},{"section":"patch-status-cronjob-v1beta1-batch","subsections":[]}]},{"section":"-strong-read-operations-cronjob-v1beta1-batch-strong-","subsections":[{"section":"watch-list-all-namespaces-cronjob-v1beta1-batch","subsections":[]},{"section":"watch-list-cronjob-v1beta1-batch","subsections":[]},{"section":"watch-cronjob-v1beta1-batch","subsections":[]},{"section":"list-all-namespaces-cronjob-v1beta1-batch","subsections":[]},{"section":"list-cronjob-v1beta1-batch","subsections":[]},{"section":"read-cronjob-v1beta1-batch","subsections":[]}]},{"section":"-strong-write-operations-cronjob-v1beta1-batch-strong-","subsections":[{"section":"delete-collection-cronjob-v1beta1-batch","subsections":[]},{"section":"delete-cronjob-v1beta1-batch","subsections":[]},{"section":"replace-cronjob-v1beta1-batch","subsections":[]},{"section":"patch-cronjob-v1beta1-batch","subsections":[]},{"section":"create-cronjob-v1beta1-batch","subsections":[]}]}]},{"section":"containerresourcemetricstatus-v2beta1-autoscaling","subsections":[]},{"section":"containerresourcemetricsource-v2beta1-autoscaling","subsections":[]},{"section":"clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrole-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrole-v1alpha1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrole-v1alpha1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"csistoragecapacity-v1alpha1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-csistoragecapacity-v1alpha1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-csistoragecapacity-v1alpha1-storage-k8s-io","subsections":[]},{"section":"watch-list-csistoragecapacity-v1alpha1-storage-k8s-io","subsections":[]},{"section":"watch-csistoragecapacity-v1alpha1-storage-k8s-io","subsections":[]},{"section":"list-all-namespaces-csistoragecapacity-v1alpha1-storage-k8s-io","subsections":[]},{"section":"list-csistoragecapacity-v1alpha1-storage-k8s-io","subsections":[]},{"section":"read-csistoragecapacity-v1alpha1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-csistoragecapacity-v1alpha1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-csistoragecapacity-v1alpha1-storage-k8s-io","subsections":[]},{"section":"delete-csistoragecapacity-v1alpha1-storage-k8s-io","subsections":[]},{"section":"replace-csistoragecapacity-v1alpha1-storage-k8s-io","subsections":[]},{"section":"patch-csistoragecapacity-v1alpha1-storage-k8s-io","subsections":[]},{"section":"create-csistoragecapacity-v1alpha1-storage-k8s-io","subsections":[]}]}]},{"section":"aggregationrule-v1alpha1-rbac-authorization-k8s-io","subsections":[]},{"section":"-strong-old-api-versions-strong-","subsections":[]},{"section":"windowssecuritycontextoptions-v1-core","subsections":[]},{"section":"weightedpodaffinityterm-v1-core","subsections":[]},{"section":"webhookconversion-v1-apiextensions-k8s-io","subsections":[]},{"section":"webhookclientconfig-v1-admissionregistration-k8s-io","subsections":[]},{"section":"watchevent-v1-meta","subsections":[]},{"section":"vspherevirtualdiskvolumesource-v1-core","subsections":[]},{"section":"volumeprojection-v1-core","subsections":[]},{"section":"volumenoderesources-v1-storage-k8s-io","subsections":[]},{"section":"volumenodeaffinity-v1-core","subsections":[]},{"section":"volumemount-v1-core","subsections":[]},{"section":"volumeerror-v1-storage-k8s-io","subsections":[]},{"section":"volumedevice-v1-core","subsections":[]},{"section":"volumeattachmentsource-v1-storage-k8s-io","subsections":[]},{"section":"validatingwebhook-v1-admissionregistration-k8s-io","subsections":[]},{"section":"usersubject-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"userinfo-v1-authentication-k8s-io","subsections":[]},{"section":"uncountedterminatedpods-v1-batch","subsections":[]},{"section":"typedlocalobjectreference-v1-core","subsections":[]},{"section":"topologyspreadconstraint-v1-core","subsections":[]},{"section":"topologyselectorterm-v1-core","subsections":[]},{"section":"topologyselectorlabelrequirement-v1-core","subsections":[]},{"section":"toleration-v1-core","subsections":[]},{"section":"time-v1-meta","subsections":[]},{"section":"taint-v1-core","subsections":[]},{"section":"tcpsocketaction-v1-core","subsections":[]},{"section":"sysctl-v1-core","subsections":[]},{"section":"supplementalgroupsstrategyoptions-v1beta1-policy","subsections":[]},{"section":"subjectrulesreviewstatus-v1-authorization-k8s-io","subsections":[]},{"section":"subject-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"storageversioncondition-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"storageosvolumesource-v1-core","subsections":[]},{"section":"storageospersistentvolumesource-v1-core","subsections":[]},{"section":"statusdetails-v1-meta","subsections":[]},{"section":"statuscause-v1-meta","subsections":[]},{"section":"status-v1-meta","subsections":[]},{"section":"statefulsetupdatestrategy-v1-apps","subsections":[]},{"section":"statefulsetcondition-v1-apps","subsections":[]},{"section":"sessionaffinityconfig-v1-core","subsections":[]},{"section":"servicereference-v1-admissionregistration-k8s-io","subsections":[]},{"section":"serviceport-v1-core","subsections":[]},{"section":"servicebackendport-v1-networking-k8s-io","subsections":[]},{"section":"serviceaccounttokenprojection-v1-core","subsections":[]},{"section":"serviceaccountsubject-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"serverstorageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"serveraddressbyclientcidr-v1-meta","subsections":[]},{"section":"securitycontext-v1-core","subsections":[]},{"section":"secretvolumesource-v1-core","subsections":[]},{"section":"secretreference-v1-core","subsections":[]},{"section":"secretprojection-v1-core","subsections":[]},{"section":"secretkeyselector-v1-core","subsections":[]},{"section":"secretenvsource-v1-core","subsections":[]},{"section":"seccompprofile-v1-core","subsections":[]},{"section":"scopedresourceselectorrequirement-v1-core","subsections":[]},{"section":"scopeselector-v1-core","subsections":[]},{"section":"scheduling-v1-node-k8s-io","subsections":[]},{"section":"scaleiovolumesource-v1-core","subsections":[]},{"section":"scaleiopersistentvolumesource-v1-core","subsections":[]},{"section":"scale-v1-autoscaling","subsections":[]},{"section":"selinuxstrategyoptions-v1beta1-policy","subsections":[]},{"section":"selinuxoptions-v1-core","subsections":[]},{"section":"runtimeclassstrategyoptions-v1beta1-policy","subsections":[]},{"section":"runasuserstrategyoptions-v1beta1-policy","subsections":[]},{"section":"runasgroupstrategyoptions-v1beta1-policy","subsections":[]},{"section":"rulewithoperations-v1-admissionregistration-k8s-io","subsections":[]},{"section":"rollingupdatestatefulsetstrategy-v1-apps","subsections":[]},{"section":"roleref-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"resourcerule-v1-authorization-k8s-io","subsections":[]},{"section":"resourcerequirements-v1-core","subsections":[]},{"section":"resourcepolicyrule-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"resourcemetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"resourcemetricsource-v2beta2-autoscaling","subsections":[]},{"section":"resourcefieldselector-v1-core","subsections":[]},{"section":"resourceattributes-v1-authorization-k8s-io","subsections":[]},{"section":"replicationcontrollercondition-v1-core","subsections":[]},{"section":"replicasetcondition-v1-apps","subsections":[]},{"section":"rbdvolumesource-v1-core","subsections":[]},{"section":"rbdpersistentvolumesource-v1-core","subsections":[]},{"section":"quobytevolumesource-v1-core","subsections":[]},{"section":"queuingconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"quantity-resource-core","subsections":[]},{"section":"projectedvolumesource-v1-core","subsections":[]},{"section":"probe-v1-core","subsections":[]},{"section":"prioritylevelconfigurationreference-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"prioritylevelconfigurationcondition-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"preferredschedulingterm-v1-core","subsections":[]},{"section":"preconditions-v1-meta","subsections":[]},{"section":"portworxvolumesource-v1-core","subsections":[]},{"section":"portstatus-v1-core","subsections":[]},{"section":"policyruleswithsubjects-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"policyrule-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"podsmetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"podsmetricsource-v2beta2-autoscaling","subsections":[]},{"section":"podsecuritycontext-v1-core","subsections":[]},{"section":"podreadinessgate-v1-core","subsections":[]},{"section":"podip-v1-core","subsections":[]},{"section":"poddnsconfigoption-v1-core","subsections":[]},{"section":"poddnsconfig-v1-core","subsections":[]},{"section":"podcondition-v1-core","subsections":[]},{"section":"podantiaffinity-v1-core","subsections":[]},{"section":"podaffinityterm-v1-core","subsections":[]},{"section":"podaffinity-v1-core","subsections":[]},{"section":"photonpersistentdiskvolumesource-v1-core","subsections":[]},{"section":"persistentvolumeclaimvolumesource-v1-core","subsections":[]},{"section":"persistentvolumeclaimtemplate-v1-core","subsections":[]},{"section":"persistentvolumeclaimcondition-v1-core","subsections":[]},{"section":"patch-v1-meta","subsections":[]},{"section":"ownerreference-v1-meta","subsections":[]},{"section":"overhead-v1-node-k8s-io","subsections":[]},{"section":"objectreference-v1-core","subsections":[]},{"section":"objectmetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"objectmetricsource-v2beta2-autoscaling","subsections":[]},{"section":"objectmeta-v1-meta","subsections":[]},{"section":"objectfieldselector-v1-core","subsections":[]},{"section":"nonresourcerule-v1-authorization-k8s-io","subsections":[]},{"section":"nonresourcepolicyrule-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"nonresourceattributes-v1-authorization-k8s-io","subsections":[]},{"section":"nodesysteminfo-v1-core","subsections":[]},{"section":"nodeselectorterm-v1-core","subsections":[]},{"section":"nodeselectorrequirement-v1-core","subsections":[]},{"section":"nodeselector-v1-core","subsections":[]},{"section":"nodedaemonendpoints-v1-core","subsections":[]},{"section":"nodeconfigstatus-v1-core","subsections":[]},{"section":"nodeconfigsource-v1-core","subsections":[]},{"section":"nodecondition-v1-core","subsections":[]},{"section":"nodeaffinity-v1-core","subsections":[]},{"section":"nodeaddress-v1-core","subsections":[]},{"section":"networkpolicyport-v1-networking-k8s-io","subsections":[]},{"section":"networkpolicypeer-v1-networking-k8s-io","subsections":[]},{"section":"networkpolicyingressrule-v1-networking-k8s-io","subsections":[]},{"section":"networkpolicyegressrule-v1-networking-k8s-io","subsections":[]},{"section":"namespacecondition-v1-core","subsections":[]},{"section":"nfsvolumesource-v1-core","subsections":[]},{"section":"mutatingwebhook-v1-admissionregistration-k8s-io","subsections":[]},{"section":"microtime-v1-meta","subsections":[]},{"section":"metricvaluestatus-v2beta2-autoscaling","subsections":[]},{"section":"metrictarget-v2beta2-autoscaling","subsections":[]},{"section":"metricstatus-v2beta2-autoscaling","subsections":[]},{"section":"metricspec-v2beta2-autoscaling","subsections":[]},{"section":"metricidentifier-v2beta2-autoscaling","subsections":[]},{"section":"managedfieldsentry-v1-meta","subsections":[]},{"section":"localvolumesource-v1-core","subsections":[]},{"section":"localobjectreference-v1-core","subsections":[]},{"section":"loadbalancerstatus-v1-core","subsections":[]},{"section":"loadbalanceringress-v1-core","subsections":[]},{"section":"listmeta-v1-meta","subsections":[]},{"section":"limitedprioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"limitresponse-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"limitrangeitem-v1-core","subsections":[]},{"section":"lifecycle-v1-core","subsections":[]},{"section":"labelselectorrequirement-v1-meta","subsections":[]},{"section":"labelselector-v1-meta","subsections":[]},{"section":"keytopath-v1-core","subsections":[]},{"section":"jobtemplatespec-v1-batch","subsections":[]},{"section":"jobcondition-v1-batch","subsections":[]},{"section":"jsonschemapropsorbool-v1-apiextensions-k8s-io","subsections":[]},{"section":"jsonschemapropsorarray-v1-apiextensions-k8s-io","subsections":[]},{"section":"jsonschemaprops-v1-apiextensions-k8s-io","subsections":[]},{"section":"json-v1-apiextensions-k8s-io","subsections":[]},{"section":"ingresstls-v1-networking-k8s-io","subsections":[]},{"section":"ingressservicebackend-v1-networking-k8s-io","subsections":[]},{"section":"ingressrule-v1-networking-k8s-io","subsections":[]},{"section":"ingressclassparametersreference-v1-networking-k8s-io","subsections":[]},{"section":"ingressbackend-v1-networking-k8s-io","subsections":[]},{"section":"iscsivolumesource-v1-core","subsections":[]},{"section":"iscsipersistentvolumesource-v1-core","subsections":[]},{"section":"ipblock-v1-networking-k8s-io","subsections":[]},{"section":"idrange-v1beta1-policy","subsections":[]},{"section":"hostportrange-v1beta1-policy","subsections":[]},{"section":"hostpathvolumesource-v1-core","subsections":[]},{"section":"hostalias-v1-core","subsections":[]},{"section":"horizontalpodautoscalercondition-v2beta2-autoscaling","subsections":[]},{"section":"horizontalpodautoscalerbehavior-v2beta2-autoscaling","subsections":[]},{"section":"handler-v1-core","subsections":[]},{"section":"httpingressrulevalue-v1-networking-k8s-io","subsections":[]},{"section":"httpingresspath-v1-networking-k8s-io","subsections":[]},{"section":"httpheader-v1-core","subsections":[]},{"section":"httpgetaction-v1-core","subsections":[]},{"section":"hpascalingrules-v2beta2-autoscaling","subsections":[]},{"section":"hpascalingpolicy-v2beta2-autoscaling","subsections":[]},{"section":"groupversionfordiscovery-v1-meta","subsections":[]},{"section":"groupsubject-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"glusterfsvolumesource-v1-core","subsections":[]},{"section":"glusterfspersistentvolumesource-v1-core","subsections":[]},{"section":"gitrepovolumesource-v1-core","subsections":[]},{"section":"gcepersistentdiskvolumesource-v1-core","subsections":[]},{"section":"forzone-v1-discovery-k8s-io","subsections":[]},{"section":"flowschemacondition-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"flowdistinguishermethod-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"flockervolumesource-v1-core","subsections":[]},{"section":"flexvolumesource-v1-core","subsections":[]},{"section":"flexpersistentvolumesource-v1-core","subsections":[]},{"section":"fieldsv1-v1-meta","subsections":[]},{"section":"fsgroupstrategyoptions-v1beta1-policy","subsections":[]},{"section":"fcvolumesource-v1-core","subsections":[]},{"section":"externalmetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"externalmetricsource-v2beta2-autoscaling","subsections":[]},{"section":"externaldocumentation-v1-apiextensions-k8s-io","subsections":[]},{"section":"execaction-v1-core","subsections":[]},{"section":"eviction-v1-policy","subsections":[]},{"section":"eventsource-v1-core","subsections":[]},{"section":"eventseries-v1-events-k8s-io","subsections":[]},{"section":"ephemeralvolumesource-v1-core","subsections":[]},{"section":"ephemeralcontainer-v1-core","subsections":[]},{"section":"envvarsource-v1-core","subsections":[]},{"section":"envvar-v1-core","subsections":[]},{"section":"envfromsource-v1-core","subsections":[]},{"section":"endpointsubset-v1-core","subsections":[]},{"section":"endpointport-v1-core","subsections":[]},{"section":"endpointhints-v1-discovery-k8s-io","subsections":[]},{"section":"endpointconditions-v1-discovery-k8s-io","subsections":[]},{"section":"endpointaddress-v1-core","subsections":[]},{"section":"endpoint-v1-discovery-k8s-io","subsections":[]},{"section":"emptydirvolumesource-v1-core","subsections":[]},{"section":"downwardapivolumesource-v1-core","subsections":[]},{"section":"downwardapivolumefile-v1-core","subsections":[]},{"section":"downwardapiprojection-v1-core","subsections":[]},{"section":"deploymentcondition-v1-apps","subsections":[]},{"section":"deleteoptions-v1-meta","subsections":[]},{"section":"daemonsetupdatestrategy-v1-apps","subsections":[]},{"section":"daemonsetcondition-v1-apps","subsections":[]},{"section":"daemonendpoint-v1-core","subsections":[]},{"section":"customresourcevalidation-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresources-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresourcestatus-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcesubresourcescale-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitionversion-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitionnames-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcedefinitioncondition-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourceconversion-v1-apiextensions-k8s-io","subsections":[]},{"section":"customresourcecolumndefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"crossversionobjectreference-v1-autoscaling","subsections":[]},{"section":"containerstatewaiting-v1-core","subsections":[]},{"section":"containerstateterminated-v1-core","subsections":[]},{"section":"containerstaterunning-v1-core","subsections":[]},{"section":"containerstate-v1-core","subsections":[]},{"section":"containerresourcemetricstatus-v2beta2-autoscaling","subsections":[]},{"section":"containerresourcemetricsource-v2beta2-autoscaling","subsections":[]},{"section":"containerport-v1-core","subsections":[]},{"section":"containerimage-v1-core","subsections":[]},{"section":"configmapvolumesource-v1-core","subsections":[]},{"section":"configmapprojection-v1-core","subsections":[]},{"section":"configmapnodeconfigsource-v1-core","subsections":[]},{"section":"configmapkeyselector-v1-core","subsections":[]},{"section":"configmapenvsource-v1-core","subsections":[]},{"section":"condition-v1-meta","subsections":[]},{"section":"componentcondition-v1-core","subsections":[]},{"section":"clientipconfig-v1-core","subsections":[]},{"section":"cindervolumesource-v1-core","subsections":[]},{"section":"cinderpersistentvolumesource-v1-core","subsections":[]},{"section":"certificatesigningrequestcondition-v1-certificates-k8s-io","subsections":[]},{"section":"cephfsvolumesource-v1-core","subsections":[]},{"section":"cephfspersistentvolumesource-v1-core","subsections":[]},{"section":"capabilities-v1-core","subsections":[]},{"section":"csivolumesource-v1-core","subsections":[]},{"section":"csipersistentvolumesource-v1-core","subsections":[]},{"section":"csinodedriver-v1-storage-k8s-io","subsections":[]},{"section":"boundobjectreference-v1-authentication-k8s-io","subsections":[]},{"section":"azurefilevolumesource-v1-core","subsections":[]},{"section":"azurefilepersistentvolumesource-v1-core","subsections":[]},{"section":"azurediskvolumesource-v1-core","subsections":[]},{"section":"attachedvolume-v1-core","subsections":[]},{"section":"allowedhostpath-v1beta1-policy","subsections":[]},{"section":"allowedflexvolume-v1beta1-policy","subsections":[]},{"section":"allowedcsidriver-v1beta1-policy","subsections":[]},{"section":"aggregationrule-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"affinity-v1-core","subsections":[]},{"section":"awselasticblockstorevolumesource-v1-core","subsections":[]},{"section":"apiversions-v1-meta","subsections":[]},{"section":"apiservicecondition-v1-apiregistration-k8s-io","subsections":[]},{"section":"apiresource-v1-meta","subsections":[]},{"section":"apigroup-v1-meta","subsections":[]},{"section":"-strong-definitions-strong-","subsections":[]},{"section":"networkpolicy-v1-networking-k8s-io","subsections":[{"section":"-strong-read-operations-networkpolicy-v1-networking-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"watch-list-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"watch-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"list-all-namespaces-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"list-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"read-networkpolicy-v1-networking-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-networkpolicy-v1-networking-k8s-io-strong-","subsections":[{"section":"delete-collection-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"delete-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"replace-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"patch-networkpolicy-v1-networking-k8s-io","subsections":[]},{"section":"create-networkpolicy-v1-networking-k8s-io","subsections":[]}]}]},{"section":"tokenreview-v1-authentication-k8s-io","subsections":[{"section":"-strong-write-operations-tokenreview-v1-authentication-k8s-io-strong-","subsections":[{"section":"create-tokenreview-v1-authentication-k8s-io","subsections":[]}]}]},{"section":"tokenrequest-v1-authentication-k8s-io","subsections":[]},{"section":"subjectaccessreview-v1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-subjectaccessreview-v1-authorization-k8s-io-strong-","subsections":[{"section":"create-subjectaccessreview-v1-authorization-k8s-io","subsections":[]}]}]},{"section":"storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[{"section":"-strong-status-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","subsections":[{"section":"replace-status-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"read-status-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"patch-status-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","subsections":[{"section":"watch-list-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"watch-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"list-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"read-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","subsections":[{"section":"delete-collection-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"delete-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"replace-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"patch-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]},{"section":"create-storageversion-v1alpha1-internal-apiserver-k8s-io","subsections":[]}]}]},{"section":"serviceaccount-v1-core","subsections":[{"section":"-strong-read-operations-serviceaccount-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-serviceaccount-v1-core","subsections":[]},{"section":"watch-list-serviceaccount-v1-core","subsections":[]},{"section":"watch-serviceaccount-v1-core","subsections":[]},{"section":"list-all-namespaces-serviceaccount-v1-core","subsections":[]},{"section":"list-serviceaccount-v1-core","subsections":[]},{"section":"read-serviceaccount-v1-core","subsections":[]}]},{"section":"-strong-write-operations-serviceaccount-v1-core-strong-","subsections":[{"section":"delete-collection-serviceaccount-v1-core","subsections":[]},{"section":"delete-serviceaccount-v1-core","subsections":[]},{"section":"replace-serviceaccount-v1-core","subsections":[]},{"section":"patch-serviceaccount-v1-core","subsections":[]},{"section":"create-serviceaccount-v1-core","subsections":[]}]}]},{"section":"selfsubjectrulesreview-v1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-selfsubjectrulesreview-v1-authorization-k8s-io-strong-","subsections":[{"section":"create-selfsubjectrulesreview-v1-authorization-k8s-io","subsections":[]}]}]},{"section":"selfsubjectaccessreview-v1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-selfsubjectaccessreview-v1-authorization-k8s-io-strong-","subsections":[{"section":"create-selfsubjectaccessreview-v1-authorization-k8s-io","subsections":[]}]}]},{"section":"runtimeclass-v1-node-k8s-io","subsections":[{"section":"-strong-read-operations-runtimeclass-v1-node-k8s-io-strong-","subsections":[{"section":"watch-list-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"watch-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"list-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"read-runtimeclass-v1-node-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-runtimeclass-v1-node-k8s-io-strong-","subsections":[{"section":"delete-collection-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"delete-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"replace-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"patch-runtimeclass-v1-node-k8s-io","subsections":[]},{"section":"create-runtimeclass-v1-node-k8s-io","subsections":[]}]}]},{"section":"rolebinding-v1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-rolebinding-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-rolebinding-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-rolebinding-v1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"role-v1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-role-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-list-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-all-namespaces-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-role-v1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-role-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-role-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-role-v1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"resourcequota-v1-core","subsections":[{"section":"-strong-status-operations-resourcequota-v1-core-strong-","subsections":[{"section":"replace-status-resourcequota-v1-core","subsections":[]},{"section":"read-status-resourcequota-v1-core","subsections":[]},{"section":"patch-status-resourcequota-v1-core","subsections":[]}]},{"section":"-strong-read-operations-resourcequota-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-resourcequota-v1-core","subsections":[]},{"section":"watch-list-resourcequota-v1-core","subsections":[]},{"section":"watch-resourcequota-v1-core","subsections":[]},{"section":"list-all-namespaces-resourcequota-v1-core","subsections":[]},{"section":"list-resourcequota-v1-core","subsections":[]},{"section":"read-resourcequota-v1-core","subsections":[]}]},{"section":"-strong-write-operations-resourcequota-v1-core-strong-","subsections":[{"section":"delete-collection-resourcequota-v1-core","subsections":[]},{"section":"delete-resourcequota-v1-core","subsections":[]},{"section":"replace-resourcequota-v1-core","subsections":[]},{"section":"patch-resourcequota-v1-core","subsections":[]},{"section":"create-resourcequota-v1-core","subsections":[]}]}]},{"section":"prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[{"section":"-strong-status-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"replace-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"watch-list-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"watch-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"list-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"delete-collection-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"delete-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"replace-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"create-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]}]},{"section":"persistentvolume-v1-core","subsections":[{"section":"-strong-status-operations-persistentvolume-v1-core-strong-","subsections":[{"section":"replace-status-persistentvolume-v1-core","subsections":[]},{"section":"read-status-persistentvolume-v1-core","subsections":[]},{"section":"patch-status-persistentvolume-v1-core","subsections":[]}]},{"section":"-strong-read-operations-persistentvolume-v1-core-strong-","subsections":[{"section":"watch-list-persistentvolume-v1-core","subsections":[]},{"section":"watch-persistentvolume-v1-core","subsections":[]},{"section":"list-persistentvolume-v1-core","subsections":[]},{"section":"read-persistentvolume-v1-core","subsections":[]}]},{"section":"-strong-write-operations-persistentvolume-v1-core-strong-","subsections":[{"section":"delete-collection-persistentvolume-v1-core","subsections":[]},{"section":"delete-persistentvolume-v1-core","subsections":[]},{"section":"replace-persistentvolume-v1-core","subsections":[]},{"section":"patch-persistentvolume-v1-core","subsections":[]},{"section":"create-persistentvolume-v1-core","subsections":[]}]}]},{"section":"node-v1-core","subsections":[{"section":"-strong-proxy-operations-node-v1-core-strong-","subsections":[{"section":"replace-connect-proxy-path-node-v1-core","subsections":[]},{"section":"replace-connect-proxy-node-v1-core","subsections":[]},{"section":"head-connect-proxy-path-node-v1-core","subsections":[]},{"section":"head-connect-proxy-node-v1-core","subsections":[]},{"section":"get-connect-proxy-path-node-v1-core","subsections":[]},{"section":"get-connect-proxy-node-v1-core","subsections":[]},{"section":"delete-connect-proxy-path-node-v1-core","subsections":[]},{"section":"delete-connect-proxy-node-v1-core","subsections":[]},{"section":"create-connect-proxy-path-node-v1-core","subsections":[]},{"section":"create-connect-proxy-node-v1-core","subsections":[]}]},{"section":"-strong-status-operations-node-v1-core-strong-","subsections":[{"section":"replace-status-node-v1-core","subsections":[]},{"section":"read-status-node-v1-core","subsections":[]},{"section":"patch-status-node-v1-core","subsections":[]}]},{"section":"-strong-read-operations-node-v1-core-strong-","subsections":[{"section":"watch-list-node-v1-core","subsections":[]},{"section":"watch-node-v1-core","subsections":[]},{"section":"list-node-v1-core","subsections":[]},{"section":"read-node-v1-core","subsections":[]}]},{"section":"-strong-write-operations-node-v1-core-strong-","subsections":[{"section":"delete-collection-node-v1-core","subsections":[]},{"section":"delete-node-v1-core","subsections":[]},{"section":"replace-node-v1-core","subsections":[]},{"section":"patch-node-v1-core","subsections":[]},{"section":"create-node-v1-core","subsections":[]}]}]},{"section":"namespace-v1-core","subsections":[{"section":"-strong-status-operations-namespace-v1-core-strong-","subsections":[{"section":"replace-status-namespace-v1-core","subsections":[]},{"section":"read-status-namespace-v1-core","subsections":[]},{"section":"patch-status-namespace-v1-core","subsections":[]}]},{"section":"-strong-read-operations-namespace-v1-core-strong-","subsections":[{"section":"watch-list-namespace-v1-core","subsections":[]},{"section":"watch-namespace-v1-core","subsections":[]},{"section":"list-namespace-v1-core","subsections":[]},{"section":"read-namespace-v1-core","subsections":[]}]},{"section":"-strong-write-operations-namespace-v1-core-strong-","subsections":[{"section":"delete-namespace-v1-core","subsections":[]},{"section":"replace-namespace-v1-core","subsections":[]},{"section":"patch-namespace-v1-core","subsections":[]},{"section":"create-namespace-v1-core","subsections":[]}]}]},{"section":"localsubjectaccessreview-v1-authorization-k8s-io","subsections":[{"section":"-strong-write-operations-localsubjectaccessreview-v1-authorization-k8s-io-strong-","subsections":[{"section":"create-localsubjectaccessreview-v1-authorization-k8s-io","subsections":[]}]}]},{"section":"lease-v1-coordination-k8s-io","subsections":[{"section":"-strong-read-operations-lease-v1-coordination-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-lease-v1-coordination-k8s-io","subsections":[]},{"section":"watch-list-lease-v1-coordination-k8s-io","subsections":[]},{"section":"watch-lease-v1-coordination-k8s-io","subsections":[]},{"section":"list-all-namespaces-lease-v1-coordination-k8s-io","subsections":[]},{"section":"list-lease-v1-coordination-k8s-io","subsections":[]},{"section":"read-lease-v1-coordination-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-lease-v1-coordination-k8s-io-strong-","subsections":[{"section":"delete-collection-lease-v1-coordination-k8s-io","subsections":[]},{"section":"delete-lease-v1-coordination-k8s-io","subsections":[]},{"section":"replace-lease-v1-coordination-k8s-io","subsections":[]},{"section":"patch-lease-v1-coordination-k8s-io","subsections":[]},{"section":"create-lease-v1-coordination-k8s-io","subsections":[]}]}]},{"section":"flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[{"section":"-strong-status-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"replace-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"watch-list-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"watch-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"list-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"read-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","subsections":[{"section":"delete-collection-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"delete-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"replace-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"patch-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]},{"section":"create-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","subsections":[]}]}]},{"section":"componentstatus-v1-core","subsections":[{"section":"-strong-read-operations-componentstatus-v1-core-strong-","subsections":[{"section":"list-componentstatus-v1-core","subsections":[]},{"section":"read-componentstatus-v1-core","subsections":[]}]}]},{"section":"clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrolebinding-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrolebinding-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrolebinding-v1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"clusterrole-v1-rbac-authorization-k8s-io","subsections":[{"section":"-strong-read-operations-clusterrole-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"watch-list-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"watch-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"list-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"read-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-clusterrole-v1-rbac-authorization-k8s-io-strong-","subsections":[{"section":"delete-collection-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"delete-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"replace-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"patch-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]},{"section":"create-clusterrole-v1-rbac-authorization-k8s-io","subsections":[]}]}]},{"section":"certificatesigningrequest-v1-certificates-k8s-io","subsections":[{"section":"-strong-status-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","subsections":[{"section":"replace-status-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"read-status-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"patch-status-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","subsections":[{"section":"watch-list-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"watch-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"list-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"read-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","subsections":[{"section":"delete-collection-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"delete-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"replace-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"patch-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]},{"section":"create-certificatesigningrequest-v1-certificates-k8s-io","subsections":[]}]}]},{"section":"binding-v1-core","subsections":[{"section":"-strong-write-operations-binding-v1-core-strong-","subsections":[{"section":"create-binding-v1-core","subsections":[]}]}]},{"section":"apiservice-v1-apiregistration-k8s-io","subsections":[{"section":"-strong-status-operations-apiservice-v1-apiregistration-k8s-io-strong-","subsections":[{"section":"replace-status-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"read-status-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"patch-status-apiservice-v1-apiregistration-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-apiservice-v1-apiregistration-k8s-io-strong-","subsections":[{"section":"watch-list-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"watch-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"list-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"read-apiservice-v1-apiregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-apiservice-v1-apiregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"delete-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"replace-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"patch-apiservice-v1-apiregistration-k8s-io","subsections":[]},{"section":"create-apiservice-v1-apiregistration-k8s-io","subsections":[]}]}]},{"section":"-strong-cluster-apis-strong-","subsections":[]},{"section":"podsecuritypolicy-v1beta1-policy","subsections":[{"section":"-strong-read-operations-podsecuritypolicy-v1beta1-policy-strong-","subsections":[{"section":"watch-list-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"watch-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"list-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"read-podsecuritypolicy-v1beta1-policy","subsections":[]}]},{"section":"-strong-write-operations-podsecuritypolicy-v1beta1-policy-strong-","subsections":[{"section":"delete-collection-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"delete-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"replace-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"patch-podsecuritypolicy-v1beta1-policy","subsections":[]},{"section":"create-podsecuritypolicy-v1beta1-policy","subsections":[]}]}]},{"section":"priorityclass-v1-scheduling-k8s-io","subsections":[{"section":"-strong-read-operations-priorityclass-v1-scheduling-k8s-io-strong-","subsections":[{"section":"watch-list-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"watch-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"list-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"read-priorityclass-v1-scheduling-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-priorityclass-v1-scheduling-k8s-io-strong-","subsections":[{"section":"delete-collection-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"delete-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"replace-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"patch-priorityclass-v1-scheduling-k8s-io","subsections":[]},{"section":"create-priorityclass-v1-scheduling-k8s-io","subsections":[]}]}]},{"section":"poddisruptionbudget-v1-policy","subsections":[{"section":"-strong-status-operations-poddisruptionbudget-v1-policy-strong-","subsections":[{"section":"replace-status-poddisruptionbudget-v1-policy","subsections":[]},{"section":"read-status-poddisruptionbudget-v1-policy","subsections":[]},{"section":"patch-status-poddisruptionbudget-v1-policy","subsections":[]}]},{"section":"-strong-read-operations-poddisruptionbudget-v1-policy-strong-","subsections":[{"section":"watch-list-all-namespaces-poddisruptionbudget-v1-policy","subsections":[]},{"section":"watch-list-poddisruptionbudget-v1-policy","subsections":[]},{"section":"watch-poddisruptionbudget-v1-policy","subsections":[]},{"section":"list-all-namespaces-poddisruptionbudget-v1-policy","subsections":[]},{"section":"list-poddisruptionbudget-v1-policy","subsections":[]},{"section":"read-poddisruptionbudget-v1-policy","subsections":[]}]},{"section":"-strong-write-operations-poddisruptionbudget-v1-policy-strong-","subsections":[{"section":"delete-collection-poddisruptionbudget-v1-policy","subsections":[]},{"section":"delete-poddisruptionbudget-v1-policy","subsections":[]},{"section":"replace-poddisruptionbudget-v1-policy","subsections":[]},{"section":"patch-poddisruptionbudget-v1-policy","subsections":[]},{"section":"create-poddisruptionbudget-v1-policy","subsections":[]}]}]},{"section":"podtemplate-v1-core","subsections":[{"section":"-strong-read-operations-podtemplate-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-podtemplate-v1-core","subsections":[]},{"section":"watch-list-podtemplate-v1-core","subsections":[]},{"section":"watch-podtemplate-v1-core","subsections":[]},{"section":"list-all-namespaces-podtemplate-v1-core","subsections":[]},{"section":"list-podtemplate-v1-core","subsections":[]},{"section":"read-podtemplate-v1-core","subsections":[]}]},{"section":"-strong-write-operations-podtemplate-v1-core-strong-","subsections":[{"section":"delete-collection-podtemplate-v1-core","subsections":[]},{"section":"delete-podtemplate-v1-core","subsections":[]},{"section":"replace-podtemplate-v1-core","subsections":[]},{"section":"patch-podtemplate-v1-core","subsections":[]},{"section":"create-podtemplate-v1-core","subsections":[]}]}]},{"section":"validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[{"section":"-strong-read-operations-validatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","subsections":[{"section":"watch-list-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"watch-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"list-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"read-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-validatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"delete-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"replace-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"patch-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"create-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]}]}]},{"section":"mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[{"section":"-strong-read-operations-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","subsections":[{"section":"watch-list-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"watch-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"list-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"read-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","subsections":[{"section":"delete-collection-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"delete-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"replace-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"patch-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]},{"section":"create-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","subsections":[]}]}]},{"section":"horizontalpodautoscaler-v1-autoscaling","subsections":[{"section":"-strong-status-operations-horizontalpodautoscaler-v1-autoscaling-strong-","subsections":[{"section":"replace-status-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"read-status-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"patch-status-horizontalpodautoscaler-v1-autoscaling","subsections":[]}]},{"section":"-strong-read-operations-horizontalpodautoscaler-v1-autoscaling-strong-","subsections":[{"section":"watch-list-all-namespaces-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"watch-list-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"watch-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"list-all-namespaces-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"list-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"read-horizontalpodautoscaler-v1-autoscaling","subsections":[]}]},{"section":"-strong-write-operations-horizontalpodautoscaler-v1-autoscaling-strong-","subsections":[{"section":"delete-collection-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"delete-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"replace-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"patch-horizontalpodautoscaler-v1-autoscaling","subsections":[]},{"section":"create-horizontalpodautoscaler-v1-autoscaling","subsections":[]}]}]},{"section":"limitrange-v1-core","subsections":[{"section":"-strong-read-operations-limitrange-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-limitrange-v1-core","subsections":[]},{"section":"watch-list-limitrange-v1-core","subsections":[]},{"section":"watch-limitrange-v1-core","subsections":[]},{"section":"list-all-namespaces-limitrange-v1-core","subsections":[]},{"section":"list-limitrange-v1-core","subsections":[]},{"section":"read-limitrange-v1-core","subsections":[]}]},{"section":"-strong-write-operations-limitrange-v1-core-strong-","subsections":[{"section":"delete-collection-limitrange-v1-core","subsections":[]},{"section":"delete-limitrange-v1-core","subsections":[]},{"section":"replace-limitrange-v1-core","subsections":[]},{"section":"patch-limitrange-v1-core","subsections":[]},{"section":"create-limitrange-v1-core","subsections":[]}]}]},{"section":"event-v1-events-k8s-io","subsections":[{"section":"-strong-read-operations-event-v1-events-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-event-v1-events-k8s-io","subsections":[]},{"section":"watch-list-event-v1-events-k8s-io","subsections":[]},{"section":"watch-event-v1-events-k8s-io","subsections":[]},{"section":"list-all-namespaces-event-v1-events-k8s-io","subsections":[]},{"section":"list-event-v1-events-k8s-io","subsections":[]},{"section":"read-event-v1-events-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-event-v1-events-k8s-io-strong-","subsections":[{"section":"delete-collection-event-v1-events-k8s-io","subsections":[]},{"section":"delete-event-v1-events-k8s-io","subsections":[]},{"section":"replace-event-v1-events-k8s-io","subsections":[]},{"section":"patch-event-v1-events-k8s-io","subsections":[]},{"section":"create-event-v1-events-k8s-io","subsections":[]}]}]},{"section":"customresourcedefinition-v1-apiextensions-k8s-io","subsections":[{"section":"-strong-status-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","subsections":[{"section":"replace-status-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"read-status-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"patch-status-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","subsections":[{"section":"watch-list-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"watch-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"list-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"read-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","subsections":[{"section":"delete-collection-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"delete-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"replace-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"patch-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]},{"section":"create-customresourcedefinition-v1-apiextensions-k8s-io","subsections":[]}]}]},{"section":"controllerrevision-v1-apps","subsections":[{"section":"-strong-read-operations-controllerrevision-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-controllerrevision-v1-apps","subsections":[]},{"section":"watch-list-controllerrevision-v1-apps","subsections":[]},{"section":"watch-controllerrevision-v1-apps","subsections":[]},{"section":"list-all-namespaces-controllerrevision-v1-apps","subsections":[]},{"section":"list-controllerrevision-v1-apps","subsections":[]},{"section":"read-controllerrevision-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-controllerrevision-v1-apps-strong-","subsections":[{"section":"delete-collection-controllerrevision-v1-apps","subsections":[]},{"section":"delete-controllerrevision-v1-apps","subsections":[]},{"section":"replace-controllerrevision-v1-apps","subsections":[]},{"section":"patch-controllerrevision-v1-apps","subsections":[]},{"section":"create-controllerrevision-v1-apps","subsections":[]}]}]},{"section":"-strong-metadata-apis-strong-","subsections":[]},{"section":"volumeattachment-v1-storage-k8s-io","subsections":[{"section":"-strong-status-operations-volumeattachment-v1-storage-k8s-io-strong-","subsections":[{"section":"replace-status-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"read-status-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"patch-status-volumeattachment-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-volumeattachment-v1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"watch-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"list-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"read-volumeattachment-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-volumeattachment-v1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"delete-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"replace-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"patch-volumeattachment-v1-storage-k8s-io","subsections":[]},{"section":"create-volumeattachment-v1-storage-k8s-io","subsections":[]}]}]},{"section":"volume-v1-core","subsections":[]},{"section":"csistoragecapacity-v1beta1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-csistoragecapacity-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-csistoragecapacity-v1beta1-storage-k8s-io","subsections":[]},{"section":"watch-list-csistoragecapacity-v1beta1-storage-k8s-io","subsections":[]},{"section":"watch-csistoragecapacity-v1beta1-storage-k8s-io","subsections":[]},{"section":"list-all-namespaces-csistoragecapacity-v1beta1-storage-k8s-io","subsections":[]},{"section":"list-csistoragecapacity-v1beta1-storage-k8s-io","subsections":[]},{"section":"read-csistoragecapacity-v1beta1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-csistoragecapacity-v1beta1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-csistoragecapacity-v1beta1-storage-k8s-io","subsections":[]},{"section":"delete-csistoragecapacity-v1beta1-storage-k8s-io","subsections":[]},{"section":"replace-csistoragecapacity-v1beta1-storage-k8s-io","subsections":[]},{"section":"patch-csistoragecapacity-v1beta1-storage-k8s-io","subsections":[]},{"section":"create-csistoragecapacity-v1beta1-storage-k8s-io","subsections":[]}]}]},{"section":"storageclass-v1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-storageclass-v1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"watch-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"list-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"read-storageclass-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-storageclass-v1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"delete-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"replace-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"patch-storageclass-v1-storage-k8s-io","subsections":[]},{"section":"create-storageclass-v1-storage-k8s-io","subsections":[]}]}]},{"section":"persistentvolumeclaim-v1-core","subsections":[{"section":"-strong-status-operations-persistentvolumeclaim-v1-core-strong-","subsections":[{"section":"replace-status-persistentvolumeclaim-v1-core","subsections":[]},{"section":"read-status-persistentvolumeclaim-v1-core","subsections":[]},{"section":"patch-status-persistentvolumeclaim-v1-core","subsections":[]}]},{"section":"-strong-read-operations-persistentvolumeclaim-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-persistentvolumeclaim-v1-core","subsections":[]},{"section":"watch-list-persistentvolumeclaim-v1-core","subsections":[]},{"section":"watch-persistentvolumeclaim-v1-core","subsections":[]},{"section":"list-all-namespaces-persistentvolumeclaim-v1-core","subsections":[]},{"section":"list-persistentvolumeclaim-v1-core","subsections":[]},{"section":"read-persistentvolumeclaim-v1-core","subsections":[]}]},{"section":"-strong-write-operations-persistentvolumeclaim-v1-core-strong-","subsections":[{"section":"delete-collection-persistentvolumeclaim-v1-core","subsections":[]},{"section":"delete-persistentvolumeclaim-v1-core","subsections":[]},{"section":"replace-persistentvolumeclaim-v1-core","subsections":[]},{"section":"patch-persistentvolumeclaim-v1-core","subsections":[]},{"section":"create-persistentvolumeclaim-v1-core","subsections":[]}]}]},{"section":"secret-v1-core","subsections":[{"section":"-strong-read-operations-secret-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-secret-v1-core","subsections":[]},{"section":"watch-list-secret-v1-core","subsections":[]},{"section":"watch-secret-v1-core","subsections":[]},{"section":"list-all-namespaces-secret-v1-core","subsections":[]},{"section":"list-secret-v1-core","subsections":[]},{"section":"read-secret-v1-core","subsections":[]}]},{"section":"-strong-write-operations-secret-v1-core-strong-","subsections":[{"section":"delete-collection-secret-v1-core","subsections":[]},{"section":"delete-secret-v1-core","subsections":[]},{"section":"replace-secret-v1-core","subsections":[]},{"section":"patch-secret-v1-core","subsections":[]},{"section":"create-secret-v1-core","subsections":[]}]}]},{"section":"csinode-v1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-csinode-v1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-csinode-v1-storage-k8s-io","subsections":[]},{"section":"watch-csinode-v1-storage-k8s-io","subsections":[]},{"section":"list-csinode-v1-storage-k8s-io","subsections":[]},{"section":"read-csinode-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-csinode-v1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-csinode-v1-storage-k8s-io","subsections":[]},{"section":"delete-csinode-v1-storage-k8s-io","subsections":[]},{"section":"replace-csinode-v1-storage-k8s-io","subsections":[]},{"section":"patch-csinode-v1-storage-k8s-io","subsections":[]},{"section":"create-csinode-v1-storage-k8s-io","subsections":[]}]}]},{"section":"csidriver-v1-storage-k8s-io","subsections":[{"section":"-strong-read-operations-csidriver-v1-storage-k8s-io-strong-","subsections":[{"section":"watch-list-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"watch-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"list-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"read-csidriver-v1-storage-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-csidriver-v1-storage-k8s-io-strong-","subsections":[{"section":"delete-collection-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"delete-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"replace-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"patch-csidriver-v1-storage-k8s-io","subsections":[]},{"section":"create-csidriver-v1-storage-k8s-io","subsections":[]}]}]},{"section":"configmap-v1-core","subsections":[{"section":"-strong-read-operations-configmap-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-configmap-v1-core","subsections":[]},{"section":"watch-list-configmap-v1-core","subsections":[]},{"section":"watch-configmap-v1-core","subsections":[]},{"section":"list-all-namespaces-configmap-v1-core","subsections":[]},{"section":"list-configmap-v1-core","subsections":[]},{"section":"read-configmap-v1-core","subsections":[]}]},{"section":"-strong-write-operations-configmap-v1-core-strong-","subsections":[{"section":"delete-collection-configmap-v1-core","subsections":[]},{"section":"delete-configmap-v1-core","subsections":[]},{"section":"replace-configmap-v1-core","subsections":[]},{"section":"patch-configmap-v1-core","subsections":[]},{"section":"create-configmap-v1-core","subsections":[]}]}]},{"section":"-strong-config-and-storage-apis-strong-","subsections":[]},{"section":"service-v1-core","subsections":[{"section":"-strong-proxy-operations-service-v1-core-strong-","subsections":[{"section":"replace-connect-proxy-path-service-v1-core","subsections":[]},{"section":"replace-connect-proxy-service-v1-core","subsections":[]},{"section":"head-connect-proxy-path-service-v1-core","subsections":[]},{"section":"head-connect-proxy-service-v1-core","subsections":[]},{"section":"get-connect-proxy-path-service-v1-core","subsections":[]},{"section":"get-connect-proxy-service-v1-core","subsections":[]},{"section":"delete-connect-proxy-path-service-v1-core","subsections":[]},{"section":"delete-connect-proxy-service-v1-core","subsections":[]},{"section":"create-connect-proxy-path-service-v1-core","subsections":[]},{"section":"create-connect-proxy-service-v1-core","subsections":[]}]},{"section":"-strong-status-operations-service-v1-core-strong-","subsections":[{"section":"replace-status-service-v1-core","subsections":[]},{"section":"read-status-service-v1-core","subsections":[]},{"section":"patch-status-service-v1-core","subsections":[]}]},{"section":"-strong-read-operations-service-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-service-v1-core","subsections":[]},{"section":"watch-list-service-v1-core","subsections":[]},{"section":"watch-service-v1-core","subsections":[]},{"section":"list-all-namespaces-service-v1-core","subsections":[]},{"section":"list-service-v1-core","subsections":[]},{"section":"read-service-v1-core","subsections":[]}]},{"section":"-strong-write-operations-service-v1-core-strong-","subsections":[{"section":"delete-service-v1-core","subsections":[]},{"section":"replace-service-v1-core","subsections":[]},{"section":"patch-service-v1-core","subsections":[]},{"section":"create-service-v1-core","subsections":[]}]}]},{"section":"ingressclass-v1-networking-k8s-io","subsections":[{"section":"-strong-read-operations-ingressclass-v1-networking-k8s-io-strong-","subsections":[{"section":"watch-list-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"watch-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"list-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"read-ingressclass-v1-networking-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-ingressclass-v1-networking-k8s-io-strong-","subsections":[{"section":"delete-collection-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"delete-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"replace-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"patch-ingressclass-v1-networking-k8s-io","subsections":[]},{"section":"create-ingressclass-v1-networking-k8s-io","subsections":[]}]}]},{"section":"ingress-v1-networking-k8s-io","subsections":[{"section":"-strong-status-operations-ingress-v1-networking-k8s-io-strong-","subsections":[{"section":"replace-status-ingress-v1-networking-k8s-io","subsections":[]},{"section":"read-status-ingress-v1-networking-k8s-io","subsections":[]},{"section":"patch-status-ingress-v1-networking-k8s-io","subsections":[]}]},{"section":"-strong-read-operations-ingress-v1-networking-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-ingress-v1-networking-k8s-io","subsections":[]},{"section":"watch-list-ingress-v1-networking-k8s-io","subsections":[]},{"section":"watch-ingress-v1-networking-k8s-io","subsections":[]},{"section":"list-all-namespaces-ingress-v1-networking-k8s-io","subsections":[]},{"section":"list-ingress-v1-networking-k8s-io","subsections":[]},{"section":"read-ingress-v1-networking-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-ingress-v1-networking-k8s-io-strong-","subsections":[{"section":"delete-collection-ingress-v1-networking-k8s-io","subsections":[]},{"section":"delete-ingress-v1-networking-k8s-io","subsections":[]},{"section":"replace-ingress-v1-networking-k8s-io","subsections":[]},{"section":"patch-ingress-v1-networking-k8s-io","subsections":[]},{"section":"create-ingress-v1-networking-k8s-io","subsections":[]}]}]},{"section":"endpointslice-v1-discovery-k8s-io","subsections":[{"section":"-strong-read-operations-endpointslice-v1-discovery-k8s-io-strong-","subsections":[{"section":"watch-list-all-namespaces-endpointslice-v1-discovery-k8s-io","subsections":[]},{"section":"watch-list-endpointslice-v1-discovery-k8s-io","subsections":[]},{"section":"watch-endpointslice-v1-discovery-k8s-io","subsections":[]},{"section":"list-all-namespaces-endpointslice-v1-discovery-k8s-io","subsections":[]},{"section":"list-endpointslice-v1-discovery-k8s-io","subsections":[]},{"section":"read-endpointslice-v1-discovery-k8s-io","subsections":[]}]},{"section":"-strong-write-operations-endpointslice-v1-discovery-k8s-io-strong-","subsections":[{"section":"delete-collection-endpointslice-v1-discovery-k8s-io","subsections":[]},{"section":"delete-endpointslice-v1-discovery-k8s-io","subsections":[]},{"section":"replace-endpointslice-v1-discovery-k8s-io","subsections":[]},{"section":"patch-endpointslice-v1-discovery-k8s-io","subsections":[]},{"section":"create-endpointslice-v1-discovery-k8s-io","subsections":[]}]}]},{"section":"endpoints-v1-core","subsections":[{"section":"-strong-read-operations-endpoints-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-endpoints-v1-core","subsections":[]},{"section":"watch-list-endpoints-v1-core","subsections":[]},{"section":"watch-endpoints-v1-core","subsections":[]},{"section":"list-all-namespaces-endpoints-v1-core","subsections":[]},{"section":"list-endpoints-v1-core","subsections":[]},{"section":"read-endpoints-v1-core","subsections":[]}]},{"section":"-strong-write-operations-endpoints-v1-core-strong-","subsections":[{"section":"delete-collection-endpoints-v1-core","subsections":[]},{"section":"delete-endpoints-v1-core","subsections":[]},{"section":"replace-endpoints-v1-core","subsections":[]},{"section":"patch-endpoints-v1-core","subsections":[]},{"section":"create-endpoints-v1-core","subsections":[]}]}]},{"section":"-strong-service-apis-strong-","subsections":[]},{"section":"statefulset-v1-apps","subsections":[{"section":"-strong-misc-operations-statefulset-v1-apps-strong-","subsections":[{"section":"patch-scale-statefulset-v1-apps","subsections":[]},{"section":"replace-scale-statefulset-v1-apps","subsections":[]},{"section":"read-scale-statefulset-v1-apps","subsections":[]}]},{"section":"-strong-status-operations-statefulset-v1-apps-strong-","subsections":[{"section":"replace-status-statefulset-v1-apps","subsections":[]},{"section":"read-status-statefulset-v1-apps","subsections":[]},{"section":"patch-status-statefulset-v1-apps","subsections":[]}]},{"section":"-strong-read-operations-statefulset-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-statefulset-v1-apps","subsections":[]},{"section":"watch-list-statefulset-v1-apps","subsections":[]},{"section":"watch-statefulset-v1-apps","subsections":[]},{"section":"list-all-namespaces-statefulset-v1-apps","subsections":[]},{"section":"list-statefulset-v1-apps","subsections":[]},{"section":"read-statefulset-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-statefulset-v1-apps-strong-","subsections":[{"section":"delete-collection-statefulset-v1-apps","subsections":[]},{"section":"delete-statefulset-v1-apps","subsections":[]},{"section":"replace-statefulset-v1-apps","subsections":[]},{"section":"patch-statefulset-v1-apps","subsections":[]},{"section":"create-statefulset-v1-apps","subsections":[]}]}]},{"section":"replicationcontroller-v1-core","subsections":[{"section":"-strong-misc-operations-replicationcontroller-v1-core-strong-","subsections":[{"section":"patch-scale-replicationcontroller-v1-core","subsections":[]},{"section":"replace-scale-replicationcontroller-v1-core","subsections":[]},{"section":"read-scale-replicationcontroller-v1-core","subsections":[]}]},{"section":"-strong-status-operations-replicationcontroller-v1-core-strong-","subsections":[{"section":"replace-status-replicationcontroller-v1-core","subsections":[]},{"section":"read-status-replicationcontroller-v1-core","subsections":[]},{"section":"patch-status-replicationcontroller-v1-core","subsections":[]}]},{"section":"-strong-read-operations-replicationcontroller-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-replicationcontroller-v1-core","subsections":[]},{"section":"watch-list-replicationcontroller-v1-core","subsections":[]},{"section":"watch-replicationcontroller-v1-core","subsections":[]},{"section":"list-all-namespaces-replicationcontroller-v1-core","subsections":[]},{"section":"list-replicationcontroller-v1-core","subsections":[]},{"section":"read-replicationcontroller-v1-core","subsections":[]}]},{"section":"-strong-write-operations-replicationcontroller-v1-core-strong-","subsections":[{"section":"delete-collection-replicationcontroller-v1-core","subsections":[]},{"section":"delete-replicationcontroller-v1-core","subsections":[]},{"section":"replace-replicationcontroller-v1-core","subsections":[]},{"section":"patch-replicationcontroller-v1-core","subsections":[]},{"section":"create-replicationcontroller-v1-core","subsections":[]}]}]},{"section":"replicaset-v1-apps","subsections":[{"section":"-strong-misc-operations-replicaset-v1-apps-strong-","subsections":[{"section":"patch-scale-replicaset-v1-apps","subsections":[]},{"section":"replace-scale-replicaset-v1-apps","subsections":[]},{"section":"read-scale-replicaset-v1-apps","subsections":[]}]},{"section":"-strong-status-operations-replicaset-v1-apps-strong-","subsections":[{"section":"replace-status-replicaset-v1-apps","subsections":[]},{"section":"read-status-replicaset-v1-apps","subsections":[]},{"section":"patch-status-replicaset-v1-apps","subsections":[]}]},{"section":"-strong-read-operations-replicaset-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-replicaset-v1-apps","subsections":[]},{"section":"watch-list-replicaset-v1-apps","subsections":[]},{"section":"watch-replicaset-v1-apps","subsections":[]},{"section":"list-all-namespaces-replicaset-v1-apps","subsections":[]},{"section":"list-replicaset-v1-apps","subsections":[]},{"section":"read-replicaset-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-replicaset-v1-apps-strong-","subsections":[{"section":"delete-collection-replicaset-v1-apps","subsections":[]},{"section":"delete-replicaset-v1-apps","subsections":[]},{"section":"replace-replicaset-v1-apps","subsections":[]},{"section":"patch-replicaset-v1-apps","subsections":[]},{"section":"create-replicaset-v1-apps","subsections":[]}]}]},{"section":"pod-v1-core","subsections":[{"section":"-strong-misc-operations-pod-v1-core-strong-","subsections":[{"section":"read-log-pod-v1-core","subsections":[]}]},{"section":"-strong-proxy-operations-pod-v1-core-strong-","subsections":[{"section":"replace-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"replace-connect-proxy-pod-v1-core","subsections":[]},{"section":"head-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"head-connect-proxy-pod-v1-core","subsections":[]},{"section":"get-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"get-connect-proxy-pod-v1-core","subsections":[]},{"section":"get-connect-portforward-pod-v1-core","subsections":[]},{"section":"delete-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"delete-connect-proxy-pod-v1-core","subsections":[]},{"section":"create-connect-proxy-path-pod-v1-core","subsections":[]},{"section":"create-connect-proxy-pod-v1-core","subsections":[]},{"section":"create-connect-portforward-pod-v1-core","subsections":[]}]},{"section":"-strong-ephemeralcontainers-operations-pod-v1-core-strong-","subsections":[{"section":"replace-ephemeralcontainers-pod-v1-core","subsections":[]},{"section":"read-ephemeralcontainers-pod-v1-core","subsections":[]},{"section":"patch-ephemeralcontainers-pod-v1-core","subsections":[]}]},{"section":"-strong-status-operations-pod-v1-core-strong-","subsections":[{"section":"replace-status-pod-v1-core","subsections":[]},{"section":"read-status-pod-v1-core","subsections":[]},{"section":"patch-status-pod-v1-core","subsections":[]}]},{"section":"-strong-read-operations-pod-v1-core-strong-","subsections":[{"section":"watch-list-all-namespaces-pod-v1-core","subsections":[]},{"section":"watch-list-pod-v1-core","subsections":[]},{"section":"watch-pod-v1-core","subsections":[]},{"section":"list-all-namespaces-pod-v1-core","subsections":[]},{"section":"list-pod-v1-core","subsections":[]},{"section":"read-pod-v1-core","subsections":[]}]},{"section":"-strong-write-operations-pod-v1-core-strong-","subsections":[{"section":"delete-collection-pod-v1-core","subsections":[]},{"section":"delete-pod-v1-core","subsections":[]},{"section":"replace-pod-v1-core","subsections":[]},{"section":"patch-pod-v1-core","subsections":[]},{"section":"create-eviction-pod-v1-core","subsections":[]},{"section":"create-pod-v1-core","subsections":[]}]}]},{"section":"job-v1-batch","subsections":[{"section":"-strong-status-operations-job-v1-batch-strong-","subsections":[{"section":"replace-status-job-v1-batch","subsections":[]},{"section":"read-status-job-v1-batch","subsections":[]},{"section":"patch-status-job-v1-batch","subsections":[]}]},{"section":"-strong-read-operations-job-v1-batch-strong-","subsections":[{"section":"watch-list-all-namespaces-job-v1-batch","subsections":[]},{"section":"watch-list-job-v1-batch","subsections":[]},{"section":"watch-job-v1-batch","subsections":[]},{"section":"list-all-namespaces-job-v1-batch","subsections":[]},{"section":"list-job-v1-batch","subsections":[]},{"section":"read-job-v1-batch","subsections":[]}]},{"section":"-strong-write-operations-job-v1-batch-strong-","subsections":[{"section":"delete-collection-job-v1-batch","subsections":[]},{"section":"delete-job-v1-batch","subsections":[]},{"section":"replace-job-v1-batch","subsections":[]},{"section":"patch-job-v1-batch","subsections":[]},{"section":"create-job-v1-batch","subsections":[]}]}]},{"section":"deployment-v1-apps","subsections":[{"section":"-strong-misc-operations-deployment-v1-apps-strong-","subsections":[{"section":"patch-scale-deployment-v1-apps","subsections":[]},{"section":"replace-scale-deployment-v1-apps","subsections":[]},{"section":"read-scale-deployment-v1-apps","subsections":[]}]},{"section":"-strong-status-operations-deployment-v1-apps-strong-","subsections":[{"section":"replace-status-deployment-v1-apps","subsections":[]},{"section":"read-status-deployment-v1-apps","subsections":[]},{"section":"patch-status-deployment-v1-apps","subsections":[]}]},{"section":"-strong-read-operations-deployment-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-deployment-v1-apps","subsections":[]},{"section":"watch-list-deployment-v1-apps","subsections":[]},{"section":"watch-deployment-v1-apps","subsections":[]},{"section":"list-all-namespaces-deployment-v1-apps","subsections":[]},{"section":"list-deployment-v1-apps","subsections":[]},{"section":"read-deployment-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-deployment-v1-apps-strong-","subsections":[{"section":"delete-collection-deployment-v1-apps","subsections":[]},{"section":"delete-deployment-v1-apps","subsections":[]},{"section":"replace-deployment-v1-apps","subsections":[]},{"section":"patch-deployment-v1-apps","subsections":[]},{"section":"create-deployment-v1-apps","subsections":[]}]}]},{"section":"daemonset-v1-apps","subsections":[{"section":"-strong-status-operations-daemonset-v1-apps-strong-","subsections":[{"section":"replace-status-daemonset-v1-apps","subsections":[]},{"section":"read-status-daemonset-v1-apps","subsections":[]},{"section":"patch-status-daemonset-v1-apps","subsections":[]}]},{"section":"-strong-read-operations-daemonset-v1-apps-strong-","subsections":[{"section":"watch-list-all-namespaces-daemonset-v1-apps","subsections":[]},{"section":"watch-list-daemonset-v1-apps","subsections":[]},{"section":"watch-daemonset-v1-apps","subsections":[]},{"section":"list-all-namespaces-daemonset-v1-apps","subsections":[]},{"section":"list-daemonset-v1-apps","subsections":[]},{"section":"read-daemonset-v1-apps","subsections":[]}]},{"section":"-strong-write-operations-daemonset-v1-apps-strong-","subsections":[{"section":"delete-collection-daemonset-v1-apps","subsections":[]},{"section":"delete-daemonset-v1-apps","subsections":[]},{"section":"replace-daemonset-v1-apps","subsections":[]},{"section":"patch-daemonset-v1-apps","subsections":[]},{"section":"create-daemonset-v1-apps","subsections":[]}]}]},{"section":"cronjob-v1-batch","subsections":[{"section":"-strong-status-operations-cronjob-v1-batch-strong-","subsections":[{"section":"replace-status-cronjob-v1-batch","subsections":[]},{"section":"read-status-cronjob-v1-batch","subsections":[]},{"section":"patch-status-cronjob-v1-batch","subsections":[]}]},{"section":"-strong-read-operations-cronjob-v1-batch-strong-","subsections":[{"section":"watch-list-all-namespaces-cronjob-v1-batch","subsections":[]},{"section":"watch-list-cronjob-v1-batch","subsections":[]},{"section":"watch-cronjob-v1-batch","subsections":[]},{"section":"list-all-namespaces-cronjob-v1-batch","subsections":[]},{"section":"list-cronjob-v1-batch","subsections":[]},{"section":"read-cronjob-v1-batch","subsections":[]}]},{"section":"-strong-write-operations-cronjob-v1-batch-strong-","subsections":[{"section":"delete-collection-cronjob-v1-batch","subsections":[]},{"section":"delete-cronjob-v1-batch","subsections":[]},{"section":"replace-cronjob-v1-batch","subsections":[]},{"section":"patch-cronjob-v1-batch","subsections":[]},{"section":"create-cronjob-v1-batch","subsections":[]}]}]},{"section":"container-v1-core","subsections":[]},{"section":"-strong-workloads-apis-strong-","subsections":[]},{"section":"-strong-api-groups-strong-","subsections":[]},{"section":"-strong-api-overview-strong-","subsections":[]}],"flatToc":["webhookclientconfig-v1-apiextensions-k8s-io","volumeerror-v1alpha1-storage-k8s-io","volumeattachmentsource-v1alpha1-storage-k8s-io","watch-list-volumeattachment-v1alpha1-storage-k8s-io","watch-volumeattachment-v1alpha1-storage-k8s-io","list-volumeattachment-v1alpha1-storage-k8s-io","read-volumeattachment-v1alpha1-storage-k8s-io","-strong-read-operations-volumeattachment-v1alpha1-storage-k8s-io-strong-","delete-collection-volumeattachment-v1alpha1-storage-k8s-io","delete-volumeattachment-v1alpha1-storage-k8s-io","replace-volumeattachment-v1alpha1-storage-k8s-io","patch-volumeattachment-v1alpha1-storage-k8s-io","create-volumeattachment-v1alpha1-storage-k8s-io","-strong-write-operations-volumeattachment-v1alpha1-storage-k8s-io-strong-","volumeattachment-v1alpha1-storage-k8s-io","tokenrequest-v1-storage-k8s-io","subject-v1alpha1-rbac-authorization-k8s-io","subject-v1-rbac-authorization-k8s-io","servicereference-v1-apiregistration-k8s-io","servicereference-v1-apiextensions-k8s-io","scheduling-v1alpha1-node-k8s-io","scheduling-v1beta1-node-k8s-io","watch-list-runtimeclass-v1alpha1-node-k8s-io","watch-runtimeclass-v1alpha1-node-k8s-io","list-runtimeclass-v1alpha1-node-k8s-io","read-runtimeclass-v1alpha1-node-k8s-io","-strong-read-operations-runtimeclass-v1alpha1-node-k8s-io-strong-","delete-collection-runtimeclass-v1alpha1-node-k8s-io","delete-runtimeclass-v1alpha1-node-k8s-io","replace-runtimeclass-v1alpha1-node-k8s-io","patch-runtimeclass-v1alpha1-node-k8s-io","create-runtimeclass-v1alpha1-node-k8s-io","-strong-write-operations-runtimeclass-v1alpha1-node-k8s-io-strong-","runtimeclass-v1alpha1-node-k8s-io","watch-list-runtimeclass-v1beta1-node-k8s-io","watch-runtimeclass-v1beta1-node-k8s-io","list-runtimeclass-v1beta1-node-k8s-io","read-runtimeclass-v1beta1-node-k8s-io","-strong-read-operations-runtimeclass-v1beta1-node-k8s-io-strong-","delete-collection-runtimeclass-v1beta1-node-k8s-io","delete-runtimeclass-v1beta1-node-k8s-io","replace-runtimeclass-v1beta1-node-k8s-io","patch-runtimeclass-v1beta1-node-k8s-io","create-runtimeclass-v1beta1-node-k8s-io","-strong-write-operations-runtimeclass-v1beta1-node-k8s-io-strong-","runtimeclass-v1beta1-node-k8s-io","roleref-v1alpha1-rbac-authorization-k8s-io","watch-list-all-namespaces-rolebinding-v1alpha1-rbac-authorization-k8s-io","watch-list-rolebinding-v1alpha1-rbac-authorization-k8s-io","watch-rolebinding-v1alpha1-rbac-authorization-k8s-io","list-all-namespaces-rolebinding-v1alpha1-rbac-authorization-k8s-io","list-rolebinding-v1alpha1-rbac-authorization-k8s-io","read-rolebinding-v1alpha1-rbac-authorization-k8s-io","-strong-read-operations-rolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","delete-collection-rolebinding-v1alpha1-rbac-authorization-k8s-io","delete-rolebinding-v1alpha1-rbac-authorization-k8s-io","replace-rolebinding-v1alpha1-rbac-authorization-k8s-io","patch-rolebinding-v1alpha1-rbac-authorization-k8s-io","create-rolebinding-v1alpha1-rbac-authorization-k8s-io","-strong-write-operations-rolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","rolebinding-v1alpha1-rbac-authorization-k8s-io","watch-list-all-namespaces-role-v1alpha1-rbac-authorization-k8s-io","watch-list-role-v1alpha1-rbac-authorization-k8s-io","watch-role-v1alpha1-rbac-authorization-k8s-io","list-all-namespaces-role-v1alpha1-rbac-authorization-k8s-io","list-role-v1alpha1-rbac-authorization-k8s-io","read-role-v1alpha1-rbac-authorization-k8s-io","-strong-read-operations-role-v1alpha1-rbac-authorization-k8s-io-strong-","delete-collection-role-v1alpha1-rbac-authorization-k8s-io","delete-role-v1alpha1-rbac-authorization-k8s-io","replace-role-v1alpha1-rbac-authorization-k8s-io","patch-role-v1alpha1-rbac-authorization-k8s-io","create-role-v1alpha1-rbac-authorization-k8s-io","-strong-write-operations-role-v1alpha1-rbac-authorization-k8s-io-strong-","role-v1alpha1-rbac-authorization-k8s-io","resourcemetricstatus-v2beta1-autoscaling","resourcemetricsource-v2beta1-autoscaling","watch-list-priorityclass-v1alpha1-scheduling-k8s-io","watch-priorityclass-v1alpha1-scheduling-k8s-io","list-priorityclass-v1alpha1-scheduling-k8s-io","read-priorityclass-v1alpha1-scheduling-k8s-io","-strong-read-operations-priorityclass-v1alpha1-scheduling-k8s-io-strong-","delete-collection-priorityclass-v1alpha1-scheduling-k8s-io","delete-priorityclass-v1alpha1-scheduling-k8s-io","replace-priorityclass-v1alpha1-scheduling-k8s-io","patch-priorityclass-v1alpha1-scheduling-k8s-io","create-priorityclass-v1alpha1-scheduling-k8s-io","-strong-write-operations-priorityclass-v1alpha1-scheduling-k8s-io-strong-","priorityclass-v1alpha1-scheduling-k8s-io","policyrule-v1alpha1-rbac-authorization-k8s-io","podsmetricstatus-v2beta1-autoscaling","podsmetricsource-v2beta1-autoscaling","replace-status-poddisruptionbudget-v1beta1-policy","read-status-poddisruptionbudget-v1beta1-policy","patch-status-poddisruptionbudget-v1beta1-policy","-strong-status-operations-poddisruptionbudget-v1beta1-policy-strong-","watch-list-all-namespaces-poddisruptionbudget-v1beta1-policy","watch-list-poddisruptionbudget-v1beta1-policy","watch-poddisruptionbudget-v1beta1-policy","list-all-namespaces-poddisruptionbudget-v1beta1-policy","list-poddisruptionbudget-v1beta1-policy","read-poddisruptionbudget-v1beta1-policy","-strong-read-operations-poddisruptionbudget-v1beta1-policy-strong-","delete-collection-poddisruptionbudget-v1beta1-policy","delete-poddisruptionbudget-v1beta1-policy","replace-poddisruptionbudget-v1beta1-policy","patch-poddisruptionbudget-v1beta1-policy","create-poddisruptionbudget-v1beta1-policy","-strong-write-operations-poddisruptionbudget-v1beta1-policy-strong-","poddisruptionbudget-v1beta1-policy","overhead-v1alpha1-node-k8s-io","overhead-v1beta1-node-k8s-io","objectmetricstatus-v2beta1-autoscaling","objectmetricsource-v2beta1-autoscaling","metricstatus-v2beta1-autoscaling","metricspec-v2beta1-autoscaling","jobtemplatespec-v1beta1-batch","horizontalpodautoscalercondition-v2beta1-autoscaling","replace-status-horizontalpodautoscaler-v2beta1-autoscaling","read-status-horizontalpodautoscaler-v2beta1-autoscaling","patch-status-horizontalpodautoscaler-v2beta1-autoscaling","-strong-status-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","watch-list-all-namespaces-horizontalpodautoscaler-v2beta1-autoscaling","watch-list-horizontalpodautoscaler-v2beta1-autoscaling","watch-horizontalpodautoscaler-v2beta1-autoscaling","list-all-namespaces-horizontalpodautoscaler-v2beta1-autoscaling","list-horizontalpodautoscaler-v2beta1-autoscaling","read-horizontalpodautoscaler-v2beta1-autoscaling","-strong-read-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","delete-collection-horizontalpodautoscaler-v2beta1-autoscaling","delete-horizontalpodautoscaler-v2beta1-autoscaling","replace-horizontalpodautoscaler-v2beta1-autoscaling","patch-horizontalpodautoscaler-v2beta1-autoscaling","create-horizontalpodautoscaler-v2beta1-autoscaling","-strong-write-operations-horizontalpodautoscaler-v2beta1-autoscaling-strong-","horizontalpodautoscaler-v2beta1-autoscaling","replace-status-horizontalpodautoscaler-v2beta2-autoscaling","read-status-horizontalpodautoscaler-v2beta2-autoscaling","patch-status-horizontalpodautoscaler-v2beta2-autoscaling","-strong-status-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","watch-list-all-namespaces-horizontalpodautoscaler-v2beta2-autoscaling","watch-list-horizontalpodautoscaler-v2beta2-autoscaling","watch-horizontalpodautoscaler-v2beta2-autoscaling","list-all-namespaces-horizontalpodautoscaler-v2beta2-autoscaling","list-horizontalpodautoscaler-v2beta2-autoscaling","read-horizontalpodautoscaler-v2beta2-autoscaling","-strong-read-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","delete-collection-horizontalpodautoscaler-v2beta2-autoscaling","delete-horizontalpodautoscaler-v2beta2-autoscaling","replace-horizontalpodautoscaler-v2beta2-autoscaling","patch-horizontalpodautoscaler-v2beta2-autoscaling","create-horizontalpodautoscaler-v2beta2-autoscaling","-strong-write-operations-horizontalpodautoscaler-v2beta2-autoscaling-strong-","horizontalpodautoscaler-v2beta2-autoscaling","forzone-v1beta1-discovery-k8s-io","externalmetricstatus-v2beta1-autoscaling","externalmetricsource-v2beta1-autoscaling","eventseries-v1beta1-events-k8s-io","eventseries-v1-core","watch-list-all-namespaces-event-v1beta1-events-k8s-io","watch-list-event-v1beta1-events-k8s-io","watch-event-v1beta1-events-k8s-io","list-all-namespaces-event-v1beta1-events-k8s-io","list-event-v1beta1-events-k8s-io","read-event-v1beta1-events-k8s-io","-strong-read-operations-event-v1beta1-events-k8s-io-strong-","delete-collection-event-v1beta1-events-k8s-io","delete-event-v1beta1-events-k8s-io","replace-event-v1beta1-events-k8s-io","patch-event-v1beta1-events-k8s-io","create-event-v1beta1-events-k8s-io","-strong-write-operations-event-v1beta1-events-k8s-io-strong-","event-v1beta1-events-k8s-io","watch-list-all-namespaces-event-v1-core","watch-list-event-v1-core","watch-event-v1-core","list-all-namespaces-event-v1-core","list-event-v1-core","read-event-v1-core","-strong-read-operations-event-v1-core-strong-","delete-collection-event-v1-core","delete-event-v1-core","replace-event-v1-core","patch-event-v1-core","create-event-v1-core","-strong-write-operations-event-v1-core-strong-","event-v1-core","watch-list-all-namespaces-endpointslice-v1beta1-discovery-k8s-io","watch-list-endpointslice-v1beta1-discovery-k8s-io","watch-endpointslice-v1beta1-discovery-k8s-io","list-all-namespaces-endpointslice-v1beta1-discovery-k8s-io","list-endpointslice-v1beta1-discovery-k8s-io","read-endpointslice-v1beta1-discovery-k8s-io","-strong-read-operations-endpointslice-v1beta1-discovery-k8s-io-strong-","delete-collection-endpointslice-v1beta1-discovery-k8s-io","delete-endpointslice-v1beta1-discovery-k8s-io","replace-endpointslice-v1beta1-discovery-k8s-io","patch-endpointslice-v1beta1-discovery-k8s-io","create-endpointslice-v1beta1-discovery-k8s-io","-strong-write-operations-endpointslice-v1beta1-discovery-k8s-io-strong-","endpointslice-v1beta1-discovery-k8s-io","endpointport-v1beta1-discovery-k8s-io","endpointport-v1-discovery-k8s-io","endpointhints-v1beta1-discovery-k8s-io","endpointconditions-v1beta1-discovery-k8s-io","endpoint-v1beta1-discovery-k8s-io","crossversionobjectreference-v2beta1-autoscaling","crossversionobjectreference-v2beta2-autoscaling","replace-status-cronjob-v1beta1-batch","read-status-cronjob-v1beta1-batch","patch-status-cronjob-v1beta1-batch","-strong-status-operations-cronjob-v1beta1-batch-strong-","watch-list-all-namespaces-cronjob-v1beta1-batch","watch-list-cronjob-v1beta1-batch","watch-cronjob-v1beta1-batch","list-all-namespaces-cronjob-v1beta1-batch","list-cronjob-v1beta1-batch","read-cronjob-v1beta1-batch","-strong-read-operations-cronjob-v1beta1-batch-strong-","delete-collection-cronjob-v1beta1-batch","delete-cronjob-v1beta1-batch","replace-cronjob-v1beta1-batch","patch-cronjob-v1beta1-batch","create-cronjob-v1beta1-batch","-strong-write-operations-cronjob-v1beta1-batch-strong-","cronjob-v1beta1-batch","containerresourcemetricstatus-v2beta1-autoscaling","containerresourcemetricsource-v2beta1-autoscaling","watch-list-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","watch-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","list-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","read-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","-strong-read-operations-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","delete-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","replace-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","patch-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","create-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","-strong-write-operations-clusterrolebinding-v1alpha1-rbac-authorization-k8s-io-strong-","clusterrolebinding-v1alpha1-rbac-authorization-k8s-io","watch-list-clusterrole-v1alpha1-rbac-authorization-k8s-io","watch-clusterrole-v1alpha1-rbac-authorization-k8s-io","list-clusterrole-v1alpha1-rbac-authorization-k8s-io","read-clusterrole-v1alpha1-rbac-authorization-k8s-io","-strong-read-operations-clusterrole-v1alpha1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrole-v1alpha1-rbac-authorization-k8s-io","delete-clusterrole-v1alpha1-rbac-authorization-k8s-io","replace-clusterrole-v1alpha1-rbac-authorization-k8s-io","patch-clusterrole-v1alpha1-rbac-authorization-k8s-io","create-clusterrole-v1alpha1-rbac-authorization-k8s-io","-strong-write-operations-clusterrole-v1alpha1-rbac-authorization-k8s-io-strong-","clusterrole-v1alpha1-rbac-authorization-k8s-io","watch-list-all-namespaces-csistoragecapacity-v1alpha1-storage-k8s-io","watch-list-csistoragecapacity-v1alpha1-storage-k8s-io","watch-csistoragecapacity-v1alpha1-storage-k8s-io","list-all-namespaces-csistoragecapacity-v1alpha1-storage-k8s-io","list-csistoragecapacity-v1alpha1-storage-k8s-io","read-csistoragecapacity-v1alpha1-storage-k8s-io","-strong-read-operations-csistoragecapacity-v1alpha1-storage-k8s-io-strong-","delete-collection-csistoragecapacity-v1alpha1-storage-k8s-io","delete-csistoragecapacity-v1alpha1-storage-k8s-io","replace-csistoragecapacity-v1alpha1-storage-k8s-io","patch-csistoragecapacity-v1alpha1-storage-k8s-io","create-csistoragecapacity-v1alpha1-storage-k8s-io","-strong-write-operations-csistoragecapacity-v1alpha1-storage-k8s-io-strong-","csistoragecapacity-v1alpha1-storage-k8s-io","aggregationrule-v1alpha1-rbac-authorization-k8s-io","-strong-old-api-versions-strong-","windowssecuritycontextoptions-v1-core","weightedpodaffinityterm-v1-core","webhookconversion-v1-apiextensions-k8s-io","webhookclientconfig-v1-admissionregistration-k8s-io","watchevent-v1-meta","vspherevirtualdiskvolumesource-v1-core","volumeprojection-v1-core","volumenoderesources-v1-storage-k8s-io","volumenodeaffinity-v1-core","volumemount-v1-core","volumeerror-v1-storage-k8s-io","volumedevice-v1-core","volumeattachmentsource-v1-storage-k8s-io","validatingwebhook-v1-admissionregistration-k8s-io","usersubject-v1beta1-flowcontrol-apiserver-k8s-io","userinfo-v1-authentication-k8s-io","uncountedterminatedpods-v1-batch","typedlocalobjectreference-v1-core","topologyspreadconstraint-v1-core","topologyselectorterm-v1-core","topologyselectorlabelrequirement-v1-core","toleration-v1-core","time-v1-meta","taint-v1-core","tcpsocketaction-v1-core","sysctl-v1-core","supplementalgroupsstrategyoptions-v1beta1-policy","subjectrulesreviewstatus-v1-authorization-k8s-io","subject-v1beta1-flowcontrol-apiserver-k8s-io","storageversioncondition-v1alpha1-internal-apiserver-k8s-io","storageosvolumesource-v1-core","storageospersistentvolumesource-v1-core","statusdetails-v1-meta","statuscause-v1-meta","status-v1-meta","statefulsetupdatestrategy-v1-apps","statefulsetcondition-v1-apps","sessionaffinityconfig-v1-core","servicereference-v1-admissionregistration-k8s-io","serviceport-v1-core","servicebackendport-v1-networking-k8s-io","serviceaccounttokenprojection-v1-core","serviceaccountsubject-v1beta1-flowcontrol-apiserver-k8s-io","serverstorageversion-v1alpha1-internal-apiserver-k8s-io","serveraddressbyclientcidr-v1-meta","securitycontext-v1-core","secretvolumesource-v1-core","secretreference-v1-core","secretprojection-v1-core","secretkeyselector-v1-core","secretenvsource-v1-core","seccompprofile-v1-core","scopedresourceselectorrequirement-v1-core","scopeselector-v1-core","scheduling-v1-node-k8s-io","scaleiovolumesource-v1-core","scaleiopersistentvolumesource-v1-core","scale-v1-autoscaling","selinuxstrategyoptions-v1beta1-policy","selinuxoptions-v1-core","runtimeclassstrategyoptions-v1beta1-policy","runasuserstrategyoptions-v1beta1-policy","runasgroupstrategyoptions-v1beta1-policy","rulewithoperations-v1-admissionregistration-k8s-io","rollingupdatestatefulsetstrategy-v1-apps","roleref-v1-rbac-authorization-k8s-io","resourcerule-v1-authorization-k8s-io","resourcerequirements-v1-core","resourcepolicyrule-v1beta1-flowcontrol-apiserver-k8s-io","resourcemetricstatus-v2beta2-autoscaling","resourcemetricsource-v2beta2-autoscaling","resourcefieldselector-v1-core","resourceattributes-v1-authorization-k8s-io","replicationcontrollercondition-v1-core","replicasetcondition-v1-apps","rbdvolumesource-v1-core","rbdpersistentvolumesource-v1-core","quobytevolumesource-v1-core","queuingconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","quantity-resource-core","projectedvolumesource-v1-core","probe-v1-core","prioritylevelconfigurationreference-v1beta1-flowcontrol-apiserver-k8s-io","prioritylevelconfigurationcondition-v1beta1-flowcontrol-apiserver-k8s-io","preferredschedulingterm-v1-core","preconditions-v1-meta","portworxvolumesource-v1-core","portstatus-v1-core","policyruleswithsubjects-v1beta1-flowcontrol-apiserver-k8s-io","policyrule-v1-rbac-authorization-k8s-io","podsmetricstatus-v2beta2-autoscaling","podsmetricsource-v2beta2-autoscaling","podsecuritycontext-v1-core","podreadinessgate-v1-core","podip-v1-core","poddnsconfigoption-v1-core","poddnsconfig-v1-core","podcondition-v1-core","podantiaffinity-v1-core","podaffinityterm-v1-core","podaffinity-v1-core","photonpersistentdiskvolumesource-v1-core","persistentvolumeclaimvolumesource-v1-core","persistentvolumeclaimtemplate-v1-core","persistentvolumeclaimcondition-v1-core","patch-v1-meta","ownerreference-v1-meta","overhead-v1-node-k8s-io","objectreference-v1-core","objectmetricstatus-v2beta2-autoscaling","objectmetricsource-v2beta2-autoscaling","objectmeta-v1-meta","objectfieldselector-v1-core","nonresourcerule-v1-authorization-k8s-io","nonresourcepolicyrule-v1beta1-flowcontrol-apiserver-k8s-io","nonresourceattributes-v1-authorization-k8s-io","nodesysteminfo-v1-core","nodeselectorterm-v1-core","nodeselectorrequirement-v1-core","nodeselector-v1-core","nodedaemonendpoints-v1-core","nodeconfigstatus-v1-core","nodeconfigsource-v1-core","nodecondition-v1-core","nodeaffinity-v1-core","nodeaddress-v1-core","networkpolicyport-v1-networking-k8s-io","networkpolicypeer-v1-networking-k8s-io","networkpolicyingressrule-v1-networking-k8s-io","networkpolicyegressrule-v1-networking-k8s-io","namespacecondition-v1-core","nfsvolumesource-v1-core","mutatingwebhook-v1-admissionregistration-k8s-io","microtime-v1-meta","metricvaluestatus-v2beta2-autoscaling","metrictarget-v2beta2-autoscaling","metricstatus-v2beta2-autoscaling","metricspec-v2beta2-autoscaling","metricidentifier-v2beta2-autoscaling","managedfieldsentry-v1-meta","localvolumesource-v1-core","localobjectreference-v1-core","loadbalancerstatus-v1-core","loadbalanceringress-v1-core","listmeta-v1-meta","limitedprioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","limitresponse-v1beta1-flowcontrol-apiserver-k8s-io","limitrangeitem-v1-core","lifecycle-v1-core","labelselectorrequirement-v1-meta","labelselector-v1-meta","keytopath-v1-core","jobtemplatespec-v1-batch","jobcondition-v1-batch","jsonschemapropsorbool-v1-apiextensions-k8s-io","jsonschemapropsorarray-v1-apiextensions-k8s-io","jsonschemaprops-v1-apiextensions-k8s-io","json-v1-apiextensions-k8s-io","ingresstls-v1-networking-k8s-io","ingressservicebackend-v1-networking-k8s-io","ingressrule-v1-networking-k8s-io","ingressclassparametersreference-v1-networking-k8s-io","ingressbackend-v1-networking-k8s-io","iscsivolumesource-v1-core","iscsipersistentvolumesource-v1-core","ipblock-v1-networking-k8s-io","idrange-v1beta1-policy","hostportrange-v1beta1-policy","hostpathvolumesource-v1-core","hostalias-v1-core","horizontalpodautoscalercondition-v2beta2-autoscaling","horizontalpodautoscalerbehavior-v2beta2-autoscaling","handler-v1-core","httpingressrulevalue-v1-networking-k8s-io","httpingresspath-v1-networking-k8s-io","httpheader-v1-core","httpgetaction-v1-core","hpascalingrules-v2beta2-autoscaling","hpascalingpolicy-v2beta2-autoscaling","groupversionfordiscovery-v1-meta","groupsubject-v1beta1-flowcontrol-apiserver-k8s-io","glusterfsvolumesource-v1-core","glusterfspersistentvolumesource-v1-core","gitrepovolumesource-v1-core","gcepersistentdiskvolumesource-v1-core","forzone-v1-discovery-k8s-io","flowschemacondition-v1beta1-flowcontrol-apiserver-k8s-io","flowdistinguishermethod-v1beta1-flowcontrol-apiserver-k8s-io","flockervolumesource-v1-core","flexvolumesource-v1-core","flexpersistentvolumesource-v1-core","fieldsv1-v1-meta","fsgroupstrategyoptions-v1beta1-policy","fcvolumesource-v1-core","externalmetricstatus-v2beta2-autoscaling","externalmetricsource-v2beta2-autoscaling","externaldocumentation-v1-apiextensions-k8s-io","execaction-v1-core","eviction-v1-policy","eventsource-v1-core","eventseries-v1-events-k8s-io","ephemeralvolumesource-v1-core","ephemeralcontainer-v1-core","envvarsource-v1-core","envvar-v1-core","envfromsource-v1-core","endpointsubset-v1-core","endpointport-v1-core","endpointhints-v1-discovery-k8s-io","endpointconditions-v1-discovery-k8s-io","endpointaddress-v1-core","endpoint-v1-discovery-k8s-io","emptydirvolumesource-v1-core","downwardapivolumesource-v1-core","downwardapivolumefile-v1-core","downwardapiprojection-v1-core","deploymentcondition-v1-apps","deleteoptions-v1-meta","daemonsetupdatestrategy-v1-apps","daemonsetcondition-v1-apps","daemonendpoint-v1-core","customresourcevalidation-v1-apiextensions-k8s-io","customresourcesubresources-v1-apiextensions-k8s-io","customresourcesubresourcestatus-v1-apiextensions-k8s-io","customresourcesubresourcescale-v1-apiextensions-k8s-io","customresourcedefinitionversion-v1-apiextensions-k8s-io","customresourcedefinitionnames-v1-apiextensions-k8s-io","customresourcedefinitioncondition-v1-apiextensions-k8s-io","customresourceconversion-v1-apiextensions-k8s-io","customresourcecolumndefinition-v1-apiextensions-k8s-io","crossversionobjectreference-v1-autoscaling","containerstatewaiting-v1-core","containerstateterminated-v1-core","containerstaterunning-v1-core","containerstate-v1-core","containerresourcemetricstatus-v2beta2-autoscaling","containerresourcemetricsource-v2beta2-autoscaling","containerport-v1-core","containerimage-v1-core","configmapvolumesource-v1-core","configmapprojection-v1-core","configmapnodeconfigsource-v1-core","configmapkeyselector-v1-core","configmapenvsource-v1-core","condition-v1-meta","componentcondition-v1-core","clientipconfig-v1-core","cindervolumesource-v1-core","cinderpersistentvolumesource-v1-core","certificatesigningrequestcondition-v1-certificates-k8s-io","cephfsvolumesource-v1-core","cephfspersistentvolumesource-v1-core","capabilities-v1-core","csivolumesource-v1-core","csipersistentvolumesource-v1-core","csinodedriver-v1-storage-k8s-io","boundobjectreference-v1-authentication-k8s-io","azurefilevolumesource-v1-core","azurefilepersistentvolumesource-v1-core","azurediskvolumesource-v1-core","attachedvolume-v1-core","allowedhostpath-v1beta1-policy","allowedflexvolume-v1beta1-policy","allowedcsidriver-v1beta1-policy","aggregationrule-v1-rbac-authorization-k8s-io","affinity-v1-core","awselasticblockstorevolumesource-v1-core","apiversions-v1-meta","apiservicecondition-v1-apiregistration-k8s-io","apiresource-v1-meta","apigroup-v1-meta","-strong-definitions-strong-","watch-list-all-namespaces-networkpolicy-v1-networking-k8s-io","watch-list-networkpolicy-v1-networking-k8s-io","watch-networkpolicy-v1-networking-k8s-io","list-all-namespaces-networkpolicy-v1-networking-k8s-io","list-networkpolicy-v1-networking-k8s-io","read-networkpolicy-v1-networking-k8s-io","-strong-read-operations-networkpolicy-v1-networking-k8s-io-strong-","delete-collection-networkpolicy-v1-networking-k8s-io","delete-networkpolicy-v1-networking-k8s-io","replace-networkpolicy-v1-networking-k8s-io","patch-networkpolicy-v1-networking-k8s-io","create-networkpolicy-v1-networking-k8s-io","-strong-write-operations-networkpolicy-v1-networking-k8s-io-strong-","networkpolicy-v1-networking-k8s-io","create-tokenreview-v1-authentication-k8s-io","-strong-write-operations-tokenreview-v1-authentication-k8s-io-strong-","tokenreview-v1-authentication-k8s-io","tokenrequest-v1-authentication-k8s-io","create-subjectaccessreview-v1-authorization-k8s-io","-strong-write-operations-subjectaccessreview-v1-authorization-k8s-io-strong-","subjectaccessreview-v1-authorization-k8s-io","replace-status-storageversion-v1alpha1-internal-apiserver-k8s-io","read-status-storageversion-v1alpha1-internal-apiserver-k8s-io","patch-status-storageversion-v1alpha1-internal-apiserver-k8s-io","-strong-status-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","watch-list-storageversion-v1alpha1-internal-apiserver-k8s-io","watch-storageversion-v1alpha1-internal-apiserver-k8s-io","list-storageversion-v1alpha1-internal-apiserver-k8s-io","read-storageversion-v1alpha1-internal-apiserver-k8s-io","-strong-read-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","delete-collection-storageversion-v1alpha1-internal-apiserver-k8s-io","delete-storageversion-v1alpha1-internal-apiserver-k8s-io","replace-storageversion-v1alpha1-internal-apiserver-k8s-io","patch-storageversion-v1alpha1-internal-apiserver-k8s-io","create-storageversion-v1alpha1-internal-apiserver-k8s-io","-strong-write-operations-storageversion-v1alpha1-internal-apiserver-k8s-io-strong-","storageversion-v1alpha1-internal-apiserver-k8s-io","watch-list-all-namespaces-serviceaccount-v1-core","watch-list-serviceaccount-v1-core","watch-serviceaccount-v1-core","list-all-namespaces-serviceaccount-v1-core","list-serviceaccount-v1-core","read-serviceaccount-v1-core","-strong-read-operations-serviceaccount-v1-core-strong-","delete-collection-serviceaccount-v1-core","delete-serviceaccount-v1-core","replace-serviceaccount-v1-core","patch-serviceaccount-v1-core","create-serviceaccount-v1-core","-strong-write-operations-serviceaccount-v1-core-strong-","serviceaccount-v1-core","create-selfsubjectrulesreview-v1-authorization-k8s-io","-strong-write-operations-selfsubjectrulesreview-v1-authorization-k8s-io-strong-","selfsubjectrulesreview-v1-authorization-k8s-io","create-selfsubjectaccessreview-v1-authorization-k8s-io","-strong-write-operations-selfsubjectaccessreview-v1-authorization-k8s-io-strong-","selfsubjectaccessreview-v1-authorization-k8s-io","watch-list-runtimeclass-v1-node-k8s-io","watch-runtimeclass-v1-node-k8s-io","list-runtimeclass-v1-node-k8s-io","read-runtimeclass-v1-node-k8s-io","-strong-read-operations-runtimeclass-v1-node-k8s-io-strong-","delete-collection-runtimeclass-v1-node-k8s-io","delete-runtimeclass-v1-node-k8s-io","replace-runtimeclass-v1-node-k8s-io","patch-runtimeclass-v1-node-k8s-io","create-runtimeclass-v1-node-k8s-io","-strong-write-operations-runtimeclass-v1-node-k8s-io-strong-","runtimeclass-v1-node-k8s-io","watch-list-all-namespaces-rolebinding-v1-rbac-authorization-k8s-io","watch-list-rolebinding-v1-rbac-authorization-k8s-io","watch-rolebinding-v1-rbac-authorization-k8s-io","list-all-namespaces-rolebinding-v1-rbac-authorization-k8s-io","list-rolebinding-v1-rbac-authorization-k8s-io","read-rolebinding-v1-rbac-authorization-k8s-io","-strong-read-operations-rolebinding-v1-rbac-authorization-k8s-io-strong-","delete-collection-rolebinding-v1-rbac-authorization-k8s-io","delete-rolebinding-v1-rbac-authorization-k8s-io","replace-rolebinding-v1-rbac-authorization-k8s-io","patch-rolebinding-v1-rbac-authorization-k8s-io","create-rolebinding-v1-rbac-authorization-k8s-io","-strong-write-operations-rolebinding-v1-rbac-authorization-k8s-io-strong-","rolebinding-v1-rbac-authorization-k8s-io","watch-list-all-namespaces-role-v1-rbac-authorization-k8s-io","watch-list-role-v1-rbac-authorization-k8s-io","watch-role-v1-rbac-authorization-k8s-io","list-all-namespaces-role-v1-rbac-authorization-k8s-io","list-role-v1-rbac-authorization-k8s-io","read-role-v1-rbac-authorization-k8s-io","-strong-read-operations-role-v1-rbac-authorization-k8s-io-strong-","delete-collection-role-v1-rbac-authorization-k8s-io","delete-role-v1-rbac-authorization-k8s-io","replace-role-v1-rbac-authorization-k8s-io","patch-role-v1-rbac-authorization-k8s-io","create-role-v1-rbac-authorization-k8s-io","-strong-write-operations-role-v1-rbac-authorization-k8s-io-strong-","role-v1-rbac-authorization-k8s-io","replace-status-resourcequota-v1-core","read-status-resourcequota-v1-core","patch-status-resourcequota-v1-core","-strong-status-operations-resourcequota-v1-core-strong-","watch-list-all-namespaces-resourcequota-v1-core","watch-list-resourcequota-v1-core","watch-resourcequota-v1-core","list-all-namespaces-resourcequota-v1-core","list-resourcequota-v1-core","read-resourcequota-v1-core","-strong-read-operations-resourcequota-v1-core-strong-","delete-collection-resourcequota-v1-core","delete-resourcequota-v1-core","replace-resourcequota-v1-core","patch-resourcequota-v1-core","create-resourcequota-v1-core","-strong-write-operations-resourcequota-v1-core-strong-","resourcequota-v1-core","replace-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","read-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","patch-status-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","-strong-status-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","watch-list-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","watch-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","list-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","read-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","-strong-read-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","delete-collection-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","delete-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","replace-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","patch-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","create-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","-strong-write-operations-prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io-strong-","prioritylevelconfiguration-v1beta1-flowcontrol-apiserver-k8s-io","replace-status-persistentvolume-v1-core","read-status-persistentvolume-v1-core","patch-status-persistentvolume-v1-core","-strong-status-operations-persistentvolume-v1-core-strong-","watch-list-persistentvolume-v1-core","watch-persistentvolume-v1-core","list-persistentvolume-v1-core","read-persistentvolume-v1-core","-strong-read-operations-persistentvolume-v1-core-strong-","delete-collection-persistentvolume-v1-core","delete-persistentvolume-v1-core","replace-persistentvolume-v1-core","patch-persistentvolume-v1-core","create-persistentvolume-v1-core","-strong-write-operations-persistentvolume-v1-core-strong-","persistentvolume-v1-core","replace-connect-proxy-path-node-v1-core","replace-connect-proxy-node-v1-core","head-connect-proxy-path-node-v1-core","head-connect-proxy-node-v1-core","get-connect-proxy-path-node-v1-core","get-connect-proxy-node-v1-core","delete-connect-proxy-path-node-v1-core","delete-connect-proxy-node-v1-core","create-connect-proxy-path-node-v1-core","create-connect-proxy-node-v1-core","-strong-proxy-operations-node-v1-core-strong-","replace-status-node-v1-core","read-status-node-v1-core","patch-status-node-v1-core","-strong-status-operations-node-v1-core-strong-","watch-list-node-v1-core","watch-node-v1-core","list-node-v1-core","read-node-v1-core","-strong-read-operations-node-v1-core-strong-","delete-collection-node-v1-core","delete-node-v1-core","replace-node-v1-core","patch-node-v1-core","create-node-v1-core","-strong-write-operations-node-v1-core-strong-","node-v1-core","replace-status-namespace-v1-core","read-status-namespace-v1-core","patch-status-namespace-v1-core","-strong-status-operations-namespace-v1-core-strong-","watch-list-namespace-v1-core","watch-namespace-v1-core","list-namespace-v1-core","read-namespace-v1-core","-strong-read-operations-namespace-v1-core-strong-","delete-namespace-v1-core","replace-namespace-v1-core","patch-namespace-v1-core","create-namespace-v1-core","-strong-write-operations-namespace-v1-core-strong-","namespace-v1-core","create-localsubjectaccessreview-v1-authorization-k8s-io","-strong-write-operations-localsubjectaccessreview-v1-authorization-k8s-io-strong-","localsubjectaccessreview-v1-authorization-k8s-io","watch-list-all-namespaces-lease-v1-coordination-k8s-io","watch-list-lease-v1-coordination-k8s-io","watch-lease-v1-coordination-k8s-io","list-all-namespaces-lease-v1-coordination-k8s-io","list-lease-v1-coordination-k8s-io","read-lease-v1-coordination-k8s-io","-strong-read-operations-lease-v1-coordination-k8s-io-strong-","delete-collection-lease-v1-coordination-k8s-io","delete-lease-v1-coordination-k8s-io","replace-lease-v1-coordination-k8s-io","patch-lease-v1-coordination-k8s-io","create-lease-v1-coordination-k8s-io","-strong-write-operations-lease-v1-coordination-k8s-io-strong-","lease-v1-coordination-k8s-io","replace-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","read-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","patch-status-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","-strong-status-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","watch-list-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","watch-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","list-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","read-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","-strong-read-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","delete-collection-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","delete-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","replace-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","patch-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","create-flowschema-v1beta1-flowcontrol-apiserver-k8s-io","-strong-write-operations-flowschema-v1beta1-flowcontrol-apiserver-k8s-io-strong-","flowschema-v1beta1-flowcontrol-apiserver-k8s-io","list-componentstatus-v1-core","read-componentstatus-v1-core","-strong-read-operations-componentstatus-v1-core-strong-","componentstatus-v1-core","watch-list-clusterrolebinding-v1-rbac-authorization-k8s-io","watch-clusterrolebinding-v1-rbac-authorization-k8s-io","list-clusterrolebinding-v1-rbac-authorization-k8s-io","read-clusterrolebinding-v1-rbac-authorization-k8s-io","-strong-read-operations-clusterrolebinding-v1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrolebinding-v1-rbac-authorization-k8s-io","delete-clusterrolebinding-v1-rbac-authorization-k8s-io","replace-clusterrolebinding-v1-rbac-authorization-k8s-io","patch-clusterrolebinding-v1-rbac-authorization-k8s-io","create-clusterrolebinding-v1-rbac-authorization-k8s-io","-strong-write-operations-clusterrolebinding-v1-rbac-authorization-k8s-io-strong-","clusterrolebinding-v1-rbac-authorization-k8s-io","watch-list-clusterrole-v1-rbac-authorization-k8s-io","watch-clusterrole-v1-rbac-authorization-k8s-io","list-clusterrole-v1-rbac-authorization-k8s-io","read-clusterrole-v1-rbac-authorization-k8s-io","-strong-read-operations-clusterrole-v1-rbac-authorization-k8s-io-strong-","delete-collection-clusterrole-v1-rbac-authorization-k8s-io","delete-clusterrole-v1-rbac-authorization-k8s-io","replace-clusterrole-v1-rbac-authorization-k8s-io","patch-clusterrole-v1-rbac-authorization-k8s-io","create-clusterrole-v1-rbac-authorization-k8s-io","-strong-write-operations-clusterrole-v1-rbac-authorization-k8s-io-strong-","clusterrole-v1-rbac-authorization-k8s-io","replace-status-certificatesigningrequest-v1-certificates-k8s-io","read-status-certificatesigningrequest-v1-certificates-k8s-io","patch-status-certificatesigningrequest-v1-certificates-k8s-io","-strong-status-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","watch-list-certificatesigningrequest-v1-certificates-k8s-io","watch-certificatesigningrequest-v1-certificates-k8s-io","list-certificatesigningrequest-v1-certificates-k8s-io","read-certificatesigningrequest-v1-certificates-k8s-io","-strong-read-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","delete-collection-certificatesigningrequest-v1-certificates-k8s-io","delete-certificatesigningrequest-v1-certificates-k8s-io","replace-certificatesigningrequest-v1-certificates-k8s-io","patch-certificatesigningrequest-v1-certificates-k8s-io","create-certificatesigningrequest-v1-certificates-k8s-io","-strong-write-operations-certificatesigningrequest-v1-certificates-k8s-io-strong-","certificatesigningrequest-v1-certificates-k8s-io","create-binding-v1-core","-strong-write-operations-binding-v1-core-strong-","binding-v1-core","replace-status-apiservice-v1-apiregistration-k8s-io","read-status-apiservice-v1-apiregistration-k8s-io","patch-status-apiservice-v1-apiregistration-k8s-io","-strong-status-operations-apiservice-v1-apiregistration-k8s-io-strong-","watch-list-apiservice-v1-apiregistration-k8s-io","watch-apiservice-v1-apiregistration-k8s-io","list-apiservice-v1-apiregistration-k8s-io","read-apiservice-v1-apiregistration-k8s-io","-strong-read-operations-apiservice-v1-apiregistration-k8s-io-strong-","delete-collection-apiservice-v1-apiregistration-k8s-io","delete-apiservice-v1-apiregistration-k8s-io","replace-apiservice-v1-apiregistration-k8s-io","patch-apiservice-v1-apiregistration-k8s-io","create-apiservice-v1-apiregistration-k8s-io","-strong-write-operations-apiservice-v1-apiregistration-k8s-io-strong-","apiservice-v1-apiregistration-k8s-io","-strong-cluster-apis-strong-","watch-list-podsecuritypolicy-v1beta1-policy","watch-podsecuritypolicy-v1beta1-policy","list-podsecuritypolicy-v1beta1-policy","read-podsecuritypolicy-v1beta1-policy","-strong-read-operations-podsecuritypolicy-v1beta1-policy-strong-","delete-collection-podsecuritypolicy-v1beta1-policy","delete-podsecuritypolicy-v1beta1-policy","replace-podsecuritypolicy-v1beta1-policy","patch-podsecuritypolicy-v1beta1-policy","create-podsecuritypolicy-v1beta1-policy","-strong-write-operations-podsecuritypolicy-v1beta1-policy-strong-","podsecuritypolicy-v1beta1-policy","watch-list-priorityclass-v1-scheduling-k8s-io","watch-priorityclass-v1-scheduling-k8s-io","list-priorityclass-v1-scheduling-k8s-io","read-priorityclass-v1-scheduling-k8s-io","-strong-read-operations-priorityclass-v1-scheduling-k8s-io-strong-","delete-collection-priorityclass-v1-scheduling-k8s-io","delete-priorityclass-v1-scheduling-k8s-io","replace-priorityclass-v1-scheduling-k8s-io","patch-priorityclass-v1-scheduling-k8s-io","create-priorityclass-v1-scheduling-k8s-io","-strong-write-operations-priorityclass-v1-scheduling-k8s-io-strong-","priorityclass-v1-scheduling-k8s-io","replace-status-poddisruptionbudget-v1-policy","read-status-poddisruptionbudget-v1-policy","patch-status-poddisruptionbudget-v1-policy","-strong-status-operations-poddisruptionbudget-v1-policy-strong-","watch-list-all-namespaces-poddisruptionbudget-v1-policy","watch-list-poddisruptionbudget-v1-policy","watch-poddisruptionbudget-v1-policy","list-all-namespaces-poddisruptionbudget-v1-policy","list-poddisruptionbudget-v1-policy","read-poddisruptionbudget-v1-policy","-strong-read-operations-poddisruptionbudget-v1-policy-strong-","delete-collection-poddisruptionbudget-v1-policy","delete-poddisruptionbudget-v1-policy","replace-poddisruptionbudget-v1-policy","patch-poddisruptionbudget-v1-policy","create-poddisruptionbudget-v1-policy","-strong-write-operations-poddisruptionbudget-v1-policy-strong-","poddisruptionbudget-v1-policy","watch-list-all-namespaces-podtemplate-v1-core","watch-list-podtemplate-v1-core","watch-podtemplate-v1-core","list-all-namespaces-podtemplate-v1-core","list-podtemplate-v1-core","read-podtemplate-v1-core","-strong-read-operations-podtemplate-v1-core-strong-","delete-collection-podtemplate-v1-core","delete-podtemplate-v1-core","replace-podtemplate-v1-core","patch-podtemplate-v1-core","create-podtemplate-v1-core","-strong-write-operations-podtemplate-v1-core-strong-","podtemplate-v1-core","watch-list-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","watch-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","list-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","read-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","-strong-read-operations-validatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","delete-collection-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","delete-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","replace-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","patch-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","create-validatingwebhookconfiguration-v1-admissionregistration-k8s-io","-strong-write-operations-validatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","validatingwebhookconfiguration-v1-admissionregistration-k8s-io","watch-list-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","watch-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","list-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","read-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","-strong-read-operations-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","delete-collection-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","delete-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","replace-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","patch-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","create-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","-strong-write-operations-mutatingwebhookconfiguration-v1-admissionregistration-k8s-io-strong-","mutatingwebhookconfiguration-v1-admissionregistration-k8s-io","replace-status-horizontalpodautoscaler-v1-autoscaling","read-status-horizontalpodautoscaler-v1-autoscaling","patch-status-horizontalpodautoscaler-v1-autoscaling","-strong-status-operations-horizontalpodautoscaler-v1-autoscaling-strong-","watch-list-all-namespaces-horizontalpodautoscaler-v1-autoscaling","watch-list-horizontalpodautoscaler-v1-autoscaling","watch-horizontalpodautoscaler-v1-autoscaling","list-all-namespaces-horizontalpodautoscaler-v1-autoscaling","list-horizontalpodautoscaler-v1-autoscaling","read-horizontalpodautoscaler-v1-autoscaling","-strong-read-operations-horizontalpodautoscaler-v1-autoscaling-strong-","delete-collection-horizontalpodautoscaler-v1-autoscaling","delete-horizontalpodautoscaler-v1-autoscaling","replace-horizontalpodautoscaler-v1-autoscaling","patch-horizontalpodautoscaler-v1-autoscaling","create-horizontalpodautoscaler-v1-autoscaling","-strong-write-operations-horizontalpodautoscaler-v1-autoscaling-strong-","horizontalpodautoscaler-v1-autoscaling","watch-list-all-namespaces-limitrange-v1-core","watch-list-limitrange-v1-core","watch-limitrange-v1-core","list-all-namespaces-limitrange-v1-core","list-limitrange-v1-core","read-limitrange-v1-core","-strong-read-operations-limitrange-v1-core-strong-","delete-collection-limitrange-v1-core","delete-limitrange-v1-core","replace-limitrange-v1-core","patch-limitrange-v1-core","create-limitrange-v1-core","-strong-write-operations-limitrange-v1-core-strong-","limitrange-v1-core","watch-list-all-namespaces-event-v1-events-k8s-io","watch-list-event-v1-events-k8s-io","watch-event-v1-events-k8s-io","list-all-namespaces-event-v1-events-k8s-io","list-event-v1-events-k8s-io","read-event-v1-events-k8s-io","-strong-read-operations-event-v1-events-k8s-io-strong-","delete-collection-event-v1-events-k8s-io","delete-event-v1-events-k8s-io","replace-event-v1-events-k8s-io","patch-event-v1-events-k8s-io","create-event-v1-events-k8s-io","-strong-write-operations-event-v1-events-k8s-io-strong-","event-v1-events-k8s-io","replace-status-customresourcedefinition-v1-apiextensions-k8s-io","read-status-customresourcedefinition-v1-apiextensions-k8s-io","patch-status-customresourcedefinition-v1-apiextensions-k8s-io","-strong-status-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","watch-list-customresourcedefinition-v1-apiextensions-k8s-io","watch-customresourcedefinition-v1-apiextensions-k8s-io","list-customresourcedefinition-v1-apiextensions-k8s-io","read-customresourcedefinition-v1-apiextensions-k8s-io","-strong-read-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","delete-collection-customresourcedefinition-v1-apiextensions-k8s-io","delete-customresourcedefinition-v1-apiextensions-k8s-io","replace-customresourcedefinition-v1-apiextensions-k8s-io","patch-customresourcedefinition-v1-apiextensions-k8s-io","create-customresourcedefinition-v1-apiextensions-k8s-io","-strong-write-operations-customresourcedefinition-v1-apiextensions-k8s-io-strong-","customresourcedefinition-v1-apiextensions-k8s-io","watch-list-all-namespaces-controllerrevision-v1-apps","watch-list-controllerrevision-v1-apps","watch-controllerrevision-v1-apps","list-all-namespaces-controllerrevision-v1-apps","list-controllerrevision-v1-apps","read-controllerrevision-v1-apps","-strong-read-operations-controllerrevision-v1-apps-strong-","delete-collection-controllerrevision-v1-apps","delete-controllerrevision-v1-apps","replace-controllerrevision-v1-apps","patch-controllerrevision-v1-apps","create-controllerrevision-v1-apps","-strong-write-operations-controllerrevision-v1-apps-strong-","controllerrevision-v1-apps","-strong-metadata-apis-strong-","replace-status-volumeattachment-v1-storage-k8s-io","read-status-volumeattachment-v1-storage-k8s-io","patch-status-volumeattachment-v1-storage-k8s-io","-strong-status-operations-volumeattachment-v1-storage-k8s-io-strong-","watch-list-volumeattachment-v1-storage-k8s-io","watch-volumeattachment-v1-storage-k8s-io","list-volumeattachment-v1-storage-k8s-io","read-volumeattachment-v1-storage-k8s-io","-strong-read-operations-volumeattachment-v1-storage-k8s-io-strong-","delete-collection-volumeattachment-v1-storage-k8s-io","delete-volumeattachment-v1-storage-k8s-io","replace-volumeattachment-v1-storage-k8s-io","patch-volumeattachment-v1-storage-k8s-io","create-volumeattachment-v1-storage-k8s-io","-strong-write-operations-volumeattachment-v1-storage-k8s-io-strong-","volumeattachment-v1-storage-k8s-io","volume-v1-core","watch-list-all-namespaces-csistoragecapacity-v1beta1-storage-k8s-io","watch-list-csistoragecapacity-v1beta1-storage-k8s-io","watch-csistoragecapacity-v1beta1-storage-k8s-io","list-all-namespaces-csistoragecapacity-v1beta1-storage-k8s-io","list-csistoragecapacity-v1beta1-storage-k8s-io","read-csistoragecapacity-v1beta1-storage-k8s-io","-strong-read-operations-csistoragecapacity-v1beta1-storage-k8s-io-strong-","delete-collection-csistoragecapacity-v1beta1-storage-k8s-io","delete-csistoragecapacity-v1beta1-storage-k8s-io","replace-csistoragecapacity-v1beta1-storage-k8s-io","patch-csistoragecapacity-v1beta1-storage-k8s-io","create-csistoragecapacity-v1beta1-storage-k8s-io","-strong-write-operations-csistoragecapacity-v1beta1-storage-k8s-io-strong-","csistoragecapacity-v1beta1-storage-k8s-io","watch-list-storageclass-v1-storage-k8s-io","watch-storageclass-v1-storage-k8s-io","list-storageclass-v1-storage-k8s-io","read-storageclass-v1-storage-k8s-io","-strong-read-operations-storageclass-v1-storage-k8s-io-strong-","delete-collection-storageclass-v1-storage-k8s-io","delete-storageclass-v1-storage-k8s-io","replace-storageclass-v1-storage-k8s-io","patch-storageclass-v1-storage-k8s-io","create-storageclass-v1-storage-k8s-io","-strong-write-operations-storageclass-v1-storage-k8s-io-strong-","storageclass-v1-storage-k8s-io","replace-status-persistentvolumeclaim-v1-core","read-status-persistentvolumeclaim-v1-core","patch-status-persistentvolumeclaim-v1-core","-strong-status-operations-persistentvolumeclaim-v1-core-strong-","watch-list-all-namespaces-persistentvolumeclaim-v1-core","watch-list-persistentvolumeclaim-v1-core","watch-persistentvolumeclaim-v1-core","list-all-namespaces-persistentvolumeclaim-v1-core","list-persistentvolumeclaim-v1-core","read-persistentvolumeclaim-v1-core","-strong-read-operations-persistentvolumeclaim-v1-core-strong-","delete-collection-persistentvolumeclaim-v1-core","delete-persistentvolumeclaim-v1-core","replace-persistentvolumeclaim-v1-core","patch-persistentvolumeclaim-v1-core","create-persistentvolumeclaim-v1-core","-strong-write-operations-persistentvolumeclaim-v1-core-strong-","persistentvolumeclaim-v1-core","watch-list-all-namespaces-secret-v1-core","watch-list-secret-v1-core","watch-secret-v1-core","list-all-namespaces-secret-v1-core","list-secret-v1-core","read-secret-v1-core","-strong-read-operations-secret-v1-core-strong-","delete-collection-secret-v1-core","delete-secret-v1-core","replace-secret-v1-core","patch-secret-v1-core","create-secret-v1-core","-strong-write-operations-secret-v1-core-strong-","secret-v1-core","watch-list-csinode-v1-storage-k8s-io","watch-csinode-v1-storage-k8s-io","list-csinode-v1-storage-k8s-io","read-csinode-v1-storage-k8s-io","-strong-read-operations-csinode-v1-storage-k8s-io-strong-","delete-collection-csinode-v1-storage-k8s-io","delete-csinode-v1-storage-k8s-io","replace-csinode-v1-storage-k8s-io","patch-csinode-v1-storage-k8s-io","create-csinode-v1-storage-k8s-io","-strong-write-operations-csinode-v1-storage-k8s-io-strong-","csinode-v1-storage-k8s-io","watch-list-csidriver-v1-storage-k8s-io","watch-csidriver-v1-storage-k8s-io","list-csidriver-v1-storage-k8s-io","read-csidriver-v1-storage-k8s-io","-strong-read-operations-csidriver-v1-storage-k8s-io-strong-","delete-collection-csidriver-v1-storage-k8s-io","delete-csidriver-v1-storage-k8s-io","replace-csidriver-v1-storage-k8s-io","patch-csidriver-v1-storage-k8s-io","create-csidriver-v1-storage-k8s-io","-strong-write-operations-csidriver-v1-storage-k8s-io-strong-","csidriver-v1-storage-k8s-io","watch-list-all-namespaces-configmap-v1-core","watch-list-configmap-v1-core","watch-configmap-v1-core","list-all-namespaces-configmap-v1-core","list-configmap-v1-core","read-configmap-v1-core","-strong-read-operations-configmap-v1-core-strong-","delete-collection-configmap-v1-core","delete-configmap-v1-core","replace-configmap-v1-core","patch-configmap-v1-core","create-configmap-v1-core","-strong-write-operations-configmap-v1-core-strong-","configmap-v1-core","-strong-config-and-storage-apis-strong-","replace-connect-proxy-path-service-v1-core","replace-connect-proxy-service-v1-core","head-connect-proxy-path-service-v1-core","head-connect-proxy-service-v1-core","get-connect-proxy-path-service-v1-core","get-connect-proxy-service-v1-core","delete-connect-proxy-path-service-v1-core","delete-connect-proxy-service-v1-core","create-connect-proxy-path-service-v1-core","create-connect-proxy-service-v1-core","-strong-proxy-operations-service-v1-core-strong-","replace-status-service-v1-core","read-status-service-v1-core","patch-status-service-v1-core","-strong-status-operations-service-v1-core-strong-","watch-list-all-namespaces-service-v1-core","watch-list-service-v1-core","watch-service-v1-core","list-all-namespaces-service-v1-core","list-service-v1-core","read-service-v1-core","-strong-read-operations-service-v1-core-strong-","delete-service-v1-core","replace-service-v1-core","patch-service-v1-core","create-service-v1-core","-strong-write-operations-service-v1-core-strong-","service-v1-core","watch-list-ingressclass-v1-networking-k8s-io","watch-ingressclass-v1-networking-k8s-io","list-ingressclass-v1-networking-k8s-io","read-ingressclass-v1-networking-k8s-io","-strong-read-operations-ingressclass-v1-networking-k8s-io-strong-","delete-collection-ingressclass-v1-networking-k8s-io","delete-ingressclass-v1-networking-k8s-io","replace-ingressclass-v1-networking-k8s-io","patch-ingressclass-v1-networking-k8s-io","create-ingressclass-v1-networking-k8s-io","-strong-write-operations-ingressclass-v1-networking-k8s-io-strong-","ingressclass-v1-networking-k8s-io","replace-status-ingress-v1-networking-k8s-io","read-status-ingress-v1-networking-k8s-io","patch-status-ingress-v1-networking-k8s-io","-strong-status-operations-ingress-v1-networking-k8s-io-strong-","watch-list-all-namespaces-ingress-v1-networking-k8s-io","watch-list-ingress-v1-networking-k8s-io","watch-ingress-v1-networking-k8s-io","list-all-namespaces-ingress-v1-networking-k8s-io","list-ingress-v1-networking-k8s-io","read-ingress-v1-networking-k8s-io","-strong-read-operations-ingress-v1-networking-k8s-io-strong-","delete-collection-ingress-v1-networking-k8s-io","delete-ingress-v1-networking-k8s-io","replace-ingress-v1-networking-k8s-io","patch-ingress-v1-networking-k8s-io","create-ingress-v1-networking-k8s-io","-strong-write-operations-ingress-v1-networking-k8s-io-strong-","ingress-v1-networking-k8s-io","watch-list-all-namespaces-endpointslice-v1-discovery-k8s-io","watch-list-endpointslice-v1-discovery-k8s-io","watch-endpointslice-v1-discovery-k8s-io","list-all-namespaces-endpointslice-v1-discovery-k8s-io","list-endpointslice-v1-discovery-k8s-io","read-endpointslice-v1-discovery-k8s-io","-strong-read-operations-endpointslice-v1-discovery-k8s-io-strong-","delete-collection-endpointslice-v1-discovery-k8s-io","delete-endpointslice-v1-discovery-k8s-io","replace-endpointslice-v1-discovery-k8s-io","patch-endpointslice-v1-discovery-k8s-io","create-endpointslice-v1-discovery-k8s-io","-strong-write-operations-endpointslice-v1-discovery-k8s-io-strong-","endpointslice-v1-discovery-k8s-io","watch-list-all-namespaces-endpoints-v1-core","watch-list-endpoints-v1-core","watch-endpoints-v1-core","list-all-namespaces-endpoints-v1-core","list-endpoints-v1-core","read-endpoints-v1-core","-strong-read-operations-endpoints-v1-core-strong-","delete-collection-endpoints-v1-core","delete-endpoints-v1-core","replace-endpoints-v1-core","patch-endpoints-v1-core","create-endpoints-v1-core","-strong-write-operations-endpoints-v1-core-strong-","endpoints-v1-core","-strong-service-apis-strong-","patch-scale-statefulset-v1-apps","replace-scale-statefulset-v1-apps","read-scale-statefulset-v1-apps","-strong-misc-operations-statefulset-v1-apps-strong-","replace-status-statefulset-v1-apps","read-status-statefulset-v1-apps","patch-status-statefulset-v1-apps","-strong-status-operations-statefulset-v1-apps-strong-","watch-list-all-namespaces-statefulset-v1-apps","watch-list-statefulset-v1-apps","watch-statefulset-v1-apps","list-all-namespaces-statefulset-v1-apps","list-statefulset-v1-apps","read-statefulset-v1-apps","-strong-read-operations-statefulset-v1-apps-strong-","delete-collection-statefulset-v1-apps","delete-statefulset-v1-apps","replace-statefulset-v1-apps","patch-statefulset-v1-apps","create-statefulset-v1-apps","-strong-write-operations-statefulset-v1-apps-strong-","statefulset-v1-apps","patch-scale-replicationcontroller-v1-core","replace-scale-replicationcontroller-v1-core","read-scale-replicationcontroller-v1-core","-strong-misc-operations-replicationcontroller-v1-core-strong-","replace-status-replicationcontroller-v1-core","read-status-replicationcontroller-v1-core","patch-status-replicationcontroller-v1-core","-strong-status-operations-replicationcontroller-v1-core-strong-","watch-list-all-namespaces-replicationcontroller-v1-core","watch-list-replicationcontroller-v1-core","watch-replicationcontroller-v1-core","list-all-namespaces-replicationcontroller-v1-core","list-replicationcontroller-v1-core","read-replicationcontroller-v1-core","-strong-read-operations-replicationcontroller-v1-core-strong-","delete-collection-replicationcontroller-v1-core","delete-replicationcontroller-v1-core","replace-replicationcontroller-v1-core","patch-replicationcontroller-v1-core","create-replicationcontroller-v1-core","-strong-write-operations-replicationcontroller-v1-core-strong-","replicationcontroller-v1-core","patch-scale-replicaset-v1-apps","replace-scale-replicaset-v1-apps","read-scale-replicaset-v1-apps","-strong-misc-operations-replicaset-v1-apps-strong-","replace-status-replicaset-v1-apps","read-status-replicaset-v1-apps","patch-status-replicaset-v1-apps","-strong-status-operations-replicaset-v1-apps-strong-","watch-list-all-namespaces-replicaset-v1-apps","watch-list-replicaset-v1-apps","watch-replicaset-v1-apps","list-all-namespaces-replicaset-v1-apps","list-replicaset-v1-apps","read-replicaset-v1-apps","-strong-read-operations-replicaset-v1-apps-strong-","delete-collection-replicaset-v1-apps","delete-replicaset-v1-apps","replace-replicaset-v1-apps","patch-replicaset-v1-apps","create-replicaset-v1-apps","-strong-write-operations-replicaset-v1-apps-strong-","replicaset-v1-apps","read-log-pod-v1-core","-strong-misc-operations-pod-v1-core-strong-","replace-connect-proxy-path-pod-v1-core","replace-connect-proxy-pod-v1-core","head-connect-proxy-path-pod-v1-core","head-connect-proxy-pod-v1-core","get-connect-proxy-path-pod-v1-core","get-connect-proxy-pod-v1-core","get-connect-portforward-pod-v1-core","delete-connect-proxy-path-pod-v1-core","delete-connect-proxy-pod-v1-core","create-connect-proxy-path-pod-v1-core","create-connect-proxy-pod-v1-core","create-connect-portforward-pod-v1-core","-strong-proxy-operations-pod-v1-core-strong-","replace-ephemeralcontainers-pod-v1-core","read-ephemeralcontainers-pod-v1-core","patch-ephemeralcontainers-pod-v1-core","-strong-ephemeralcontainers-operations-pod-v1-core-strong-","replace-status-pod-v1-core","read-status-pod-v1-core","patch-status-pod-v1-core","-strong-status-operations-pod-v1-core-strong-","watch-list-all-namespaces-pod-v1-core","watch-list-pod-v1-core","watch-pod-v1-core","list-all-namespaces-pod-v1-core","list-pod-v1-core","read-pod-v1-core","-strong-read-operations-pod-v1-core-strong-","delete-collection-pod-v1-core","delete-pod-v1-core","replace-pod-v1-core","patch-pod-v1-core","create-eviction-pod-v1-core","create-pod-v1-core","-strong-write-operations-pod-v1-core-strong-","pod-v1-core","replace-status-job-v1-batch","read-status-job-v1-batch","patch-status-job-v1-batch","-strong-status-operations-job-v1-batch-strong-","watch-list-all-namespaces-job-v1-batch","watch-list-job-v1-batch","watch-job-v1-batch","list-all-namespaces-job-v1-batch","list-job-v1-batch","read-job-v1-batch","-strong-read-operations-job-v1-batch-strong-","delete-collection-job-v1-batch","delete-job-v1-batch","replace-job-v1-batch","patch-job-v1-batch","create-job-v1-batch","-strong-write-operations-job-v1-batch-strong-","job-v1-batch","patch-scale-deployment-v1-apps","replace-scale-deployment-v1-apps","read-scale-deployment-v1-apps","-strong-misc-operations-deployment-v1-apps-strong-","replace-status-deployment-v1-apps","read-status-deployment-v1-apps","patch-status-deployment-v1-apps","-strong-status-operations-deployment-v1-apps-strong-","watch-list-all-namespaces-deployment-v1-apps","watch-list-deployment-v1-apps","watch-deployment-v1-apps","list-all-namespaces-deployment-v1-apps","list-deployment-v1-apps","read-deployment-v1-apps","-strong-read-operations-deployment-v1-apps-strong-","delete-collection-deployment-v1-apps","delete-deployment-v1-apps","replace-deployment-v1-apps","patch-deployment-v1-apps","create-deployment-v1-apps","-strong-write-operations-deployment-v1-apps-strong-","deployment-v1-apps","replace-status-daemonset-v1-apps","read-status-daemonset-v1-apps","patch-status-daemonset-v1-apps","-strong-status-operations-daemonset-v1-apps-strong-","watch-list-all-namespaces-daemonset-v1-apps","watch-list-daemonset-v1-apps","watch-daemonset-v1-apps","list-all-namespaces-daemonset-v1-apps","list-daemonset-v1-apps","read-daemonset-v1-apps","-strong-read-operations-daemonset-v1-apps-strong-","delete-collection-daemonset-v1-apps","delete-daemonset-v1-apps","replace-daemonset-v1-apps","patch-daemonset-v1-apps","create-daemonset-v1-apps","-strong-write-operations-daemonset-v1-apps-strong-","daemonset-v1-apps","replace-status-cronjob-v1-batch","read-status-cronjob-v1-batch","patch-status-cronjob-v1-batch","-strong-status-operations-cronjob-v1-batch-strong-","watch-list-all-namespaces-cronjob-v1-batch","watch-list-cronjob-v1-batch","watch-cronjob-v1-batch","list-all-namespaces-cronjob-v1-batch","list-cronjob-v1-batch","read-cronjob-v1-batch","-strong-read-operations-cronjob-v1-batch-strong-","delete-collection-cronjob-v1-batch","delete-cronjob-v1-batch","replace-cronjob-v1-batch","patch-cronjob-v1-batch","create-cronjob-v1-batch","-strong-write-operations-cronjob-v1-batch-strong-","cronjob-v1-batch","container-v1-core","-strong-workloads-apis-strong-","-strong-api-groups-strong-","-strong-api-overview-strong-"]};})();
\ No newline at end of file
diff --git a/static/images/announcements/kubecon-China-2021-white.svg b/static/images/announcements/kubecon-China-2021-white.svg
new file mode 100644
index 0000000000..2d40cf9580
--- /dev/null
+++ b/static/images/announcements/kubecon-China-2021-white.svg
@@ -0,0 +1 @@
+
diff --git a/static/images/announcements/kubecon-NA-2021-white.svg b/static/images/announcements/kubecon-NA-2021-white.svg
new file mode 100644
index 0000000000..0e9840087d
--- /dev/null
+++ b/static/images/announcements/kubecon-NA-2021-white.svg
@@ -0,0 +1 @@
+
diff --git a/static/images/blog/2021-08-04-kubernetes-release-1.22/kubernetes-1.22.png b/static/images/blog/2021-08-04-kubernetes-release-1.22/kubernetes-1.22.png
new file mode 100644
index 0000000000..550b1ae811
Binary files /dev/null and b/static/images/blog/2021-08-04-kubernetes-release-1.22/kubernetes-1.22.png differ
diff --git a/static/images/blog/2021-08-09-csi-windows-support-with-csi-proxy-reaches-ga/csi-proxy.png b/static/images/blog/2021-08-09-csi-windows-support-with-csi-proxy-reaches-ga/csi-proxy.png
new file mode 100644
index 0000000000..7d1f42af94
Binary files /dev/null and b/static/images/blog/2021-08-09-csi-windows-support-with-csi-proxy-reaches-ga/csi-proxy.png differ
diff --git a/static/images/blog/2021-08-11-memory-manager-moves-to-beta/MemoryManagerDiagram.svg b/static/images/blog/2021-08-11-memory-manager-moves-to-beta/MemoryManagerDiagram.svg
new file mode 100644
index 0000000000..af22c48c52
--- /dev/null
+++ b/static/images/blog/2021-08-11-memory-manager-moves-to-beta/MemoryManagerDiagram.svg
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/static/images/blog/2021-08-11-memory-manager-moves-to-beta/ReservedMemory.svg b/static/images/blog/2021-08-11-memory-manager-moves-to-beta/ReservedMemory.svg
new file mode 100644
index 0000000000..e89faf3156
--- /dev/null
+++ b/static/images/blog/2021-08-11-memory-manager-moves-to-beta/ReservedMemory.svg
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/static/images/blog/2021-08-11-memory-manager-moves-to-beta/SingleCrossNUMAAllocation.svg b/static/images/blog/2021-08-11-memory-manager-moves-to-beta/SingleCrossNUMAAllocation.svg
new file mode 100644
index 0000000000..3cc323311c
--- /dev/null
+++ b/static/images/blog/2021-08-11-memory-manager-moves-to-beta/SingleCrossNUMAAllocation.svg
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/static/images/blog/2021-09-03-api-server-tracing/example-trace-1.png b/static/images/blog/2021-09-03-api-server-tracing/example-trace-1.png
new file mode 100644
index 0000000000..659b765362
Binary files /dev/null and b/static/images/blog/2021-09-03-api-server-tracing/example-trace-1.png differ
diff --git a/static/images/blog/2021-09-03-api-server-tracing/example-trace-2.png b/static/images/blog/2021-09-03-api-server-tracing/example-trace-2.png
new file mode 100644
index 0000000000..4ca4644deb
Binary files /dev/null and b/static/images/blog/2021-09-03-api-server-tracing/example-trace-2.png differ
diff --git a/static/js/mermaid.min.js b/static/js/mermaid.min.js
index fad6aa1f7d..a31c3e0dce 100644
--- a/static/js/mermaid.min.js
+++ b/static/js/mermaid.min.js
@@ -1,11 +1,4 @@
-!function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.mermaid=e():t.mermaid=e()}("undefined"!=typeof self?self:this,(function(){return function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var i in t)n.d(r,i,function(e){return t[e]}.bind(null,i));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s=901)}([function(t,e,n){"use strict";var r=function(t,e){return te?1:t>=e?0:NaN},i=function(t){var e;return 1===t.length&&(e=t,t=function(t,n){return r(e(t),n)}),{left:function(e,n,r,i){for(null==r&&(r=0),null==i&&(i=e.length);r>>1;t(e[o],n)<0?r=o+1:i=o}return r},right:function(e,n,r,i){for(null==r&&(r=0),null==i&&(i=e.length);r>>1;t(e[o],n)>0?i=o:r=o+1}return r}}};var o=i(r),a=o.right,u=o.left,s=a,c=function(t,e){null==e&&(e=f);for(var n=0,r=t.length-1,i=t[0],o=new Array(r<0?0:r);nt?1:e>=t?0:NaN},d=function(t){return null===t?NaN:+t},p=function(t,e){var n,r,i=t.length,o=0,a=-1,u=0,s=0;if(null==e)for(;++a1)return s/(o-1)},g=function(t,e){var n=p(t,e);return n?Math.sqrt(n):n},y=function(t,e){var n,r,i,o=t.length,a=-1;if(null==e){for(;++a=n)for(r=i=n;++an&&(r=n),i=n)for(r=i=n;++an&&(r=n),i0)return[t];if((r=e0)for(t=Math.ceil(t/a),e=Math.floor(e/a),o=new Array(i=Math.ceil(e-t+1));++u=0?(o>=k?10:o>=E?5:o>=A?2:1)*Math.pow(10,i):-Math.pow(10,-i)/(o>=k?10:o>=E?5:o>=A?2:1)}function T(t,e,n){var r=Math.abs(e-t)/Math.max(0,n),i=Math.pow(10,Math.floor(Math.log(r)/Math.LN10)),o=r/i;return o>=k?i*=10:o>=E?i*=5:o>=A&&(i*=2),el;)h.pop(),--d;var p,g=new Array(d+1);for(i=0;i<=d;++i)(p=g[i]=[]).x0=i>0?h[i-1]:f,p.x1=i=1)return+n(t[r-1],r-1,t);var r,i=(r-1)*e,o=Math.floor(i),a=+n(t[o],o,t);return a+(+n(t[o+1],o+1,t)-a)*(i-o)}},N=function(t,e,n){return t=m.call(t,d).sort(r),Math.ceil((n-e)/(2*(C(t,.75)-C(t,.25))*Math.pow(t.length,-1/3)))},I=function(t,e,n){return Math.ceil((n-e)/(3.5*g(t)*Math.pow(t.length,-1/3)))},R=function(t,e){var n,r,i=t.length,o=-1;if(null==e){for(;++o=n)for(r=n;++or&&(r=n)}else for(;++o=n)for(r=n;++or&&(r=n);return r},j=function(t,e){var n,r=t.length,i=r,o=-1,a=0;if(null==e)for(;++o=0;)for(e=(r=t[i]).length;--e>=0;)n[--a]=r[e];return n},P=function(t,e){var n,r,i=t.length,o=-1;if(null==e){for(;++o=n)for(r=n;++on&&(r=n)}else for(;++o=n)for(r=n;++on&&(r=n);return r},F=function(t,e){for(var n=e.length,r=new Array(n);n--;)r[n]=t[e[n]];return r},q=function(t,e){if(n=t.length){var n,i,o=0,a=0,u=t[a];for(null==e&&(e=r);++ol&&T.push("'"+this.terminals_[A]+"'");D=p.showPosition?"Parse error on line "+(s+1)+":\n"+p.showPosition()+"\nExpecting "+T.join(", ")+", got '"+(this.terminals_[_]||_)+"'":"Parse error on line "+(s+1)+": Unexpected "+(_==h?"end of input":"'"+(this.terminals_[_]||_)+"'"),this.parseError(D,{text:p.match,token:this.terminals_[_]||_,line:p.yylineno,loc:b,expected:T})}if(k[0]instanceof Array&&k.length>1)throw new Error("Parse Error: multiple actions possible at state: "+x+", token: "+_);switch(k[0]){case 1:n.push(_),i.push(p.yytext),o.push(p.yylloc),n.push(k[1]),_=null,w?(_=w,w=null):(c=p.yyleng,u=p.yytext,s=p.yylineno,b=p.yylloc,f>0&&f--);break;case 2:if(S=this.productions_[k[1]][1],O.$=i[i.length-S],O._$={first_line:o[o.length-(S||1)].first_line,last_line:o[o.length-1].last_line,first_column:o[o.length-(S||1)].first_column,last_column:o[o.length-1].last_column},v&&(O._$.range=[o[o.length-(S||1)].range[0],o[o.length-1].range[1]]),void 0!==(E=this.performAction.apply(O,[u,c,s,g.yy,k[1],i,o].concat(d))))return E;S&&(n=n.slice(0,-1*S*2),i=i.slice(0,-1*S),o=o.slice(0,-1*S)),n.push(this.productions_[k[1]][0]),i.push(O.$),o.push(O._$),M=a[n[n.length-2]][n[n.length-1]],n.push(M);break;case 3:return!0}}return!0}},S={EOF:1,parseError:function(t,e){if(!this.yy.parser)throw new Error(t);this.yy.parser.parseError(t,e)},setInput:function(t,e){return this.yy=e||this.yy||{},this._input=t,this._more=this._backtrack=this.done=!1,this.yylineno=this.yyleng=0,this.yytext=this.matched=this.match="",this.conditionStack=["INITIAL"],this.yylloc={first_line:1,first_column:0,last_line:1,last_column:0},this.options.ranges&&(this.yylloc.range=[0,0]),this.offset=0,this},input:function(){var t=this._input[0];return this.yytext+=t,this.yyleng++,this.offset++,this.match+=t,this.matched+=t,t.match(/(?:\r\n?|\n).*/g)?(this.yylineno++,this.yylloc.last_line++):this.yylloc.last_column++,this.options.ranges&&this.yylloc.range[1]++,this._input=this._input.slice(1),t},unput:function(t){var e=t.length,n=t.split(/(?:\r\n?|\n)/g);this._input=t+this._input,this.yytext=this.yytext.substr(0,this.yytext.length-e),this.offset-=e;var r=this.match.split(/(?:\r\n?|\n)/g);this.match=this.match.substr(0,this.match.length-1),this.matched=this.matched.substr(0,this.matched.length-1),n.length-1&&(this.yylineno-=n.length-1);var i=this.yylloc.range;return this.yylloc={first_line:this.yylloc.first_line,last_line:this.yylineno+1,first_column:this.yylloc.first_column,last_column:n?(n.length===r.length?this.yylloc.first_column:0)+r[r.length-n.length].length-n[0].length:this.yylloc.first_column-e},this.options.ranges&&(this.yylloc.range=[i[0],i[0]+this.yyleng-e]),this.yyleng=this.yytext.length,this},more:function(){return this._more=!0,this},reject:function(){return this.options.backtrack_lexer?(this._backtrack=!0,this):this.parseError("Lexical error on line "+(this.yylineno+1)+". You can only invoke reject() in the lexer when the lexer is of the backtracking persuasion (options.backtrack_lexer = true).\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},less:function(t){this.unput(this.match.slice(t))},pastInput:function(){var t=this.matched.substr(0,this.matched.length-this.match.length);return(t.length>20?"...":"")+t.substr(-20).replace(/\n/g,"")},upcomingInput:function(){var t=this.match;return t.length<20&&(t+=this._input.substr(0,20-t.length)),(t.substr(0,20)+(t.length>20?"...":"")).replace(/\n/g,"")},showPosition:function(){var t=this.pastInput(),e=new Array(t.length+1).join("-");return t+this.upcomingInput()+"\n"+e+"^"},test_match:function(t,e){var n,r,i;if(this.options.backtrack_lexer&&(i={yylineno:this.yylineno,yylloc:{first_line:this.yylloc.first_line,last_line:this.last_line,first_column:this.yylloc.first_column,last_column:this.yylloc.last_column},yytext:this.yytext,match:this.match,matches:this.matches,matched:this.matched,yyleng:this.yyleng,offset:this.offset,_more:this._more,_input:this._input,yy:this.yy,conditionStack:this.conditionStack.slice(0),done:this.done},this.options.ranges&&(i.yylloc.range=this.yylloc.range.slice(0))),(r=t[0].match(/(?:\r\n?|\n).*/g))&&(this.yylineno+=r.length),this.yylloc={first_line:this.yylloc.last_line,last_line:this.yylineno+1,first_column:this.yylloc.last_column,last_column:r?r[r.length-1].length-r[r.length-1].match(/\r?\n?/)[0].length:this.yylloc.last_column+t[0].length},this.yytext+=t[0],this.match+=t[0],this.matches=t,this.yyleng=this.yytext.length,this.options.ranges&&(this.yylloc.range=[this.offset,this.offset+=this.yyleng]),this._more=!1,this._backtrack=!1,this._input=this._input.slice(t[0].length),this.matched+=t[0],n=this.performAction.call(this,this.yy,this,e,this.conditionStack[this.conditionStack.length-1]),this.done&&this._input&&(this.done=!1),n)return n;if(this._backtrack){for(var o in i)this[o]=i[o];return!1}return!1},next:function(){if(this.done)return this.EOF;var t,e,n,r;this._input||(this.done=!0),this._more||(this.yytext="",this.match="");for(var i=this._currentRules(),o=0;oe[0].length)){if(e=n,r=o,this.options.backtrack_lexer){if(!1!==(t=this.test_match(n,i[o])))return t;if(this._backtrack){e=!1;continue}return!1}if(!this.options.flex)break}return e?!1!==(t=this.test_match(e,i[r]))&&t:""===this._input?this.EOF:this.parseError("Lexical error on line "+(this.yylineno+1)+". Unrecognized text.\n"+this.showPosition(),{text:"",token:null,line:this.yylineno})},lex:function(){var t=this.next();return t||this.lex()},begin:function(t){this.conditionStack.push(t)},popState:function(){return this.conditionStack.length-1>0?this.conditionStack.pop():this.conditionStack[0]},_currentRules:function(){return this.conditionStack.length&&this.conditionStack[this.conditionStack.length-1]?this.conditions[this.conditionStack[this.conditionStack.length-1]].rules:this.conditions.INITIAL.rules},topState:function(t){return(t=this.conditionStack.length-1-Math.abs(t||0))>=0?this.conditionStack[t]:"INITIAL"},pushState:function(t){this.begin(t)},stateStackSize:function(){return this.conditionStack.length},options:{"case-insensitive":!0},performAction:function(t,e,n,r){switch(n){case 0:return 5;case 1:case 2:case 3:case 4:break;case 5:return this.begin("ID"),10;case 6:return e.yytext=e.yytext.trim(),this.begin("ALIAS"),42;case 7:return this.popState(),this.popState(),this.begin("LINE"),12;case 8:return this.popState(),this.popState(),5;case 9:return this.begin("LINE"),21;case 10:return this.begin("LINE"),23;case 11:return this.begin("LINE"),24;case 12:return this.begin("LINE"),25;case 13:return this.begin("LINE"),30;case 14:return this.begin("LINE"),27;case 15:return this.begin("LINE"),29;case 16:return this.popState(),13;case 17:return 22;case 18:return 37;case 19:return 38;case 20:return 33;case 21:return 31;case 22:return this.begin("ID"),16;case 23:return this.begin("ID"),17;case 24:return 19;case 25:return 6;case 26:return 15;case 27:return 36;case 28:return 5;case 29:return e.yytext=e.yytext.trim(),42;case 30:return 45;case 31:return 46;case 32:return 43;case 33:return 44;case 34:return 47;case 35:return 48;case 36:return 49;case 37:return 40;case 38:return 41;case 39:return 5;case 40:return"INVALID"}},rules:[/^(?:[\n]+)/i,/^(?:\s+)/i,/^(?:((?!\n)\s)+)/i,/^(?:#[^\n]*)/i,/^(?:%[^\n]*)/i,/^(?:participant\b)/i,/^(?:[^\->:\n,;]+?(?=((?!\n)\s)+as(?!\n)\s|[#\n;]|$))/i,/^(?:as\b)/i,/^(?:(?:))/i,/^(?:loop\b)/i,/^(?:rect\b)/i,/^(?:opt\b)/i,/^(?:alt\b)/i,/^(?:else\b)/i,/^(?:par\b)/i,/^(?:and\b)/i,/^(?:[^#\n;]*)/i,/^(?:end\b)/i,/^(?:left of\b)/i,/^(?:right of\b)/i,/^(?:over\b)/i,/^(?:note\b)/i,/^(?:activate\b)/i,/^(?:deactivate\b)/i,/^(?:title\b)/i,/^(?:sequenceDiagram\b)/i,/^(?:autonumber\b)/i,/^(?:,)/i,/^(?:;)/i,/^(?:[^\+\->:\n,;]+)/i,/^(?:->>)/i,/^(?:-->>)/i,/^(?:->)/i,/^(?:-->)/i,/^(?:-[x])/i,/^(?:--[x])/i,/^(?::[^#\n;]+)/i,/^(?:\+)/i,/^(?:-)/i,/^(?:$)/i,/^(?:.)/i],conditions:{LINE:{rules:[2,3,16],inclusive:!1},ALIAS:{rules:[2,3,7,8],inclusive:!1},ID:{rules:[2,3,6],inclusive:!1},INITIAL:{rules:[0,1,3,4,5,9,10,11,12,13,14,15,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],inclusive:!0}}};function M(){this.yy={}}return A.lexer=S,M.prototype=A,A.Parser=M,new M}();e.parser=i,e.Parser=i.Parser,e.parse=function(){return i.parse.apply(i,arguments)},e.main=function(r){r[1]||(console.log("Usage: "+r[0]+" FILE"),t.exit(1));var i=n(54).readFileSync(n(55).normalize(r[1]),"utf8");return e.parser.parse(i)},n.c[n.s]===r&&e.main(t.argv.slice(1))}).call(this,n(17),n(14)(t))},function(t,e){"function"==typeof Object.create?t.exports=function(t,e){e&&(t.super_=e,t.prototype=Object.create(e.prototype,{constructor:{value:t,enumerable:!1,writable:!0,configurable:!0}}))}:t.exports=function(t,e){if(e){t.super_=e;var n=function(){};n.prototype=e.prototype,t.prototype=new n,t.prototype.constructor=t}}},function(t,e,n){var r=n(18),i=r.Buffer;function o(t,e){for(var n in t)e[n]=t[n]}function a(t,e,n){return i(t,e,n)}i.from&&i.alloc&&i.allocUnsafe&&i.allocUnsafeSlow?t.exports=r:(o(r,e),e.Buffer=a),a.prototype=Object.create(i.prototype),o(i,a),a.from=function(t,e,n){if("number"==typeof t)throw new TypeError("Argument must not be a number");return i(t,e,n)},a.alloc=function(t,e,n){if("number"!=typeof t)throw new TypeError("Argument must be a number");var r=i(t);return void 0!==e?"string"==typeof n?r.fill(e,n):r.fill(e):r.fill(0),r},a.allocUnsafe=function(t){if("number"!=typeof t)throw new TypeError("Argument must be a number");return i(t)},a.allocUnsafeSlow=function(t){if("number"!=typeof t)throw new TypeError("Argument must be a number");return r.SlowBuffer(t)}},function(t,e,n){"use strict";n.d(e,"a",(function(){return o}));var r=new Date,i=new Date;function o(t,e,n,a){function u(e){return t(e=0===arguments.length?new Date:new Date(+e)),e}return u.floor=function(e){return t(e=new Date(+e)),e},u.ceil=function(n){return t(n=new Date(n-1)),e(n,1),t(n),n},u.round=function(t){var e=u(t),n=u.ceil(t);return t-e0))return a;do{a.push(o=new Date(+n)),e(n,i),t(n)}while(o=e)for(;t(e),!n(e);)e.setTime(e-1)}),(function(t,r){if(t>=t)if(r<0)for(;++r<=0;)for(;e(t,-1),!n(t););else for(;--r>=0;)for(;e(t,1),!n(t););}))},n&&(u.count=function(e,o){return r.setTime(+e),i.setTime(+o),t(r),t(i),Math.floor(n(r,i))},u.every=function(t){return t=Math.floor(t),isFinite(t)&&t>0?t>1?u.filter(a?function(e){return a(e)%t==0}:function(e){return u.count(0,e)%t==0}):u:null}),u}},function(t,e,n){"use strict";n.d(e,"d",(function(){return r})),n.d(e,"c",(function(){return i})),n.d(e,"b",(function(){return o})),n.d(e,"a",(function(){return a})),n.d(e,"e",(function(){return u}));var r=1e3,i=6e4,o=36e5,a=864e5,u=6048e5},function(t,e,n){"use strict";n.d(e,"c",(function(){return o})),n.d(e,"b",(function(){return a})),n.d(e,"a",(function(){return u}));var r=n(115);function i(t,e){return function(n){return t+n*e}}function o(t,e){var n=e-t;return n?i(t,n>180||n<-180?n-360*Math.round(n/360):n):Object(r.a)(isNaN(t)?e:t)}function a(t){return 1==(t=+t)?u:function(e,n){return n-e?function(t,e,n){return t=Math.pow(t,n),e=Math.pow(e,n)-t,n=1/n,function(r){return Math.pow(t+r*e,n)}}(e,n,t):Object(r.a)(isNaN(e)?n:e)}}function u(t,e){var n=e-t;return n?i(t,n):Object(r.a)(isNaN(t)?e:t)}},function(t,e,n){var r;try{r={cloneDeep:n(681),constant:n(251),defaults:n(387),each:n(252),filter:n(361),find:n(682),flatten:n(389),forEach:n(359),forIn:n(687),has:n(258),isUndefined:n(372),last:n(688),map:n(373),mapValues:n(689),max:n(690),merge:n(692),min:n(697),minBy:n(698),now:n(699),pick:n(394),range:n(395),reduce:n(375),sortBy:n(706),uniqueId:n(396),values:n(380),zipObject:n(711)}}catch(t){}r||(r=window._),t.exports=r},function(t,e,n){var r;try{r={cloneDeep:n(752),constant:n(234),defaults:n(753),each:n(311),filter:n(314),find:n(754),flatten:n(403),forEach:n(312),forIn:n(759),has:n(325),isUndefined:n(326),last:n(760),map:n(327),mapValues:n(761),max:n(762),merge:n(764),min:n(770),minBy:n(771),now:n(772),pick:n(773),range:n(778),reduce:n(329),sortBy:n(781),uniqueId:n(786),values:n(334),zipObject:n(787)}}catch(t){}r||(r=window._),t.exports=r},function(t,e,n){"use strict";n.d(e,"g",(function(){return a})),n.d(e,"c",(function(){return u})),n.d(e,"k",(function(){return s})),n.d(e,"m",(function(){return c})),n.d(e,"i",(function(){return f})),n.d(e,"a",(function(){return l})),n.d(e,"e",(function(){return h})),n.d(e,"h",(function(){return d})),n.d(e,"d",(function(){return p})),n.d(e,"l",(function(){return g})),n.d(e,"n",(function(){return y})),n.d(e,"j",(function(){return b})),n.d(e,"b",(function(){return v})),n.d(e,"f",(function(){return m}));var r=n(4),i=n(5);function o(t){return Object(r.a)((function(e){e.setDate(e.getDate()-(e.getDay()+7-t)%7),e.setHours(0,0,0,0)}),(function(t,e){t.setDate(t.getDate()+7*e)}),(function(t,e){return(e-t-(e.getTimezoneOffset()-t.getTimezoneOffset())*i.c)/i.e}))}var a=o(0),u=o(1),s=o(2),c=o(3),f=o(4),l=o(5),h=o(6),d=a.range,p=u.range,g=s.range,y=c.range,b=f.range,v=l.range,m=h.range},function(t,e,n){"use strict";n.d(e,"g",(function(){return a})),n.d(e,"c",(function(){return u})),n.d(e,"k",(function(){return s})),n.d(e,"m",(function(){return c})),n.d(e,"i",(function(){return f})),n.d(e,"a",(function(){return l})),n.d(e,"e",(function(){return h})),n.d(e,"h",(function(){return d})),n.d(e,"d",(function(){return p})),n.d(e,"l",(function(){return g})),n.d(e,"n",(function(){return y})),n.d(e,"j",(function(){return b})),n.d(e,"b",(function(){return v})),n.d(e,"f",(function(){return m}));var r=n(4),i=n(5);function o(t){return Object(r.a)((function(e){e.setUTCDate(e.getUTCDate()-(e.getUTCDay()+7-t)%7),e.setUTCHours(0,0,0,0)}),(function(t,e){t.setUTCDate(t.getUTCDate()+7*e)}),(function(t,e){return(e-t)/i.e}))}var a=o(0),u=o(1),s=o(2),c=o(3),f=o(4),l=o(5),h=o(6),d=a.range,p=u.range,g=s.range,y=c.range,b=f.range,v=l.range,m=h.range},function(t,e,n){"use strict";n.d(e,"a",(function(){return i})),n.d(e,"d",(function(){return o})),n.d(e,"c",(function(){return a})),n.d(e,"e",(function(){return _})),n.d(e,"h",(function(){return k})),n.d(e,"g",(function(){return E})),n.d(e,"b",(function(){return A})),n.d(e,"f",(function(){return C}));var r=n(24);function i(){}var o=.7,a=1/o,u="\\s*([+-]?\\d+)\\s*",s="\\s*([+-]?\\d*\\.?\\d+(?:[eE][+-]?\\d+)?)\\s*",c="\\s*([+-]?\\d*\\.?\\d+(?:[eE][+-]?\\d+)?)%\\s*",f=/^#([0-9a-f]{3,8})$/,l=new RegExp("^rgb\\("+[u,u,u]+"\\)$"),h=new RegExp("^rgb\\("+[c,c,c]+"\\)$"),d=new RegExp("^rgba\\("+[u,u,u,s]+"\\)$"),p=new RegExp("^rgba\\("+[c,c,c,s]+"\\)$"),g=new RegExp("^hsl\\("+[s,c,c]+"\\)$"),y=new RegExp("^hsla\\("+[s,c,c,s]+"\\)$"),b={aliceblue:15792383,antiquewhite:16444375,aqua:65535,aquamarine:8388564,azure:15794175,beige:16119260,bisque:16770244,black:0,blanchedalmond:16772045,blue:255,blueviolet:9055202,brown:10824234,burlywood:14596231,cadetblue:6266528,chartreuse:8388352,chocolate:13789470,coral:16744272,cornflowerblue:6591981,cornsilk:16775388,crimson:14423100,cyan:65535,darkblue:139,darkcyan:35723,darkgoldenrod:12092939,darkgray:11119017,darkgreen:25600,darkgrey:11119017,darkkhaki:12433259,darkmagenta:9109643,darkolivegreen:5597999,darkorange:16747520,darkorchid:10040012,darkred:9109504,darksalmon:15308410,darkseagreen:9419919,darkslateblue:4734347,darkslategray:3100495,darkslategrey:3100495,darkturquoise:52945,darkviolet:9699539,deeppink:16716947,deepskyblue:49151,dimgray:6908265,dimgrey:6908265,dodgerblue:2003199,firebrick:11674146,floralwhite:16775920,forestgreen:2263842,fuchsia:16711935,gainsboro:14474460,ghostwhite:16316671,gold:16766720,goldenrod:14329120,gray:8421504,green:32768,greenyellow:11403055,grey:8421504,honeydew:15794160,hotpink:16738740,indianred:13458524,indigo:4915330,ivory:16777200,khaki:15787660,lavender:15132410,lavenderblush:16773365,lawngreen:8190976,lemonchiffon:16775885,lightblue:11393254,lightcoral:15761536,lightcyan:14745599,lightgoldenrodyellow:16448210,lightgray:13882323,lightgreen:9498256,lightgrey:13882323,lightpink:16758465,lightsalmon:16752762,lightseagreen:2142890,lightskyblue:8900346,lightslategray:7833753,lightslategrey:7833753,lightsteelblue:11584734,lightyellow:16777184,lime:65280,limegreen:3329330,linen:16445670,magenta:16711935,maroon:8388608,mediumaquamarine:6737322,mediumblue:205,mediumorchid:12211667,mediumpurple:9662683,mediumseagreen:3978097,mediumslateblue:8087790,mediumspringgreen:64154,mediumturquoise:4772300,mediumvioletred:13047173,midnightblue:1644912,mintcream:16121850,mistyrose:16770273,moccasin:16770229,navajowhite:16768685,navy:128,oldlace:16643558,olive:8421376,olivedrab:7048739,orange:16753920,orangered:16729344,orchid:14315734,palegoldenrod:15657130,palegreen:10025880,paleturquoise:11529966,palevioletred:14381203,papayawhip:16773077,peachpuff:16767673,peru:13468991,pink:16761035,plum:14524637,powderblue:11591910,purple:8388736,rebeccapurple:6697881,red:16711680,rosybrown:12357519,royalblue:4286945,saddlebrown:9127187,salmon:16416882,sandybrown:16032864,seagreen:3050327,seashell:16774638,sienna:10506797,silver:12632256,skyblue:8900331,slateblue:6970061,slategray:7372944,slategrey:7372944,snow:16775930,springgreen:65407,steelblue:4620980,tan:13808780,teal:32896,thistle:14204888,tomato:16737095,turquoise:4251856,violet:15631086,wheat:16113331,white:16777215,whitesmoke:16119285,yellow:16776960,yellowgreen:10145074};function v(){return this.rgb().formatHex()}function m(){return this.rgb().formatRgb()}function _(t){var e,n;return t=(t+"").trim().toLowerCase(),(e=f.exec(t))?(n=e[1].length,e=parseInt(e[1],16),6===n?w(e):3===n?new A(e>>8&15|e>>4&240,e>>4&15|240&e,(15&e)<<4|15&e,1):8===n?new A(e>>24&255,e>>16&255,e>>8&255,(255&e)/255):4===n?new A(e>>12&15|e>>8&240,e>>8&15|e>>4&240,e>>4&15|240&e,((15&e)<<4|15&e)/255):null):(e=l.exec(t))?new A(e[1],e[2],e[3],1):(e=h.exec(t))?new A(255*e[1]/100,255*e[2]/100,255*e[3]/100,1):(e=d.exec(t))?x(e[1],e[2],e[3],e[4]):(e=p.exec(t))?x(255*e[1]/100,255*e[2]/100,255*e[3]/100,e[4]):(e=g.exec(t))?O(e[1],e[2]/100,e[3]/100,1):(e=y.exec(t))?O(e[1],e[2]/100,e[3]/100,e[4]):b.hasOwnProperty(t)?w(b[t]):"transparent"===t?new A(NaN,NaN,NaN,0):null}function w(t){return new A(t>>16&255,t>>8&255,255&t,1)}function x(t,e,n,r){return r<=0&&(t=e=n=NaN),new A(t,e,n,r)}function k(t){return t instanceof i||(t=_(t)),t?new A((t=t.rgb()).r,t.g,t.b,t.opacity):new A}function E(t,e,n,r){return 1===arguments.length?k(t):new A(t,e,n,null==r?1:r)}function A(t,e,n,r){this.r=+t,this.g=+e,this.b=+n,this.opacity=+r}function S(){return"#"+T(this.r)+T(this.g)+T(this.b)}function M(){var t=this.opacity;return(1===(t=isNaN(t)?1:Math.max(0,Math.min(1,t)))?"rgb(":"rgba(")+Math.max(0,Math.min(255,Math.round(this.r)||0))+", "+Math.max(0,Math.min(255,Math.round(this.g)||0))+", "+Math.max(0,Math.min(255,Math.round(this.b)||0))+(1===t?")":", "+t+")")}function T(t){return((t=Math.max(0,Math.min(255,Math.round(t)||0)))<16?"0":"")+t.toString(16)}function O(t,e,n,r){return r<=0?t=e=n=NaN:n<=0||n>=1?t=e=NaN:e<=0&&(t=NaN),new N(t,e,n,r)}function D(t){if(t instanceof N)return new N(t.h,t.s,t.l,t.opacity);if(t instanceof i||(t=_(t)),!t)return new N;if(t instanceof N)return t;var e=(t=t.rgb()).r/255,n=t.g/255,r=t.b/255,o=Math.min(e,n,r),a=Math.max(e,n,r),u=NaN,s=a-o,c=(a+o)/2;return s?(u=e===a?(n-r)/s+6*(n0&&c<1?0:u,new N(u,s,c,t.opacity)}function C(t,e,n,r){return 1===arguments.length?D(t):new N(t,e,n,null==r?1:r)}function N(t,e,n,r){this.h=+t,this.s=+e,this.l=+n,this.opacity=+r}function I(t,e,n){return 255*(t<60?e+(n-e)*t/60:t<180?n:t<240?e+(n-e)*(240-t)/60:e)}Object(r.a)(i,_,{copy:function(t){return Object.assign(new this.constructor,this,t)},displayable:function(){return this.rgb().displayable()},hex:v,formatHex:v,formatHsl:function(){return D(this).formatHsl()},formatRgb:m,toString:m}),Object(r.a)(A,E,Object(r.b)(i,{brighter:function(t){return t=null==t?a:Math.pow(a,t),new A(this.r*t,this.g*t,this.b*t,this.opacity)},darker:function(t){return t=null==t?o:Math.pow(o,t),new A(this.r*t,this.g*t,this.b*t,this.opacity)},rgb:function(){return this},displayable:function(){return-.5<=this.r&&this.r<255.5&&-.5<=this.g&&this.g<255.5&&-.5<=this.b&&this.b<255.5&&0<=this.opacity&&this.opacity<=1},hex:S,formatHex:S,formatRgb:M,toString:M})),Object(r.a)(N,C,Object(r.b)(i,{brighter:function(t){return t=null==t?a:Math.pow(a,t),new N(this.h,this.s,this.l*t,this.opacity)},darker:function(t){return t=null==t?o:Math.pow(o,t),new N(this.h,this.s,this.l*t,this.opacity)},rgb:function(){var t=this.h%360+360*(this.h<0),e=isNaN(t)||isNaN(this.s)?0:this.s,n=this.l,r=n+(n<.5?n:1-n)*e,i=2*n-r;return new A(I(t>=240?t-240:t+120,i,r),I(t,i,r),I(t<120?t+240:t-120,i,r),this.opacity)},displayable:function(){return(0<=this.s&&this.s<=1||isNaN(this.s))&&0<=this.l&&this.l<=1&&0<=this.opacity&&this.opacity<=1},formatHsl:function(){var t=this.opacity;return(1===(t=isNaN(t)?1:Math.max(0,Math.min(1,t)))?"hsl(":"hsla(")+(this.h||0)+", "+100*(this.s||0)+"%, "+100*(this.l||0)+"%"+(1===t?")":", "+t+")")}}))},function(t,e,n){(function(t){!function(t,e){"use strict";function r(t,e){if(!t)throw new Error(e||"Assertion failed")}function i(t,e){t.super_=e;var n=function(){};n.prototype=e.prototype,t.prototype=new n,t.prototype.constructor=t}function o(t,e,n){if(o.isBN(t))return t;this.negative=0,this.words=null,this.length=0,this.red=null,null!==t&&("le"!==e&&"be"!==e||(n=e,e=10),this._init(t||0,e||10,n||"be"))}var a;"object"==typeof t?t.exports=o:e.BN=o,o.BN=o,o.wordSize=26;try{a=n(849).Buffer}catch(t){}function u(t,e,n){for(var r=0,i=Math.min(t.length,n),o=e;o=49&&a<=54?a-49+10:a>=17&&a<=22?a-17+10:15&a}return r}function s(t,e,n,r){for(var i=0,o=Math.min(t.length,n),a=e;a=49?u-49+10:u>=17?u-17+10:u}return i}o.isBN=function(t){return t instanceof o||null!==t&&"object"==typeof t&&t.constructor.wordSize===o.wordSize&&Array.isArray(t.words)},o.max=function(t,e){return t.cmp(e)>0?t:e},o.min=function(t,e){return t.cmp(e)<0?t:e},o.prototype._init=function(t,e,n){if("number"==typeof t)return this._initNumber(t,e,n);if("object"==typeof t)return this._initArray(t,e,n);"hex"===e&&(e=16),r(e===(0|e)&&e>=2&&e<=36);var i=0;"-"===(t=t.toString().replace(/\s+/g,""))[0]&&i++,16===e?this._parseHex(t,i):this._parseBase(t,e,i),"-"===t[0]&&(this.negative=1),this.strip(),"le"===n&&this._initArray(this.toArray(),e,n)},o.prototype._initNumber=function(t,e,n){t<0&&(this.negative=1,t=-t),t<67108864?(this.words=[67108863&t],this.length=1):t<4503599627370496?(this.words=[67108863&t,t/67108864&67108863],this.length=2):(r(t<9007199254740992),this.words=[67108863&t,t/67108864&67108863,1],this.length=3),"le"===n&&this._initArray(this.toArray(),e,n)},o.prototype._initArray=function(t,e,n){if(r("number"==typeof t.length),t.length<=0)return this.words=[0],this.length=1,this;this.length=Math.ceil(t.length/3),this.words=new Array(this.length);for(var i=0;i=0;i-=3)a=t[i]|t[i-1]<<8|t[i-2]<<16,this.words[o]|=a<>>26-u&67108863,(u+=24)>=26&&(u-=26,o++);else if("le"===n)for(i=0,o=0;i>>26-u&67108863,(u+=24)>=26&&(u-=26,o++);return this.strip()},o.prototype._parseHex=function(t,e){this.length=Math.ceil((t.length-e)/6),this.words=new Array(this.length);for(var n=0;n=e;n-=6)i=u(t,n,n+6),this.words[r]|=i<>>26-o&4194303,(o+=24)>=26&&(o-=26,r++);n+6!==e&&(i=u(t,e,n+6),this.words[r]|=i<>>26-o&4194303),this.strip()},o.prototype._parseBase=function(t,e,n){this.words=[0],this.length=1;for(var r=0,i=1;i<=67108863;i*=e)r++;r--,i=i/e|0;for(var o=t.length-n,a=o%r,u=Math.min(o,o-a)+n,c=0,f=n;f1&&0===this.words[this.length-1];)this.length--;return this._normSign()},o.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},o.prototype.inspect=function(){return(this.red?""};var c=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],f=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],l=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function h(t,e,n){n.negative=e.negative^t.negative;var r=t.length+e.length|0;n.length=r,r=r-1|0;var i=0|t.words[0],o=0|e.words[0],a=i*o,u=67108863&a,s=a/67108864|0;n.words[0]=u;for(var c=1;c>>26,l=67108863&s,h=Math.min(c,e.length-1),d=Math.max(0,c-t.length+1);d<=h;d++){var p=c-d|0;f+=(a=(i=0|t.words[p])*(o=0|e.words[d])+l)/67108864|0,l=67108863&a}n.words[c]=0|l,s=0|f}return 0!==s?n.words[c]=0|s:n.length--,n.strip()}o.prototype.toString=function(t,e){var n;if(e=0|e||1,16===(t=t||10)||"hex"===t){n="";for(var i=0,o=0,a=0;a>>24-i&16777215)||a!==this.length-1?c[6-s.length]+s+n:s+n,(i+=2)>=26&&(i-=26,a--)}for(0!==o&&(n=o.toString(16)+n);n.length%e!=0;)n="0"+n;return 0!==this.negative&&(n="-"+n),n}if(t===(0|t)&&t>=2&&t<=36){var h=f[t],d=l[t];n="";var p=this.clone();for(p.negative=0;!p.isZero();){var g=p.modn(d).toString(t);n=(p=p.idivn(d)).isZero()?g+n:c[h-g.length]+g+n}for(this.isZero()&&(n="0"+n);n.length%e!=0;)n="0"+n;return 0!==this.negative&&(n="-"+n),n}r(!1,"Base should be between 2 and 36")},o.prototype.toNumber=function(){var t=this.words[0];return 2===this.length?t+=67108864*this.words[1]:3===this.length&&1===this.words[2]?t+=4503599627370496+67108864*this.words[1]:this.length>2&&r(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-t:t},o.prototype.toJSON=function(){return this.toString(16)},o.prototype.toBuffer=function(t,e){return r(void 0!==a),this.toArrayLike(a,t,e)},o.prototype.toArray=function(t,e){return this.toArrayLike(Array,t,e)},o.prototype.toArrayLike=function(t,e,n){var i=this.byteLength(),o=n||Math.max(1,i);r(i<=o,"byte array longer than desired length"),r(o>0,"Requested array length <= 0"),this.strip();var a,u,s="le"===e,c=new t(o),f=this.clone();if(s){for(u=0;!f.isZero();u++)a=f.andln(255),f.iushrn(8),c[u]=a;for(;u=4096&&(n+=13,e>>>=13),e>=64&&(n+=7,e>>>=7),e>=8&&(n+=4,e>>>=4),e>=2&&(n+=2,e>>>=2),n+e},o.prototype._zeroBits=function(t){if(0===t)return 26;var e=t,n=0;return 0==(8191&e)&&(n+=13,e>>>=13),0==(127&e)&&(n+=7,e>>>=7),0==(15&e)&&(n+=4,e>>>=4),0==(3&e)&&(n+=2,e>>>=2),0==(1&e)&&n++,n},o.prototype.bitLength=function(){var t=this.words[this.length-1],e=this._countBits(t);return 26*(this.length-1)+e},o.prototype.zeroBits=function(){if(this.isZero())return 0;for(var t=0,e=0;et.length?this.clone().ior(t):t.clone().ior(this)},o.prototype.uor=function(t){return this.length>t.length?this.clone().iuor(t):t.clone().iuor(this)},o.prototype.iuand=function(t){var e;e=this.length>t.length?t:this;for(var n=0;nt.length?this.clone().iand(t):t.clone().iand(this)},o.prototype.uand=function(t){return this.length>t.length?this.clone().iuand(t):t.clone().iuand(this)},o.prototype.iuxor=function(t){var e,n;this.length>t.length?(e=this,n=t):(e=t,n=this);for(var r=0;rt.length?this.clone().ixor(t):t.clone().ixor(this)},o.prototype.uxor=function(t){return this.length>t.length?this.clone().iuxor(t):t.clone().iuxor(this)},o.prototype.inotn=function(t){r("number"==typeof t&&t>=0);var e=0|Math.ceil(t/26),n=t%26;this._expand(e),n>0&&e--;for(var i=0;i0&&(this.words[i]=~this.words[i]&67108863>>26-n),this.strip()},o.prototype.notn=function(t){return this.clone().inotn(t)},o.prototype.setn=function(t,e){r("number"==typeof t&&t>=0);var n=t/26|0,i=t%26;return this._expand(n+1),this.words[n]=e?this.words[n]|1<t.length?(n=this,r=t):(n=t,r=this);for(var i=0,o=0;o>>26;for(;0!==i&&o>>26;if(this.length=n.length,0!==i)this.words[this.length]=i,this.length++;else if(n!==this)for(;ot.length?this.clone().iadd(t):t.clone().iadd(this)},o.prototype.isub=function(t){if(0!==t.negative){t.negative=0;var e=this.iadd(t);return t.negative=1,e._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(t),this.negative=1,this._normSign();var n,r,i=this.cmp(t);if(0===i)return this.negative=0,this.length=1,this.words[0]=0,this;i>0?(n=this,r=t):(n=t,r=this);for(var o=0,a=0;a>26,this.words[a]=67108863&e;for(;0!==o&&a>26,this.words[a]=67108863&e;if(0===o&&a>>13,d=0|a[1],p=8191&d,g=d>>>13,y=0|a[2],b=8191&y,v=y>>>13,m=0|a[3],_=8191&m,w=m>>>13,x=0|a[4],k=8191&x,E=x>>>13,A=0|a[5],S=8191&A,M=A>>>13,T=0|a[6],O=8191&T,D=T>>>13,C=0|a[7],N=8191&C,I=C>>>13,R=0|a[8],j=8191&R,L=R>>>13,B=0|a[9],P=8191&B,F=B>>>13,q=0|u[0],U=8191&q,z=q>>>13,Y=0|u[1],V=8191&Y,G=Y>>>13,H=0|u[2],W=8191&H,$=H>>>13,K=0|u[3],Z=8191&K,X=K>>>13,J=0|u[4],Q=8191&J,tt=J>>>13,et=0|u[5],nt=8191&et,rt=et>>>13,it=0|u[6],ot=8191&it,at=it>>>13,ut=0|u[7],st=8191&ut,ct=ut>>>13,ft=0|u[8],lt=8191&ft,ht=ft>>>13,dt=0|u[9],pt=8191&dt,gt=dt>>>13;n.negative=t.negative^e.negative,n.length=19;var yt=(c+(r=Math.imul(l,U))|0)+((8191&(i=(i=Math.imul(l,z))+Math.imul(h,U)|0))<<13)|0;c=((o=Math.imul(h,z))+(i>>>13)|0)+(yt>>>26)|0,yt&=67108863,r=Math.imul(p,U),i=(i=Math.imul(p,z))+Math.imul(g,U)|0,o=Math.imul(g,z);var bt=(c+(r=r+Math.imul(l,V)|0)|0)+((8191&(i=(i=i+Math.imul(l,G)|0)+Math.imul(h,V)|0))<<13)|0;c=((o=o+Math.imul(h,G)|0)+(i>>>13)|0)+(bt>>>26)|0,bt&=67108863,r=Math.imul(b,U),i=(i=Math.imul(b,z))+Math.imul(v,U)|0,o=Math.imul(v,z),r=r+Math.imul(p,V)|0,i=(i=i+Math.imul(p,G)|0)+Math.imul(g,V)|0,o=o+Math.imul(g,G)|0;var vt=(c+(r=r+Math.imul(l,W)|0)|0)+((8191&(i=(i=i+Math.imul(l,$)|0)+Math.imul(h,W)|0))<<13)|0;c=((o=o+Math.imul(h,$)|0)+(i>>>13)|0)+(vt>>>26)|0,vt&=67108863,r=Math.imul(_,U),i=(i=Math.imul(_,z))+Math.imul(w,U)|0,o=Math.imul(w,z),r=r+Math.imul(b,V)|0,i=(i=i+Math.imul(b,G)|0)+Math.imul(v,V)|0,o=o+Math.imul(v,G)|0,r=r+Math.imul(p,W)|0,i=(i=i+Math.imul(p,$)|0)+Math.imul(g,W)|0,o=o+Math.imul(g,$)|0;var mt=(c+(r=r+Math.imul(l,Z)|0)|0)+((8191&(i=(i=i+Math.imul(l,X)|0)+Math.imul(h,Z)|0))<<13)|0;c=((o=o+Math.imul(h,X)|0)+(i>>>13)|0)+(mt>>>26)|0,mt&=67108863,r=Math.imul(k,U),i=(i=Math.imul(k,z))+Math.imul(E,U)|0,o=Math.imul(E,z),r=r+Math.imul(_,V)|0,i=(i=i+Math.imul(_,G)|0)+Math.imul(w,V)|0,o=o+Math.imul(w,G)|0,r=r+Math.imul(b,W)|0,i=(i=i+Math.imul(b,$)|0)+Math.imul(v,W)|0,o=o+Math.imul(v,$)|0,r=r+Math.imul(p,Z)|0,i=(i=i+Math.imul(p,X)|0)+Math.imul(g,Z)|0,o=o+Math.imul(g,X)|0;var _t=(c+(r=r+Math.imul(l,Q)|0)|0)+((8191&(i=(i=i+Math.imul(l,tt)|0)+Math.imul(h,Q)|0))<<13)|0;c=((o=o+Math.imul(h,tt)|0)+(i>>>13)|0)+(_t>>>26)|0,_t&=67108863,r=Math.imul(S,U),i=(i=Math.imul(S,z))+Math.imul(M,U)|0,o=Math.imul(M,z),r=r+Math.imul(k,V)|0,i=(i=i+Math.imul(k,G)|0)+Math.imul(E,V)|0,o=o+Math.imul(E,G)|0,r=r+Math.imul(_,W)|0,i=(i=i+Math.imul(_,$)|0)+Math.imul(w,W)|0,o=o+Math.imul(w,$)|0,r=r+Math.imul(b,Z)|0,i=(i=i+Math.imul(b,X)|0)+Math.imul(v,Z)|0,o=o+Math.imul(v,X)|0,r=r+Math.imul(p,Q)|0,i=(i=i+Math.imul(p,tt)|0)+Math.imul(g,Q)|0,o=o+Math.imul(g,tt)|0;var wt=(c+(r=r+Math.imul(l,nt)|0)|0)+((8191&(i=(i=i+Math.imul(l,rt)|0)+Math.imul(h,nt)|0))<<13)|0;c=((o=o+Math.imul(h,rt)|0)+(i>>>13)|0)+(wt>>>26)|0,wt&=67108863,r=Math.imul(O,U),i=(i=Math.imul(O,z))+Math.imul(D,U)|0,o=Math.imul(D,z),r=r+Math.imul(S,V)|0,i=(i=i+Math.imul(S,G)|0)+Math.imul(M,V)|0,o=o+Math.imul(M,G)|0,r=r+Math.imul(k,W)|0,i=(i=i+Math.imul(k,$)|0)+Math.imul(E,W)|0,o=o+Math.imul(E,$)|0,r=r+Math.imul(_,Z)|0,i=(i=i+Math.imul(_,X)|0)+Math.imul(w,Z)|0,o=o+Math.imul(w,X)|0,r=r+Math.imul(b,Q)|0,i=(i=i+Math.imul(b,tt)|0)+Math.imul(v,Q)|0,o=o+Math.imul(v,tt)|0,r=r+Math.imul(p,nt)|0,i=(i=i+Math.imul(p,rt)|0)+Math.imul(g,nt)|0,o=o+Math.imul(g,rt)|0;var xt=(c+(r=r+Math.imul(l,ot)|0)|0)+((8191&(i=(i=i+Math.imul(l,at)|0)+Math.imul(h,ot)|0))<<13)|0;c=((o=o+Math.imul(h,at)|0)+(i>>>13)|0)+(xt>>>26)|0,xt&=67108863,r=Math.imul(N,U),i=(i=Math.imul(N,z))+Math.imul(I,U)|0,o=Math.imul(I,z),r=r+Math.imul(O,V)|0,i=(i=i+Math.imul(O,G)|0)+Math.imul(D,V)|0,o=o+Math.imul(D,G)|0,r=r+Math.imul(S,W)|0,i=(i=i+Math.imul(S,$)|0)+Math.imul(M,W)|0,o=o+Math.imul(M,$)|0,r=r+Math.imul(k,Z)|0,i=(i=i+Math.imul(k,X)|0)+Math.imul(E,Z)|0,o=o+Math.imul(E,X)|0,r=r+Math.imul(_,Q)|0,i=(i=i+Math.imul(_,tt)|0)+Math.imul(w,Q)|0,o=o+Math.imul(w,tt)|0,r=r+Math.imul(b,nt)|0,i=(i=i+Math.imul(b,rt)|0)+Math.imul(v,nt)|0,o=o+Math.imul(v,rt)|0,r=r+Math.imul(p,ot)|0,i=(i=i+Math.imul(p,at)|0)+Math.imul(g,ot)|0,o=o+Math.imul(g,at)|0;var kt=(c+(r=r+Math.imul(l,st)|0)|0)+((8191&(i=(i=i+Math.imul(l,ct)|0)+Math.imul(h,st)|0))<<13)|0;c=((o=o+Math.imul(h,ct)|0)+(i>>>13)|0)+(kt>>>26)|0,kt&=67108863,r=Math.imul(j,U),i=(i=Math.imul(j,z))+Math.imul(L,U)|0,o=Math.imul(L,z),r=r+Math.imul(N,V)|0,i=(i=i+Math.imul(N,G)|0)+Math.imul(I,V)|0,o=o+Math.imul(I,G)|0,r=r+Math.imul(O,W)|0,i=(i=i+Math.imul(O,$)|0)+Math.imul(D,W)|0,o=o+Math.imul(D,$)|0,r=r+Math.imul(S,Z)|0,i=(i=i+Math.imul(S,X)|0)+Math.imul(M,Z)|0,o=o+Math.imul(M,X)|0,r=r+Math.imul(k,Q)|0,i=(i=i+Math.imul(k,tt)|0)+Math.imul(E,Q)|0,o=o+Math.imul(E,tt)|0,r=r+Math.imul(_,nt)|0,i=(i=i+Math.imul(_,rt)|0)+Math.imul(w,nt)|0,o=o+Math.imul(w,rt)|0,r=r+Math.imul(b,ot)|0,i=(i=i+Math.imul(b,at)|0)+Math.imul(v,ot)|0,o=o+Math.imul(v,at)|0,r=r+Math.imul(p,st)|0,i=(i=i+Math.imul(p,ct)|0)+Math.imul(g,st)|0,o=o+Math.imul(g,ct)|0;var Et=(c+(r=r+Math.imul(l,lt)|0)|0)+((8191&(i=(i=i+Math.imul(l,ht)|0)+Math.imul(h,lt)|0))<<13)|0;c=((o=o+Math.imul(h,ht)|0)+(i>>>13)|0)+(Et>>>26)|0,Et&=67108863,r=Math.imul(P,U),i=(i=Math.imul(P,z))+Math.imul(F,U)|0,o=Math.imul(F,z),r=r+Math.imul(j,V)|0,i=(i=i+Math.imul(j,G)|0)+Math.imul(L,V)|0,o=o+Math.imul(L,G)|0,r=r+Math.imul(N,W)|0,i=(i=i+Math.imul(N,$)|0)+Math.imul(I,W)|0,o=o+Math.imul(I,$)|0,r=r+Math.imul(O,Z)|0,i=(i=i+Math.imul(O,X)|0)+Math.imul(D,Z)|0,o=o+Math.imul(D,X)|0,r=r+Math.imul(S,Q)|0,i=(i=i+Math.imul(S,tt)|0)+Math.imul(M,Q)|0,o=o+Math.imul(M,tt)|0,r=r+Math.imul(k,nt)|0,i=(i=i+Math.imul(k,rt)|0)+Math.imul(E,nt)|0,o=o+Math.imul(E,rt)|0,r=r+Math.imul(_,ot)|0,i=(i=i+Math.imul(_,at)|0)+Math.imul(w,ot)|0,o=o+Math.imul(w,at)|0,r=r+Math.imul(b,st)|0,i=(i=i+Math.imul(b,ct)|0)+Math.imul(v,st)|0,o=o+Math.imul(v,ct)|0,r=r+Math.imul(p,lt)|0,i=(i=i+Math.imul(p,ht)|0)+Math.imul(g,lt)|0,o=o+Math.imul(g,ht)|0;var At=(c+(r=r+Math.imul(l,pt)|0)|0)+((8191&(i=(i=i+Math.imul(l,gt)|0)+Math.imul(h,pt)|0))<<13)|0;c=((o=o+Math.imul(h,gt)|0)+(i>>>13)|0)+(At>>>26)|0,At&=67108863,r=Math.imul(P,V),i=(i=Math.imul(P,G))+Math.imul(F,V)|0,o=Math.imul(F,G),r=r+Math.imul(j,W)|0,i=(i=i+Math.imul(j,$)|0)+Math.imul(L,W)|0,o=o+Math.imul(L,$)|0,r=r+Math.imul(N,Z)|0,i=(i=i+Math.imul(N,X)|0)+Math.imul(I,Z)|0,o=o+Math.imul(I,X)|0,r=r+Math.imul(O,Q)|0,i=(i=i+Math.imul(O,tt)|0)+Math.imul(D,Q)|0,o=o+Math.imul(D,tt)|0,r=r+Math.imul(S,nt)|0,i=(i=i+Math.imul(S,rt)|0)+Math.imul(M,nt)|0,o=o+Math.imul(M,rt)|0,r=r+Math.imul(k,ot)|0,i=(i=i+Math.imul(k,at)|0)+Math.imul(E,ot)|0,o=o+Math.imul(E,at)|0,r=r+Math.imul(_,st)|0,i=(i=i+Math.imul(_,ct)|0)+Math.imul(w,st)|0,o=o+Math.imul(w,ct)|0,r=r+Math.imul(b,lt)|0,i=(i=i+Math.imul(b,ht)|0)+Math.imul(v,lt)|0,o=o+Math.imul(v,ht)|0;var St=(c+(r=r+Math.imul(p,pt)|0)|0)+((8191&(i=(i=i+Math.imul(p,gt)|0)+Math.imul(g,pt)|0))<<13)|0;c=((o=o+Math.imul(g,gt)|0)+(i>>>13)|0)+(St>>>26)|0,St&=67108863,r=Math.imul(P,W),i=(i=Math.imul(P,$))+Math.imul(F,W)|0,o=Math.imul(F,$),r=r+Math.imul(j,Z)|0,i=(i=i+Math.imul(j,X)|0)+Math.imul(L,Z)|0,o=o+Math.imul(L,X)|0,r=r+Math.imul(N,Q)|0,i=(i=i+Math.imul(N,tt)|0)+Math.imul(I,Q)|0,o=o+Math.imul(I,tt)|0,r=r+Math.imul(O,nt)|0,i=(i=i+Math.imul(O,rt)|0)+Math.imul(D,nt)|0,o=o+Math.imul(D,rt)|0,r=r+Math.imul(S,ot)|0,i=(i=i+Math.imul(S,at)|0)+Math.imul(M,ot)|0,o=o+Math.imul(M,at)|0,r=r+Math.imul(k,st)|0,i=(i=i+Math.imul(k,ct)|0)+Math.imul(E,st)|0,o=o+Math.imul(E,ct)|0,r=r+Math.imul(_,lt)|0,i=(i=i+Math.imul(_,ht)|0)+Math.imul(w,lt)|0,o=o+Math.imul(w,ht)|0;var Mt=(c+(r=r+Math.imul(b,pt)|0)|0)+((8191&(i=(i=i+Math.imul(b,gt)|0)+Math.imul(v,pt)|0))<<13)|0;c=((o=o+Math.imul(v,gt)|0)+(i>>>13)|0)+(Mt>>>26)|0,Mt&=67108863,r=Math.imul(P,Z),i=(i=Math.imul(P,X))+Math.imul(F,Z)|0,o=Math.imul(F,X),r=r+Math.imul(j,Q)|0,i=(i=i+Math.imul(j,tt)|0)+Math.imul(L,Q)|0,o=o+Math.imul(L,tt)|0,r=r+Math.imul(N,nt)|0,i=(i=i+Math.imul(N,rt)|0)+Math.imul(I,nt)|0,o=o+Math.imul(I,rt)|0,r=r+Math.imul(O,ot)|0,i=(i=i+Math.imul(O,at)|0)+Math.imul(D,ot)|0,o=o+Math.imul(D,at)|0,r=r+Math.imul(S,st)|0,i=(i=i+Math.imul(S,ct)|0)+Math.imul(M,st)|0,o=o+Math.imul(M,ct)|0,r=r+Math.imul(k,lt)|0,i=(i=i+Math.imul(k,ht)|0)+Math.imul(E,lt)|0,o=o+Math.imul(E,ht)|0;var Tt=(c+(r=r+Math.imul(_,pt)|0)|0)+((8191&(i=(i=i+Math.imul(_,gt)|0)+Math.imul(w,pt)|0))<<13)|0;c=((o=o+Math.imul(w,gt)|0)+(i>>>13)|0)+(Tt>>>26)|0,Tt&=67108863,r=Math.imul(P,Q),i=(i=Math.imul(P,tt))+Math.imul(F,Q)|0,o=Math.imul(F,tt),r=r+Math.imul(j,nt)|0,i=(i=i+Math.imul(j,rt)|0)+Math.imul(L,nt)|0,o=o+Math.imul(L,rt)|0,r=r+Math.imul(N,ot)|0,i=(i=i+Math.imul(N,at)|0)+Math.imul(I,ot)|0,o=o+Math.imul(I,at)|0,r=r+Math.imul(O,st)|0,i=(i=i+Math.imul(O,ct)|0)+Math.imul(D,st)|0,o=o+Math.imul(D,ct)|0,r=r+Math.imul(S,lt)|0,i=(i=i+Math.imul(S,ht)|0)+Math.imul(M,lt)|0,o=o+Math.imul(M,ht)|0;var Ot=(c+(r=r+Math.imul(k,pt)|0)|0)+((8191&(i=(i=i+Math.imul(k,gt)|0)+Math.imul(E,pt)|0))<<13)|0;c=((o=o+Math.imul(E,gt)|0)+(i>>>13)|0)+(Ot>>>26)|0,Ot&=67108863,r=Math.imul(P,nt),i=(i=Math.imul(P,rt))+Math.imul(F,nt)|0,o=Math.imul(F,rt),r=r+Math.imul(j,ot)|0,i=(i=i+Math.imul(j,at)|0)+Math.imul(L,ot)|0,o=o+Math.imul(L,at)|0,r=r+Math.imul(N,st)|0,i=(i=i+Math.imul(N,ct)|0)+Math.imul(I,st)|0,o=o+Math.imul(I,ct)|0,r=r+Math.imul(O,lt)|0,i=(i=i+Math.imul(O,ht)|0)+Math.imul(D,lt)|0,o=o+Math.imul(D,ht)|0;var Dt=(c+(r=r+Math.imul(S,pt)|0)|0)+((8191&(i=(i=i+Math.imul(S,gt)|0)+Math.imul(M,pt)|0))<<13)|0;c=((o=o+Math.imul(M,gt)|0)+(i>>>13)|0)+(Dt>>>26)|0,Dt&=67108863,r=Math.imul(P,ot),i=(i=Math.imul(P,at))+Math.imul(F,ot)|0,o=Math.imul(F,at),r=r+Math.imul(j,st)|0,i=(i=i+Math.imul(j,ct)|0)+Math.imul(L,st)|0,o=o+Math.imul(L,ct)|0,r=r+Math.imul(N,lt)|0,i=(i=i+Math.imul(N,ht)|0)+Math.imul(I,lt)|0,o=o+Math.imul(I,ht)|0;var Ct=(c+(r=r+Math.imul(O,pt)|0)|0)+((8191&(i=(i=i+Math.imul(O,gt)|0)+Math.imul(D,pt)|0))<<13)|0;c=((o=o+Math.imul(D,gt)|0)+(i>>>13)|0)+(Ct>>>26)|0,Ct&=67108863,r=Math.imul(P,st),i=(i=Math.imul(P,ct))+Math.imul(F,st)|0,o=Math.imul(F,ct),r=r+Math.imul(j,lt)|0,i=(i=i+Math.imul(j,ht)|0)+Math.imul(L,lt)|0,o=o+Math.imul(L,ht)|0;var Nt=(c+(r=r+Math.imul(N,pt)|0)|0)+((8191&(i=(i=i+Math.imul(N,gt)|0)+Math.imul(I,pt)|0))<<13)|0;c=((o=o+Math.imul(I,gt)|0)+(i>>>13)|0)+(Nt>>>26)|0,Nt&=67108863,r=Math.imul(P,lt),i=(i=Math.imul(P,ht))+Math.imul(F,lt)|0,o=Math.imul(F,ht);var It=(c+(r=r+Math.imul(j,pt)|0)|0)+((8191&(i=(i=i+Math.imul(j,gt)|0)+Math.imul(L,pt)|0))<<13)|0;c=((o=o+Math.imul(L,gt)|0)+(i>>>13)|0)+(It>>>26)|0,It&=67108863;var Rt=(c+(r=Math.imul(P,pt))|0)+((8191&(i=(i=Math.imul(P,gt))+Math.imul(F,pt)|0))<<13)|0;return c=((o=Math.imul(F,gt))+(i>>>13)|0)+(Rt>>>26)|0,Rt&=67108863,s[0]=yt,s[1]=bt,s[2]=vt,s[3]=mt,s[4]=_t,s[5]=wt,s[6]=xt,s[7]=kt,s[8]=Et,s[9]=At,s[10]=St,s[11]=Mt,s[12]=Tt,s[13]=Ot,s[14]=Dt,s[15]=Ct,s[16]=Nt,s[17]=It,s[18]=Rt,0!==c&&(s[19]=c,n.length++),n};function p(t,e,n){return(new g).mulp(t,e,n)}function g(t,e){this.x=t,this.y=e}Math.imul||(d=h),o.prototype.mulTo=function(t,e){var n=this.length+t.length;return 10===this.length&&10===t.length?d(this,t,e):n<63?h(this,t,e):n<1024?function(t,e,n){n.negative=e.negative^t.negative,n.length=t.length+e.length;for(var r=0,i=0,o=0;o>>26)|0)>>>26,a&=67108863}n.words[o]=u,r=a,a=i}return 0!==r?n.words[o]=r:n.length--,n.strip()}(this,t,e):p(this,t,e)},g.prototype.makeRBT=function(t){for(var e=new Array(t),n=o.prototype._countBits(t)-1,r=0;r>=1;return r},g.prototype.permute=function(t,e,n,r,i,o){for(var a=0;a>>=1)i++;return 1<>>=13,n[2*a+1]=8191&o,o>>>=13;for(a=2*e;a>=26,e+=i/67108864|0,e+=o>>>26,this.words[n]=67108863&o}return 0!==e&&(this.words[n]=e,this.length++),this},o.prototype.muln=function(t){return this.clone().imuln(t)},o.prototype.sqr=function(){return this.mul(this)},o.prototype.isqr=function(){return this.imul(this.clone())},o.prototype.pow=function(t){var e=function(t){for(var e=new Array(t.bitLength()),n=0;n>>i}return e}(t);if(0===e.length)return new o(1);for(var n=this,r=0;r=0);var e,n=t%26,i=(t-n)/26,o=67108863>>>26-n<<26-n;if(0!==n){var a=0;for(e=0;e>>26-n}a&&(this.words[e]=a,this.length++)}if(0!==i){for(e=this.length-1;e>=0;e--)this.words[e+i]=this.words[e];for(e=0;e=0),i=e?(e-e%26)/26:0;var o=t%26,a=Math.min((t-o)/26,this.length),u=67108863^67108863>>>o<a)for(this.length-=a,c=0;c=0&&(0!==f||c>=i);c--){var l=0|this.words[c];this.words[c]=f<<26-o|l>>>o,f=l&u}return s&&0!==f&&(s.words[s.length++]=f),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},o.prototype.ishrn=function(t,e,n){return r(0===this.negative),this.iushrn(t,e,n)},o.prototype.shln=function(t){return this.clone().ishln(t)},o.prototype.ushln=function(t){return this.clone().iushln(t)},o.prototype.shrn=function(t){return this.clone().ishrn(t)},o.prototype.ushrn=function(t){return this.clone().iushrn(t)},o.prototype.testn=function(t){r("number"==typeof t&&t>=0);var e=t%26,n=(t-e)/26,i=1<=0);var e=t%26,n=(t-e)/26;if(r(0===this.negative,"imaskn works only with positive numbers"),this.length<=n)return this;if(0!==e&&n++,this.length=Math.min(n,this.length),0!==e){var i=67108863^67108863>>>e<=67108864;e++)this.words[e]-=67108864,e===this.length-1?this.words[e+1]=1:this.words[e+1]++;return this.length=Math.max(this.length,e+1),this},o.prototype.isubn=function(t){if(r("number"==typeof t),r(t<67108864),t<0)return this.iaddn(-t);if(0!==this.negative)return this.negative=0,this.iaddn(t),this.negative=1,this;if(this.words[0]-=t,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var e=0;e>26)-(s/67108864|0),this.words[i+n]=67108863&o}for(;i>26,this.words[i+n]=67108863&o;if(0===u)return this.strip();for(r(-1===u),u=0,i=0;i>26,this.words[i]=67108863&o;return this.negative=1,this.strip()},o.prototype._wordDiv=function(t,e){var n=(this.length,t.length),r=this.clone(),i=t,a=0|i.words[i.length-1];0!==(n=26-this._countBits(a))&&(i=i.ushln(n),r.iushln(n),a=0|i.words[i.length-1]);var u,s=r.length-i.length;if("mod"!==e){(u=new o(null)).length=s+1,u.words=new Array(u.length);for(var c=0;c=0;l--){var h=67108864*(0|r.words[i.length+l])+(0|r.words[i.length+l-1]);for(h=Math.min(h/a|0,67108863),r._ishlnsubmul(i,h,l);0!==r.negative;)h--,r.negative=0,r._ishlnsubmul(i,1,l),r.isZero()||(r.negative^=1);u&&(u.words[l]=h)}return u&&u.strip(),r.strip(),"div"!==e&&0!==n&&r.iushrn(n),{div:u||null,mod:r}},o.prototype.divmod=function(t,e,n){return r(!t.isZero()),this.isZero()?{div:new o(0),mod:new o(0)}:0!==this.negative&&0===t.negative?(u=this.neg().divmod(t,e),"mod"!==e&&(i=u.div.neg()),"div"!==e&&(a=u.mod.neg(),n&&0!==a.negative&&a.iadd(t)),{div:i,mod:a}):0===this.negative&&0!==t.negative?(u=this.divmod(t.neg(),e),"mod"!==e&&(i=u.div.neg()),{div:i,mod:u.mod}):0!=(this.negative&t.negative)?(u=this.neg().divmod(t.neg(),e),"div"!==e&&(a=u.mod.neg(),n&&0!==a.negative&&a.isub(t)),{div:u.div,mod:a}):t.length>this.length||this.cmp(t)<0?{div:new o(0),mod:this}:1===t.length?"div"===e?{div:this.divn(t.words[0]),mod:null}:"mod"===e?{div:null,mod:new o(this.modn(t.words[0]))}:{div:this.divn(t.words[0]),mod:new o(this.modn(t.words[0]))}:this._wordDiv(t,e);var i,a,u},o.prototype.div=function(t){return this.divmod(t,"div",!1).div},o.prototype.mod=function(t){return this.divmod(t,"mod",!1).mod},o.prototype.umod=function(t){return this.divmod(t,"mod",!0).mod},o.prototype.divRound=function(t){var e=this.divmod(t);if(e.mod.isZero())return e.div;var n=0!==e.div.negative?e.mod.isub(t):e.mod,r=t.ushrn(1),i=t.andln(1),o=n.cmp(r);return o<0||1===i&&0===o?e.div:0!==e.div.negative?e.div.isubn(1):e.div.iaddn(1)},o.prototype.modn=function(t){r(t<=67108863);for(var e=(1<<26)%t,n=0,i=this.length-1;i>=0;i--)n=(e*n+(0|this.words[i]))%t;return n},o.prototype.idivn=function(t){r(t<=67108863);for(var e=0,n=this.length-1;n>=0;n--){var i=(0|this.words[n])+67108864*e;this.words[n]=i/t|0,e=i%t}return this.strip()},o.prototype.divn=function(t){return this.clone().idivn(t)},o.prototype.egcd=function(t){r(0===t.negative),r(!t.isZero());var e=this,n=t.clone();e=0!==e.negative?e.umod(t):e.clone();for(var i=new o(1),a=new o(0),u=new o(0),s=new o(1),c=0;e.isEven()&&n.isEven();)e.iushrn(1),n.iushrn(1),++c;for(var f=n.clone(),l=e.clone();!e.isZero();){for(var h=0,d=1;0==(e.words[0]&d)&&h<26;++h,d<<=1);if(h>0)for(e.iushrn(h);h-- >0;)(i.isOdd()||a.isOdd())&&(i.iadd(f),a.isub(l)),i.iushrn(1),a.iushrn(1);for(var p=0,g=1;0==(n.words[0]&g)&&p<26;++p,g<<=1);if(p>0)for(n.iushrn(p);p-- >0;)(u.isOdd()||s.isOdd())&&(u.iadd(f),s.isub(l)),u.iushrn(1),s.iushrn(1);e.cmp(n)>=0?(e.isub(n),i.isub(u),a.isub(s)):(n.isub(e),u.isub(i),s.isub(a))}return{a:u,b:s,gcd:n.iushln(c)}},o.prototype._invmp=function(t){r(0===t.negative),r(!t.isZero());var e=this,n=t.clone();e=0!==e.negative?e.umod(t):e.clone();for(var i,a=new o(1),u=new o(0),s=n.clone();e.cmpn(1)>0&&n.cmpn(1)>0;){for(var c=0,f=1;0==(e.words[0]&f)&&c<26;++c,f<<=1);if(c>0)for(e.iushrn(c);c-- >0;)a.isOdd()&&a.iadd(s),a.iushrn(1);for(var l=0,h=1;0==(n.words[0]&h)&&l<26;++l,h<<=1);if(l>0)for(n.iushrn(l);l-- >0;)u.isOdd()&&u.iadd(s),u.iushrn(1);e.cmp(n)>=0?(e.isub(n),a.isub(u)):(n.isub(e),u.isub(a))}return(i=0===e.cmpn(1)?a:u).cmpn(0)<0&&i.iadd(t),i},o.prototype.gcd=function(t){if(this.isZero())return t.abs();if(t.isZero())return this.abs();var e=this.clone(),n=t.clone();e.negative=0,n.negative=0;for(var r=0;e.isEven()&&n.isEven();r++)e.iushrn(1),n.iushrn(1);for(;;){for(;e.isEven();)e.iushrn(1);for(;n.isEven();)n.iushrn(1);var i=e.cmp(n);if(i<0){var o=e;e=n,n=o}else if(0===i||0===n.cmpn(1))break;e.isub(n)}return n.iushln(r)},o.prototype.invm=function(t){return this.egcd(t).a.umod(t)},o.prototype.isEven=function(){return 0==(1&this.words[0])},o.prototype.isOdd=function(){return 1==(1&this.words[0])},o.prototype.andln=function(t){return this.words[0]&t},o.prototype.bincn=function(t){r("number"==typeof t);var e=t%26,n=(t-e)/26,i=1<>>26,u&=67108863,this.words[a]=u}return 0!==o&&(this.words[a]=o,this.length++),this},o.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},o.prototype.cmpn=function(t){var e,n=t<0;if(0!==this.negative&&!n)return-1;if(0===this.negative&&n)return 1;if(this.strip(),this.length>1)e=1;else{n&&(t=-t),r(t<=67108863,"Number is too big");var i=0|this.words[0];e=i===t?0:it.length)return 1;if(this.length=0;n--){var r=0|this.words[n],i=0|t.words[n];if(r!==i){ri&&(e=1);break}}return e},o.prototype.gtn=function(t){return 1===this.cmpn(t)},o.prototype.gt=function(t){return 1===this.cmp(t)},o.prototype.gten=function(t){return this.cmpn(t)>=0},o.prototype.gte=function(t){return this.cmp(t)>=0},o.prototype.ltn=function(t){return-1===this.cmpn(t)},o.prototype.lt=function(t){return-1===this.cmp(t)},o.prototype.lten=function(t){return this.cmpn(t)<=0},o.prototype.lte=function(t){return this.cmp(t)<=0},o.prototype.eqn=function(t){return 0===this.cmpn(t)},o.prototype.eq=function(t){return 0===this.cmp(t)},o.red=function(t){return new x(t)},o.prototype.toRed=function(t){return r(!this.red,"Already a number in reduction context"),r(0===this.negative,"red works only with positives"),t.convertTo(this)._forceRed(t)},o.prototype.fromRed=function(){return r(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},o.prototype._forceRed=function(t){return this.red=t,this},o.prototype.forceRed=function(t){return r(!this.red,"Already a number in reduction context"),this._forceRed(t)},o.prototype.redAdd=function(t){return r(this.red,"redAdd works only with red numbers"),this.red.add(this,t)},o.prototype.redIAdd=function(t){return r(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,t)},o.prototype.redSub=function(t){return r(this.red,"redSub works only with red numbers"),this.red.sub(this,t)},o.prototype.redISub=function(t){return r(this.red,"redISub works only with red numbers"),this.red.isub(this,t)},o.prototype.redShl=function(t){return r(this.red,"redShl works only with red numbers"),this.red.shl(this,t)},o.prototype.redMul=function(t){return r(this.red,"redMul works only with red numbers"),this.red._verify2(this,t),this.red.mul(this,t)},o.prototype.redIMul=function(t){return r(this.red,"redMul works only with red numbers"),this.red._verify2(this,t),this.red.imul(this,t)},o.prototype.redSqr=function(){return r(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},o.prototype.redISqr=function(){return r(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},o.prototype.redSqrt=function(){return r(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},o.prototype.redInvm=function(){return r(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},o.prototype.redNeg=function(){return r(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},o.prototype.redPow=function(t){return r(this.red&&!t.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,t)};var y={k256:null,p224:null,p192:null,p25519:null};function b(t,e){this.name=t,this.p=new o(e,16),this.n=this.p.bitLength(),this.k=new o(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function v(){b.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function m(){b.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function _(){b.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function w(){b.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function x(t){if("string"==typeof t){var e=o._prime(t);this.m=e.p,this.prime=e}else r(t.gtn(1),"modulus must be greater than 1"),this.m=t,this.prime=null}function k(t){x.call(this,t),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new o(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}b.prototype._tmp=function(){var t=new o(null);return t.words=new Array(Math.ceil(this.n/13)),t},b.prototype.ireduce=function(t){var e,n=t;do{this.split(n,this.tmp),e=(n=(n=this.imulK(n)).iadd(this.tmp)).bitLength()}while(e>this.n);var r=e0?n.isub(this.p):n.strip(),n},b.prototype.split=function(t,e){t.iushrn(this.n,0,e)},b.prototype.imulK=function(t){return t.imul(this.k)},i(v,b),v.prototype.split=function(t,e){for(var n=Math.min(t.length,9),r=0;r>>22,i=o}i>>>=22,t.words[r-10]=i,0===i&&t.length>10?t.length-=10:t.length-=9},v.prototype.imulK=function(t){t.words[t.length]=0,t.words[t.length+1]=0,t.length+=2;for(var e=0,n=0;n>>=26,t.words[n]=i,e=r}return 0!==e&&(t.words[t.length++]=e),t},o._prime=function(t){if(y[t])return y[t];var e;if("k256"===t)e=new v;else if("p224"===t)e=new m;else if("p192"===t)e=new _;else{if("p25519"!==t)throw new Error("Unknown prime "+t);e=new w}return y[t]=e,e},x.prototype._verify1=function(t){r(0===t.negative,"red works only with positives"),r(t.red,"red works only with red numbers")},x.prototype._verify2=function(t,e){r(0==(t.negative|e.negative),"red works only with positives"),r(t.red&&t.red===e.red,"red works only with red numbers")},x.prototype.imod=function(t){return this.prime?this.prime.ireduce(t)._forceRed(this):t.umod(this.m)._forceRed(this)},x.prototype.neg=function(t){return t.isZero()?t.clone():this.m.sub(t)._forceRed(this)},x.prototype.add=function(t,e){this._verify2(t,e);var n=t.add(e);return n.cmp(this.m)>=0&&n.isub(this.m),n._forceRed(this)},x.prototype.iadd=function(t,e){this._verify2(t,e);var n=t.iadd(e);return n.cmp(this.m)>=0&&n.isub(this.m),n},x.prototype.sub=function(t,e){this._verify2(t,e);var n=t.sub(e);return n.cmpn(0)<0&&n.iadd(this.m),n._forceRed(this)},x.prototype.isub=function(t,e){this._verify2(t,e);var n=t.isub(e);return n.cmpn(0)<0&&n.iadd(this.m),n},x.prototype.shl=function(t,e){return this._verify1(t),this.imod(t.ushln(e))},x.prototype.imul=function(t,e){return this._verify2(t,e),this.imod(t.imul(e))},x.prototype.mul=function(t,e){return this._verify2(t,e),this.imod(t.mul(e))},x.prototype.isqr=function(t){return this.imul(t,t.clone())},x.prototype.sqr=function(t){return this.mul(t,t)},x.prototype.sqrt=function(t){if(t.isZero())return t.clone();var e=this.m.andln(3);if(r(e%2==1),3===e){var n=this.m.add(new o(1)).iushrn(2);return this.pow(t,n)}for(var i=this.m.subn(1),a=0;!i.isZero()&&0===i.andln(1);)a++,i.iushrn(1);r(!i.isZero());var u=new o(1).toRed(this),s=u.redNeg(),c=this.m.subn(1).iushrn(1),f=this.m.bitLength();for(f=new o(2*f*f).toRed(this);0!==this.pow(f,c).cmp(s);)f.redIAdd(s);for(var l=this.pow(f,i),h=this.pow(t,i.addn(1).iushrn(1)),d=this.pow(t,i),p=a;0!==d.cmp(u);){for(var g=d,y=0;0!==g.cmp(u);y++)g=g.redSqr();r(y=0;r--){for(var c=e.words[r],f=s-1;f>=0;f--){var l=c>>f&1;i!==n[0]&&(i=this.sqr(i)),0!==l||0!==a?(a<<=1,a|=l,(4===++u||0===r&&0===f)&&(i=this.mul(i,n[a]),u=0,a=0)):u=0}s=26}return i},x.prototype.convertTo=function(t){var e=t.umod(this.m);return e===t?e.clone():e},x.prototype.convertFrom=function(t){var e=t.clone();return e.red=null,e},o.mont=function(t){return new k(t)},i(k,x),k.prototype.convertTo=function(t){return this.imod(t.ushln(this.shift))},k.prototype.convertFrom=function(t){var e=this.imod(t.mul(this.rinv));return e.red=null,e},k.prototype.imul=function(t,e){if(t.isZero()||e.isZero())return t.words[0]=0,t.length=1,t;var n=t.imul(e),r=n.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),i=n.isub(r).iushrn(this.shift),o=i;return i.cmp(this.m)>=0?o=i.isub(this.m):i.cmpn(0)<0&&(o=i.iadd(this.m)),o._forceRed(this)},k.prototype.mul=function(t,e){if(t.isZero()||e.isZero())return new o(0)._forceRed(this);var n=t.mul(e),r=n.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),i=n.isub(r).iushrn(this.shift),a=i;return i.cmp(this.m)>=0?a=i.isub(this.m):i.cmpn(0)<0&&(a=i.iadd(this.m)),a._forceRed(this)},k.prototype.invm=function(t){return this.imod(t._invmp(this.m).mul(this.r2))._forceRed(this)}}(t,this)}).call(this,n(14)(t))},function(t,e,n){"use strict";var r=n(66),i=n(113),o=function(t){return Object(i.a)(Object(r.a)(t).call(document.documentElement))},a=0;function u(){return new s}function s(){this._="@"+(++a).toString(36)}s.prototype=u.prototype={constructor:s,get:function(t){for(var e=this._;!(e in t);)if(!(t=t.parentNode))return;return t[e]},set:function(t,e){return t[this._]=e},remove:function(t){return this._ in t&&delete t[this._]},toString:function(){return this._}};var c=n(203),f=n(285),l=n(105),h=n(68),d=n(67),p=n(49),g=function(t){return"string"==typeof t?new p.a([document.querySelectorAll(t)],[document.documentElement]):new p.a([null==t?[]:t],p.c)},y=n(106),b=n(204),v=n(205),m=n(284),_=n(112),w=function(t,e){null==e&&(e=Object(_.a)().touches);for(var n=0,r=e?e.length:0,i=new Array(r);n1)for(var n=1;n
- * @license MIT
- */
-var r=n(813),i=n(814),o=n(408);function a(){return s.TYPED_ARRAY_SUPPORT?2147483647:1073741823}function u(t,e){if(a()=a())throw new RangeError("Attempt to allocate Buffer larger than maximum size: 0x"+a().toString(16)+" bytes");return 0|t}function p(t,e){if(s.isBuffer(t))return t.length;if("undefined"!=typeof ArrayBuffer&&"function"==typeof ArrayBuffer.isView&&(ArrayBuffer.isView(t)||t instanceof ArrayBuffer))return t.byteLength;"string"!=typeof t&&(t=""+t);var n=t.length;if(0===n)return 0;for(var r=!1;;)switch(e){case"ascii":case"latin1":case"binary":return n;case"utf8":case"utf-8":case void 0:return q(t).length;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return 2*n;case"hex":return n>>>1;case"base64":return U(t).length;default:if(r)return q(t).length;e=(""+e).toLowerCase(),r=!0}}function g(t,e,n){var r=!1;if((void 0===e||e<0)&&(e=0),e>this.length)return"";if((void 0===n||n>this.length)&&(n=this.length),n<=0)return"";if((n>>>=0)<=(e>>>=0))return"";for(t||(t="utf8");;)switch(t){case"hex":return O(this,e,n);case"utf8":case"utf-8":return S(this,e,n);case"ascii":return M(this,e,n);case"latin1":case"binary":return T(this,e,n);case"base64":return A(this,e,n);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return D(this,e,n);default:if(r)throw new TypeError("Unknown encoding: "+t);t=(t+"").toLowerCase(),r=!0}}function y(t,e,n){var r=t[e];t[e]=t[n],t[n]=r}function b(t,e,n,r,i){if(0===t.length)return-1;if("string"==typeof n?(r=n,n=0):n>2147483647?n=2147483647:n<-2147483648&&(n=-2147483648),n=+n,isNaN(n)&&(n=i?0:t.length-1),n<0&&(n=t.length+n),n>=t.length){if(i)return-1;n=t.length-1}else if(n<0){if(!i)return-1;n=0}if("string"==typeof e&&(e=s.from(e,r)),s.isBuffer(e))return 0===e.length?-1:v(t,e,n,r,i);if("number"==typeof e)return e&=255,s.TYPED_ARRAY_SUPPORT&&"function"==typeof Uint8Array.prototype.indexOf?i?Uint8Array.prototype.indexOf.call(t,e,n):Uint8Array.prototype.lastIndexOf.call(t,e,n):v(t,[e],n,r,i);throw new TypeError("val must be string, number or Buffer")}function v(t,e,n,r,i){var o,a=1,u=t.length,s=e.length;if(void 0!==r&&("ucs2"===(r=String(r).toLowerCase())||"ucs-2"===r||"utf16le"===r||"utf-16le"===r)){if(t.length<2||e.length<2)return-1;a=2,u/=2,s/=2,n/=2}function c(t,e){return 1===a?t[e]:t.readUInt16BE(e*a)}if(i){var f=-1;for(o=n;ou&&(n=u-s),o=n;o>=0;o--){for(var l=!0,h=0;hi&&(r=i):r=i;var o=e.length;if(o%2!=0)throw new TypeError("Invalid hex string");r>o/2&&(r=o/2);for(var a=0;a>8,i=n%256,o.push(i),o.push(r);return o}(e,t.length-n),t,n,r)}function A(t,e,n){return 0===e&&n===t.length?r.fromByteArray(t):r.fromByteArray(t.slice(e,n))}function S(t,e,n){n=Math.min(t.length,n);for(var r=[],i=e;i239?4:c>223?3:c>191?2:1;if(i+l<=n)switch(l){case 1:c<128&&(f=c);break;case 2:128==(192&(o=t[i+1]))&&(s=(31&c)<<6|63&o)>127&&(f=s);break;case 3:o=t[i+1],a=t[i+2],128==(192&o)&&128==(192&a)&&(s=(15&c)<<12|(63&o)<<6|63&a)>2047&&(s<55296||s>57343)&&(f=s);break;case 4:o=t[i+1],a=t[i+2],u=t[i+3],128==(192&o)&&128==(192&a)&&128==(192&u)&&(s=(15&c)<<18|(63&o)<<12|(63&a)<<6|63&u)>65535&&s<1114112&&(f=s)}null===f?(f=65533,l=1):f>65535&&(f-=65536,r.push(f>>>10&1023|55296),f=56320|1023&f),r.push(f),i+=l}return function(t){var e=t.length;if(e<=4096)return String.fromCharCode.apply(String,t);var n="",r=0;for(;r0&&(t=this.toString("hex",0,n).match(/.{2}/g).join(" "),this.length>n&&(t+=" ... ")),""},s.prototype.compare=function(t,e,n,r,i){if(!s.isBuffer(t))throw new TypeError("Argument must be a Buffer");if(void 0===e&&(e=0),void 0===n&&(n=t?t.length:0),void 0===r&&(r=0),void 0===i&&(i=this.length),e<0||n>t.length||r<0||i>this.length)throw new RangeError("out of range index");if(r>=i&&e>=n)return 0;if(r>=i)return-1;if(e>=n)return 1;if(this===t)return 0;for(var o=(i>>>=0)-(r>>>=0),a=(n>>>=0)-(e>>>=0),u=Math.min(o,a),c=this.slice(r,i),f=t.slice(e,n),l=0;li)&&(n=i),t.length>0&&(n<0||e<0)||e>this.length)throw new RangeError("Attempt to write outside buffer bounds");r||(r="utf8");for(var o=!1;;)switch(r){case"hex":return m(this,t,e,n);case"utf8":case"utf-8":return _(this,t,e,n);case"ascii":return w(this,t,e,n);case"latin1":case"binary":return x(this,t,e,n);case"base64":return k(this,t,e,n);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return E(this,t,e,n);default:if(o)throw new TypeError("Unknown encoding: "+r);r=(""+r).toLowerCase(),o=!0}},s.prototype.toJSON=function(){return{type:"Buffer",data:Array.prototype.slice.call(this._arr||this,0)}};function M(t,e,n){var r="";n=Math.min(t.length,n);for(var i=e;ir)&&(n=r);for(var i="",o=e;on)throw new RangeError("Trying to access beyond buffer length")}function N(t,e,n,r,i,o){if(!s.isBuffer(t))throw new TypeError('"buffer" argument must be a Buffer instance');if(e>i||et.length)throw new RangeError("Index out of range")}function I(t,e,n,r){e<0&&(e=65535+e+1);for(var i=0,o=Math.min(t.length-n,2);i>>8*(r?i:1-i)}function R(t,e,n,r){e<0&&(e=4294967295+e+1);for(var i=0,o=Math.min(t.length-n,4);i>>8*(r?i:3-i)&255}function j(t,e,n,r,i,o){if(n+r>t.length)throw new RangeError("Index out of range");if(n<0)throw new RangeError("Index out of range")}function L(t,e,n,r,o){return o||j(t,0,n,4),i.write(t,e,n,r,23,4),n+4}function B(t,e,n,r,o){return o||j(t,0,n,8),i.write(t,e,n,r,52,8),n+8}s.prototype.slice=function(t,e){var n,r=this.length;if((t=~~t)<0?(t+=r)<0&&(t=0):t>r&&(t=r),(e=void 0===e?r:~~e)<0?(e+=r)<0&&(e=0):e>r&&(e=r),e0&&(i*=256);)r+=this[t+--e]*i;return r},s.prototype.readUInt8=function(t,e){return e||C(t,1,this.length),this[t]},s.prototype.readUInt16LE=function(t,e){return e||C(t,2,this.length),this[t]|this[t+1]<<8},s.prototype.readUInt16BE=function(t,e){return e||C(t,2,this.length),this[t]<<8|this[t+1]},s.prototype.readUInt32LE=function(t,e){return e||C(t,4,this.length),(this[t]|this[t+1]<<8|this[t+2]<<16)+16777216*this[t+3]},s.prototype.readUInt32BE=function(t,e){return e||C(t,4,this.length),16777216*this[t]+(this[t+1]<<16|this[t+2]<<8|this[t+3])},s.prototype.readIntLE=function(t,e,n){t|=0,e|=0,n||C(t,e,this.length);for(var r=this[t],i=1,o=0;++o=(i*=128)&&(r-=Math.pow(2,8*e)),r},s.prototype.readIntBE=function(t,e,n){t|=0,e|=0,n||C(t,e,this.length);for(var r=e,i=1,o=this[t+--r];r>0&&(i*=256);)o+=this[t+--r]*i;return o>=(i*=128)&&(o-=Math.pow(2,8*e)),o},s.prototype.readInt8=function(t,e){return e||C(t,1,this.length),128&this[t]?-1*(255-this[t]+1):this[t]},s.prototype.readInt16LE=function(t,e){e||C(t,2,this.length);var n=this[t]|this[t+1]<<8;return 32768&n?4294901760|n:n},s.prototype.readInt16BE=function(t,e){e||C(t,2,this.length);var n=this[t+1]|this[t]<<8;return 32768&n?4294901760|n:n},s.prototype.readInt32LE=function(t,e){return e||C(t,4,this.length),this[t]|this[t+1]<<8|this[t+2]<<16|this[t+3]<<24},s.prototype.readInt32BE=function(t,e){return e||C(t,4,this.length),this[t]<<24|this[t+1]<<16|this[t+2]<<8|this[t+3]},s.prototype.readFloatLE=function(t,e){return e||C(t,4,this.length),i.read(this,t,!0,23,4)},s.prototype.readFloatBE=function(t,e){return e||C(t,4,this.length),i.read(this,t,!1,23,4)},s.prototype.readDoubleLE=function(t,e){return e||C(t,8,this.length),i.read(this,t,!0,52,8)},s.prototype.readDoubleBE=function(t,e){return e||C(t,8,this.length),i.read(this,t,!1,52,8)},s.prototype.writeUIntLE=function(t,e,n,r){(t=+t,e|=0,n|=0,r)||N(this,t,e,n,Math.pow(2,8*n)-1,0);var i=1,o=0;for(this[e]=255&t;++o=0&&(o*=256);)this[e+i]=t/o&255;return e+n},s.prototype.writeUInt8=function(t,e,n){return t=+t,e|=0,n||N(this,t,e,1,255,0),s.TYPED_ARRAY_SUPPORT||(t=Math.floor(t)),this[e]=255&t,e+1},s.prototype.writeUInt16LE=function(t,e,n){return t=+t,e|=0,n||N(this,t,e,2,65535,0),s.TYPED_ARRAY_SUPPORT?(this[e]=255&t,this[e+1]=t>>>8):I(this,t,e,!0),e+2},s.prototype.writeUInt16BE=function(t,e,n){return t=+t,e|=0,n||N(this,t,e,2,65535,0),s.TYPED_ARRAY_SUPPORT?(this[e]=t>>>8,this[e+1]=255&t):I(this,t,e,!1),e+2},s.prototype.writeUInt32LE=function(t,e,n){return t=+t,e|=0,n||N(this,t,e,4,4294967295,0),s.TYPED_ARRAY_SUPPORT?(this[e+3]=t>>>24,this[e+2]=t>>>16,this[e+1]=t>>>8,this[e]=255&t):R(this,t,e,!0),e+4},s.prototype.writeUInt32BE=function(t,e,n){return t=+t,e|=0,n||N(this,t,e,4,4294967295,0),s.TYPED_ARRAY_SUPPORT?(this[e]=t>>>24,this[e+1]=t>>>16,this[e+2]=t>>>8,this[e+3]=255&t):R(this,t,e,!1),e+4},s.prototype.writeIntLE=function(t,e,n,r){if(t=+t,e|=0,!r){var i=Math.pow(2,8*n-1);N(this,t,e,n,i-1,-i)}var o=0,a=1,u=0;for(this[e]=255&t;++o>0)-u&255;return e+n},s.prototype.writeIntBE=function(t,e,n,r){if(t=+t,e|=0,!r){var i=Math.pow(2,8*n-1);N(this,t,e,n,i-1,-i)}var o=n-1,a=1,u=0;for(this[e+o]=255&t;--o>=0&&(a*=256);)t<0&&0===u&&0!==this[e+o+1]&&(u=1),this[e+o]=(t/a>>0)-u&255;return e+n},s.prototype.writeInt8=function(t,e,n){return t=+t,e|=0,n||N(this,t,e,1,127,-128),s.TYPED_ARRAY_SUPPORT||(t=Math.floor(t)),t<0&&(t=255+t+1),this[e]=255&t,e+1},s.prototype.writeInt16LE=function(t,e,n){return t=+t,e|=0,n||N(this,t,e,2,32767,-32768),s.TYPED_ARRAY_SUPPORT?(this[e]=255&t,this[e+1]=t>>>8):I(this,t,e,!0),e+2},s.prototype.writeInt16BE=function(t,e,n){return t=+t,e|=0,n||N(this,t,e,2,32767,-32768),s.TYPED_ARRAY_SUPPORT?(this[e]=t>>>8,this[e+1]=255&t):I(this,t,e,!1),e+2},s.prototype.writeInt32LE=function(t,e,n){return t=+t,e|=0,n||N(this,t,e,4,2147483647,-2147483648),s.TYPED_ARRAY_SUPPORT?(this[e]=255&t,this[e+1]=t>>>8,this[e+2]=t>>>16,this[e+3]=t>>>24):R(this,t,e,!0),e+4},s.prototype.writeInt32BE=function(t,e,n){return t=+t,e|=0,n||N(this,t,e,4,2147483647,-2147483648),t<0&&(t=4294967295+t+1),s.TYPED_ARRAY_SUPPORT?(this[e]=t>>>24,this[e+1]=t>>>16,this[e+2]=t>>>8,this[e+3]=255&t):R(this,t,e,!1),e+4},s.prototype.writeFloatLE=function(t,e,n){return L(this,t,e,!0,n)},s.prototype.writeFloatBE=function(t,e,n){return L(this,t,e,!1,n)},s.prototype.writeDoubleLE=function(t,e,n){return B(this,t,e,!0,n)},s.prototype.writeDoubleBE=function(t,e,n){return B(this,t,e,!1,n)},s.prototype.copy=function(t,e,n,r){if(n||(n=0),r||0===r||(r=this.length),e>=t.length&&(e=t.length),e||(e=0),r>0&&r=this.length)throw new RangeError("sourceStart out of bounds");if(r<0)throw new RangeError("sourceEnd out of bounds");r>this.length&&(r=this.length),t.length-e=0;--i)t[i+e]=this[i+n];else if(o<1e3||!s.TYPED_ARRAY_SUPPORT)for(i=0;i>>=0,n=void 0===n?this.length:n>>>0,t||(t=0),"number"==typeof t)for(o=e;o55295&&n<57344){if(!i){if(n>56319){(e-=3)>-1&&o.push(239,191,189);continue}if(a+1===r){(e-=3)>-1&&o.push(239,191,189);continue}i=n;continue}if(n<56320){(e-=3)>-1&&o.push(239,191,189),i=n;continue}n=65536+(i-55296<<10|n-56320)}else i&&(e-=3)>-1&&o.push(239,191,189);if(i=null,n<128){if((e-=1)<0)break;o.push(n)}else if(n<2048){if((e-=2)<0)break;o.push(n>>6|192,63&n|128)}else if(n<65536){if((e-=3)<0)break;o.push(n>>12|224,n>>6&63|128,63&n|128)}else{if(!(n<1114112))throw new Error("Invalid code point");if((e-=4)<0)break;o.push(n>>18|240,n>>12&63|128,n>>6&63|128,63&n|128)}}return o}function U(t){return r.toByteArray(function(t){if((t=function(t){return t.trim?t.trim():t.replace(/^\s+|\s+$/g,"")}(t).replace(P,"")).length<2)return"";for(;t.length%4!=0;)t+="=";return t}(t))}function z(t,e,n,r){for(var i=0;i=e.length||i>=t.length);++i)e[i+n]=t[i];return i}}).call(this,n(25))},function(t,e,n){
+!function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):"object"==typeof exports?exports.mermaid=e():t.mermaid=e()}("undefined"!=typeof self?self:this,(function(){return function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var i in t)n.d(r,i,function(e){return t[e]}.bind(null,i));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s=390)}([function(t,e,n){"use strict";n.r(e),n.d(e,"version",(function(){return r})),n.d(e,"bisect",(function(){return u})),n.d(e,"bisectRight",(function(){return s})),n.d(e,"bisectLeft",(function(){return c})),n.d(e,"ascending",(function(){return i})),n.d(e,"bisector",(function(){return a})),n.d(e,"cross",(function(){return f})),n.d(e,"descending",(function(){return d})),n.d(e,"deviation",(function(){return g})),n.d(e,"extent",(function(){return m})),n.d(e,"histogram",(function(){return N})),n.d(e,"thresholdFreedmanDiaconis",(function(){return D})),n.d(e,"thresholdScott",(function(){return L})),n.d(e,"thresholdSturges",(function(){return O})),n.d(e,"max",(function(){return I})),n.d(e,"mean",(function(){return R})),n.d(e,"median",(function(){return F})),n.d(e,"merge",(function(){return P})),n.d(e,"min",(function(){return j})),n.d(e,"pairs",(function(){return l})),n.d(e,"permute",(function(){return Y})),n.d(e,"quantile",(function(){return B})),n.d(e,"range",(function(){return w})),n.d(e,"scan",(function(){return z})),n.d(e,"shuffle",(function(){return U})),n.d(e,"sum",(function(){return $})),n.d(e,"ticks",(function(){return S})),n.d(e,"tickIncrement",(function(){return A})),n.d(e,"tickStep",(function(){return M})),n.d(e,"transpose",(function(){return q})),n.d(e,"variance",(function(){return y})),n.d(e,"zip",(function(){return H})),n.d(e,"axisTop",(function(){return et})),n.d(e,"axisRight",(function(){return nt})),n.d(e,"axisBottom",(function(){return rt})),n.d(e,"axisLeft",(function(){return it})),n.d(e,"brush",(function(){return Ci})),n.d(e,"brushX",(function(){return Ei})),n.d(e,"brushY",(function(){return Ti})),n.d(e,"brushSelection",(function(){return wi})),n.d(e,"chord",(function(){return Ii})),n.d(e,"ribbon",(function(){return Xi})),n.d(e,"nest",(function(){return Ji})),n.d(e,"set",(function(){return sa})),n.d(e,"map",(function(){return Qi})),n.d(e,"keys",(function(){return ca})),n.d(e,"values",(function(){return ua})),n.d(e,"entries",(function(){return la})),n.d(e,"color",(function(){return qe})),n.d(e,"rgb",(function(){return Ge})),n.d(e,"hsl",(function(){return en})),n.d(e,"lab",(function(){return ya})),n.d(e,"hcl",(function(){return wa})),n.d(e,"lch",(function(){return ka})),n.d(e,"gray",(function(){return pa})),n.d(e,"cubehelix",(function(){return Na})),n.d(e,"contours",(function(){return za})),n.d(e,"contourDensity",(function(){return Va})),n.d(e,"dispatch",(function(){return ht})),n.d(e,"drag",(function(){return to})),n.d(e,"dragDisable",(function(){return Ce})),n.d(e,"dragEnable",(function(){return Se})),n.d(e,"dsvFormat",(function(){return so})),n.d(e,"csvParse",(function(){return uo})),n.d(e,"csvParseRows",(function(){return lo})),n.d(e,"csvFormat",(function(){return ho})),n.d(e,"csvFormatBody",(function(){return fo})),n.d(e,"csvFormatRows",(function(){return po})),n.d(e,"csvFormatRow",(function(){return yo})),n.d(e,"csvFormatValue",(function(){return go})),n.d(e,"tsvParse",(function(){return vo})),n.d(e,"tsvParseRows",(function(){return bo})),n.d(e,"tsvFormat",(function(){return xo})),n.d(e,"tsvFormatBody",(function(){return _o})),n.d(e,"tsvFormatRows",(function(){return ko})),n.d(e,"tsvFormatRow",(function(){return wo})),n.d(e,"tsvFormatValue",(function(){return Eo})),n.d(e,"autoType",(function(){return To})),n.d(e,"easeLinear",(function(){return So})),n.d(e,"easeQuad",(function(){return Oo})),n.d(e,"easeQuadIn",(function(){return Ao})),n.d(e,"easeQuadOut",(function(){return Mo})),n.d(e,"easeQuadInOut",(function(){return Oo})),n.d(e,"easeCubic",(function(){return Vr})),n.d(e,"easeCubicIn",(function(){return Wr})),n.d(e,"easeCubicOut",(function(){return Hr})),n.d(e,"easeCubicInOut",(function(){return Vr})),n.d(e,"easePoly",(function(){return Do})),n.d(e,"easePolyIn",(function(){return No})),n.d(e,"easePolyOut",(function(){return Bo})),n.d(e,"easePolyInOut",(function(){return Do})),n.d(e,"easeSin",(function(){return Po})),n.d(e,"easeSinIn",(function(){return Ro})),n.d(e,"easeSinOut",(function(){return Fo})),n.d(e,"easeSinInOut",(function(){return Po})),n.d(e,"easeExp",(function(){return Uo})),n.d(e,"easeExpIn",(function(){return Yo})),n.d(e,"easeExpOut",(function(){return zo})),n.d(e,"easeExpInOut",(function(){return Uo})),n.d(e,"easeCircle",(function(){return Wo})),n.d(e,"easeCircleIn",(function(){return $o})),n.d(e,"easeCircleOut",(function(){return qo})),n.d(e,"easeCircleInOut",(function(){return Wo})),n.d(e,"easeBounce",(function(){return Vo})),n.d(e,"easeBounceIn",(function(){return Ho})),n.d(e,"easeBounceOut",(function(){return Vo})),n.d(e,"easeBounceInOut",(function(){return Go})),n.d(e,"easeBack",(function(){return Ko})),n.d(e,"easeBackIn",(function(){return Xo})),n.d(e,"easeBackOut",(function(){return Zo})),n.d(e,"easeBackInOut",(function(){return Ko})),n.d(e,"easeElastic",(function(){return ts})),n.d(e,"easeElasticIn",(function(){return Jo})),n.d(e,"easeElasticOut",(function(){return ts})),n.d(e,"easeElasticInOut",(function(){return es})),n.d(e,"blob",(function(){return rs})),n.d(e,"buffer",(function(){return as})),n.d(e,"dsv",(function(){return us})),n.d(e,"csv",(function(){return ls})),n.d(e,"tsv",(function(){return hs})),n.d(e,"image",(function(){return fs})),n.d(e,"json",(function(){return ps})),n.d(e,"text",(function(){return ss})),n.d(e,"xml",(function(){return gs})),n.d(e,"html",(function(){return ms})),n.d(e,"svg",(function(){return vs})),n.d(e,"forceCenter",(function(){return bs})),n.d(e,"forceCollide",(function(){return Bs})),n.d(e,"forceLink",(function(){return Is})),n.d(e,"forceManyBody",(function(){return Ys})),n.d(e,"forceRadial",(function(){return zs})),n.d(e,"forceSimulation",(function(){return js})),n.d(e,"forceX",(function(){return Us})),n.d(e,"forceY",(function(){return $s})),n.d(e,"formatDefaultLocale",(function(){return ac})),n.d(e,"format",(function(){return Ks})),n.d(e,"formatPrefix",(function(){return Qs})),n.d(e,"formatLocale",(function(){return ic})),n.d(e,"formatSpecifier",(function(){return Vs})),n.d(e,"FormatSpecifier",(function(){return Gs})),n.d(e,"precisionFixed",(function(){return oc})),n.d(e,"precisionPrefix",(function(){return sc})),n.d(e,"precisionRound",(function(){return cc})),n.d(e,"geoArea",(function(){return Jc})),n.d(e,"geoBounds",(function(){return Wu})),n.d(e,"geoCentroid",(function(){return rl})),n.d(e,"geoCircle",(function(){return pl})),n.d(e,"geoClipAntimeridian",(function(){return Cl})),n.d(e,"geoClipCircle",(function(){return Sl})),n.d(e,"geoClipExtent",(function(){return Bl})),n.d(e,"geoClipRectangle",(function(){return Al})),n.d(e,"geoContains",(function(){return Zl})),n.d(e,"geoDistance",(function(){return zl})),n.d(e,"geoGraticule",(function(){return Jl})),n.d(e,"geoGraticule10",(function(){return th})),n.d(e,"geoInterpolate",(function(){return ah})),n.d(e,"geoLength",(function(){return Pl})),n.d(e,"geoPath",(function(){return rf})),n.d(e,"geoAlbers",(function(){return wf})),n.d(e,"geoAlbersUsa",(function(){return Ef})),n.d(e,"geoAzimuthalEqualArea",(function(){return Af})),n.d(e,"geoAzimuthalEqualAreaRaw",(function(){return Sf})),n.d(e,"geoAzimuthalEquidistant",(function(){return Of})),n.d(e,"geoAzimuthalEquidistantRaw",(function(){return Mf})),n.d(e,"geoConicConformal",(function(){return Rf})),n.d(e,"geoConicConformalRaw",(function(){return If})),n.d(e,"geoConicEqualArea",(function(){return kf})),n.d(e,"geoConicEqualAreaRaw",(function(){return _f})),n.d(e,"geoConicEquidistant",(function(){return Yf})),n.d(e,"geoConicEquidistantRaw",(function(){return jf})),n.d(e,"geoEqualEarth",(function(){return Vf})),n.d(e,"geoEqualEarthRaw",(function(){return Hf})),n.d(e,"geoEquirectangular",(function(){return Pf})),n.d(e,"geoEquirectangularRaw",(function(){return Ff})),n.d(e,"geoGnomonic",(function(){return Xf})),n.d(e,"geoGnomonicRaw",(function(){return Gf})),n.d(e,"geoIdentity",(function(){return Zf})),n.d(e,"geoProjection",(function(){return vf})),n.d(e,"geoProjectionMutator",(function(){return bf})),n.d(e,"geoMercator",(function(){return Bf})),n.d(e,"geoMercatorRaw",(function(){return Nf})),n.d(e,"geoNaturalEarth1",(function(){return Qf})),n.d(e,"geoNaturalEarth1Raw",(function(){return Kf})),n.d(e,"geoOrthographic",(function(){return td})),n.d(e,"geoOrthographicRaw",(function(){return Jf})),n.d(e,"geoStereographic",(function(){return nd})),n.d(e,"geoStereographicRaw",(function(){return ed})),n.d(e,"geoTransverseMercator",(function(){return id})),n.d(e,"geoTransverseMercatorRaw",(function(){return rd})),n.d(e,"geoRotation",(function(){return hl})),n.d(e,"geoStream",(function(){return Wc})),n.d(e,"geoTransform",(function(){return af})),n.d(e,"cluster",(function(){return cd})),n.d(e,"hierarchy",(function(){return ld})),n.d(e,"pack",(function(){return Id})),n.d(e,"packSiblings",(function(){return Md})),n.d(e,"packEnclose",(function(){return gd})),n.d(e,"partition",(function(){return zd})),n.d(e,"stratify",(function(){return Hd})),n.d(e,"tree",(function(){return Jd})),n.d(e,"treemap",(function(){return ip})),n.d(e,"treemapBinary",(function(){return ap})),n.d(e,"treemapDice",(function(){return Yd})),n.d(e,"treemapSlice",(function(){return tp})),n.d(e,"treemapSliceDice",(function(){return op})),n.d(e,"treemapSquarify",(function(){return rp})),n.d(e,"treemapResquarify",(function(){return sp})),n.d(e,"interpolate",(function(){return Mn})),n.d(e,"interpolateArray",(function(){return bn})),n.d(e,"interpolateBasis",(function(){return on})),n.d(e,"interpolateBasisClosed",(function(){return sn})),n.d(e,"interpolateDate",(function(){return _n})),n.d(e,"interpolateDiscrete",(function(){return cp})),n.d(e,"interpolateHue",(function(){return up})),n.d(e,"interpolateNumber",(function(){return kn})),n.d(e,"interpolateNumberArray",(function(){return mn})),n.d(e,"interpolateObject",(function(){return wn})),n.d(e,"interpolateRound",(function(){return lp})),n.d(e,"interpolateString",(function(){return An})),n.d(e,"interpolateTransformCss",(function(){return fr})),n.d(e,"interpolateTransformSvg",(function(){return dr})),n.d(e,"interpolateZoom",(function(){return dp})),n.d(e,"interpolateRgb",(function(){return dn})),n.d(e,"interpolateRgbBasis",(function(){return yn})),n.d(e,"interpolateRgbBasisClosed",(function(){return gn})),n.d(e,"interpolateHsl",(function(){return yp})),n.d(e,"interpolateHslLong",(function(){return gp})),n.d(e,"interpolateLab",(function(){return mp})),n.d(e,"interpolateHcl",(function(){return bp})),n.d(e,"interpolateHclLong",(function(){return xp})),n.d(e,"interpolateCubehelix",(function(){return kp})),n.d(e,"interpolateCubehelixLong",(function(){return wp})),n.d(e,"piecewise",(function(){return Ep})),n.d(e,"quantize",(function(){return Tp})),n.d(e,"path",(function(){return $i})),n.d(e,"polygonArea",(function(){return Cp})),n.d(e,"polygonCentroid",(function(){return Sp})),n.d(e,"polygonHull",(function(){return Op})),n.d(e,"polygonContains",(function(){return Np})),n.d(e,"polygonLength",(function(){return Bp})),n.d(e,"quadtree",(function(){return Cs})),n.d(e,"randomUniform",(function(){return Lp})),n.d(e,"randomNormal",(function(){return Ip})),n.d(e,"randomLogNormal",(function(){return Rp})),n.d(e,"randomBates",(function(){return Pp})),n.d(e,"randomIrwinHall",(function(){return Fp})),n.d(e,"randomExponential",(function(){return jp})),n.d(e,"scaleBand",(function(){return Vp})),n.d(e,"scalePoint",(function(){return Xp})),n.d(e,"scaleIdentity",(function(){return uy})),n.d(e,"scaleLinear",(function(){return cy})),n.d(e,"scaleLog",(function(){return vy})),n.d(e,"scaleSymlog",(function(){return ky})),n.d(e,"scaleOrdinal",(function(){return Hp})),n.d(e,"scaleImplicit",(function(){return Wp})),n.d(e,"scalePow",(function(){return Sy})),n.d(e,"scaleSqrt",(function(){return Ay})),n.d(e,"scaleQuantile",(function(){return My})),n.d(e,"scaleQuantize",(function(){return Oy})),n.d(e,"scaleThreshold",(function(){return Ny})),n.d(e,"scaleTime",(function(){return pv})),n.d(e,"scaleUtc",(function(){return Ev})),n.d(e,"scaleSequential",(function(){return Sv})),n.d(e,"scaleSequentialLog",(function(){return Av})),n.d(e,"scaleSequentialPow",(function(){return Ov})),n.d(e,"scaleSequentialSqrt",(function(){return Nv})),n.d(e,"scaleSequentialSymlog",(function(){return Mv})),n.d(e,"scaleSequentialQuantile",(function(){return Bv})),n.d(e,"scaleDiverging",(function(){return Lv})),n.d(e,"scaleDivergingLog",(function(){return Iv})),n.d(e,"scaleDivergingPow",(function(){return Fv})),n.d(e,"scaleDivergingSqrt",(function(){return Pv})),n.d(e,"scaleDivergingSymlog",(function(){return Rv})),n.d(e,"tickFormat",(function(){return oy})),n.d(e,"schemeCategory10",(function(){return Yv})),n.d(e,"schemeAccent",(function(){return zv})),n.d(e,"schemeDark2",(function(){return Uv})),n.d(e,"schemePaired",(function(){return $v})),n.d(e,"schemePastel1",(function(){return qv})),n.d(e,"schemePastel2",(function(){return Wv})),n.d(e,"schemeSet1",(function(){return Hv})),n.d(e,"schemeSet2",(function(){return Vv})),n.d(e,"schemeSet3",(function(){return Gv})),n.d(e,"schemeTableau10",(function(){return Xv})),n.d(e,"interpolateBrBG",(function(){return Qv})),n.d(e,"schemeBrBG",(function(){return Kv})),n.d(e,"interpolatePRGn",(function(){return tb})),n.d(e,"schemePRGn",(function(){return Jv})),n.d(e,"interpolatePiYG",(function(){return nb})),n.d(e,"schemePiYG",(function(){return eb})),n.d(e,"interpolatePuOr",(function(){return ib})),n.d(e,"schemePuOr",(function(){return rb})),n.d(e,"interpolateRdBu",(function(){return ob})),n.d(e,"schemeRdBu",(function(){return ab})),n.d(e,"interpolateRdGy",(function(){return cb})),n.d(e,"schemeRdGy",(function(){return sb})),n.d(e,"interpolateRdYlBu",(function(){return lb})),n.d(e,"schemeRdYlBu",(function(){return ub})),n.d(e,"interpolateRdYlGn",(function(){return fb})),n.d(e,"schemeRdYlGn",(function(){return hb})),n.d(e,"interpolateSpectral",(function(){return pb})),n.d(e,"schemeSpectral",(function(){return db})),n.d(e,"interpolateBuGn",(function(){return gb})),n.d(e,"schemeBuGn",(function(){return yb})),n.d(e,"interpolateBuPu",(function(){return vb})),n.d(e,"schemeBuPu",(function(){return mb})),n.d(e,"interpolateGnBu",(function(){return xb})),n.d(e,"schemeGnBu",(function(){return bb})),n.d(e,"interpolateOrRd",(function(){return kb})),n.d(e,"schemeOrRd",(function(){return _b})),n.d(e,"interpolatePuBuGn",(function(){return Eb})),n.d(e,"schemePuBuGn",(function(){return wb})),n.d(e,"interpolatePuBu",(function(){return Cb})),n.d(e,"schemePuBu",(function(){return Tb})),n.d(e,"interpolatePuRd",(function(){return Ab})),n.d(e,"schemePuRd",(function(){return Sb})),n.d(e,"interpolateRdPu",(function(){return Ob})),n.d(e,"schemeRdPu",(function(){return Mb})),n.d(e,"interpolateYlGnBu",(function(){return Bb})),n.d(e,"schemeYlGnBu",(function(){return Nb})),n.d(e,"interpolateYlGn",(function(){return Lb})),n.d(e,"schemeYlGn",(function(){return Db})),n.d(e,"interpolateYlOrBr",(function(){return Rb})),n.d(e,"schemeYlOrBr",(function(){return Ib})),n.d(e,"interpolateYlOrRd",(function(){return Pb})),n.d(e,"schemeYlOrRd",(function(){return Fb})),n.d(e,"interpolateBlues",(function(){return Yb})),n.d(e,"schemeBlues",(function(){return jb})),n.d(e,"interpolateGreens",(function(){return Ub})),n.d(e,"schemeGreens",(function(){return zb})),n.d(e,"interpolateGreys",(function(){return qb})),n.d(e,"schemeGreys",(function(){return $b})),n.d(e,"interpolatePurples",(function(){return Hb})),n.d(e,"schemePurples",(function(){return Wb})),n.d(e,"interpolateReds",(function(){return Gb})),n.d(e,"schemeReds",(function(){return Vb})),n.d(e,"interpolateOranges",(function(){return Zb})),n.d(e,"schemeOranges",(function(){return Xb})),n.d(e,"interpolateCividis",(function(){return Kb})),n.d(e,"interpolateCubehelixDefault",(function(){return Qb})),n.d(e,"interpolateRainbow",(function(){return nx})),n.d(e,"interpolateWarm",(function(){return Jb})),n.d(e,"interpolateCool",(function(){return tx})),n.d(e,"interpolateSinebow",(function(){return ox})),n.d(e,"interpolateTurbo",(function(){return sx})),n.d(e,"interpolateViridis",(function(){return ux})),n.d(e,"interpolateMagma",(function(){return lx})),n.d(e,"interpolateInferno",(function(){return hx})),n.d(e,"interpolatePlasma",(function(){return fx})),n.d(e,"create",(function(){return dx})),n.d(e,"creator",(function(){return re})),n.d(e,"local",(function(){return yx})),n.d(e,"matcher",(function(){return gt})),n.d(e,"mouse",(function(){return Dn})),n.d(e,"namespace",(function(){return Et})),n.d(e,"namespaces",(function(){return wt})),n.d(e,"clientPoint",(function(){return Nn})),n.d(e,"select",(function(){return we})),n.d(e,"selectAll",(function(){return mx})),n.d(e,"selection",(function(){return ke})),n.d(e,"selector",(function(){return dt})),n.d(e,"selectorAll",(function(){return yt})),n.d(e,"style",(function(){return It})),n.d(e,"touch",(function(){return Bn})),n.d(e,"touches",(function(){return vx})),n.d(e,"window",(function(){return Nt})),n.d(e,"event",(function(){return ue})),n.d(e,"customEvent",(function(){return ye})),n.d(e,"arc",(function(){return jx})),n.d(e,"area",(function(){return Wx})),n.d(e,"line",(function(){return qx})),n.d(e,"pie",(function(){return Gx})),n.d(e,"areaRadial",(function(){return t_})),n.d(e,"radialArea",(function(){return t_})),n.d(e,"lineRadial",(function(){return Jx})),n.d(e,"radialLine",(function(){return Jx})),n.d(e,"pointRadial",(function(){return e_})),n.d(e,"linkHorizontal",(function(){return u_})),n.d(e,"linkVertical",(function(){return l_})),n.d(e,"linkRadial",(function(){return h_})),n.d(e,"symbol",(function(){return M_})),n.d(e,"symbols",(function(){return A_})),n.d(e,"symbolCircle",(function(){return f_})),n.d(e,"symbolCross",(function(){return d_})),n.d(e,"symbolDiamond",(function(){return g_})),n.d(e,"symbolSquare",(function(){return __})),n.d(e,"symbolStar",(function(){return x_})),n.d(e,"symbolTriangle",(function(){return w_})),n.d(e,"symbolWye",(function(){return S_})),n.d(e,"curveBasisClosed",(function(){return I_})),n.d(e,"curveBasisOpen",(function(){return F_})),n.d(e,"curveBasis",(function(){return D_})),n.d(e,"curveBundle",(function(){return j_})),n.d(e,"curveCardinalClosed",(function(){return q_})),n.d(e,"curveCardinalOpen",(function(){return H_})),n.d(e,"curveCardinal",(function(){return U_})),n.d(e,"curveCatmullRomClosed",(function(){return K_})),n.d(e,"curveCatmullRomOpen",(function(){return J_})),n.d(e,"curveCatmullRom",(function(){return X_})),n.d(e,"curveLinearClosed",(function(){return ek})),n.d(e,"curveLinear",(function(){return zx})),n.d(e,"curveMonotoneX",(function(){return uk})),n.d(e,"curveMonotoneY",(function(){return lk})),n.d(e,"curveNatural",(function(){return dk})),n.d(e,"curveStep",(function(){return yk})),n.d(e,"curveStepAfter",(function(){return mk})),n.d(e,"curveStepBefore",(function(){return gk})),n.d(e,"stack",(function(){return _k})),n.d(e,"stackOffsetExpand",(function(){return kk})),n.d(e,"stackOffsetDiverging",(function(){return wk})),n.d(e,"stackOffsetNone",(function(){return vk})),n.d(e,"stackOffsetSilhouette",(function(){return Ek})),n.d(e,"stackOffsetWiggle",(function(){return Tk})),n.d(e,"stackOrderAppearance",(function(){return Ck})),n.d(e,"stackOrderAscending",(function(){return Ak})),n.d(e,"stackOrderDescending",(function(){return Ok})),n.d(e,"stackOrderInsideOut",(function(){return Nk})),n.d(e,"stackOrderNone",(function(){return bk})),n.d(e,"stackOrderReverse",(function(){return Bk})),n.d(e,"timeInterval",(function(){return Ly})),n.d(e,"timeMillisecond",(function(){return yg})),n.d(e,"timeMilliseconds",(function(){return gg})),n.d(e,"utcMillisecond",(function(){return yg})),n.d(e,"utcMilliseconds",(function(){return gg})),n.d(e,"timeSecond",(function(){return fg})),n.d(e,"timeSeconds",(function(){return dg})),n.d(e,"utcSecond",(function(){return fg})),n.d(e,"utcSeconds",(function(){return dg})),n.d(e,"timeMinute",(function(){return ug})),n.d(e,"timeMinutes",(function(){return lg})),n.d(e,"timeHour",(function(){return og})),n.d(e,"timeHours",(function(){return sg})),n.d(e,"timeDay",(function(){return rg})),n.d(e,"timeDays",(function(){return ig})),n.d(e,"timeWeek",(function(){return Uy})),n.d(e,"timeWeeks",(function(){return Xy})),n.d(e,"timeSunday",(function(){return Uy})),n.d(e,"timeSundays",(function(){return Xy})),n.d(e,"timeMonday",(function(){return $y})),n.d(e,"timeMondays",(function(){return Zy})),n.d(e,"timeTuesday",(function(){return qy})),n.d(e,"timeTuesdays",(function(){return Ky})),n.d(e,"timeWednesday",(function(){return Wy})),n.d(e,"timeWednesdays",(function(){return Qy})),n.d(e,"timeThursday",(function(){return Hy})),n.d(e,"timeThursdays",(function(){return Jy})),n.d(e,"timeFriday",(function(){return Vy})),n.d(e,"timeFridays",(function(){return tg})),n.d(e,"timeSaturday",(function(){return Gy})),n.d(e,"timeSaturdays",(function(){return eg})),n.d(e,"timeMonth",(function(){return jy})),n.d(e,"timeMonths",(function(){return Yy})),n.d(e,"timeYear",(function(){return Ry})),n.d(e,"timeYears",(function(){return Fy})),n.d(e,"utcMinute",(function(){return kv})),n.d(e,"utcMinutes",(function(){return wv})),n.d(e,"utcHour",(function(){return bv})),n.d(e,"utcHours",(function(){return xv})),n.d(e,"utcDay",(function(){return Dg})),n.d(e,"utcDays",(function(){return Lg})),n.d(e,"utcWeek",(function(){return vg})),n.d(e,"utcWeeks",(function(){return Tg})),n.d(e,"utcSunday",(function(){return vg})),n.d(e,"utcSundays",(function(){return Tg})),n.d(e,"utcMonday",(function(){return bg})),n.d(e,"utcMondays",(function(){return Cg})),n.d(e,"utcTuesday",(function(){return xg})),n.d(e,"utcTuesdays",(function(){return Sg})),n.d(e,"utcWednesday",(function(){return _g})),n.d(e,"utcWednesdays",(function(){return Ag})),n.d(e,"utcThursday",(function(){return kg})),n.d(e,"utcThursdays",(function(){return Mg})),n.d(e,"utcFriday",(function(){return wg})),n.d(e,"utcFridays",(function(){return Og})),n.d(e,"utcSaturday",(function(){return Eg})),n.d(e,"utcSaturdays",(function(){return Ng})),n.d(e,"utcMonth",(function(){return gv})),n.d(e,"utcMonths",(function(){return mv})),n.d(e,"utcYear",(function(){return Rg})),n.d(e,"utcYears",(function(){return Fg})),n.d(e,"timeFormatDefaultLocale",(function(){return lv})),n.d(e,"timeFormat",(function(){return $g})),n.d(e,"timeParse",(function(){return qg})),n.d(e,"utcFormat",(function(){return Wg})),n.d(e,"utcParse",(function(){return Hg})),n.d(e,"timeFormatLocale",(function(){return zg})),n.d(e,"isoFormat",(function(){return Dk})),n.d(e,"isoParse",(function(){return Lk})),n.d(e,"now",(function(){return Un})),n.d(e,"timer",(function(){return Wn})),n.d(e,"timerFlush",(function(){return Hn})),n.d(e,"timeout",(function(){return Zn})),n.d(e,"interval",(function(){return Ik})),n.d(e,"transition",(function(){return Ur})),n.d(e,"active",(function(){return Kr})),n.d(e,"interrupt",(function(){return sr})),n.d(e,"voronoi",(function(){return xw})),n.d(e,"zoom",(function(){return Lw})),n.d(e,"zoomTransform",(function(){return Tw})),n.d(e,"zoomIdentity",(function(){return Ew}));var r="5.16.0",i=function(t,e){return te?1:t>=e?0:NaN},a=function(t){var e;return 1===t.length&&(e=t,t=function(t,n){return i(e(t),n)}),{left:function(e,n,r,i){for(null==r&&(r=0),null==i&&(i=e.length);r>>1;t(e[a],n)<0?r=a+1:i=a}return r},right:function(e,n,r,i){for(null==r&&(r=0),null==i&&(i=e.length);r>>1;t(e[a],n)>0?i=a:r=a+1}return r}}};var o=a(i),s=o.right,c=o.left,u=s,l=function(t,e){null==e&&(e=h);for(var n=0,r=t.length-1,i=t[0],a=new Array(r<0?0:r);nt?1:e>=t?0:NaN},p=function(t){return null===t?NaN:+t},y=function(t,e){var n,r,i=t.length,a=0,o=-1,s=0,c=0;if(null==e)for(;++o1)return c/(a-1)},g=function(t,e){var n=y(t,e);return n?Math.sqrt(n):n},m=function(t,e){var n,r,i,a=t.length,o=-1;if(null==e){for(;++o=n)for(r=i=n;++on&&(r=n),i=n)for(r=i=n;++on&&(r=n),i0)return[t];if((r=e0)for(t=Math.ceil(t/o),e=Math.floor(e/o),a=new Array(i=Math.ceil(e-t+1));++s=0?(a>=E?10:a>=T?5:a>=C?2:1)*Math.pow(10,i):-Math.pow(10,-i)/(a>=E?10:a>=T?5:a>=C?2:1)}function M(t,e,n){var r=Math.abs(e-t)/Math.max(0,n),i=Math.pow(10,Math.floor(Math.log(r)/Math.LN10)),a=r/i;return a>=E?i*=10:a>=T?i*=5:a>=C&&(i*=2),eh;)f.pop(),--d;var p,y=new Array(d+1);for(i=0;i<=d;++i)(p=y[i]=[]).x0=i>0?f[i-1]:l,p.x1=i=1)return+n(t[r-1],r-1,t);var r,i=(r-1)*e,a=Math.floor(i),o=+n(t[a],a,t);return o+(+n(t[a+1],a+1,t)-o)*(i-a)}},D=function(t,e,n){return t=x.call(t,p).sort(i),Math.ceil((n-e)/(2*(B(t,.75)-B(t,.25))*Math.pow(t.length,-1/3)))},L=function(t,e,n){return Math.ceil((n-e)/(3.5*g(t)*Math.pow(t.length,-1/3)))},I=function(t,e){var n,r,i=t.length,a=-1;if(null==e){for(;++a=n)for(r=n;++ar&&(r=n)}else for(;++a=n)for(r=n;++ar&&(r=n);return r},R=function(t,e){var n,r=t.length,i=r,a=-1,o=0;if(null==e)for(;++a=0;)for(e=(r=t[i]).length;--e>=0;)n[--o]=r[e];return n},j=function(t,e){var n,r,i=t.length,a=-1;if(null==e){for(;++a=n)for(r=n;++an&&(r=n)}else for(;++a=n)for(r=n;++an&&(r=n);return r},Y=function(t,e){for(var n=e.length,r=new Array(n);n--;)r[n]=t[e[n]];return r},z=function(t,e){if(n=t.length){var n,r,a=0,o=0,s=t[o];for(null==e&&(e=i);++a=0&&(n=t.slice(r+1),t=t.slice(0,r)),t&&!e.hasOwnProperty(t))throw new Error("unknown type: "+t);return{type:t,name:n}}))}function ut(t,e){for(var n,r=0,i=t.length;r0)for(var n,r,i=new Array(n),a=0;ae?1:t>=e?0:NaN}var kt="http://www.w3.org/1999/xhtml",wt={svg:"http://www.w3.org/2000/svg",xhtml:kt,xlink:"http://www.w3.org/1999/xlink",xml:"http://www.w3.org/XML/1998/namespace",xmlns:"http://www.w3.org/2000/xmlns/"},Et=function(t){var e=t+="",n=e.indexOf(":");return n>=0&&"xmlns"!==(e=t.slice(0,n))&&(t=t.slice(n+1)),wt.hasOwnProperty(e)?{space:wt[e],local:t}:t};function Tt(t){return function(){this.removeAttribute(t)}}function Ct(t){return function(){this.removeAttributeNS(t.space,t.local)}}function St(t,e){return function(){this.setAttribute(t,e)}}function At(t,e){return function(){this.setAttributeNS(t.space,t.local,e)}}function Mt(t,e){return function(){var n=e.apply(this,arguments);null==n?this.removeAttribute(t):this.setAttribute(t,n)}}function Ot(t,e){return function(){var n=e.apply(this,arguments);null==n?this.removeAttributeNS(t.space,t.local):this.setAttributeNS(t.space,t.local,n)}}var Nt=function(t){return t.ownerDocument&&t.ownerDocument.defaultView||t.document&&t||t.defaultView};function Bt(t){return function(){this.style.removeProperty(t)}}function Dt(t,e,n){return function(){this.style.setProperty(t,e,n)}}function Lt(t,e,n){return function(){var r=e.apply(this,arguments);null==r?this.style.removeProperty(t):this.style.setProperty(t,r,n)}}function It(t,e){return t.style.getPropertyValue(e)||Nt(t).getComputedStyle(t,null).getPropertyValue(e)}function Rt(t){return function(){delete this[t]}}function Ft(t,e){return function(){this[t]=e}}function Pt(t,e){return function(){var n=e.apply(this,arguments);null==n?delete this[t]:this[t]=n}}function jt(t){return t.trim().split(/^|\s+/)}function Yt(t){return t.classList||new zt(t)}function zt(t){this._node=t,this._names=jt(t.getAttribute("class")||"")}function Ut(t,e){for(var n=Yt(t),r=-1,i=e.length;++r=0&&(this._names.splice(e,1),this._node.setAttribute("class",this._names.join(" ")))},contains:function(t){return this._names.indexOf(t)>=0}};function Vt(){this.textContent=""}function Gt(t){return function(){this.textContent=t}}function Xt(t){return function(){var e=t.apply(this,arguments);this.textContent=null==e?"":e}}function Zt(){this.innerHTML=""}function Kt(t){return function(){this.innerHTML=t}}function Qt(t){return function(){var e=t.apply(this,arguments);this.innerHTML=null==e?"":e}}function Jt(){this.nextSibling&&this.parentNode.appendChild(this)}function te(){this.previousSibling&&this.parentNode.insertBefore(this,this.parentNode.firstChild)}function ee(t){return function(){var e=this.ownerDocument,n=this.namespaceURI;return n===kt&&e.documentElement.namespaceURI===kt?e.createElement(t):e.createElementNS(n,t)}}function ne(t){return function(){return this.ownerDocument.createElementNS(t.space,t.local)}}var re=function(t){var e=Et(t);return(e.local?ne:ee)(e)};function ie(){return null}function ae(){var t=this.parentNode;t&&t.removeChild(this)}function oe(){var t=this.cloneNode(!1),e=this.parentNode;return e?e.insertBefore(t,this.nextSibling):t}function se(){var t=this.cloneNode(!0),e=this.parentNode;return e?e.insertBefore(t,this.nextSibling):t}var ce={},ue=null;"undefined"!=typeof document&&("onmouseenter"in document.documentElement||(ce={mouseenter:"mouseover",mouseleave:"mouseout"}));function le(t,e,n){return t=he(t,e,n),function(e){var n=e.relatedTarget;n&&(n===this||8&n.compareDocumentPosition(this))||t.call(this,e)}}function he(t,e,n){return function(r){var i=ue;ue=r;try{t.call(this,this.__data__,e,n)}finally{ue=i}}}function fe(t){return t.trim().split(/^|\s+/).map((function(t){var e="",n=t.indexOf(".");return n>=0&&(e=t.slice(n+1),t=t.slice(0,n)),{type:t,name:e}}))}function de(t){return function(){var e=this.__on;if(e){for(var n,r=0,i=-1,a=e.length;r=_&&(_=x+1);!(b=m[_])&&++_=0;)(r=i[a])&&(o&&4^r.compareDocumentPosition(o)&&o.parentNode.insertBefore(r,o),o=r);return this},sort:function(t){function e(e,n){return e&&n?t(e.__data__,n.__data__):!e-!n}t||(t=_t);for(var n=this._groups,r=n.length,i=new Array(r),a=0;a1?this.each((null==e?Bt:"function"==typeof e?Lt:Dt)(t,e,null==n?"":n)):It(this.node(),t)},property:function(t,e){return arguments.length>1?this.each((null==e?Rt:"function"==typeof e?Pt:Ft)(t,e)):this.node()[t]},classed:function(t,e){var n=jt(t+"");if(arguments.length<2){for(var r=Yt(this.node()),i=-1,a=n.length;++i>8&15|e>>4&240,e>>4&15|240&e,(15&e)<<4|15&e,1):8===n?He(e>>24&255,e>>16&255,e>>8&255,(255&e)/255):4===n?He(e>>12&15|e>>8&240,e>>8&15|e>>4&240,e>>4&15|240&e,((15&e)<<4|15&e)/255):null):(e=Ie.exec(t))?new Xe(e[1],e[2],e[3],1):(e=Re.exec(t))?new Xe(255*e[1]/100,255*e[2]/100,255*e[3]/100,1):(e=Fe.exec(t))?He(e[1],e[2],e[3],e[4]):(e=Pe.exec(t))?He(255*e[1]/100,255*e[2]/100,255*e[3]/100,e[4]):(e=je.exec(t))?Je(e[1],e[2]/100,e[3]/100,1):(e=Ye.exec(t))?Je(e[1],e[2]/100,e[3]/100,e[4]):ze.hasOwnProperty(t)?We(ze[t]):"transparent"===t?new Xe(NaN,NaN,NaN,0):null}function We(t){return new Xe(t>>16&255,t>>8&255,255&t,1)}function He(t,e,n,r){return r<=0&&(t=e=n=NaN),new Xe(t,e,n,r)}function Ve(t){return t instanceof Oe||(t=qe(t)),t?new Xe((t=t.rgb()).r,t.g,t.b,t.opacity):new Xe}function Ge(t,e,n,r){return 1===arguments.length?Ve(t):new Xe(t,e,n,null==r?1:r)}function Xe(t,e,n,r){this.r=+t,this.g=+e,this.b=+n,this.opacity=+r}function Ze(){return"#"+Qe(this.r)+Qe(this.g)+Qe(this.b)}function Ke(){var t=this.opacity;return(1===(t=isNaN(t)?1:Math.max(0,Math.min(1,t)))?"rgb(":"rgba(")+Math.max(0,Math.min(255,Math.round(this.r)||0))+", "+Math.max(0,Math.min(255,Math.round(this.g)||0))+", "+Math.max(0,Math.min(255,Math.round(this.b)||0))+(1===t?")":", "+t+")")}function Qe(t){return((t=Math.max(0,Math.min(255,Math.round(t)||0)))<16?"0":"")+t.toString(16)}function Je(t,e,n,r){return r<=0?t=e=n=NaN:n<=0||n>=1?t=e=NaN:e<=0&&(t=NaN),new nn(t,e,n,r)}function tn(t){if(t instanceof nn)return new nn(t.h,t.s,t.l,t.opacity);if(t instanceof Oe||(t=qe(t)),!t)return new nn;if(t instanceof nn)return t;var e=(t=t.rgb()).r/255,n=t.g/255,r=t.b/255,i=Math.min(e,n,r),a=Math.max(e,n,r),o=NaN,s=a-i,c=(a+i)/2;return s?(o=e===a?(n-r)/s+6*(n0&&c<1?0:o,new nn(o,s,c,t.opacity)}function en(t,e,n,r){return 1===arguments.length?tn(t):new nn(t,e,n,null==r?1:r)}function nn(t,e,n,r){this.h=+t,this.s=+e,this.l=+n,this.opacity=+r}function rn(t,e,n){return 255*(t<60?e+(n-e)*t/60:t<180?n:t<240?e+(n-e)*(240-t)/60:e)}function an(t,e,n,r,i){var a=t*t,o=a*t;return((1-3*t+3*a-o)*e+(4-6*a+3*o)*n+(1+3*t+3*a-3*o)*r+o*i)/6}Ae(Oe,qe,{copy:function(t){return Object.assign(new this.constructor,this,t)},displayable:function(){return this.rgb().displayable()},hex:Ue,formatHex:Ue,formatHsl:function(){return tn(this).formatHsl()},formatRgb:$e,toString:$e}),Ae(Xe,Ge,Me(Oe,{brighter:function(t){return t=null==t?1/.7:Math.pow(1/.7,t),new Xe(this.r*t,this.g*t,this.b*t,this.opacity)},darker:function(t){return t=null==t?.7:Math.pow(.7,t),new Xe(this.r*t,this.g*t,this.b*t,this.opacity)},rgb:function(){return this},displayable:function(){return-.5<=this.r&&this.r<255.5&&-.5<=this.g&&this.g<255.5&&-.5<=this.b&&this.b<255.5&&0<=this.opacity&&this.opacity<=1},hex:Ze,formatHex:Ze,formatRgb:Ke,toString:Ke})),Ae(nn,en,Me(Oe,{brighter:function(t){return t=null==t?1/.7:Math.pow(1/.7,t),new nn(this.h,this.s,this.l*t,this.opacity)},darker:function(t){return t=null==t?.7:Math.pow(.7,t),new nn(this.h,this.s,this.l*t,this.opacity)},rgb:function(){var t=this.h%360+360*(this.h<0),e=isNaN(t)||isNaN(this.s)?0:this.s,n=this.l,r=n+(n<.5?n:1-n)*e,i=2*n-r;return new Xe(rn(t>=240?t-240:t+120,i,r),rn(t,i,r),rn(t<120?t+240:t-120,i,r),this.opacity)},displayable:function(){return(0<=this.s&&this.s<=1||isNaN(this.s))&&0<=this.l&&this.l<=1&&0<=this.opacity&&this.opacity<=1},formatHsl:function(){var t=this.opacity;return(1===(t=isNaN(t)?1:Math.max(0,Math.min(1,t)))?"hsl(":"hsla(")+(this.h||0)+", "+100*(this.s||0)+"%, "+100*(this.l||0)+"%"+(1===t?")":", "+t+")")}}));var on=function(t){var e=t.length-1;return function(n){var r=n<=0?n=0:n>=1?(n=1,e-1):Math.floor(n*e),i=t[r],a=t[r+1],o=r>0?t[r-1]:2*i-a,s=r180||n<-180?n-360*Math.round(n/360):n):cn(isNaN(t)?e:t)}function hn(t){return 1==(t=+t)?fn:function(e,n){return n-e?function(t,e,n){return t=Math.pow(t,n),e=Math.pow(e,n)-t,n=1/n,function(r){return Math.pow(t+r*e,n)}}(e,n,t):cn(isNaN(e)?n:e)}}function fn(t,e){var n=e-t;return n?un(t,n):cn(isNaN(t)?e:t)}var dn=function t(e){var n=hn(e);function r(t,e){var r=n((t=Ge(t)).r,(e=Ge(e)).r),i=n(t.g,e.g),a=n(t.b,e.b),o=fn(t.opacity,e.opacity);return function(e){return t.r=r(e),t.g=i(e),t.b=a(e),t.opacity=o(e),t+""}}return r.gamma=t,r}(1);function pn(t){return function(e){var n,r,i=e.length,a=new Array(i),o=new Array(i),s=new Array(i);for(n=0;na&&(i=e.slice(a,i),s[o]?s[o]+=i:s[++o]=i),(n=n[0])===(r=r[0])?s[o]?s[o]+=r:s[++o]=r:(s[++o]=null,c.push({i:o,x:kn(n,r)})),a=Tn.lastIndex;return a=0&&e._call.call(null,t),e=e._next;--Ln}function Vn(){Pn=(Fn=Yn.now())+jn,Ln=In=0;try{Hn()}finally{Ln=0,function(){var t,e,n=Cn,r=1/0;for(;n;)n._call?(r>n._time&&(r=n._time),t=n,n=n._next):(e=n._next,n._next=null,n=t?t._next=e:Cn=e);Sn=t,Xn(r)}(),Pn=0}}function Gn(){var t=Yn.now(),e=t-Fn;e>1e3&&(jn-=e,Fn=t)}function Xn(t){Ln||(In&&(In=clearTimeout(In)),t-Pn>24?(t<1/0&&(In=setTimeout(Vn,t-Yn.now()-jn)),Rn&&(Rn=clearInterval(Rn))):(Rn||(Fn=Yn.now(),Rn=setInterval(Gn,1e3)),Ln=1,zn(Vn)))}qn.prototype=Wn.prototype={constructor:qn,restart:function(t,e,n){if("function"!=typeof t)throw new TypeError("callback is not a function");n=(null==n?Un():+n)+(null==e?0:+e),this._next||Sn===this||(Sn?Sn._next=this:Cn=this,Sn=this),this._call=t,this._time=n,Xn()},stop:function(){this._call&&(this._call=null,this._time=1/0,Xn())}};var Zn=function(t,e,n){var r=new qn;return e=null==e?0:+e,r.restart((function(n){r.stop(),t(n+e)}),e,n),r},Kn=ht("start","end","cancel","interrupt"),Qn=[],Jn=function(t,e,n,r,i,a){var o=t.__transition;if(o){if(n in o)return}else t.__transition={};!function(t,e,n){var r,i=t.__transition;function a(c){var u,l,h,f;if(1!==n.state)return s();for(u in i)if((f=i[u]).name===n.name){if(3===f.state)return Zn(a);4===f.state?(f.state=6,f.timer.stop(),f.on.call("interrupt",t,t.__data__,f.index,f.group),delete i[u]):+u0)throw new Error("too late; already scheduled");return n}function er(t,e){var n=nr(t,e);if(n.state>3)throw new Error("too late; already running");return n}function nr(t,e){var n=t.__transition;if(!n||!(n=n[e]))throw new Error("transition not found");return n}var rr,ir,ar,or,sr=function(t,e){var n,r,i,a=t.__transition,o=!0;if(a){for(i in e=null==e?null:e+"",a)(n=a[i]).name===e?(r=n.state>2&&n.state<5,n.state=6,n.timer.stop(),n.on.call(r?"interrupt":"cancel",t,t.__data__,n.index,n.group),delete a[i]):o=!1;o&&delete t.__transition}},cr=180/Math.PI,ur={translateX:0,translateY:0,rotate:0,skewX:0,scaleX:1,scaleY:1},lr=function(t,e,n,r,i,a){var o,s,c;return(o=Math.sqrt(t*t+e*e))&&(t/=o,e/=o),(c=t*n+e*r)&&(n-=t*c,r-=e*c),(s=Math.sqrt(n*n+r*r))&&(n/=s,r/=s,c/=s),t*r180?e+=360:e-t>180&&(t+=360),a.push({i:n.push(i(n)+"rotate(",null,r)-2,x:kn(t,e)})):e&&n.push(i(n)+"rotate("+e+r)}(a.rotate,o.rotate,s,c),function(t,e,n,a){t!==e?a.push({i:n.push(i(n)+"skewX(",null,r)-2,x:kn(t,e)}):e&&n.push(i(n)+"skewX("+e+r)}(a.skewX,o.skewX,s,c),function(t,e,n,r,a,o){if(t!==n||e!==r){var s=a.push(i(a)+"scale(",null,",",null,")");o.push({i:s-4,x:kn(t,n)},{i:s-2,x:kn(e,r)})}else 1===n&&1===r||a.push(i(a)+"scale("+n+","+r+")")}(a.scaleX,a.scaleY,o.scaleX,o.scaleY,s,c),a=o=null,function(t){for(var e,n=-1,r=c.length;++n=0&&(t=t.slice(0,e)),!t||"start"===t}))}(e)?tr:er;return function(){var o=a(this,t),s=o.on;s!==r&&(i=(r=s).copy()).on(e,n),o.on=i}}var Lr=ke.prototype.constructor;function Ir(t){return function(){this.style.removeProperty(t)}}function Rr(t,e,n){return function(r){this.style.setProperty(t,e.call(this,r),n)}}function Fr(t,e,n){var r,i;function a(){var a=e.apply(this,arguments);return a!==i&&(r=(i=a)&&Rr(t,a,n)),r}return a._value=e,a}function Pr(t){return function(e){this.textContent=t.call(this,e)}}function jr(t){var e,n;function r(){var r=t.apply(this,arguments);return r!==n&&(e=(n=r)&&Pr(r)),e}return r._value=t,r}var Yr=0;function zr(t,e,n,r){this._groups=t,this._parents=e,this._name=n,this._id=r}function Ur(t){return ke().transition(t)}function $r(){return++Yr}var qr=ke.prototype;function Wr(t){return t*t*t}function Hr(t){return--t*t*t+1}function Vr(t){return((t*=2)<=1?t*t*t:(t-=2)*t*t+2)/2}zr.prototype=Ur.prototype={constructor:zr,select:function(t){var e=this._name,n=this._id;"function"!=typeof t&&(t=dt(t));for(var r=this._groups,i=r.length,a=new Array(i),o=0;o1&&n.name===e)return new zr([[t]],Zr,e,+r);return null},Qr=function(t){return function(){return t}},Jr=function(t,e,n){this.target=t,this.type=e,this.selection=n};function ti(){ue.stopImmediatePropagation()}var ei=function(){ue.preventDefault(),ue.stopImmediatePropagation()},ni={name:"drag"},ri={name:"space"},ii={name:"handle"},ai={name:"center"};function oi(t){return[+t[0],+t[1]]}function si(t){return[oi(t[0]),oi(t[1])]}function ci(t){return function(e){return Bn(e,ue.touches,t)}}var ui={name:"x",handles:["w","e"].map(mi),input:function(t,e){return null==t?null:[[+t[0],e[0][1]],[+t[1],e[1][1]]]},output:function(t){return t&&[t[0][0],t[1][0]]}},li={name:"y",handles:["n","s"].map(mi),input:function(t,e){return null==t?null:[[e[0][0],+t[0]],[e[1][0],+t[1]]]},output:function(t){return t&&[t[0][1],t[1][1]]}},hi={name:"xy",handles:["n","w","e","s","nw","ne","sw","se"].map(mi),input:function(t){return null==t?null:si(t)},output:function(t){return t}},fi={overlay:"crosshair",selection:"move",n:"ns-resize",e:"ew-resize",s:"ns-resize",w:"ew-resize",nw:"nwse-resize",ne:"nesw-resize",se:"nwse-resize",sw:"nesw-resize"},di={e:"w",w:"e",nw:"ne",ne:"nw",se:"sw",sw:"se"},pi={n:"s",s:"n",nw:"sw",ne:"se",se:"ne",sw:"nw"},yi={overlay:1,selection:1,n:null,e:1,s:null,w:-1,nw:-1,ne:1,se:1,sw:-1},gi={overlay:1,selection:1,n:-1,e:null,s:1,w:null,nw:-1,ne:-1,se:1,sw:1};function mi(t){return{type:t}}function vi(){return!ue.ctrlKey&&!ue.button}function bi(){var t=this.ownerSVGElement||this;return t.hasAttribute("viewBox")?[[(t=t.viewBox.baseVal).x,t.y],[t.x+t.width,t.y+t.height]]:[[0,0],[t.width.baseVal.value,t.height.baseVal.value]]}function xi(){return navigator.maxTouchPoints||"ontouchstart"in this}function _i(t){for(;!t.__brush;)if(!(t=t.parentNode))return;return t.__brush}function ki(t){return t[0][0]===t[1][0]||t[0][1]===t[1][1]}function wi(t){var e=t.__brush;return e?e.dim.output(e.selection):null}function Ei(){return Si(ui)}function Ti(){return Si(li)}var Ci=function(){return Si(hi)};function Si(t){var e,n=bi,r=vi,i=xi,a=!0,o=ht("start","brush","end"),s=6;function c(e){var n=e.property("__brush",y).selectAll(".overlay").data([mi("overlay")]);n.enter().append("rect").attr("class","overlay").attr("pointer-events","all").attr("cursor",fi.overlay).merge(n).each((function(){var t=_i(this).extent;we(this).attr("x",t[0][0]).attr("y",t[0][1]).attr("width",t[1][0]-t[0][0]).attr("height",t[1][1]-t[0][1])})),e.selectAll(".selection").data([mi("selection")]).enter().append("rect").attr("class","selection").attr("cursor",fi.selection).attr("fill","#777").attr("fill-opacity",.3).attr("stroke","#fff").attr("shape-rendering","crispEdges");var r=e.selectAll(".handle").data(t.handles,(function(t){return t.type}));r.exit().remove(),r.enter().append("rect").attr("class",(function(t){return"handle handle--"+t.type})).attr("cursor",(function(t){return fi[t.type]})),e.each(u).attr("fill","none").attr("pointer-events","all").on("mousedown.brush",f).filter(i).on("touchstart.brush",f).on("touchmove.brush",d).on("touchend.brush touchcancel.brush",p).style("touch-action","none").style("-webkit-tap-highlight-color","rgba(0,0,0,0)")}function u(){var t=we(this),e=_i(this).selection;e?(t.selectAll(".selection").style("display",null).attr("x",e[0][0]).attr("y",e[0][1]).attr("width",e[1][0]-e[0][0]).attr("height",e[1][1]-e[0][1]),t.selectAll(".handle").style("display",null).attr("x",(function(t){return"e"===t.type[t.type.length-1]?e[1][0]-s/2:e[0][0]-s/2})).attr("y",(function(t){return"s"===t.type[0]?e[1][1]-s/2:e[0][1]-s/2})).attr("width",(function(t){return"n"===t.type||"s"===t.type?e[1][0]-e[0][0]+s:s})).attr("height",(function(t){return"e"===t.type||"w"===t.type?e[1][1]-e[0][1]+s:s}))):t.selectAll(".selection,.handle").style("display","none").attr("x",null).attr("y",null).attr("width",null).attr("height",null)}function l(t,e,n){var r=t.__brush.emitter;return!r||n&&r.clean?new h(t,e,n):r}function h(t,e,n){this.that=t,this.args=e,this.state=t.__brush,this.active=0,this.clean=n}function f(){if((!e||ue.touches)&&r.apply(this,arguments)){var n,i,o,s,c,h,f,d,p,y,g,m=this,v=ue.target.__data__.type,b="selection"===(a&&ue.metaKey?v="overlay":v)?ni:a&&ue.altKey?ai:ii,x=t===li?null:yi[v],_=t===ui?null:gi[v],k=_i(m),w=k.extent,E=k.selection,T=w[0][0],C=w[0][1],S=w[1][0],A=w[1][1],M=0,O=0,N=x&&_&&a&&ue.shiftKey,B=ue.touches?ci(ue.changedTouches[0].identifier):Dn,D=B(m),L=D,I=l(m,arguments,!0).beforestart();"overlay"===v?(E&&(p=!0),k.selection=E=[[n=t===li?T:D[0],o=t===ui?C:D[1]],[c=t===li?S:n,f=t===ui?A:o]]):(n=E[0][0],o=E[0][1],c=E[1][0],f=E[1][1]),i=n,s=o,h=c,d=f;var R=we(m).attr("pointer-events","none"),F=R.selectAll(".overlay").attr("cursor",fi[v]);if(ue.touches)I.moved=j,I.ended=z;else{var P=we(ue.view).on("mousemove.brush",j,!0).on("mouseup.brush",z,!0);a&&P.on("keydown.brush",U,!0).on("keyup.brush",$,!0),Ce(ue.view)}ti(),sr(m),u.call(m),I.start()}function j(){var t=B(m);!N||y||g||(Math.abs(t[0]-L[0])>Math.abs(t[1]-L[1])?g=!0:y=!0),L=t,p=!0,ei(),Y()}function Y(){var t;switch(M=L[0]-D[0],O=L[1]-D[1],b){case ri:case ni:x&&(M=Math.max(T-n,Math.min(S-c,M)),i=n+M,h=c+M),_&&(O=Math.max(C-o,Math.min(A-f,O)),s=o+O,d=f+O);break;case ii:x<0?(M=Math.max(T-n,Math.min(S-n,M)),i=n+M,h=c):x>0&&(M=Math.max(T-c,Math.min(S-c,M)),i=n,h=c+M),_<0?(O=Math.max(C-o,Math.min(A-o,O)),s=o+O,d=f):_>0&&(O=Math.max(C-f,Math.min(A-f,O)),s=o,d=f+O);break;case ai:x&&(i=Math.max(T,Math.min(S,n-M*x)),h=Math.max(T,Math.min(S,c+M*x))),_&&(s=Math.max(C,Math.min(A,o-O*_)),d=Math.max(C,Math.min(A,f+O*_)))}h0&&(n=i-M),_<0?f=d-O:_>0&&(o=s-O),b=ri,F.attr("cursor",fi.selection),Y());break;default:return}ei()}function $(){switch(ue.keyCode){case 16:N&&(y=g=N=!1,Y());break;case 18:b===ai&&(x<0?c=h:x>0&&(n=i),_<0?f=d:_>0&&(o=s),b=ii,Y());break;case 32:b===ri&&(ue.altKey?(x&&(c=h-M*x,n=i+M*x),_&&(f=d-O*_,o=s+O*_),b=ai):(x<0?c=h:x>0&&(n=i),_<0?f=d:_>0&&(o=s),b=ii),F.attr("cursor",fi[v]),Y());break;default:return}ei()}}function d(){l(this,arguments).moved()}function p(){l(this,arguments).ended()}function y(){var e=this.__brush||{selection:null};return e.extent=si(n.apply(this,arguments)),e.dim=t,e}return c.move=function(e,n){e.selection?e.on("start.brush",(function(){l(this,arguments).beforestart().start()})).on("interrupt.brush end.brush",(function(){l(this,arguments).end()})).tween("brush",(function(){var e=this,r=e.__brush,i=l(e,arguments),a=r.selection,o=t.input("function"==typeof n?n.apply(this,arguments):n,r.extent),s=Mn(a,o);function c(t){r.selection=1===t&&null===o?null:s(t),u.call(e),i.brush()}return null!==a&&null!==o?c:c(1)})):e.each((function(){var e=this,r=arguments,i=e.__brush,a=t.input("function"==typeof n?n.apply(e,r):n,i.extent),o=l(e,r).beforestart();sr(e),i.selection=null===a?null:a,u.call(e),o.start().brush().end()}))},c.clear=function(t){c.move(t,null)},h.prototype={beforestart:function(){return 1==++this.active&&(this.state.emitter=this,this.starting=!0),this},start:function(){return this.starting?(this.starting=!1,this.emit("start")):this.emit("brush"),this},brush:function(){return this.emit("brush"),this},end:function(){return 0==--this.active&&(delete this.state.emitter,this.emit("end")),this},emit:function(e){ye(new Jr(c,e,t.output(this.state.selection)),o.apply,o,[e,this.that,this.args])}},c.extent=function(t){return arguments.length?(n="function"==typeof t?t:Qr(si(t)),c):n},c.filter=function(t){return arguments.length?(r="function"==typeof t?t:Qr(!!t),c):r},c.touchable=function(t){return arguments.length?(i="function"==typeof t?t:Qr(!!t),c):i},c.handleSize=function(t){return arguments.length?(s=+t,c):s},c.keyModifiers=function(t){return arguments.length?(a=!!t,c):a},c.on=function(){var t=o.on.apply(o,arguments);return t===o?c:t},c}var Ai=Math.cos,Mi=Math.sin,Oi=Math.PI,Ni=Oi/2,Bi=2*Oi,Di=Math.max;function Li(t){return function(e,n){return t(e.source.value+e.target.value,n.source.value+n.target.value)}}var Ii=function(){var t=0,e=null,n=null,r=null;function i(i){var a,o,s,c,u,l,h=i.length,f=[],d=w(h),p=[],y=[],g=y.groups=new Array(h),m=new Array(h*h);for(a=0,u=-1;++u1e-6)if(Math.abs(l*s-c*u)>1e-6&&i){var f=n-a,d=r-o,p=s*s+c*c,y=f*f+d*d,g=Math.sqrt(p),m=Math.sqrt(h),v=i*Math.tan((Pi-Math.acos((p+h-y)/(2*g*m)))/2),b=v/m,x=v/g;Math.abs(b-1)>1e-6&&(this._+="L"+(t+b*u)+","+(e+b*l)),this._+="A"+i+","+i+",0,0,"+ +(l*f>u*d)+","+(this._x1=t+x*s)+","+(this._y1=e+x*c)}else this._+="L"+(this._x1=t)+","+(this._y1=e);else;},arc:function(t,e,n,r,i,a){t=+t,e=+e,a=!!a;var o=(n=+n)*Math.cos(r),s=n*Math.sin(r),c=t+o,u=e+s,l=1^a,h=a?r-i:i-r;if(n<0)throw new Error("negative radius: "+n);null===this._x1?this._+="M"+c+","+u:(Math.abs(this._x1-c)>1e-6||Math.abs(this._y1-u)>1e-6)&&(this._+="L"+c+","+u),n&&(h<0&&(h=h%ji+ji),h>Yi?this._+="A"+n+","+n+",0,1,"+l+","+(t-o)+","+(e-s)+"A"+n+","+n+",0,1,"+l+","+(this._x1=c)+","+(this._y1=u):h>1e-6&&(this._+="A"+n+","+n+",0,"+ +(h>=Pi)+","+l+","+(this._x1=t+n*Math.cos(i))+","+(this._y1=e+n*Math.sin(i))))},rect:function(t,e,n,r){this._+="M"+(this._x0=this._x1=+t)+","+(this._y0=this._y1=+e)+"h"+ +n+"v"+ +r+"h"+-n+"Z"},toString:function(){return this._}};var $i=Ui;function qi(t){return t.source}function Wi(t){return t.target}function Hi(t){return t.radius}function Vi(t){return t.startAngle}function Gi(t){return t.endAngle}var Xi=function(){var t=qi,e=Wi,n=Hi,r=Vi,i=Gi,a=null;function o(){var o,s=Ri.call(arguments),c=t.apply(this,s),u=e.apply(this,s),l=+n.apply(this,(s[0]=c,s)),h=r.apply(this,s)-Ni,f=i.apply(this,s)-Ni,d=l*Ai(h),p=l*Mi(h),y=+n.apply(this,(s[0]=u,s)),g=r.apply(this,s)-Ni,m=i.apply(this,s)-Ni;if(a||(a=o=$i()),a.moveTo(d,p),a.arc(0,0,l,h,f),h===g&&f===m||(a.quadraticCurveTo(0,0,y*Ai(g),y*Mi(g)),a.arc(0,0,y,g,m)),a.quadraticCurveTo(0,0,d,p),a.closePath(),o)return a=null,o+""||null}return o.radius=function(t){return arguments.length?(n="function"==typeof t?t:Fi(+t),o):n},o.startAngle=function(t){return arguments.length?(r="function"==typeof t?t:Fi(+t),o):r},o.endAngle=function(t){return arguments.length?(i="function"==typeof t?t:Fi(+t),o):i},o.source=function(e){return arguments.length?(t=e,o):t},o.target=function(t){return arguments.length?(e=t,o):e},o.context=function(t){return arguments.length?(a=null==t?null:t,o):a},o};function Zi(){}function Ki(t,e){var n=new Zi;if(t instanceof Zi)t.each((function(t,e){n.set(e,t)}));else if(Array.isArray(t)){var r,i=-1,a=t.length;if(null==e)for(;++i=r.length)return null!=t&&n.sort(t),null!=e?e(n):n;for(var c,u,l,h=-1,f=n.length,d=r[i++],p=Qi(),y=o();++hr.length)return n;var o,s=i[a-1];return null!=e&&a>=r.length?o=n.entries():(o=[],n.each((function(e,n){o.push({key:n,values:t(e,a)})}))),null!=s?o.sort((function(t,e){return s(t.key,e.key)})):o}(a(t,0,na,ra),0)},key:function(t){return r.push(t),n},sortKeys:function(t){return i[r.length-1]=t,n},sortValues:function(e){return t=e,n},rollup:function(t){return e=t,n}}};function ta(){return{}}function ea(t,e,n){t[e]=n}function na(){return Qi()}function ra(t,e,n){t.set(e,n)}function ia(){}var aa=Qi.prototype;function oa(t,e){var n=new ia;if(t instanceof ia)t.each((function(t){n.add(t)}));else if(t){var r=-1,i=t.length;if(null==e)for(;++r6/29*(6/29)*(6/29)?Math.pow(t,1/3):t/(6/29*3*(6/29))+4/29}function va(t){return t>6/29?t*t*t:6/29*3*(6/29)*(t-4/29)}function ba(t){return 255*(t<=.0031308?12.92*t:1.055*Math.pow(t,1/2.4)-.055)}function xa(t){return(t/=255)<=.04045?t/12.92:Math.pow((t+.055)/1.055,2.4)}function _a(t){if(t instanceof Ea)return new Ea(t.h,t.c,t.l,t.opacity);if(t instanceof ga||(t=da(t)),0===t.a&&0===t.b)return new Ea(NaN,0r!=d>r&&n<(f-u)*(r-l)/(d-l)+u&&(i=-i)}return i}function Pa(t,e,n){var r,i,a,o;return function(t,e,n){return(e[0]-t[0])*(n[1]-t[1])==(n[0]-t[0])*(e[1]-t[1])}(t,e,n)&&(i=t[r=+(t[0]===e[0])],a=n[r],o=e[r],i<=a&&a<=o||o<=a&&a<=i)}var ja=function(){},Ya=[[],[[[1,1.5],[.5,1]]],[[[1.5,1],[1,1.5]]],[[[1.5,1],[.5,1]]],[[[1,.5],[1.5,1]]],[[[1,1.5],[.5,1]],[[1,.5],[1.5,1]]],[[[1,.5],[1,1.5]]],[[[1,.5],[.5,1]]],[[[.5,1],[1,.5]]],[[[1,1.5],[1,.5]]],[[[.5,1],[1,.5]],[[1.5,1],[1,1.5]]],[[[1.5,1],[1,.5]]],[[[.5,1],[1.5,1]]],[[[1,1.5],[1.5,1]]],[[[.5,1],[1,1.5]]],[]],za=function(){var t=1,e=1,n=O,r=s;function i(t){var e=n(t);if(Array.isArray(e))e=e.slice().sort(La);else{var r=m(t),i=r[0],o=r[1];e=M(i,o,e),e=w(Math.floor(i/e)*e,Math.floor(o/e)*e,e)}return e.map((function(e){return a(t,e)}))}function a(n,i){var a=[],s=[];return function(n,r,i){var a,s,c,u,l,h,f=new Array,d=new Array;a=s=-1,u=n[0]>=r,Ya[u<<1].forEach(p);for(;++a=r,Ya[c|u<<1].forEach(p);Ya[u<<0].forEach(p);for(;++s
Using `kubeadm`, you can create a minimum viable Kubernetes cluster that conforms to best practices. In fact, you can use `kubeadm` to set up a cluster that will pass the [Kubernetes Conformance tests](https://kubernetes.io/blog/2017/10/software-conformance-certification).
-`kubeadm` also supports other cluster
-lifecycle functions, such as [bootstrap tokens](/docs/reference/access-authn-authz/bootstrap-tokens/) and cluster upgrades.
+
+ 
+ 
