This is a reference for WebhookAdmission config generated from kubernetes-sigs/reference-docs/genref tool.
More specifically, it is generated using the following command:
```shell
./genref -include apiserver-webhookadmission
```
This is a reference for kube-scheduler policy config generated from
kubernetes-sigs/reference-docs/genref tool.
More specifically, it is generated using the following command:
```
./genref --include kube-scheduler-policy-config
```
The `imagePullPolicy` field is set automatically based on the image tag
if it's initially omitted, but it is not updated if the image tag later
changes. This can lead to [confusing
behaviour](https://itnext.io/defaults-are-hard-kubernetes-deployment-edition-3b11095792f2).
This change attempts to warn users of this potential pitfall.
The "Automatic mounting of manually created Secrets" section of the
Secrets documentation previously suggesting using PodPresets. PodPresets
have been removed, there is no alternate facility described, and it's
unclear if auto-mounting secrets based on associations with
ServiceAccounts was ever supported. Accordingly, the section should be
removed.
As suggested, removed the language related to common vernacular. I think the documentation is well written in the common labels section, and can possibly be enhanced as more and more of these labels are implemented. So, just a link in the best practice section is sufficient as suggested by you.
Adds a `caution` note that SSH key pairs do not establish trust between
clients and servers. A secondary method is required to establish trust
between an SSH client and host server, such as fixed `known_hosts` file.
Clients which do not establish adequate trust are vulnerable to "man in
the middle" impersonation attacks.
Signed-off-by: Adam Kaplan <adam.kaplan@redhat.com>
This PR adds a paragraph explaining the insecure by default nature of k8s secrets, and points users at the documentation to turn on encryption at rest and RBAC.
I think a second page needs to be created showing the correct combination of RBAC rules for various cases, which should eventually replace the link to the RBAC documentation.
After removing the sections of the page that are not in line with the
content guide, there is little left.
Edit pages that link to removed task to no longer link there.
Redirect using 302 status so that there is a future opportunity to reinstate
the page or something like it.
- Avoid links to removed cluster management task
- Broaden applicability of “Safely Drain A Node”
- Add (stub) cluster upgrade task page
- Add a basic page about upgrading your cluster.
- Add a task page about enabling or disabling HTTP APIs
docker pull game.example/demo-game results with Error response from daemon: Get https://game.example/v2/: dial tcp: lookup game.example: no such host.
Therefore is better to change image to nginx
There are many contents in the (*very big*) Secret concept page which
are actually tasks. This PR proposes a separation of some contents
into separate tasks, so that we have a (hopefully) better organization
of the content and we make room for improvement to the concept itself.
Note that the creation of the `configmap-secret` directory (instead of
`secret`) is an intent to create a folder for both ConfigMap and Secret,
both of which are about configurations though there are quite some
differences between them.
* Fix for 23732
Explicitly specify that consumed as environment variables require pod restart to refresh.
* Remove note tag
Remove note tag as suggested
The feature is in `beta` since Kubernetes v1.19.0 so it is enabled per
default. This means that we can omit the hint to enable the feature
gate manually.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
The spec specified a "plain integer or as a fixed-point integer", but a fixed-point number is the correct terminology.
As such, 1.7Gi and 1Gi should both work.
* Revise Pod concept
Adapt the existing Pod documentation to suit the Docsy theme, by
promoting the Pod concept itself to /docs/concepts/workloads/pods/
Following on from this, update the Pod Lifecycle page to cover the
lifecycle of a Pod and follow on directly from the Pod concept,
for readers keen to understand things in detail.
This change also removes the automatic contents list from the Pod
overview page. Instead, the new page links to all the pages
inside the Pod section.
* Update links to Pod concept
Link to updated content
* Incorporate Pod concept suggestions
Co-authored-by: Celeste Horgan <celeste@cncf.io>
* Revise StatefulSet suggestion for Pod concept
Co-authored-by: Celeste Horgan <celeste@cncf.io>
Co-authored-by: Celeste Horgan <celeste@cncf.io>
Shannon Kularathna
toshokan
Jai Govindani
Kubernetes Prow Robot
Qiming Teng
Tim Bannister
Victor Palade
Rey Lejano
Karen Bradshaw
Tobias
ChandaniM123
Adrian Ludwin
wojtekt
Jacob Henner
Federico Gallo
Bartlomiej Takuski
Tom Kivlin
Qiming Teng
Rajesh Jain
Rajesh Jain
lostsquirrel
Johnny Lim
Pavel Nosov
Sylvain Coulombel
Adam Kaplan
amyXia1994
Kristin Martin
Adam Jacob
reylejano-rxm
Somtochi Onyekwere
Sundeep Malladi
Sylvain COULOMBEL
Tim Hockin
eagleusb
ljnaresh
perk
ldynia
Jorge Vallecillo
Sergey Kanzhelev
Chris Tomas
noms
Sascha Grunert
Jubayer Abdullah Joy
Savitha Raghunathan
Alec Lombardo
zionwu
Jerry Park
TAKAHASHI Shuuji
Eric Briand
Oleg Atamanenko
Wei Huang