- Link to k/kubernetes issue 106917
(various places)
- Related rewording to make that extra link work in context
and also:
- Replace alias for dockershim FAQ with a Netlify redirect
Co-authored-by: Jihoon Seo <46767780+jihoon-seo@users.noreply.github.com>
* Add container image signing docs
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* Creates a task page to verify signed control plane container images
* Added info about cosigned and why we need cosign in experimental mode
Updates based on PR review
Apply suggestions from code review
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* Uses K8s SBoM to get list of signed images
Apply suggestions from code review
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Chris Negus <cnegus@redhat.com>
* Add current scope of sign/verify
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Chris Negus <cnegus@redhat.com>
The new task page outlines steps for reconfiguring
a kubeadm cluster and persisting reconfiguration.
Link the new page from the existing guides for
"customizing components", "creating a cluster",
and "kubeadm upgrade".
Co-authored-by: Paco Xu <paco.xu@daocloud.io>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
The logical navigation definitely works better if Pod Security admission
and PodSecurityPolicy are pages in the same section. Make It So.
Co-authored-by: Rey Lejano <rlejano@gmail.com>
The acess-cluster-service page, has nothing to do with administering a cluster.
A better home for this page should be the `/docs/tasks/access-application-cluster` subdirectory instead.
Original link says
```
Design proposals have been archived.
To view the last version of this document, see the Design Proposals Archive Repo.
Please remove after 2022-04-01 or the release of Kubernetes 1.24, whichever comes first.
```
The default kubelet configuration ConfigMap that kubeadm manages
is "kubelet-config" instead of "kubelet-config-x.yy" (where x.yy
is the Kubernetes version) in 1.24.
Cleanup references to the legacy naming in kubeadm documentation.
Generated contents in content/en/docs/reference/* are not updated.
* Docs to change Container runtime
* Updated header
* Updated header
* Few changes made according to the reviews
* Updated few headings
* Updated few markdown changes
* Reverted a unwanted changes
* Removed the double extension in the filename
* Updated
* Updated according to review
* Final Updates
* Added instructions to remove docker engine
* Minor changes
* Minor updates on heading
* Minor updates on lists
* Minor updates on line 106
* Minor updates on line 106
This PR fixes two problems in the cascading deletion page:
- The indentation of list items should be 2 spaces for unordered lists,
or 3 spaces for ordered lists. We should avoid using 4 spaces as
indentation because 4-spaces indentation has special meaning in
markdown.
- The garbage-collection page was moved to a new place. With redirect
records for English site, there seems no obvious problems. However,
for localization teams, such redirection records don't exist. It is
super easy to create a dangling link in localized pages.
This change is to update the documentation for reserved-memory flag.
Now, for specifying memory reservations across multiple NUMA nodes,
semicolon needs to be used as separator.
Signed-off-by: Ravindra Thakur <ravindra.nath.thakur@est.tech>
The command "kubeadm kubeconfig user" is missing
some examples and more details on why it is needed.
- Add a new section "Generating kubeconfig files
for additional users" under the kubeadm-certs page.
- Link to this section from the kubeadm-kubeconfig reference page.
- Link to this section from the create-cluster-kubeadm page.
Sysbox is an open-source container runtime (similar to "runc") that supports
running VM-workloads such as Docker and Kubernetes inside unprivileged
containers or pods.
Sysbox containers always use the Linux user-namespace for isolation, plus
specially crafted proc and sys filesystems, some syscall interception,
filesystem ID-mapping, and more.
It's possible to run Kubernetes, K3s, K0s, inside containers or pods deployed
with Sysbox. This commit aims to make the Kubernetes community aware of this
option.
Signed-off-by: Cesar Talledo <ctalledo@nestybox.com>
Touch the following files:
- Implementation details: remove docker specifics, which is changing
in 1.24
- Create cluster: small language cleanup, remove note about 1.24
- Install kubeadm: Include two up-to-date tables for Linux / Windows
with known endpoints. Include cri-dockerd.
- Kubelet integration: (side cleanup) use "container runtime" instead of
"CRI runtime" (which is incorrect). Mention that only updating
"--container-runtime-endpoint=.." is required if the user wishes
to override the CR on a certain host. Dockershim->CR-foo migration
guides would make the "--container-runtime=remote" flag explicit
and we want to remove it at some point.
- Troubleshooting kubeadm: Remove some instances of Docker troubleshooting
that imply docker as default CR, or talk about old Docker versions.
Be more generic about container runtimes.
- Adding Windows nodes: move the containerd tab before the Docker
tab, as containerd is now the default. Remove note about being explicit
about --cri-socket. Add note that crictl is required for both
Docker and containerd. Add note that cri-dockerd is required if
the user wants to use Docker EE on Windows.
Tim Bannister
Pushkar Joglekar
Kubernetes Prow Robot
Jiahui Feng
Nate W
Mads Jensen
Lubomir I. Ivanov
Jihoon Seo
Rey Lejano
Qiming Teng
Shannon Kularathna
Thomas Güttler
Geoffrey Cline
Geoffrey Cline
Yuvraj Shekhawat
RA489
mango
Mac Chaffee
Sergey Kanzhelev
Jordan Liggitt
Aayush Sharma
Marco Voelz
srout
Debabrata Panigrahi
Ravindra Thakur
Arhell
Cesar Talledo
Viacheslav Vasilyev
prameshj
AugustasV
Christopher Negus