The kubelet reference is not auto-generated. This PR is about fixing the
outdated information by manually comparing the reference against the
output from `kubelet --help`.
* Rebasing HostProcess security changes.
* Incorporated initial round of feedback
* Minor wording updates
* Finished up remaining todo items
* Apply suggestions from code review
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: Mark Rossetti <marosset@microsoft.com>
* Moved HostProcess security documentation into PSS and create-host-process-pod docs
* Updated with for James' review
* Apply suggestions from code review
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: James Sturtevant <jsturtevant@gmail.com>
* Minor edits
* Modifications for additional feedback
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: Mark Rossetti <marosset@microsoft.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: James Sturtevant <jsturtevant@gmail.com>
Enables support for running kubelet in a user namespace.
The user namespace has to be created before running kubelet.
All the node components such as CRI need to be running in the same user namespace.
- Tracking issue: kubernetes/enhancements issue 2033
- KEP: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2033-kubelet-in-userns-aka-rootless
- Implementation: kubernetes/kubernetes PR 92863
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Here is a second batch for feature gate updates in 1.22.
- CPUManagerPolicyOptions kubernetes/kubernetes#101432
- ControllerManagerLeaderMigration kubernetes/kubernetes#103533
- DynamicKubeletConfig kubernetes/kubernetes#102966
- EndpointSliceProxying kubernetes/kubernetes#103451
- EndpointSliceTerminatingCondition kubernetes/kubernetes#103596
- HugePageStorageMediumSize kubernetes/kubernetes#99144
- JobTrackingWithFinalizers kubernetes/kubernetes#98817
(also tracked in #28841, can rebase).
- ServiceInternalTrafficPolicy kubernetes/kubernetes#103462
- WindowsEndpointSliceProxying kubernetes/kubernetes#103451
Some of these needs more detailed documentation.
The enhancement https://github.com/kubernetes/enhancements/issues/2625
want to add a new kubelet option to fine tune the behaviour of the
cpu manager policies, and to do so we add support for cpu manager policy
options themselves.
Signed-off-by: Francesco Romani <fromani@redhat.com>
This adds a documentation section about the `SeccompDefault` feature
gate for the kubelet. Beside that, the feature gate has been added to
the list of features, too.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
We have some problems processing "<" and ">" in the code comment. The
library we used are treating them as unsafe HTML tags. This PR fixes the
problem by regenerating the references using the updated generator.
This PR updates the component reference generated for 1.21. A bug was
found where the upstream source code is now applying a normalization
function to all flags.
This PR also removes the dangling kubelet-config API file.
Issues fixed by this PR:
- Link in PodDeletionCost is wrong.
- Default value for APIResponseCompression since 1.16 should be true
- Default value for KubeletPodResources in 1.13, 1.14 should be false
- CSIVolumeHealth is an Alpha feature introduced in 1.21, not graduated or deprecated
- EndpointSlice is still Beta in 1.20
- EndpointSliceNodeName is only GA’ed in 1.21
- IndexedJob is an Alpha starting 1.21, not graduated or deprecated
- KubeletPodResources has been GA’ed in 1.20, thus should be removed from the first table
- RequestManagement was deprecated in 1.17 and replaced by APIPriorityAndFaireness
- Several field names are incorrect (e.g. `appProtocol`, `internalTrafficPolicy`, `loadBalancerClass`)
- SCTPSupport should be removed from the first table because it was GA’ed in 1.20.
- ServcieAppProtocol is Beta until 1.20
- StreamingProxyRedirects is GA’ed in 1.19, not deprecated
- No description for ValidateProxyRedirects is provided
- VolumeCapacityPriority is an Alpha feature introduced in 1.21, not graduated
- The order of VolumePVCDataSource is wrong in the table
- No description provided for Initializers
- The deprecated status should not be repeated in the description since it is already indicated by the table in which a feature is listed.
- No description is provided for RequestManagement
* Actuallize podresources description
This commit updates description according to
https://github.com/kubernetes/enhancements/pull/1884
Update content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md
Signed-off-by: Alexey Perevalov <alexey.perevalov@huawei.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* podresources: document the new feature gate
Signed-off-by: Francesco Romani <fromani@redhat.com>
* device plugins: add clarifications after review
- fix the AllocatableResourcesResponse comment
- describe the NUMA ID and explain the meaning of the field.
Signed-off-by: Francesco Romani <fromani@redhat.com>
Co-authored-by: Alexey Perevalov <alexey.perevalov@huawei.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Qiming Teng
Kubernetes Prow Robot
Kenneth Endfinger
Victor Palade
sandipanpanda
Nitesh Seram
Swetha Repakula
Brandon Smith
Akihiro Suda
Jiawei Wang
Francesco Romani
Elana Hashman
Cheng Xing
Ed Bartosh
xiaoxubeii
Aldo Culquicondor
Christopher Negus
Sergey Kanzhelev
Haardik Dharma
Hanlin Shi
Jihoon Seo
Harry Bagdi
Mike Dame
Abdullah Gharaibeh
Sascha Grunert
Shihang Zhang
liuxu
Maciej Szulik
Ritu Panjwani
Javier Diaz-Montes
4ndy
Gunju Kim
Tim Allclair
Jordan Liggitt
Antoine Pelisse
Regan Chan
wangyysde
Shannon Kularathna
Rey Lejano
Tim Bannister
Rob Scott
Fangyuan Li
xing-yang
Morten Torkildsen
Harold