dd7e3966ef
Revise introduction to encryption at rest page
...
Help readers check if they need to follow the task.
2024-01-19 00:23:25 +00:00
ef9194bdf3
Merge pull request #44721 from sftim/20240112_revise_encryption_at_rest
...
Recommend replicating encryption key for API data encryption at rest
2024-01-17 16:56:30 +01:00
b1929ab8a8
Update encrypt-data.md
...
Fix as ---> at typo
2024-01-17 10:40:02 -05:00
0f9ab60a3c
Update CoreDNS installation docs
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2024-01-14 20:29:41 +05:30
5ee30f167a
fixed installation guide in using CoreDNS for Service Discovery page
2024-01-14 19:41:35 +05:30
0e05396f1b
Recommend replicating encryption key
...
When using API encryption at rest without KMS, the same encryption key
must be securely replicated to all the hosts that run a kube-apiserver.
Document that.
2024-01-12 14:38:25 +00:00
8106c6e092
Add notes on kubeadm clusters version ( #44683 )
...
* Add notes on kubeadm clusters version
Update content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md
Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>
move into additional information
* Update content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md
Co-authored-by: Tim Bannister <tim@scalefactory.com>
---------
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2024-01-09 18:07:50 +01:00
bfbe2db97b
Highlight initial comment
...
Make the initial comment extra obvious to readers.
2024-01-08 17:55:46 +00:00
ec8a3cb52d
Merge pull request #44532 from sftim/20231226_encryption_at_rest
...
Improve docs around API data encryption at rest
2024-01-08 18:32:23 +01:00
bcc55ae7c9
fix outdated link/anchor
...
Signed-off-by: hunshcn <hunsh.cn@gmail.com>
2024-01-03 15:00:11 +08:00
e2509cb624
Merge pull request #44506 from Takashiidobe/fix-typos
...
fix typos
2024-01-02 19:29:55 +01:00
e17cd06c3d
Revise guidance for rotating a decryption key
2024-01-02 11:14:30 +00:00
b749f91f12
Document avoiding plain text retrieval
...
When you have set up your cluster for encryption at rest, you can take
this defence in depth measure to make sure that anything held without
encryption causes a retrieval error (which is then more likely to flag
that there is a problem).
2024-01-02 11:14:30 +00:00
8b46ec4047
Fix several link errors
2024-01-01 21:15:50 +08:00
c807f97145
Merge pull request #44355 from hunshcn/sysctl
...
update safe sysctls (v1.29)
2023-12-27 12:44:29 +01:00
0f285fd32d
Merge pull request #44085 from sftim/20231125_explain_protection_encryption_keys
...
Explain more about protection for encryption keys (API data encryption at rest)
2023-12-26 07:18:49 +01:00
fc8e79b96c
update safe sysctl
...
Signed-off-by: hunshcn <hunsh.cn@gmail.com>
2023-12-25 10:47:54 +08:00
d536e46dbd
fix typos
2023-12-24 21:00:53 -05:00
ada845e5e1
Link to KMS setup doc
2023-12-22 11:33:36 +00:00
9f8b35d93f
Redo API encryption at rest explanation
...
- Explain importance of protecting keys and other material that can be
used to decrypt data in etcd
- Revise the explanation for a non-KMS setup example
2023-12-22 11:33:36 +00:00
057c9633a3
Merge pull request #44227 from windsonsea/changey
...
Clean up change-default-storage-class and access-cluster-api tasks
2023-12-22 02:21:22 +01:00
242296af2a
Remove extra character
...
Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>
2023-12-20 00:34:51 +00:00
80353185f5
Remove extra character
2023-12-19 23:17:19 +00:00
d1d6eda640
Clean up change-default-storage-class.md
2023-12-19 08:57:48 +08:00
7ffd84798f
Fix broken hyperlink for 'Cosign Keyless Signatures' in "Verify Signed Kubernetes Artifacts" guide ( #44235 )
...
* fix broken links to cosign signing page
* remove changes to zn translation
* change link to https://docs.sigstore.dev/signing/overview/
2023-12-18 11:08:33 +01:00
119a085a55
Merge pull request #44086 from sftim/20231125_link_to_decrypt_task
...
Link to existing task about decrypting at rest
2023-12-14 09:32:58 +01:00
98dcbddc6b
Merge pull request #44322 from adityasamant25/issue-44321
...
Add user guidance comment for executing drain and uncordon on control plane
2023-12-14 03:29:00 +01:00
3a13717a34
Issue 44321 - added comments to emphasize that the drain and uncordon commands must be executed on a control plane node.
...
Apply suggestions from code review
Co-authored-by: Lubomir I. Ivanov <neolit123@gmail.com>
2023-12-13 16:52:08 +05:30
e57cf329a6
Merge 'dev-1.29' with main
2023-12-11 17:11:37 +00:00
0c5cb411ea
Merge pull request #43871 from neolit123/1.29-add-task-for-kubeadm-generate-csr
...
kubeadm: add section on how to use the "generate-csr" command
2023-12-11 17:39:47 +01:00
45fb394ca7
Merge main into dev-1.29 to maintain sync
2023-12-07 15:59:56 +00:00
5e5e9fc252
Merge pull request #44170 from hunshcn/sysctl
...
update safe sysctls
2023-12-07 14:15:01 +01:00
bb2cb5fa86
update sysctl-cluster.md, pod-security-standards.md
...
Signed-off-by: hunshcn <hunsh.cn@gmail.com>
2023-12-01 14:47:36 +08:00
b91eca6be2
Fix rendering issue in tab layout
2023-12-01 01:20:33 +00:00
812e0f8b85
Add details in kubeadm-reconfigure.md for etcd
...
The kubeadm init phase doesn't permit to reconfigure the etcd yaml manifest (when etcd is in local mode)
Adding the right command when etcd needs to be reconfigured
Co-authored-by: Lubomir I. Ivanov <neolit123@gmail.com>
2023-11-30 14:08:05 +01:00
1f082c2e16
Link to existing task about decrypting at rest
2023-11-25 19:17:05 +00:00
d174742c46
kubeadm: add section on how to use the "generate-csr" command
...
The "generate-csr" command is useful in cases users don't
wish to use the default certificate duration that kubeadm has
hardcoded to 1 year. The command can also be used when the
certificate rotation process is done manually, out of bounds
with an external CA.
2023-11-22 08:32:30 +02:00
c07ce392e4
Graduate ReadWriteOncePod to GA
...
Included is a task for migrating existing PersistentVolumes to use
ReadWriteOncePod, taken from the alpha blog post.
2023-11-21 09:35:09 -08:00
92a8fce75d
Merge pull request #43398 from aramase/aramase/d/kep_3299_stable_doc_update
...
[KMSv2] add docs for KMSv2 GA
2023-11-21 11:46:23 +01:00
8b9f3f84aa
review feedback
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-11-20 17:25:48 +00:00
8598729e5d
update docs for KMSv2 and KMSv2KDF stable
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-11-17 18:19:45 +00:00
fb1bd2217d
Merge main into dev-1.29 to keep in sync
2023-11-14 21:22:12 +00:00
4163d74fa5
Additional clarifications for changing package repository
...
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
2023-11-13 13:36:11 +01:00
e5ff980054
Update configure-upgrade-etcd.md
...
Precision on --data-dir option when restoring etcd cluster
2023-11-05 15:32:15 +01:00
636f1d8f7e
Merge pull request #43540 from neolit123/1.29-add-super-admin-kubeconfig
...
kubeadm: introduce documentation changes for super-admin.conf
2023-10-31 03:03:57 +01:00
a9478b46ac
kubeadm: introduce documentation changes for super-admin.conf
...
- Update most pages where the kubeadm generated admin.conf
is discussed. Include information about the new file "super-admin.conf".
2023-10-30 11:57:44 +02:00
e4a2ab2bd0
Update upgrade guides to clarify that legacy repos are frozen ( #43472 )
...
* Add legacy-repos-deprecation shortcode and localization
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
* Update install/upgrade guides to clarify that legacy repos are frozen
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
* Update the legacy repos message
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
---------
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
2023-10-17 03:37:39 +02:00
cc3ba5be2c
Fix stale advice on changing the Container Runtime on a Node ( #42739 )
...
* Stale advice on changing the Container Runtime on a Node from Docker Engine to containerd
* Update content/en/docs/tasks/administer-cluster/migrating-from-dockershim/migrate-dockershim-dockerd.md
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* Update migrate-dockershim-dockerd.md
---------
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-10-15 20:38:55 +02:00
f8161f8f24
Merge pull request #42702 from Affan-7/kubelet-parameters-via-config
...
Add eviction thresholds parameters
2023-10-15 20:34:52 +02:00
f8da02e489
Merge pull request #43407 from xmudrii/remove-legacy-repos
...
Remove instructions for legacy package repos
2023-10-10 19:12:13 +02:00
7d706d9921
Remove instructions for legacy package repos
...
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
2023-10-10 18:01:54 +02:00
f9ad24a5d6
doc(etcd-maintenance): add reference to etcd-defrag CronJob ( #43394 )
...
* doc(etcd-maintenance): add reference to etcd-defrag CronJob
* doc: improve style according to style guide
* chore: fix file name
2023-10-10 16:12:13 +02:00
5f4fa22259
Small mistake between sections of the document ( #42089 )
...
* Small mistake between sections of the document
The note for --kube-reserved-cgroup should match formatting for --system-reserved-cgroup. This changes helps those match.
* Update reserve-compute-resources.md
---------
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-10-10 08:54:22 +02:00
2668fec5ea
Merge pull request #42131 from mrgiles/36784_etcd_restore_cmd_update
...
Add note after restore cmd to specify that data-dir will be (re)created
2023-10-10 08:22:02 +02:00
926770351c
Added instructions for SUSE-based distributions ( #42913 )
...
* Update install-kubectl-linux.md
Added instructions for SUSE based distributions
* Update change-package-repository.md
Added a section for openSUSE and SLES distributions
* Update content/en/docs/tasks/tools/install-kubectl-linux.md
Co-authored-by: Michael <haifeng.yao@daocloud.io>
* Update content/en/docs/tasks/tools/install-kubectl-linux.md
Co-authored-by: Michael <haifeng.yao@daocloud.io>
* Update content/en/docs/tasks/tools/install-kubectl-linux.md
Co-authored-by: Michael <haifeng.yao@daocloud.io>
---------
Co-authored-by: Michael <haifeng.yao@daocloud.io>
2023-10-09 09:05:47 +02:00
e822502654
Update jq link
2023-10-03 12:55:01 +00:00
a1d91e05a4
Revise etcd task prerequisites to remove playground envs
...
The etcd operation and maintenance job is not supposed to
run on the playground environments.
2023-10-03 13:28:45 +08:00
b3cb227378
Remove redundant text
2023-09-29 11:44:10 +01:00
8a5f322c50
Fix kubelet-config-name
2023-09-28 12:50:35 +00:00
d725c81a78
Added a note on Cloud Controller Manager Administration page to clarify --cloud-provider argument usage ( #43010 )
...
* added a note on --cloud-provider argument usage
* Rephrased the sentance with generic meaning as per review comments
* updated a minor grammar nit
* move the note to above first point to make it clear.
* rephrased the text
* Updated indentation
* updated with miner nit
2023-09-27 10:12:10 -07:00
27473c3381
Add eviction thresholds parameters
...
Update content/en/docs/tasks/administer-cluster/kubelet-config-file.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-09-27 14:38:55 +05:30
3039a756c6
Merge pull request #43053 from tzneal/recommend-drain-before-any-kubelet-upgrade
...
recommend draining the node before updating kubelet
2023-09-26 02:49:19 -07:00
e6eb4d4aaf
Fix a link in kubeadm-certs
2023-09-21 09:43:12 +08:00
21de51932e
Merge pull request #42764 from sftim/20230828_link_kubeadm_certs_rbac
...
Link from kubeadm mention of RBAC to authz docs
2023-09-20 17:21:55 -07:00
20cfb80cf9
recommend draining the node before updating kubelet
...
This change clarifies that the node should be drained even when
performing patch upgrades of kubelet.
2023-09-20 17:32:46 -05:00
355f158d1f
Link from kubeadm mention of RBAC to authz docs
...
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-09-20 18:22:48 +01:00
70b445f2b8
Merge pull request #42690 from everonline/everonline-patch-1
...
Replace misleading info about Alpine and DNS lookups
2023-09-18 10:30:32 -07:00
bdf538c2cd
Merge pull request #42922 from sftim/20230906_document_decrypting_api_encryption_at_rest
...
Split at-rest decryption into its own page
2023-09-18 10:18:32 -07:00
8a615e7324
Merge pull request #43028 from sotoiwa/issue-43027
...
Fix incorrect parameter name
2023-09-13 17:58:11 -07:00
5826a44cff
Fix incorrect parameter name
2023-09-13 16:01:10 +09:00
68370ff051
Add SBOM verification to docs
...
It's possible to verify the SBOM after the modification if sbom.k8s.io
in: https://github.com/kubernetes/k8s.io/pull/5763
How to do that is now documented as part of the "Verify Signed
Artifacts" page.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2023-09-12 09:10:04 +02:00
3613a659e0
Merge pull request #42882 from sftim/20220428_revise_encryption_at_rest_table_rework
...
Update encryption-at-rest task page
2023-09-06 12:52:52 -07:00
e31c847e25
Split at-rest decryption into its own page
2023-09-06 20:41:31 +01:00
3aade83e13
List available API encryption providers
...
Improve existing list of providers for API encryption at rest.
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-09-05 17:46:40 +01:00
55d5b54937
Make a section for writing the config file
...
Promote creating the encryption configuration file to have its own page
heading.
2023-09-05 17:46:40 +01:00
e8b136c3b3
Use code_sample shortcode instead of code shortcode
2023-09-05 17:10:14 +08:00
2b973a9c96
Merge pull request #42883 from sftim/20220428_revise_encryption_at_rest_table_rework_2
...
Update encryption-at-rest task page
2023-09-04 17:45:48 -07:00
8f4cb28d94
Fix typo in encrypt-data.md
2023-09-05 00:30:52 +02:00
eaf4c4e913
Clarify how to ensure objects are encrypted
2023-09-04 18:15:58 +01:00
07f224714a
Fix links
...
This PR fixes some link errors as discovered by the `linkchecker.py` tool.
2023-08-31 21:11:57 +08:00
485097b39c
Clean up change-package-repository.md
2023-08-29 15:27:57 +08:00
6fddc6d685
Update dns-debugging-resolution.md
2023-08-23 13:23:17 +01:00
a203814740
Update encrypt-data.md
...
Fix typo on new encryption config file example
2023-08-17 08:28:18 -06:00
a03a79a1e2
Merge pull request #42586 from windsonsea/kubelety
...
Replace Kubelet with kubelet in kubelet-config-file.md
2023-08-17 00:28:20 -07:00
b6c31f4e18
Replace Kubelet with kubelet in kubelet-config-file.md
2023-08-17 09:52:37 +08:00
dffb9673b2
Fix a typo * in upgrading-linux-nodes.md
2023-08-16 21:31:59 +08:00
e18a69c5ed
KEP-3983: add documentation for kubelet drop in directory ( #42013 )
...
Signed-off-by: Peter Hunt <pehunt@redhat.com>
2023-08-11 11:15:26 -07:00
d8b3099692
Drop links to blog article
...
It is OK to revert this commit once the date for the associated blog
article is confirmed.
2023-08-10 22:51:39 +01:00
de5a39b654
Fix blog post links
...
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
2023-08-10 12:42:08 +03:00
b9f0cbcf9a
Typo fixes
...
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
2023-08-10 12:42:08 +03:00
f34d608b92
Make upgrade commands compatible with both repos
...
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
2023-08-10 12:42:08 +03:00
fcadec411a
Replace TBD links with the blog post link
...
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
2023-08-10 12:42:08 +03:00
08cac8cf08
Address review comments
...
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
2023-08-10 12:42:06 +03:00
c206802a2e
Update package manager instructions with community-hosted repos
...
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
2023-08-10 12:41:09 +03:00
7fb0cf6924
KMS doc updates for v1.28
...
Signed-off-by: Monis Khan <mok@microsoft.com>
2023-08-09 15:00:11 -04:00
20b43d6095
Merge branch 'main' into 'dev-1.28'
2023-08-09 11:13:31 +01:00
847839252f
Merge pull request #42160 from marquiz/devel/cgroup-driver-autoconfig-dev-1.28
...
docs: document kubelet cgroup driver detection from the runtime
2023-08-05 06:30:31 -07:00
fa73830e0b
docs: another change of wording of k8s versioning
2023-08-04 14:06:35 +03:00
1f525ced3e
Merge pull request #42330 from donhui/patch-5
...
Mention kube-node-lease namespace in Namespaces concept
2023-08-02 10:36:41 -07:00
973280594f
add kube-node-lease namespace
...
keep pace with https://github.com/kubernetes/website/blob/main/content/en/docs/concepts/overview/working-with-objects/namespaces.md
2023-08-01 17:31:30 +08:00
Tim Bannister
Kubernetes Prow Robot
Chuck Bronson
PrashantDesale2004
PrashantDesale2004
John Huang
hunshcn
Qiming Teng
Takashiidobe
steve-hardman
windsonsea
Tobias
Aditya Samant
Kat Cosgrove
Dipesh Rawat
Denis GERMAIN
Lubomir I. Ivanov
Chris Henzie
Anish Ramasekar
Marko Mudrinić
ptrovatelli
Clément Nussbaumer
Marlow Weston
Raul Mahiques
lakshmi prasuna
Mohammed Affan
Todd Neal
sotoiwa
Sascha Grunert
Mengjiao Liu
Andrii Abramov
everonline
gerardo romero niño
Peter Hunt
Monis Khan
Markus Lehtonen
donghui