ddb784aab1
certificates.md: add note about system:masters in apiserver cert
...
The kube-apiserver flag --kubelet-client-certificate
accepts a client certificate (kube-apiserver-kubelet-client.crt)
to connect to the kubelet. There is no need for this certificate
to have "system:masters" as "O" in the Subject, instead it
can be a less privileged group like kubeadm's "kubeadm:cluster-admins".
2023-11-10 15:17:26 +02:00
a9478b46ac
kubeadm: introduce documentation changes for super-admin.conf
...
- Update most pages where the kubeadm generated admin.conf
is discussed. Include information about the new file "super-admin.conf".
2023-10-30 11:57:44 +02:00
09e58a5589
"Validate node setup page mentions Docker as a container runtime"
2023-09-13 14:13:03 +05:30
cacc356fc5
remove "O=system:masters" from "kube-apiserver-etcd-client".md
...
> https://kubernetes.io/docs/setup/best-practices/certificates/#all-certificates
According to the documentation, the `kube-apiserver-etcd-client` certificate requires `O=system:masters`, but how can it be needed if etcd doesn't take this into account?
Perhaps `O=system:masters` should be removed for the `kube-apiserver-etcd-client` certificate and then I can create an issue on the kubeadm repo like like [the one](https://github.com/kubernetes/kubeadm/issues/2915 ) I created earlier.
2023-09-07 23:01:16 +03:00
32168d3e91
Add Commas with large numbers to assist the reader.
2023-01-12 17:52:59 +08:00
e559351d61
Merge pull request #38194 from T-Lakshmi/doc-cluster-large
...
updated the format of What's next section in cluster-large.md file
2023-01-03 17:09:59 -08:00
227cb354a9
Normalize the markdown for the certificates.md page
2022-12-17 17:21:02 +08:00
c5713f2db0
Replace source code reference by reference to k8s API type
...
This PR updates the certificates.md file by replacing a reference to
source code with a reference to the k8s API type.
2022-12-17 17:12:51 +08:00
aa98b4556f
Update content/en/docs/setup/best-practices/cluster-large.md
...
Rephrased the vertical pod Autoscaler reference point under what's next section.
Co-authored-by: Ritika <52399571+Ritikaa96@users.noreply.github.com>
2022-12-01 13:06:05 +05:30
f65f27fce5
updated the formate of What's next section in cluster-large.md file
2022-11-30 18:48:13 +05:30
474d89721e
KubeCon Docs Sprint: Update Weights for Setup and Subfolders
2022-10-24 12:55:54 -04:00
1ab76fba82
Bump the feature state of the Pod Security plugin to stable
2022-09-22 15:12:19 +02:00
ba857ccda1
Update content/en/docs/setup/best-practices/enforcing-pod-security-standards.md
2022-09-20 21:58:41 +05:30
a180cd6853
Update docs to reference new container image registry
...
k8s.gcr.io is deprecated in favor of registry.k8s.io. The kubernetes
codebase have been updated with the new endpoint.
Ref: https://github.com/kubernetes/k8s.io/issues/3411
Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
2022-08-18 16:35:26 +02:00
6700656cb4
Move Pod Topology Spread Constraints into scheduling
...
These constraints apply specifically to the mechanism for placing Pods
onto nodes (that is, scheduling).
2022-07-14 23:59:05 +01:00
090803440d
Merge pull request #33130 from tengqm/move-kubelet-authn-authz
...
Move kubelet authn authz
2022-06-07 19:11:49 -07:00
8170154a6e
Merge pull request #31849 from mk46/fp_31667
...
Remove --pod-cidr from docs
2022-04-29 16:21:12 -07:00
a3ea9f4caf
Update references to the kubelet security files
...
This commit updates all the existing references to the files move in the previous commit.
2022-04-23 14:32:19 +08:00
e65201a5b3
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-04-11 09:31:28 -07:00
9169cc8ebc
Merge pull request #32791 from jihoon-seo/220407_Replace_Go_Doc_URL_with_pkg.go.dev
...
Replace Go Doc URL with `pkg.go.dev`
2022-04-08 16:06:04 -07:00
eb53819201
Fix minor typo in certificates.md
2022-04-08 12:08:55 +03:00
b16e2bc7f4
Replace Go Doc URL with pkg.go.dev
2022-04-07 11:22:38 +09:00
7c67921f3f
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-03-28 08:48:23 -07:00
f5e8071030
Merge pull request #30588 from dialogbox/patch-2
...
Update certificates.md
2022-03-24 23:23:50 -07:00
2cca1a2f85
Update content/en/docs/setup/best-practices/certificates.md
...
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2022-03-06 09:39:02 +09:00
b7f8b0daae
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-02-28 16:18:31 -08:00
9e10d98d07
add options
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-02-23 17:58:26 -08:00
0673b89cd4
follow-up of #31667
2022-02-23 01:12:29 +05:30
7fc89637f3
Removed kubenet reference
2022-02-22 18:59:32 +05:30
15bc0c7621
Improvement: Updated FEATURE STATE of PodSecurityAdmission.
2022-01-19 18:04:52 +05:30
bd6dd9b58e
kube-etcd certificate requires additional SAN's
2021-12-02 17:33:50 +01:00
e0fdee6b0d
Update certificates.md
...
[kubelet has client and server certificates](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/#client-and-serving-certificates ).
But this page only mentions kubelet client certificate. I linked to the [page](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/#client-and-serving-certificates ) because I couldn't find the doc about what are those `certain features`. Please suggest a better link if there are any.
2021-11-22 15:19:13 +09:00
2a84b55424
Add file paths to keys and certificates ( #28367 )
...
* Adding diagrams to certificates page
* Cropped diagrams
* Changed diagrams to tree output
* Formatting fix
* Fixed text block markup and spacing
* Changed tree view of files to full-path view
* Changed order of two cert files
* Broke up links into separate sentences, per review comment
* More changes per review comments
2021-10-07 17:41:50 -07:00
252c44c53d
Merge master into dev-1.22 to keep in sync
2021-07-29 15:40:32 +03:00
e0d4b53b1c
incorporating initial round of feedback
2021-07-21 15:33:46 +00:00
1df00698d4
Update addon resizer in cluster-large.md
2021-06-17 18:36:05 +05:30
3540214344
Merge pull request #28152 from JayKayy/master
...
Update default node pod limits for large cluster
2021-06-12 09:17:00 -07:00
dfaefa54aa
Nit: Fix hrefs of some links
2021-06-03 06:20:26 +09:00
8c4a748db1
Update default pod limits
...
This update modifies the "pods-per-node" recommendation to align with the default Kubernetes setting of 110 pods per node.
2021-05-28 09:10:47 -04:00
415468a1a3
Added links to etcd content
2021-05-17 14:25:45 +00:00
3ff5ec1eff
clean up use of word: just
2021-03-17 19:57:40 -04:00
a9254a9836
Replace redirect links of labels-annotations-taints
2021-03-10 15:01:58 +09:00
e7a25a823c
Replace redirect links of kubeadm
...
/docs/reference/setup-tools/kubeadm/kubeadm/ is redirected to
/docs/reference/setup-tools/kubeadm/
This replaces the redirect links of kubeadm with the direct links.
2021-03-05 22:45:48 +00:00
2346581566
Fix some spell checking
...
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
2021-01-24 16:27:42 -03:00
a6e8f8bca1
Revise multiple zones
2020-12-02 12:52:30 +08:00
cbffc023e9
Fix broken url in docs
2020-11-27 04:27:04 +00:00
ce40d8da83
Merge pull request #24538 from Cweiping/feature/fix_node-conformance_apiserver_adress_error
...
fix node-conformance apiserver adress flag error
2020-11-16 18:46:04 -08:00
e245787641
fix node-conformance apiserver adress error
...
Signed-off-by: Weiping Cai <weiping.cai@daocloud.io>
2020-11-17 10:11:45 +08:00
56cf8f59f0
Merge pull request #24424 from sftim/20201007_large_cluster_guidance
...
Revise large cluster guidance
2020-11-10 18:37:48 -08:00
f80591272c
Add advice about control plane resilience for large clusters
2020-11-05 17:33:39 +00:00
Lubomir I. Ivanov
niranjandarshann
nnlkcncff
Paco Xu
Kubernetes Prow Robot
Qiming Teng
lakshmi prasuna
Cailyn Edwards
mtardy
kadtendulkar
Arnaud Meukam
Tim Bannister
Nate W
Konstantinos Tsakalozos
Jihoon Seo
Jason Kim (Jun Chul Kim)
Jim Bugwadia
Manish Kumar
Shubham Kuchhal
dgengtek
Chris Negus
Victor Palade
Samuel Roth
vaibhav
John Kwiatkoski
Karen Bradshaw
Yuiko Mouri
Kenichi Omichi
Ricardo Pchevuzinske Katz
Jie Shen
Saintmalik
Weiping Cai