Merge branch 'kubernetes:main' into branch_temp

content/bn/docs/reference/glossary/index.md

@@ -1,7 +1,11 @@
 ---
+# approvers:
+# - chenopis
+# - abiogenesis-now  ( The list of approvers is not necessary for the localized version. However, it is included because it helps maintain a certain line break, which further aids in updating a file.That's why it's kept in comment form. )
 title: শব্দকোষ
 layout: glossary
 noedit: true
+body_class: glossary
 default_active_tag: fundamental
 weight: 5
 card:

content/en/blog/_posts/2024-02-22-k8s-book-club/index.md

@@ -1,4 +1,4 @@
-------
+---
 layout: blog
 title: "A look into the Kubernetes Book Club"
 slug: k8s-book-club
@@ -106,8 +106,7 @@ Book Club's reach and impact in the community.
 
 **CS**: There are three steps to join:
 
-- First, join the [Kubernetes Book Club
-  Community](https://community.cncf.io/kubernetes-virtual-book-club/)
+- First, join the [Kubernetes Book Club Community](https://community.cncf.io/kubernetes-virtual-book-club/)
 - Then RSVP to the
   [events](https://community.cncf.io/kubernetes-virtual-book-club/)
   on the community page
@@ -117,10 +116,10 @@ Book Club's reach and impact in the community.
 **FSM**: Excellent, thank you! Any final comments you would like to share?
 
 **CS**: The Kubernetes Book Club is more than just a group of professionals discussing books; it's a
-vibrant community and amazing volunteers that help organize and host [Neependra
-Khare](https://www.linkedin.com/in/neependra/), [Eric
-Smalling](https://www.linkedin.com/in/ericsmalling/), [Sevi
-Karakulak](https://www.linkedin.com/in/sevikarakulak/), [Chad
-M. Crowell](https://www.linkedin.com/in/chadmcrowell/), and [Walid (CNJ)
-Shaari](https://www.linkedin.com/in/walidshaari/). Look us up at KubeCon and get your Kubernetes
-Book Club sticker!
+vibrant community and amazing volunteers that help organize and host
+[Neependra Khare](https://www.linkedin.com/in/neependra/),
+[Eric Smalling](https://www.linkedin.com/in/ericsmalling/),
+[Sevi Karakulak](https://www.linkedin.com/in/sevikarakulak/),
+[Chad M. Crowell](https://www.linkedin.com/in/chadmcrowell/),
+and [Walid (CNJ) Shaari](https://www.linkedin.com/in/walidshaari/).
+Look us up at KubeCon and get your Kubernetes Book Club sticker!

content/en/blog/_posts/2024-05-20-cloud-provider-migration.md

@@ -0,0 +1,88 @@
+---
+layout: blog
+title: 'Completing the largest migration in Kubernetes history'
+date: 2024-05-20
+slug: completing-cloud-provider-migration
+author: >
+  Andrew Sy Kim (Google),
+  Michelle Au (Google),
+  Walter Fender (Google),
+  Michael McCune (Red Hat)
+---
+
+Since as early as Kubernetes v1.7, the Kubernetes project has pursued the ambitious goal of removing built-in cloud provider integrations ([KEP-2395](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cloud-provider/2395-removing-in-tree-cloud-providers/README.md)).
+While these integrations were instrumental in Kubernetes' early development and growth, their removal was driven by two key factors:
+the growing complexity of maintaining native support for every cloud provider across millions of lines of Go code, and the desire to establish
+Kubernetes as a truly vendor-neutral platform.
+
+After many releases, we're thrilled to announce that all cloud provider integrations have been successfully migrated from the core Kubernetes repository to external plugins.
+In addition to achieving our initial objectives, we've also significantly streamlined Kubernetes by removing roughly 1.5 million lines of code and reducing the binary sizes of core components by approximately 40%.
+
+This migration was a complex and long-running effort due to the numerous impacted components and the critical code paths that relied on the built-in integrations for the
+five initial cloud providers: Google Cloud, AWS, Azure, OpenStack, and vSphere. To successfully complete this migration, we had to build four new subsystems from the ground up:
+
+1. **Cloud controller manager** ([KEP-2392](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cloud-provider/2392-cloud-controller-manager/README.md))
+1. **API server network proxy** ([KEP-1281](https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/1281-network-proxy))
+1. **kubelet credential provider plugins** ([KEP-2133](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2133-kubelet-credential-providers))
+1. **Storage migration to use [CSI](https://github.com/container-storage-interface/spec?tab=readme-ov-file#container-storage-interface-csi-specification-)** ([KEP-625](https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/625-csi-migration/README.md))
+
+Each subsystem was critical to achieve full feature parity with built-in capabilities and required several releases to bring each subsystem to GA-level maturity with a safe and
+reliable migration path. More on each subsystem below.
+
+### Cloud controller manager
+
+The cloud controller manager was the first external component introduced in this effort, replacing functionality within the kube-controller-manager and kubelet that directly interacted with cloud APIs.
+This essential component is responsible for initializing nodes by applying metadata labels that indicate the cloud region and zone a Node is running on, as well as IP addresses that are only known to the cloud provider.
+Additionally, it runs the service controller, which is responsible for provisioning cloud load balancers for Services of type LoadBalancer.
+
+![Kubernetes components](/images/docs/components-of-kubernetes.svg)
+
+To learn more, read [Cloud Controller Manager](/docs/concepts/architecture/cloud-controller/) in the Kubernetes documentation.
+
+### API server network proxy
+
+The API Server Network Proxy project, initiated in 2018 in collaboration with SIG API Machinery, aimed to replace the SSH tunneler functionality within the kube-apiserver.
+This tunneler had been used to securely proxy traffic between the Kubernetes control plane and nodes, but it heavily relied on provider-specific implementation details embedded in the kube-apiserver to establish these SSH tunnels.
+
+Now, the API Server Network Proxy is a GA-level extension point within the kube-apiserver. It offers a generic proxying mechanism that can route traffic from the API server to nodes through a secure proxy,
+eliminating the need for the API server to have any knowledge of the specific cloud provider it is running on. This project also introduced the Konnectivity project, which has seen growing adoption in production environments.
+
+You can learn more about the API Server Network Proxy from its [README](https://github.com/kubernetes-sigs/apiserver-network-proxy#readme).
+
+### Credential provider plugins for the kubelet
+
+The Kubelet credential provider plugin was developed to replace the kubelet's built-in functionality for dynamically fetching credentials for image registries hosted on Google Cloud, AWS, or Azure.
+The legacy capability was convenient as it allowed the kubelet to seamlessly retrieve short-lived tokens for pulling images from GCR, ECR, or ACR. However, like other areas of Kubernetes, supporting
+this required the kubelet to have specific knowledge of different cloud environments and APIs.
+
+Introduced in 2019, the credential provider plugin mechanism offers a generic extension point for the kubelet to execute plugin binaries that dynamically provide credentials for images hosted on various clouds.
+This extensibility expands the kubelet's capabilities to fetch short-lived tokens beyond the initial three cloud providers.
+
+To learn more, read [kubelet credential provider for authenticated image pulls](/docs/concepts/containers/images/#kubelet-credential-provider).
+
+### Storage plugin migration from in-tree to CSI
+
+The Container Storage Interface (CSI) is a control plane standard for managing block and file storage systems in Kubernetes and other container orchestrators that went GA in 1.13.
+It was designed to replace the in-tree volume plugins built directly into Kubernetes with drivers that can run as Pods within the Kubernetes cluster.
+These drivers communicate with kube-controller-manager storage controllers via the Kubernetes API, and with kubelet through a local gRPC endpoint.
+Now there are over 100 CSI drivers available across all major cloud and storage vendors, making stateful workloads in Kubernetes a reality.
+
+However, a major challenge remained on how to handle all the existing users of in-tree volume APIs. To retain API backwards compatibility,
+we built an API translation layer into our controllers that will convert the in-tree volume API into the equivalent CSI API. This allowed us to redirect all storage operations to the CSI driver,
+paving the way for us to remove the code for the built-in volume plugins without removing the API.
+
+You can learn more about In-tree Storage migration in [Kubernetes In-Tree to CSI Volume Migration Moves to Beta](https://kubernetes.io/blog/2019/12/09/kubernetes-1-17-feature-csi-migration-beta/).
+
+## What's next?
+
+This migration has been the primary focus for SIG Cloud Provider over the past few years. With this significant milestone achieved, we will be shifting our efforts towards exploring new
+and innovative ways for Kubernetes to better integrate with cloud providers, leveraging the external subsystems we've built over the years. This includes making Kubernetes smarter in
+hybrid environments where nodes in the cluster can run on both public and private clouds, as well as providing better tools and frameworks for developers of external providers to simplify and streamline their integration efforts.
+
+With all the new features, tools, and frameworks being planned, SIG Cloud Provider is not forgetting about the other side of the equation: testing. Another area of focus for the SIG's future activities is the improvement of
+cloud controller testing to include more providers. The ultimate goal of this effort being to create a testing framework that will include as many providers as possible so that we give the Kubernetes community the highest
+levels of confidence about their Kubernetes environments.
+
+If you're using a version of Kubernetes older than v1.29 and haven't migrated to an external cloud provider yet, we recommend checking out our previous blog post [Kubernetes 1.29: Cloud Provider Integrations Are Now Separate Components](/blog/2023/12/14/cloud-provider-integration-changes/).It provides detailed information on the changes we've made and offers guidance on how to migrate to an external provider. Starting in v1.31, in-tree cloud providers will be permanently disabled and removed from core Kubernetes components.
+
+If you’re interested in contributing, come join our [bi-weekly SIG meetings](https://github.com/kubernetes/community/tree/master/sig-cloud-provider#meetings)!

content/en/docs/reference/command-line-tools-reference/feature-gates/api-self-subject-review.md

@@ -18,6 +18,8 @@ stages:
   - stage: stable
     defaultValue: true
     fromVersion: "1.28"  
+    toVersion: "1.29"
+removed: true
 ---
 Activate the `SelfSubjectReview` API which allows users
 to see the requesting subject's authentication information.

content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-file.md

@@ -21,6 +21,8 @@ stages:
   - stage: stable
     defaultValue: true
     fromVersion: "1.26"  
+    toVersion: "1.29" 
+removed: true
 ---
 Enables shims and translation logic to route volume
 operations from the Azure-File in-tree plugin to AzureFile CSI plugin.

content/en/docs/reference/command-line-tools-reference/feature-gates/expanded-dns-config.md

@@ -17,6 +17,8 @@ stages:
   - stage: stable
     defaultValue: true
     fromVersion: "1.28"  
+    toVersion: "1.29" 
+removed: true
 ---
 Enable kubelet and kube-apiserver to allow more DNS
 search paths and longer list of DNS search paths. This feature requires container

content/en/docs/reference/command-line-tools-reference/feature-gates/experimental-host-user-namespace-defaulting.md

@@ -13,6 +13,8 @@ stages:
   - stage: deprecated
     defaultValue: false
     fromVersion: "1.28"  
+    toVersion: "1.29" 
+removed: true
 ---
 Enabling the defaulting user
 namespace to host. This is for containers that are using other host namespaces,

content/en/docs/reference/command-line-tools-reference/feature-gates/ip-tables-ownership-cleanup.md

@@ -17,5 +17,7 @@ stages:
   - stage: stable
     defaultValue: true
     fromVersion: "1.28" 
+    toVersion: "1.29" 
+removed: true
 ---
 This causes kubelet to no longer create legacy iptables rules.

content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get-allocatable.md

@@ -17,6 +17,8 @@ stages:
   - stage: stable
     defaultValue: true
     fromVersion: "1.28" 
+    toVersion: "1.29" 
+removed: true
 ---
 Enable the kubelet's pod resources
 `GetAllocatableResources` functionality. This API augments the

content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources.md

@@ -17,6 +17,8 @@ stages:
   - stage: stable
     defaultValue: true
     fromVersion: "1.28"  
+    toVersion: "1.29" 
+removed: true
 ---
 Enable the kubelet's pod resources gRPC endpoint. See
 [Support Device Monitoring](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/606-compute-device-assignment/README.md)

content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-tracking.md

@@ -17,7 +17,8 @@ stages:
   - stage: stable
     defaultValue: true
     fromVersion: "1.28"  
-
+    toVersion: "1.29" 
+removed: true
 ---
 Track usage of Secret-based
 [service account tokens](/docs/concepts/security/service-accounts/#get-a-token).

content/en/docs/reference/command-line-tools-reference/feature-gates/minimize-ip-tables-restore.md

@@ -17,6 +17,8 @@ stages:
   - stage: stable
     defaultValue: true
     fromVersion: "1.28" 
+    toVersion: "1.29" 
+removed: true
 ---
 Enables new performance improvement logics
 in the kube-proxy iptables mode.

content/en/docs/reference/command-line-tools-reference/feature-gates/proxy-terminating-endpoints.md

@@ -17,6 +17,8 @@ stages:
   - stage: stable
     defaultValue: true
     fromVersion: "1.28"  
+    toVersion: "1.29" 
+removed: true
 ---
 Enable the kube-proxy to handle terminating
 endpoints when `ExternalTrafficPolicy=Local`.

content/en/docs/reference/command-line-tools-reference/feature-gates/security-context-deny.md

@@ -9,5 +9,7 @@ stages:
   - stage: alpha 
     defaultValue: false
     fromVersion: "1.27"
+    toVersion: "1.29"
+removed: true
 ---
 This gate signals that the `SecurityContextDeny` admission controller is deprecated.

content/en/docs/reference/scheduling/config.md

@@ -217,9 +217,11 @@ If a Pod doesn't specify a scheduler name, kube-apiserver will set it to
 to get those pods scheduled.
 
 {{< note >}}
-Pod's scheduling events have `.spec.schedulerName` as the ReportingController.
-Events for leader election use the scheduler name of the first profile in the
-list.
+Pod's scheduling events have `.spec.schedulerName` as their `reportingController`.
+Events for leader election use the scheduler name of the first profile in the list.
+
+For more information, please refer to the `reportingController` section under
+[Event API Reference](/docs/reference/kubernetes-api/cluster-resources/event-v1/).
 {{< /note >}}
 
 {{< note >}}

content/en/docs/tasks/administer-cluster/kubelet-config-file.md

@@ -115,11 +115,10 @@ The suffix of a valid kubelet drop-in configuration file **must** be `.conf`. Fo
 The kubelet processes files in its config drop-in directory by sorting the **entire file name** alphanumerically.
 For instance, `00-kubelet.conf` is processed first, and then overridden with a file named `01-kubelet.conf`.
 
-These files may contain partial configurations and might not be valid config files by themselves.
-Validation is only performed on the final resulting configuration structure
-stored internally in the kubelet.
-This offers you flexibility in how you manage and combine kubelet configuration that comes from different sources.
-However, it's important to note that the behavior varies based on the data type of the configuration fields.
+These files may contain partial configurations but should not be invalid and must include type metadata, specifically `apiVersion` and `kind`. 
+Validation is only performed on the final resulting configuration structure stored internally in the kubelet. 
+This offers flexibility in managing and merging kubelet configurations from different sources while preventing undesirable configurations. 
+However, it is important to note that behavior varies based on the data type of the configuration fields.
 
 Different data types in the kubelet configuration structure merge differently. See the
 [reference document](/docs/reference/node/kubelet-config-directory-merging.md)

content/en/docs/tasks/tools/install-kubectl-linux.md

@@ -130,7 +130,7 @@ The following methods exist for installing kubectl on Linux:
    ```shell
    sudo apt-get update
    # apt-transport-https may be a dummy package; if so, you can skip that package
-   sudo apt-get install -y apt-transport-https ca-certificates curl
+   sudo apt-get install -y apt-transport-https ca-certificates curl gnupg
    ```
 
 2. Download the public signing key for the Kubernetes package repositories. The same signing key is used for all repositories so you can disregard the version in the URL:

content/en/docs/tutorials/hello-minikube.md

@@ -114,6 +114,8 @@ recommended way to manage the creation and scaling of Pods.
     hello-node   1/1     1            1           1m
     ```
 
+    (It may take some time for the pod to become available. If you see "0/1", try again in a few seconds.)
+
 1. View the Pod:
 
     ```shell

content/ja/docs/reference/_index.md

@@ -23,9 +23,9 @@ no_list: true
 * [API アクセスコントロール](/docs/reference/access-authn-authz/) - KubernetesがAPIアクセスをどのように制御するかの詳細です。
 * [よく知られたラベル、アノテーション、テイント](/docs/reference/labels-annotations-taints/)
 
-## 公式にサポートされているクライアントライブラリー
+## 公式にサポートされているクライアントライブラリ
 
-プログラミング言語からKubernetesのAPIを呼ぶためには、[クライアントライブラリー](/docs/reference/using-api/client-libraries/)を使うことができます。公式にサポートしているクライアントライブラリー:
+プログラミング言語からKubernetesのAPIを呼ぶためには、[クライアントライブラリ](/docs/reference/using-api/client-libraries/)を使うことができます。公式にサポートしているクライアントライブラリ:
 
 - [Kubernetes Go client library](https://github.com/kubernetes/client-go/)
 - [Kubernetes Python client library](https://github.com/kubernetes-client/python)

content/ja/docs/tutorials/hello-minikube.md

@@ -2,12 +2,6 @@
 title: Hello Minikube
 content_type: tutorial
 weight: 5
-menu:
-  main:
-    title: "Get Started"
-    weight: 10
-    post: >
-      <p>手を動かす準備はできていますか？本チュートリアルでは、サンプルアプリケーションを実行するKubernetesクラスターをビルドします。</p>
 card: 
   name: tutorials
   weight: 10

content/pt-br/blog/_index.md

@@ -4,7 +4,5 @@ linkTitle: Blog
 menu:
   main:
     title: "Blog"
-    weight: 40
-    post: >
-       <p>Leia as últimas novidades sobre Kubernetes e contêineres em geral, e obtenha detalhes técnicos atualizados</p>
+    weight: 20
 ---

content/pt-br/case-studies/_index.md

@@ -6,4 +6,7 @@ abstract: Alguns usuários que estão executando o Kubernetes em produção.
 layout: basic
 class: gridPage
 cid: caseStudies
+menu:
+  main:
+    weight: 60
 ---

content/pt-br/community/_index.html

@@ -3,6 +3,9 @@
 layout: basic
 cid: community
 community_styles_migrated: true
+menu:
+  main:
+    weight: 50
 ---
 <img
   id="banner"

content/pt-br/docs/home/_index.md

@@ -14,8 +14,6 @@ menu:
   main:
     title: "Documentação"
     weight: 20
-    post: >
-      <p>Aprenda a usar o Kubernetes com documentação conceitual, tutorial e de referência. Você também pode <a href="/editdocs/" data-auto-burger-exclude>ajudar a contribuir para a documentação</a>!</p>
 overview: >
   O Kubernetes é uma engine de orquestração de contêineres Open Source utilizado para automatizar a implantação, dimensionamento e gerenciamento de aplicativos em contêiner. O projeto é hospedado por the Cloud Native Computing Foundation (<a href="https://www.cncf.io/about">CNCF</a>).
 cards:

content/pt-br/docs/tutorials/hello-minikube.md

@@ -2,12 +2,6 @@
 title: Olá, Minikube!
 content_type: tutorial
 weight: 5
-menu:
-  main:
-    title: "Iniciar"
-    weight: 10
-    post: >
-      <p>Pronto para meter a mão na massa? Vamos criar um cluster Kubernetes simples e executar uma aplicação exemplo.</p>
 card:
   name: tutorials
   weight: 10

content/pt-br/partners/_index.html

@@ -4,6 +4,10 @@
 abstract: Crescendo o ecossistema do Kubernetes.
 class: gridPage
 cid: parceiros
+body_class: partners
+menu:
+  main:
+    weight: 40
 ---
 
 <section id="users">

content/uk/docs/tutorials/hello-minikube.md

@@ -3,15 +3,6 @@
 title: Привіт Minikube
 content_type: tutorial
 weight: 5
-menu:
-  main:
-    #title: "Get Started"
-    title: "Початок роботи"
-    weight: 10
-    #post: >
-      #<p>Ready to get your hands dirty? Build a simple Kubernetes cluster that runs "Hello World" for Node.js.</p>
-    post: >
-      <p>Готові попрацювати? Створимо простий Kubernetes кластер для запуску Node.js застосунку "Hello World".</p>
 card: 
   #name: tutorials
   name: навчальні матеріали