From 3325f2e7592130348d78d6bfdb03aabe616ef4d6 Mon Sep 17 00:00:00 2001 From: lorenzogrv Date: Wed, 10 Apr 2024 06:13:16 +0200 Subject: [PATCH 01/27] kubectl debian install guide On a bare-metal Debian 12 clean install, gnupg is needed. Maybe it should be noted with prose --- content/en/docs/tasks/tools/install-kubectl-linux.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/tasks/tools/install-kubectl-linux.md b/content/en/docs/tasks/tools/install-kubectl-linux.md index 57af2f5f6dfe1..23af5952d5557 100644 --- a/content/en/docs/tasks/tools/install-kubectl-linux.md +++ b/content/en/docs/tasks/tools/install-kubectl-linux.md @@ -130,7 +130,7 @@ The following methods exist for installing kubectl on Linux: ```shell sudo apt-get update # apt-transport-https may be a dummy package; if so, you can skip that package - sudo apt-get install -y apt-transport-https ca-certificates curl + sudo apt-get install -y apt-transport-https ca-certificates curl gnupg ``` 2. Download the public signing key for the Kubernetes package repositories. The same signing key is used for all repositories so you can disregard the version in the URL: From 955d0329de2a2edd26829b9aabad62ffb863f5d4 Mon Sep 17 00:00:00 2001 From: Ravikanth C Date: Sun, 5 May 2024 14:00:03 +0530 Subject: [PATCH 02/27] Update config.md The note that said, "Pod's scheduling events have .spec.schedulerName as the ReportingController", is no longer true. I do not find the `spec.schedulerName` set to `ReportingController`. --- content/en/docs/reference/scheduling/config.md | 1 - 1 file changed, 1 deletion(-) diff --git a/content/en/docs/reference/scheduling/config.md b/content/en/docs/reference/scheduling/config.md index a0a34cb83a1e1..e4cfc981aaf7b 100644 --- a/content/en/docs/reference/scheduling/config.md +++ b/content/en/docs/reference/scheduling/config.md @@ -217,7 +217,6 @@ If a Pod doesn't specify a scheduler name, kube-apiserver will set it to to get those pods scheduled. {{< note >}} -Pod's scheduling events have `.spec.schedulerName` as the ReportingController. Events for leader election use the scheduler name of the first profile in the list. {{< /note >}} From 69a2a19c16093567d911be00ed3102d005911465 Mon Sep 17 00:00:00 2001 From: Ravikanth C Date: Wed, 15 May 2024 18:49:53 +0530 Subject: [PATCH 03/27] Update config.md update to the note based on PR feedback. --- content/en/docs/reference/scheduling/config.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/content/en/docs/reference/scheduling/config.md b/content/en/docs/reference/scheduling/config.md index e4cfc981aaf7b..004e2ba23f673 100644 --- a/content/en/docs/reference/scheduling/config.md +++ b/content/en/docs/reference/scheduling/config.md @@ -217,8 +217,9 @@ If a Pod doesn't specify a scheduler name, kube-apiserver will set it to to get those pods scheduled. {{< note >}} -Events for leader election use the scheduler name of the first profile in the -list. +Pod's scheduling events have `.spec.schedulerName` as the `ReportingController`. Events for leader election use the scheduler name of the first profile in the list. + +For more information, please refer to the `reportingController` section under [Event API Reference](https://kubernetes.io/docs/reference/kubernetes-api/cluster-resources/event-v1/). {{< /note >}} {{< note >}} From e823cf9e5cc181e7167d9231e3a68d08b117de0f Mon Sep 17 00:00:00 2001 From: Sohan Kunkerkar Date: Mon, 13 May 2024 12:17:14 -0400 Subject: [PATCH 04/27] Fix drop-in dir logic explaination Signed-off-by: Sohan Kunkerkar --- .../docs/tasks/administer-cluster/kubelet-config-file.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/content/en/docs/tasks/administer-cluster/kubelet-config-file.md b/content/en/docs/tasks/administer-cluster/kubelet-config-file.md index dcf0828c428bb..2353a2d966a68 100644 --- a/content/en/docs/tasks/administer-cluster/kubelet-config-file.md +++ b/content/en/docs/tasks/administer-cluster/kubelet-config-file.md @@ -115,11 +115,10 @@ The suffix of a valid kubelet drop-in configuration file **must** be `.conf`. Fo The kubelet processes files in its config drop-in directory by sorting the **entire file name** alphanumerically. For instance, `00-kubelet.conf` is processed first, and then overridden with a file named `01-kubelet.conf`. -These files may contain partial configurations and might not be valid config files by themselves. -Validation is only performed on the final resulting configuration structure -stored internally in the kubelet. -This offers you flexibility in how you manage and combine kubelet configuration that comes from different sources. -However, it's important to note that the behavior varies based on the data type of the configuration fields. +These files may contain partial configurations but should not be invalid and must include type metadata, specifically `apiVersion` and `kind`. +Validation is only performed on the final resulting configuration structure stored internally in the kubelet. +This offers flexibility in managing and merging kubelet configurations from different sources while preventing undesirable configurations. +However, it is important to note that behavior varies based on the data type of the configuration fields. Different data types in the kubelet configuration structure merge differently. See the [reference document](/docs/reference/node/kubelet-config-directory-merging.md) From 3649420a1e5e93986f731113ac43e9037e7572f6 Mon Sep 17 00:00:00 2001 From: Ravikanth C Date: Fri, 17 May 2024 06:04:13 +0530 Subject: [PATCH 05/27] Update content/en/docs/reference/scheduling/config.md Co-authored-by: Qiming Teng --- content/en/docs/reference/scheduling/config.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/en/docs/reference/scheduling/config.md b/content/en/docs/reference/scheduling/config.md index 004e2ba23f673..347eb56491027 100644 --- a/content/en/docs/reference/scheduling/config.md +++ b/content/en/docs/reference/scheduling/config.md @@ -217,7 +217,8 @@ If a Pod doesn't specify a scheduler name, kube-apiserver will set it to to get those pods scheduled. {{< note >}} -Pod's scheduling events have `.spec.schedulerName` as the `ReportingController`. Events for leader election use the scheduler name of the first profile in the list. +Pod's scheduling events have `.spec.schedulerName` as their `reportingController`. +Events for leader election use the scheduler name of the first profile in the list. For more information, please refer to the `reportingController` section under [Event API Reference](https://kubernetes.io/docs/reference/kubernetes-api/cluster-resources/event-v1/). {{< /note >}} From ebe94e4df4d47f22ee18785bb131dd121eecd3a0 Mon Sep 17 00:00:00 2001 From: Ravikanth C Date: Fri, 17 May 2024 06:04:28 +0530 Subject: [PATCH 06/27] Update content/en/docs/reference/scheduling/config.md Co-authored-by: Qiming Teng --- content/en/docs/reference/scheduling/config.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/en/docs/reference/scheduling/config.md b/content/en/docs/reference/scheduling/config.md index 347eb56491027..6b303beb39b9a 100644 --- a/content/en/docs/reference/scheduling/config.md +++ b/content/en/docs/reference/scheduling/config.md @@ -220,7 +220,8 @@ to get those pods scheduled. Pod's scheduling events have `.spec.schedulerName` as their `reportingController`. Events for leader election use the scheduler name of the first profile in the list. -For more information, please refer to the `reportingController` section under [Event API Reference](https://kubernetes.io/docs/reference/kubernetes-api/cluster-resources/event-v1/). +For more information, please refer to the `reportingController` section under +[Event API Reference](/docs/reference/kubernetes-api/cluster-resources/event-v1/). {{< /note >}} {{< note >}} From 62933cbbaaffb353efd09ded10711406ce108188 Mon Sep 17 00:00:00 2001 From: Junya Okabe Date: Fri, 17 May 2024 17:52:25 +0900 Subject: [PATCH 07/27] fix: content/ja/docs/reference/_index.md --- content/ja/docs/reference/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/ja/docs/reference/_index.md b/content/ja/docs/reference/_index.md index 798a5166bcd6a..6f37a0b30c1d1 100644 --- a/content/ja/docs/reference/_index.md +++ b/content/ja/docs/reference/_index.md @@ -23,9 +23,9 @@ no_list: true * [API アクセスコントロール](/docs/reference/access-authn-authz/) - KubernetesがAPIアクセスをどのように制御するかの詳細です。 * [よく知られたラベル、アノテーション、テイント](/docs/reference/labels-annotations-taints/) -## 公式にサポートされているクライアントライブラリー +## 公式にサポートされているクライアントライブラリ -プログラミング言語からKubernetesのAPIを呼ぶためには、[クライアントライブラリー](/docs/reference/using-api/client-libraries/)を使うことができます。公式にサポートしているクライアントライブラリー: +プログラミング言語からKubernetesのAPIを呼ぶためには、[クライアントライブラリ](/docs/reference/using-api/client-libraries/)を使うことができます。公式にサポートしているクライアントライブラリ: - [Kubernetes Go client library](https://github.com/kubernetes/client-go/) - [Kubernetes Python client library](https://github.com/kubernetes-client/python) From b515b2d86a6e6aed59440e7eeeb5adf44f4857e7 Mon Sep 17 00:00:00 2001 From: andrewsykim Date: Sun, 12 May 2024 23:40:11 -0400 Subject: [PATCH 08/27] add blog about cloud provider migration/removal Signed-off-by: andrewsykim --- .../2024-05-13-cloud-provider-migration.md | 86 +++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 content/en/blog/_posts/2024-05-13-cloud-provider-migration.md diff --git a/content/en/blog/_posts/2024-05-13-cloud-provider-migration.md b/content/en/blog/_posts/2024-05-13-cloud-provider-migration.md new file mode 100644 index 0000000000000..5107cd6e37925 --- /dev/null +++ b/content/en/blog/_posts/2024-05-13-cloud-provider-migration.md @@ -0,0 +1,86 @@ +--- +layout: blog +title: 'Completing the largest migration in Kubernetes history' +date: 2024-05-20 +slug: completing-cloud-provider-migration +author: > + Andrew Sy Kim (Google), + Michelle Au (Google), + Michael McCune (Red Hat) +--- + +Since as early as Kubernetes v1.7, the Kubernetes project has pursued the ambitious goal of removing built-in cloud provider integrations. +While these integrations were instrumental in Kubernetes' early development and growth, their removal was driven by two key factors: +the growing complexity of maintaining native support for every cloud provider across millions of lines of Go code, and the desire to establish +Kubernetes as a truly vendor-neutral platform. + +After many releases, we're thrilled to announce that all cloud provider integrations have been successfully migrated from the core Kubernetes repository to external plugins. +This migration was a complex and long-running effort due to the numerous impacted components and the critical code paths that relied on the built-in integrations for the +five initial cloud providers: Google Cloud, AWS, Azure, OpenStack, and vSphere. To successfully complete this migration, we had to build four new subsystems from the ground up: + +1. [Cloud Controller Manager](https://kubernetes.io/docs/concepts/architecture/cloud-controller/) +2. [API Server Network Proxy](https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/1281-network-proxy) +3. [Kubelet Credential Provider Plugins](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2133-kubelet-credential-providers) +4. [CSI In-tree Storage migration plugins](https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/625-csi-migration/README.md) + +Each subsystem was critical to achieve full feature parity with built-in capabilities and required several releases to bring each subsystem to GA-level maturity with a safe and +reliable migration path. More on each subsystem below. + +### Cloud Controller Manager + +The cloud controller manager was the first external component introduced in this effort, replacing functionality within the kube-controller-manager and kubelet that directly interacted with cloud APIs. +This essential component is responsible for initializing nodes by applying metadata labels that indicate the cloud region and zone a Node is running on, as well as IP addresses that are only known to the cloud provider. +Additionally, it runs the service controller, which is responsible for provisioning cloud load balancers for Services of type LoadBalancer. + +![Kubernetes components](/images/docs/components-of-kubernetes.svg) + +Learn more about Cloud Controller Manager [here](/docs/concepts/architecture/cloud-controller). + +### API Server Network Proxy + +The API Server Network Proxy project, initiated in 2018 in collaboration with SIG API Machinery, aimed to replace the SSH tunneler functionality within the kube-apiserver. +This tunneler had been used to securely proxy traffic between the Kubernetes control plane and nodes, but it heavily relied on provider-specific implementation details embedded in the kube-apiserver to establish these SSH tunnels. + +Now, the API Server Network Proxy is a GA-level extension point within the kube-apiserver. It offers a generic proxying mechanism that can route traffic from the API server to nodes through a secure proxy, +eliminating the need for the API server to have any knowledge of the specific cloud provider it is running on. This project also introduced the Konnectivity project, which has seen growing adoption in production environments. + +Learn more about the API Server Network Proxy [here](https://github.com/kubernetes-sigs/apiserver-network-proxy). + +### Kubelet Credential Provider + +The Kubelet credential provider plugin was developed to replace the kubelet's built-in functionality for dynamically fetching credentials for image registries hosted on Google Cloud, AWS, or Azure. +This capability was convenient as it allowed the kubelet to seamlessly retrieve short-lived tokens for pulling images from GCR, ECR, or ACR. However, like other areas of the project, +this required the kubelet to have specific knowledge of different cloud environments and APIs. + +Introduced in 2019, the credential provider plugin offers a generic extension point for the kubelet to execute plugin binaries that dynamically provide credentials for images hosted on various clouds. +This extensibility expands the kubelet's capabilities to fetch short-lived tokens beyond the initial three cloud providers. + +Learn more about Kubelet Credential Provider [here](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/). + +### CSI In-tree Storage Migration Plugins + +The Container Storage Interface (CSI) is a control plane standard for managing block and file storage systems in Kubernetes and other container orchestrators that went GA in 1.13. +It was designed to replace the in-tree volume plugins built directly into Kubernetes with drivers that can run as Pods within the Kubernetes cluster. +These drivers communicate with kube-controller-manager storage controllers via the Kubernetes API, and with kubelet through a local gRPC endpoint. +Now there are over 100 CSI drivers available across all major cloud and storage vendors, making stateful workloads in Kubernetes a reality. + +However, a major challenge remained on how to handle all the existing users of in-tree volume APIs. To retain API backwards compatibility, +we built an API translation layer into our controllers that will convert the in-tree volume API into the equivalent CSI API. This allowed us to redirect all storage operations to the CSI driver, +paving the way for us to remove the code for the built-in volume plugins without removing the API. + +Learn more about In-tree Storage migration in [this blog post](https://kubernetes.io/blog/2019/12/09/kubernetes-1-17-feature-csi-migration-beta/). + +## What’s Next? + +This migration has been the primary focus for SIG Cloud Provider over the past few years. With this significant milestone achieved, we will be shifting our efforts towards exploring new +and innovative ways for Kubernetes to better integrate with cloud providers, leveraging the external subsystems we've built over the years. This includes making Kubernetes smarter in +hybrid environments where nodes in the cluster can run on both public and private clouds, as well as providing better tools and frameworks for developers of external providers to simplify and streamline their integration efforts. + +With all the new features, tools, and frameworks being planned, SIG Cloud Provider is not forgetting about the other side of the equation: testing. Another area of focus for the SIG's future activities is the improvement of +cloud controller testing to include more providers. The ultimate goal of this effort being to create a testing framework that will include as many providers as possible so that we give the Kubernetes community the highest +levels of confidence about their Kubernetes environments. + +If you're using a version older than v1.29 and haven't migrated to an external cloud provider yet, we recommend checking out our previous blog post [Kubernetes 1.29: Cloud Provider Integrations Are Now Separate Components](https://kubernetes.io/blog/2023/12/14/cloud-provider-integration-changes/). +It provides detailed information on the changes we've made and offers guidance on how to migrate to an external provider. Starting in v1.31, in-tree cloud providers will be permanently disabled and removed from core Kubernetes components. + +If you’re interested in contributing, come join our [bi-weekly SIG meetings](https://github.com/kubernetes/community/tree/master/sig-cloud-provider#meetings)! \ No newline at end of file From 4b805d1e579a74055ecdcc6b2d01cf99ea9733e4 Mon Sep 17 00:00:00 2001 From: Sajib Adhikary <60180521+sajibAdhi@users.noreply.github.com> Date: Sat, 18 May 2024 06:52:50 +0000 Subject: [PATCH 09/27] [bn] Ready glossary page for vanilla Docsy This commit is followed by this [PR](https://github.com/kubernetes/website/pull/45937) Signed-off-by: Sajib Adhikary --- content/bn/docs/reference/glossary/index.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/bn/docs/reference/glossary/index.md b/content/bn/docs/reference/glossary/index.md index c3a290c2aa573..a7ba4589ea824 100644 --- a/content/bn/docs/reference/glossary/index.md +++ b/content/bn/docs/reference/glossary/index.md @@ -1,7 +1,11 @@ --- +# approvers: +# - chenopis +# - abiogenesis-now ( The list of approvers is not necessary for the localized version. However, it is included because it helps maintain a certain line break, which further aids in updating a file.That's why it's kept in comment form. ) title: শব্দকোষ layout: glossary noedit: true +body_class: glossary default_active_tag: fundamental weight: 5 card: From cc41a502c627535559c1c602bb558d9114b5efe3 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Sat, 18 May 2024 21:31:54 +0800 Subject: [PATCH 10/27] [zh-cn] sync cri-pod-container-metrics Signed-off-by: xin.li --- .../reference/instrumentation/cri-pod-container-metrics.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/zh-cn/docs/reference/instrumentation/cri-pod-container-metrics.md b/content/zh-cn/docs/reference/instrumentation/cri-pod-container-metrics.md index 93874fd1ddba7..b59cbc02e8696 100644 --- a/content/zh-cn/docs/reference/instrumentation/cri-pod-container-metrics.md +++ b/content/zh-cn/docs/reference/instrumentation/cri-pod-container-metrics.md @@ -20,14 +20,14 @@ description: >- The [kubelet](/docs/reference/command-line-tools-reference/kubelet/) collects pod and container metrics via [cAdvisor](https://github.com/google/cadvisor). As an alpha feature, Kubernetes lets you configure the collection of pod and container -metrics via the {{< glossary_tooltip term_id="cri" text="Container Runtime Interface">}} (CRI). You +metrics via the {{< glossary_tooltip term_id="container-runtime-interface" text="Container Runtime Interface">}} (CRI). You must enable the `PodAndContainerStatsFromCRI` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) and use a compatible CRI implementation (containerd >= 1.6.0, CRI-O >= 1.23.0) to use the CRI based collection mechanism. --> [kubelet](/zh-cn/docs/reference/command-line-tools-reference/kubelet/) 通过 [cAdvisor](https://github.com/google/cadvisor) 收集 Pod 和容器指标。作为一个 Alpha 特性, -Kubernetes 允许你通过{{< glossary_tooltip term_id="cri" text="容器运行时接口">}}(CRI) +Kubernetes 允许你通过{{< glossary_tooltip term_id="container-runtime-interface" text="容器运行时接口">}}(CRI) 配置收集 Pod 和容器指标。要使用基于 CRI 的收集机制,你必须启用 `PodAndContainerStatsFromCRI` [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/) 并使用兼容的 CRI 实现(containerd >= 1.6.0, CRI-O >= 1.23.0)。 From 5a85483ed5d23919368d025553ed7e74b60a2506 Mon Sep 17 00:00:00 2001 From: axlrosen Date: Sat, 18 May 2024 16:17:38 +0100 Subject: [PATCH 11/27] Update hello-minikube.md When I ran `kubectl get deployments`, it showed no available nodes. So I thought I did something wrong. Eventually I ran it again and it matched the expected output. So, I would like to add a helpful hint to the documentation. --- content/en/docs/tutorials/hello-minikube.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/en/docs/tutorials/hello-minikube.md b/content/en/docs/tutorials/hello-minikube.md index 0afa96251ed93..3e20defe9bdfe 100644 --- a/content/en/docs/tutorials/hello-minikube.md +++ b/content/en/docs/tutorials/hello-minikube.md @@ -114,6 +114,8 @@ recommended way to manage the creation and scaling of Pods. hello-node 1/1 1 1 1m ``` + (It may take some time for the pod to become available. If you see "0/1", try again in a few seconds.) + 1. View the Pod: ```shell From 59eacb348538561c2e830f482011420bc146e2d0 Mon Sep 17 00:00:00 2001 From: andrewsykim Date: Sun, 19 May 2024 01:44:19 -0400 Subject: [PATCH 12/27] updates to cloud provider migration blog Signed-off-by: andrewsykim --- ...=> 2024-05-20-cloud-provider-migration.md} | 38 ++++++++++--------- 1 file changed, 20 insertions(+), 18 deletions(-) rename content/en/blog/_posts/{2024-05-13-cloud-provider-migration.md => 2024-05-20-cloud-provider-migration.md} (66%) diff --git a/content/en/blog/_posts/2024-05-13-cloud-provider-migration.md b/content/en/blog/_posts/2024-05-20-cloud-provider-migration.md similarity index 66% rename from content/en/blog/_posts/2024-05-13-cloud-provider-migration.md rename to content/en/blog/_posts/2024-05-20-cloud-provider-migration.md index 5107cd6e37925..54ce978e8d6fe 100644 --- a/content/en/blog/_posts/2024-05-13-cloud-provider-migration.md +++ b/content/en/blog/_posts/2024-05-20-cloud-provider-migration.md @@ -6,27 +6,30 @@ slug: completing-cloud-provider-migration author: > Andrew Sy Kim (Google), Michelle Au (Google), + Walter Fender (Google), Michael McCune (Red Hat) --- -Since as early as Kubernetes v1.7, the Kubernetes project has pursued the ambitious goal of removing built-in cloud provider integrations. +Since as early as Kubernetes v1.7, the Kubernetes project has pursued the ambitious goal of removing built-in cloud provider integrations ([KEP-2395](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cloud-provider/2395-removing-in-tree-cloud-providers/README.md)). While these integrations were instrumental in Kubernetes' early development and growth, their removal was driven by two key factors: the growing complexity of maintaining native support for every cloud provider across millions of lines of Go code, and the desire to establish Kubernetes as a truly vendor-neutral platform. After many releases, we're thrilled to announce that all cloud provider integrations have been successfully migrated from the core Kubernetes repository to external plugins. +In addition to achieving our initial objectives, we've also significantly streamlined Kubernetes by removing roughly 1.5 million lines of code and reducing the binary sizes of core components by approximately 40%. + This migration was a complex and long-running effort due to the numerous impacted components and the critical code paths that relied on the built-in integrations for the five initial cloud providers: Google Cloud, AWS, Azure, OpenStack, and vSphere. To successfully complete this migration, we had to build four new subsystems from the ground up: -1. [Cloud Controller Manager](https://kubernetes.io/docs/concepts/architecture/cloud-controller/) -2. [API Server Network Proxy](https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/1281-network-proxy) -3. [Kubelet Credential Provider Plugins](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2133-kubelet-credential-providers) -4. [CSI In-tree Storage migration plugins](https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/625-csi-migration/README.md) +1. **Cloud controller manager** ([KEP-2392](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cloud-provider/2392-cloud-controller-manager/README.md)) +1. **API server network proxy** ([KEP-1281](https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/1281-network-proxy)) +1. **kubelet credential provider plugins** ([KEP-2133](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2133-kubelet-credential-providers)) +1. Storage migration to use [CSI](https://github.com/container-storage-interface/spec?tab=readme-ov-file#container-storage-interface-csi-specification-) ([KEP-625](https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/625-csi-migration/README.md)) Each subsystem was critical to achieve full feature parity with built-in capabilities and required several releases to bring each subsystem to GA-level maturity with a safe and reliable migration path. More on each subsystem below. -### Cloud Controller Manager +### Cloud controller manager The cloud controller manager was the first external component introduced in this effort, replacing functionality within the kube-controller-manager and kubelet that directly interacted with cloud APIs. This essential component is responsible for initializing nodes by applying metadata labels that indicate the cloud region and zone a Node is running on, as well as IP addresses that are only known to the cloud provider. @@ -34,9 +37,9 @@ Additionally, it runs the service controller, which is responsible for provision ![Kubernetes components](/images/docs/components-of-kubernetes.svg) -Learn more about Cloud Controller Manager [here](/docs/concepts/architecture/cloud-controller). +To learn more, read [Cloud Controller Manager](/docs/concepts/architecture/cloud-controller/) in the Kubernetes documentation. -### API Server Network Proxy +### API server network proxy The API Server Network Proxy project, initiated in 2018 in collaboration with SIG API Machinery, aimed to replace the SSH tunneler functionality within the kube-apiserver. This tunneler had been used to securely proxy traffic between the Kubernetes control plane and nodes, but it heavily relied on provider-specific implementation details embedded in the kube-apiserver to establish these SSH tunnels. @@ -44,20 +47,20 @@ This tunneler had been used to securely proxy traffic between the Kubernetes con Now, the API Server Network Proxy is a GA-level extension point within the kube-apiserver. It offers a generic proxying mechanism that can route traffic from the API server to nodes through a secure proxy, eliminating the need for the API server to have any knowledge of the specific cloud provider it is running on. This project also introduced the Konnectivity project, which has seen growing adoption in production environments. -Learn more about the API Server Network Proxy [here](https://github.com/kubernetes-sigs/apiserver-network-proxy). +You can learn more about the API Server Network Proxy from its [README](https://github.com/kubernetes-sigs/apiserver-network-proxy#readme). -### Kubelet Credential Provider +### Credential provider plugins for the kubelet The Kubelet credential provider plugin was developed to replace the kubelet's built-in functionality for dynamically fetching credentials for image registries hosted on Google Cloud, AWS, or Azure. -This capability was convenient as it allowed the kubelet to seamlessly retrieve short-lived tokens for pulling images from GCR, ECR, or ACR. However, like other areas of the project, +The legacy capability was convenient as it allowed the kubelet to seamlessly retrieve short-lived tokens for pulling images from GCR, ECR, or ACR. However, like other areas of Kubernetes, supporting this required the kubelet to have specific knowledge of different cloud environments and APIs. -Introduced in 2019, the credential provider plugin offers a generic extension point for the kubelet to execute plugin binaries that dynamically provide credentials for images hosted on various clouds. +Introduced in 2019, the credential provider plugin mechanism offers a generic extension point for the kubelet to execute plugin binaries that dynamically provide credentials for images hosted on various clouds. This extensibility expands the kubelet's capabilities to fetch short-lived tokens beyond the initial three cloud providers. -Learn more about Kubelet Credential Provider [here](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/). +To learn more, read [kubelet credential provider for authenticated image pulls](/docs/concepts/containers/images/#kubelet-credential-provider). -### CSI In-tree Storage Migration Plugins +### Storage plugin migration from in-tree to CSI The Container Storage Interface (CSI) is a control plane standard for managing block and file storage systems in Kubernetes and other container orchestrators that went GA in 1.13. It was designed to replace the in-tree volume plugins built directly into Kubernetes with drivers that can run as Pods within the Kubernetes cluster. @@ -68,9 +71,9 @@ However, a major challenge remained on how to handle all the existing users of i we built an API translation layer into our controllers that will convert the in-tree volume API into the equivalent CSI API. This allowed us to redirect all storage operations to the CSI driver, paving the way for us to remove the code for the built-in volume plugins without removing the API. -Learn more about In-tree Storage migration in [this blog post](https://kubernetes.io/blog/2019/12/09/kubernetes-1-17-feature-csi-migration-beta/). +You can learn more about In-tree Storage migration in [Kubernetes In-Tree to CSI Volume Migration Moves to Beta](https://kubernetes.io/blog/2019/12/09/kubernetes-1-17-feature-csi-migration-beta/). -## What’s Next? +## What's next? This migration has been the primary focus for SIG Cloud Provider over the past few years. With this significant milestone achieved, we will be shifting our efforts towards exploring new and innovative ways for Kubernetes to better integrate with cloud providers, leveraging the external subsystems we've built over the years. This includes making Kubernetes smarter in @@ -80,7 +83,6 @@ With all the new features, tools, and frameworks being planned, SIG Cloud Provid cloud controller testing to include more providers. The ultimate goal of this effort being to create a testing framework that will include as many providers as possible so that we give the Kubernetes community the highest levels of confidence about their Kubernetes environments. -If you're using a version older than v1.29 and haven't migrated to an external cloud provider yet, we recommend checking out our previous blog post [Kubernetes 1.29: Cloud Provider Integrations Are Now Separate Components](https://kubernetes.io/blog/2023/12/14/cloud-provider-integration-changes/). -It provides detailed information on the changes we've made and offers guidance on how to migrate to an external provider. Starting in v1.31, in-tree cloud providers will be permanently disabled and removed from core Kubernetes components. +If you're using a version of Kubernetes older than v1.29 and haven't migrated to an external cloud provider yet, we recommend checking out our previous blog post [Kubernetes 1.29: Cloud Provider Integrations Are Now Separate Components](/blog/2023/12/14/cloud-provider-integration-changes/).It provides detailed information on the changes we've made and offers guidance on how to migrate to an external provider. Starting in v1.31, in-tree cloud providers will be permanently disabled and removed from core Kubernetes components. If you’re interested in contributing, come join our [bi-weekly SIG meetings](https://github.com/kubernetes/community/tree/master/sig-cloud-provider#meetings)! \ No newline at end of file From 73b9cbee743d240d73705ef10434e79b5863798a Mon Sep 17 00:00:00 2001 From: Arhell Date: Sun, 19 May 2024 10:54:11 +0300 Subject: [PATCH 13/27] [uk] Ready Hello, Minikube page for vanilla Docsy --- content/uk/docs/tutorials/hello-minikube.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/content/uk/docs/tutorials/hello-minikube.md b/content/uk/docs/tutorials/hello-minikube.md index 7d27b34bde86a..67e464a4652de 100644 --- a/content/uk/docs/tutorials/hello-minikube.md +++ b/content/uk/docs/tutorials/hello-minikube.md @@ -3,15 +3,6 @@ title: Привіт Minikube content_type: tutorial weight: 5 -menu: - main: - #title: "Get Started" - title: "Початок роботи" - weight: 10 - #post: > - #

Ready to get your hands dirty? Build a simple Kubernetes cluster that runs "Hello World" for Node.js.

- post: > -

Готові попрацювати? Створимо простий Kubernetes кластер для запуску Node.js застосунку "Hello World".

card: #name: tutorials name: навчальні матеріали From 4a8ae1a926c162883207e6a0b8cb2f0f3b808f15 Mon Sep 17 00:00:00 2001 From: Tim Bannister Date: Sun, 19 May 2024 13:48:32 +0100 Subject: [PATCH 14/27] Fix formatting --- content/en/blog/_posts/2024-05-20-cloud-provider-migration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/blog/_posts/2024-05-20-cloud-provider-migration.md b/content/en/blog/_posts/2024-05-20-cloud-provider-migration.md index 54ce978e8d6fe..4ad77e2109214 100644 --- a/content/en/blog/_posts/2024-05-20-cloud-provider-migration.md +++ b/content/en/blog/_posts/2024-05-20-cloud-provider-migration.md @@ -24,7 +24,7 @@ five initial cloud providers: Google Cloud, AWS, Azure, OpenStack, and vSphere. 1. **Cloud controller manager** ([KEP-2392](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cloud-provider/2392-cloud-controller-manager/README.md)) 1. **API server network proxy** ([KEP-1281](https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/1281-network-proxy)) 1. **kubelet credential provider plugins** ([KEP-2133](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2133-kubelet-credential-providers)) -1. Storage migration to use [CSI](https://github.com/container-storage-interface/spec?tab=readme-ov-file#container-storage-interface-csi-specification-) ([KEP-625](https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/625-csi-migration/README.md)) +1. **Storage migration to use [CSI](https://github.com/container-storage-interface/spec?tab=readme-ov-file#container-storage-interface-csi-specification-)** ([KEP-625](https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/625-csi-migration/README.md)) Each subsystem was critical to achieve full feature parity with built-in capabilities and required several releases to bring each subsystem to GA-level maturity with a safe and reliable migration path. More on each subsystem below. From e1fbe95403dcba9a3e3882cf91710c2cc35edb1f Mon Sep 17 00:00:00 2001 From: Arhell Date: Mon, 20 May 2024 00:15:36 +0300 Subject: [PATCH 15/27] [ja] Ready Hello, Minikube page for vanilla Docsy --- content/ja/docs/tutorials/hello-minikube.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/content/ja/docs/tutorials/hello-minikube.md b/content/ja/docs/tutorials/hello-minikube.md index 33d0d4ab01b3b..f2acd0c6db87b 100644 --- a/content/ja/docs/tutorials/hello-minikube.md +++ b/content/ja/docs/tutorials/hello-minikube.md @@ -2,12 +2,6 @@ title: Hello Minikube content_type: tutorial weight: 5 -menu: - main: - title: "Get Started" - weight: 10 - post: > -

手を動かす準備はできていますか?本チュートリアルでは、サンプルアプリケーションを実行するKubernetesクラスターをビルドします。

card: name: tutorials weight: 10 From 686cd52d9d4dbe5084402d10d6660cddf5822c35 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Sat, 18 May 2024 09:17:00 +0800 Subject: [PATCH 16/27] [zh-cn] sync kubelet-config.v1beta1.md Signed-off-by: xin.li --- .../config-api/kubelet-config.v1beta1.md | 211 +++++++++++++++--- 1 file changed, 174 insertions(+), 37 deletions(-) diff --git a/content/zh-cn/docs/reference/config-api/kubelet-config.v1beta1.md b/content/zh-cn/docs/reference/config-api/kubelet-config.v1beta1.md index c49526fa3b0ec..d9a6fae47e0b6 100644 --- a/content/zh-cn/docs/reference/config-api/kubelet-config.v1beta1.md +++ b/content/zh-cn/docs/reference/config-api/kubelet-config.v1beta1.md @@ -39,6 +39,21 @@ FormatOptions 包含为不同日志格式提供的选项。 字段描述 + + +text [必需]
+TextOptions + + + +

[Alpha] 文本包含用于记录 "text" 格式的选项。 +仅当 LoggingAlphaOptions 特性门控被启用时可用。

+ + + json [必需]
JSONOptions @@ -73,38 +88,19 @@ JSONOptions 包含为 "json" 日志格式提供的选项。 - - - - + + @@ -262,6 +258,96 @@ certain global defaults.
字段描述
splitStream [必需]
-bool -		 -

- - [Alpha] splitStream 将错误信息重定向到标准错误输出(stderr), -而将提示信息重定向到标准输出(stdout),并为二者提供缓存。 -默认设置是将二者都写出到标准输出,并且不提供缓存。 -只有 LoggingAlphaOptions 特性门控被启用时才可用。 -

-
infoBufferSize [必需]
-k8s.io/apimachinery/pkg/api/resource.QuantityValue -
-

- - [Alpha] infoBufferSize 在分离数据流时用来设置 info 数据流的大小。 -默认值为 0,相当于禁止缓存。只有 LoggingAlphaOptions 特性门控被启用时才可用。 -

+OutputRoutingOptions [必需]
+OutputRoutingOptions + 		+ +(OutputRoutingOptions 的成员嵌入到此类型中。) + 没有提供描述。
+ +## `OutputRoutingOptions` {#OutputRoutingOptions} + +- [JSONOptions](#JSONOptions) + +- [TextOptions](#TextOptions) + +

+ +

+OutputRoutingOptions 包含 "text" 和 "json" 支持的选项。 + + + + + + + + + + + + + +
Field描述<
splitStream [必需]
+bool +		 + +

[Alpha] SplitStream 将错误消息重定向到 stderr,而信息消息则转到 stdout,并进行缓冲。 +默认是将两者都写入 stdout,而不进行缓冲。仅在 LoggingAlphaOptions 特性门控启用时可用。

+
infoBufferSize [必需]
+k8s.io/apimachinery/pkg/api/resource.QuantityValue +		 + +

[Alpha] InfoBufferSize 设置使用分割流时信息流的大小。默认值为零,表示禁用缓冲。 +仅在 LoggingAlphaOptions 特性门控启用时可用。

+
+ +## `TextOptions` {#TextOptions} + + +**出现在:** + +- [FormatOptions](#FormatOptions) + +

+ +TextOptions 包含用于记录 "text" 格式的选项。 +

+ + + + + + + + + + + +
Field描述
OutputRoutingOptions [必需]
+OutputRoutingOptions +		 + +(OutputRoutingOptions 的成员嵌入到此类型中。) + 未提供描述。 +
+ ## `TimeOrMetaDuration` {#TimeOrMetaDuration} +

podLogsDir 是 kubelet 用于放置 Pod 日志文件的自定义根目录路径。 +默认值:"/var/log/pods/" +注意:不建议使用临时文件夹作为日志目录,因为它可能会在许多地方引起意外行为。

+ + + + syncFrequency
meta/v1.Duration @@ -637,12 +740,12 @@ Default: ""

tlsCipherSuites 是一个字符串列表,其中包含服务器所接受的加密包名称。 请注意,TLS 1.3 密码套件是不可配置的。 - 列表中的每个值来自于 tls 包中定义的常数(https://pkg.go.dev/crypto/tls#pkg-constants)。

+ 列表中的每个值来自于 tls 包中定义的常数(https://golang.org/pkg/crypto/tls/#pkg-constants)。

默认值:nil

@@ -653,11 +756,11 @@ Default: ""

tlsMinVersion 给出所支持的最小 TLS 版本。 -字段取值来自于 tls 包中的常数定义(https://pkg.go.dev/crypto/tls#pkg-constants)。

+字段取值来自于 tls 包中的常数定义(https://golang.org/pkg/crypto/tls/#pkg-constants)。

默认值:""

@@ -1855,6 +1958,40 @@ Default: 5 +containerLogMaxWorkers
+int32 + + + +

containerLogMaxWorkers 指定执行日志轮换操作所需的并发工作程序的最大数量。 +将此计数设置为 1,以禁用并发日志轮换工作流程。 +默认值:1

+ + + +containerLogMonitorInterval
+meta/v1.Duration + + + +

ContainerLogMonitorInterval 指定监视容器日志以执行日志轮转操作的持续时间。 +默认为 10s,但可以根据日志生成率和需要轮换的大小定制为较小的值。 +默认值:10s +

+ + + configMapAndSecretChangeDetectionStrategy
ResourceChangeDetectionStrategy @@ -2333,7 +2470,7 @@ Default: 0.8 registerWithTaints
-[]core/v1.Taint +[]core/v1.Taint [必需]
-core/v1.ResourceList +core/v1.ResourceList From c1d0def3fe2720f32933a4c705eea298d05f4dea Mon Sep 17 00:00:00 2001 From: windsonsea Date: Mon, 20 May 2024 09:59:50 +0800 Subject: [PATCH 17/27] [zh] Localize a blog: 2024-04-22-userns-beta/ --- .../_posts/2024-04-22-userns-beta/index.md | 298 ++++++++++++++++++ 1 file changed, 298 insertions(+) create mode 100644 content/zh-cn/blog/_posts/2024-04-22-userns-beta/index.md diff --git a/content/zh-cn/blog/_posts/2024-04-22-userns-beta/index.md b/content/zh-cn/blog/_posts/2024-04-22-userns-beta/index.md new file mode 100644 index 0000000000000..d62cdf7687243 --- /dev/null +++ b/content/zh-cn/blog/_posts/2024-04-22-userns-beta/index.md @@ -0,0 +1,298 @@ +--- +layout: blog +title: "Kubernetes 1.30:对 Pod 使用用户命名空间的支持进阶至 Beta" +date: 2024-04-22 +slug: userns-beta +author: > + Rodrigo Campos Catelin (Microsoft), + Giuseppe Scrivano (Red Hat), + Sascha Grunert (Red Hat) +translator: > + Michael Yao (DaoCloud) +--- + + + +Linux 提供了不同的命名空间来将进程彼此隔离。 +例如,一个典型的 Kubernetes Pod 运行在一个网络命名空间中可以隔离网络身份,运行在一个 PID 命名空间中可以隔离进程。 + +Linux 有一个以前一直未被容器化应用所支持的命名空间是[用户命名空间](https://man7.org/linux/man-pages/man7/user_namespaces.7.html)。 +这个命名空间允许我们将容器内使用的用户标识符和组标识符(UID 和 GID)与主机上的标识符隔离开来。 + + +这是一个强大的抽象,允许我们以 “root” 身份运行容器: +我们在容器内部有 root 权限,可以在 Pod 内执行所有 root 能做的操作, +但我们与主机的交互仅限于非特权用户可以执行的操作。这对于限制容器逃逸的影响非常有用。 + + +容器逃逸是指容器内的进程利用容器运行时或内核中的某些未打补丁的漏洞逃逸到主机上, +并可以访问/修改主机或其他容器上的文件。如果我们以用户命名空间运行我们的 Pod, +容器对主机其余部分的特权将减少,并且此容器可以访问的容器外的文件也将受到限制。 + + +在 Kubernetes v1.25 中,我们仅为无状态 Pod 引入了对用户命名空间的支持。 +Kubernetes 1.28 取消了这一限制,目前在 Kubernetes 1.30 中,这个特性进阶到了 Beta! + + +## 什么是用户命名空间? {#what-is-a-user-namespace} + +注意:Linux 用户命名空间与 +[Kubernetes 命名空间](/zh-cn/docs/concepts/overview/working-with-objects/namespaces/)是不同的概念。 +前者是一个 Linux 内核特性;后者是一个 Kubernetes 特性。 + + +用户命名空间是一个 Linux 特性,它将容器的 UID 和 GID 与主机上的隔离开来。 +容器中的标识符可以被映射为主机上的标识符,并且保证不同容器所使用的主机 UID/GID 不会重叠。 +此外,这些标识符可以被映射到主机上没有特权的、非重叠的 UID 和 GID。这带来了两个关键好处: + + +* __防止横向移动__:由于不同容器的 UID 和 GID 被映射到主机上的不同 UID 和 GID, + 即使这些标识符逃出了容器的边界,容器之间也很难互相攻击。 + 例如,假设容器 A 在主机上使用的 UID 和 GID 与容器 B 不同。 + 在这种情况下,它对容器 B 的文件和进程的操作是有限的:只能读取/写入某文件所允许的操作, + 因为它永远不会拥有文件所有者或组权限(主机上的 UID/GID 保证对不同容器是不同的)。 + + +* __增加主机隔离__:由于 UID 和 GID 被映射到主机上的非特权用户,如果某容器逃出了它的边界, + 即使它在容器内部以 root 身份运行,它在主机上也没有特权。 + 这大大保护了它可以读取/写入的主机文件,它可以向哪个进程发送信号等。 + 此外,所授予的权能仅在用户命名空间内有效,而在主机上无效,这就限制了容器逃逸的影响。 + + +{{< figure src="/images/blog/2024-04-22-userns-beta/userns-ids.png" alt="此图显示了 ID 0-65535 为主机预留,Pod 使用更大的 ID" title="用户命名空间 ID 分配" >}} + + +如果不使用用户命名空间,容器逃逸时以 root 运行的容器在节点上将具有 root 特权。 +如果某些权能授权给了此容器,这些权能在主机上也会有效。 +如果使用用户命名空间,就不会是这种情况(当然,除非有漏洞 🙂)。 + + +## 1.30 的变化 {#changes-in-1.30} + +在 Kubernetes 1.30 中,除了将用户命名空间进阶至 Beta,参与此特性的贡献者们还: + + +* 为 kubelet 引入了一种使用自定义范围进行 UID/GID 映射的方式 +* 为 Kubernetes 添加了一种强制执行的方式让运行时支持用户命名空间所需的所有特性。 + 如果不支持这些特性,Kubernetes 在尝试创建具有用户命名空间的 Pod 时,会显示一个明确的错误。 + 在 1.30 之前,如果容器运行时不支持用户命名空间,Pod 可能会在没有用户命名空间的情况下被创建。 +* 新增了更多的测试,包括在 [cri-tools](https://github.com/kubernetes-sigs/cri-tools/pull/1354) 仓库中的测试。 + + +你可以查阅有关用户命名空间的[文档](/zh-cn/docs/concepts/workloads/pods/user-namespaces/#set-up-a-node-to-support-user-namespaces), +了解如何配置映射的自定义范围。 + + +## 演示 {#demo} + +几个月前,[CVE-2024-21626][runc-cve] 被披露。 +这个 **漏洞评分为 8.6(高)**。它允许攻击者让容器逃逸,并**读取/写入节点上的任何路径以及同一节点上托管的其他 Pod**。 + +Rodrigo 创建了一个滥用 [CVE 2024-21626][runc-cve] 的演示, +演示了此漏洞在没有用户命名空间时的工作方式,而在使用用户命名空间后 **得到了缓解**。 + + +{{< youtube id="07y5bl5UDdA" title="通过启用用户命名空间支持来在 Kubernetes 上缓解 CVE-2024-21626" class="youtube-quote-sm" >}} + + +请注意,使用用户命名空间时,攻击者可以在主机文件系统上执行“其他”权限位所允许的操作。 +因此,此 CVE 并没有完全被修复,但影响大大降低。 + +[runc-cve]: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv + + +## 节点系统要求 {#node-system-requirements} + +使用此特性对 Linux 内核版本和容器运行时有一些要求。 + +在 Linux 上,你需要 Linux 6.3 或更高版本。 +这是因为此特性依赖于一个名为 idmap 挂载的内核特性,而支持 idmap 挂载与 tmpfs 一起使用的特性是在 Linux 6.3 中合并的。 + + +假设你使用 [CRI-O][crio] 和 crun;就像往常一样,你可以期待 CRI-O 1.30 支持 Kubernetes 1.30。 +请注意,你还需要 [crun][crun] 1.9 或更高版本。如果你使用的是 CRI-O 和 [runc][runc],则仍然不支持用户命名空间。 + +containerd 对此特性的支持目前锁定为 [containerd][containerd] 2.0,同样 crun 也有适用的版本要求。 +如果你使用的是 containerd 和 runc,则仍然不支持用户命名空间。 + + +请注意,正如在 Kubernetes 1.25 和 1.26 中实现的那样,containerd 1.7 增加了对用户命名空间的**实验性**支持。 +我们曾在 Kubernetes 1.27 中进行了重新设计,所以容器运行时需要做一些变更。 +而 containerd 1.7 并未包含这些变更,所以它仅在 Kubernetes 1.25 和 1.26 中支持使用用户命名空间。 + + +containerd 1.7 的另一个限制是,它需要在 Pod 启动期间变更容器镜像内的每个文件和目录的所有权。 +这会增加存储开销,并可能显著影响容器启动延迟。containerd 2.0 可能会包含一个实现,以消除增加的启动延迟和存储开销。 +如果你计划在生产环境中使用 containerd 1.7 和用户命名空间,请考虑这一点。 + +containerd 1.7 的这些限制均不适用于 CRI-O。 + +[crio]: https://cri-o.io/ +[crun]: https://github.com/containers/crun +[runc]: https://github.com/opencontainers/runc/ +[containerd]: https://containerd.io/ + + +## 如何参与? {#how-do-i-get-involved} + +你可以通过以下方式联系 SIG Node: + +- Slack:[#sig-node](https://kubernetes.slack.com/messages/sig-node) +- [邮件列表](https://groups.google.com/forum/#!forum/kubernetes-sig-node) +- [提交社区 Issue/PR](https://github.com/kubernetes/community/labels/sig%2Fnode) + + +你也可以通过以下方式直接联系我们: + +- GitHub:@rata @giuseppe @saschagrunert +- Slack:@rata @giuseppe @sascha From 1ca07c3df4161978b34513ad0a9abd1b947d5b7d Mon Sep 17 00:00:00 2001 From: Mengjiao Liu Date: Mon, 20 May 2024 16:19:46 +0800 Subject: [PATCH 18/27] [zh-cn] Sync the blog page and partners page for vanilla Docsy --- content/zh-cn/blog/_index.md | 4 +- content/zh-cn/includes/partner-style.css | 201 ----------------------- content/zh-cn/partners/_index.html | 12 +- 3 files changed, 5 insertions(+), 212 deletions(-) delete mode 100644 content/zh-cn/includes/partner-style.css diff --git a/content/zh-cn/blog/_index.md b/content/zh-cn/blog/_index.md index ddd878254ab49..06fd61efe20ca 100644 --- a/content/zh-cn/blog/_index.md +++ b/content/zh-cn/blog/_index.md @@ -4,9 +4,7 @@ linkTitle: 博客 menu: main: title: "博客" - weight: 40 - post: > -

阅读关于 kubernetes 和容器规范的最新信息,以及获取最新的技术。

+ weight: 20 --- {{< comment >}} diff --git a/content/zh-cn/includes/partner-style.css b/content/zh-cn/includes/partner-style.css deleted file mode 100644 index dc120872e033c..0000000000000 --- a/content/zh-cn/includes/partner-style.css +++ /dev/null @@ -1,201 +0,0 @@ -/* SECTIONS */ -.section { - clear: both; - padding: 0px; - margin-bottom: 2em; -} - -.kcsp_section { - clear: both; - padding: 0px; - margin-bottom: 2em; -} - -/* COLUMN SETUP */ -.col { - display: block; - float:left; - margin: 1% 0 1% 1.6%; - background-color: #f9f9f9; -} -.col:first-child { margin-left: 0; } - - -/* GROUPING */ -.group:before, -.group:after { - content:""; - display:table; -} -.group:after { - clear:both; -} -.group { - zoom:1; /* For IE 6/7 */ -} - -/* GRID OF THREE */ -.span_3_of_3 { - width: 35%; - background-color: #f9f9f9; - padding: 20px; -} -.span_2_of_3 { - width: 35%; - background-color: #f9f9f9; - padding: 20px; -} -.span_1_of_3 { - width: 35%; - background-color: #f9f9f9; - padding: 20px; -} - -.col-container { - display: table; /* Make the container element behave like a table */ - width: 100%; /* Set full-width to expand the whole page */ - padding-bottom: 30px; -} - -.col-nav { - display: table-cell; /* Make elements inside the container behave like table cells */ - width: 18%; - background-color: #f9f9f9; - padding: 20px; - border: 5px solid white; -} - -/* GO FULL WIDTH AT LESS THAN 480 PIXELS */ - -@media only screen and (max-width: 480px) { - .col { margin: 1% 0 1% 0%;} - .span_3_of_3, .span_2_of_3, .span_1_of_3 { width: 100%; } -} - -@media only screen and (max-width: 650px) { - .col-nav { - display: block; - width: 100%; - } -} - -.button{ - max-width: 100%; - box-sizing: border-box; - margin: 0; - display: inline-block; - border-radius: 6px; - padding: 0 20px; - line-height: 40px; - color: #ffffff; - font-size: 16px; - background-color: #3371e3; - text-decoration: none; - } - -h5 { - font-size: 16px; - line-height: 1.5em; - margin-bottom: 2em; -} - -#usersGrid a { - display: inline-block; - background-color: #f9f9f9; -} - -#ktpContainer, #distContainer, #kcspContainer, #isvContainer, #servContainer { - position: relative; - width: 100%; - display: flex; - justify-content: space-between; - flex-wrap: wrap; -} - -#isvContainer { - margin-bottom: 80px; -} - -#kcspContainer { - margin-bottom: 80px; -} - -#distContainer { - margin-bottom: 80px; -} - -#ktpContainer { - margin-bottom: 80px; -} - -.partner-box { - position: relative; - width: 47%; - max-width: 48%; - min-width: 48%; - margin-bottom: 20px; - padding: 20px; - flex: 1; - display: flex; - justify-content: left; - align-items: flex-start; -} - -.partner-box img { - background-color: #f9f9f9; -} - -.partner-box > div { - margin-left: 30px; -} - -.partner-box a { - color: #3576E3; -} - -@media screen and (max-width: 1024px) { - .partner-box { - flex-direction: column; - justify-content: flex-start; - } - - .partner-box > div { - margin: 20px 0 0; - } -} - -@media screen and (max-width: 568px) { - #ktpContainer, #distContainter, #kcspContainer, #isvContainer, #servContainer { - justify-content: center; - } - - .partner-box { - flex-direction: column; - justify-content: flex-start; - width: 100%; - max-width: 100%; - min-width: 100%; - } - - .partner-box > div { - margin: 20px 0 0; - } -} - -@media screen and (max-width: 568px) { - #ktpContainer, #distContainer, #kcspContainer, #isvContainer, #servContainer { - justify-content: center; - } - - .partner-box { - flex-direction: column; - justify-content: flex-start; - width: 100%; - max-width: 100%; - min-width: 100%; - } - - .partner-box > div { - margin: 20px 0 0; - } -} diff --git a/content/zh-cn/partners/_index.html b/content/zh-cn/partners/_index.html index 5be8838317e57..0f06ea6702df7 100644 --- a/content/zh-cn/partners/_index.html +++ b/content/zh-cn/partners/_index.html @@ -4,6 +4,10 @@ abstract: 发展 Kubernetes 生态圈 class: gridPage cid: partners +body_class: partners +menu: + main: + weight: 40 --- Kubernetes 认证服务提供商 @@ -36,7 +39,6 @@
-
Kubernetes 认证的发行版本、托管平台以及安装工具 @@ -49,10 +51,8 @@
Kubernetes Certified? -->

想要成为 Kubernetes 认证的厂商吗? -
-
Kubernetes 培训合作伙伴 @@ -66,12 +66,8 @@
KTP? -->

想要成为 KTP 吗? -
{{< cncf-landscape helpers=true >}} - From 4f96f2e40a7f736e106a1a2dcf2dc046f120af78 Mon Sep 17 00:00:00 2001 From: Mengjiao Liu Date: Mon, 20 May 2024 16:45:58 +0800 Subject: [PATCH 19/27] [zh-cn] Sync hello-minikube.md --- content/zh-cn/docs/tutorials/hello-minikube.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/content/zh-cn/docs/tutorials/hello-minikube.md b/content/zh-cn/docs/tutorials/hello-minikube.md index 1ea5bffd144a9..fc90177365a50 100644 --- a/content/zh-cn/docs/tutorials/hello-minikube.md +++ b/content/zh-cn/docs/tutorials/hello-minikube.md @@ -200,6 +200,11 @@ Deployment 是管理 Pod 创建和扩展的推荐方法。 hello-node 1/1 1 1 1m ``` + + (该 Pod 可能需要一些时间才能变得可用。如果你在输出结果中看到 “0/1”,请在几秒钟后重试。) + From 59b9257dc0d04a358f39c22558ad8c253dd36b0d Mon Sep 17 00:00:00 2001 From: xin gu <418294249@qq.com> Date: Sun, 19 May 2024 20:17:39 +0800 Subject: [PATCH 20/27] sync encrypt-data kms-provider connect-applications-service Update encrypt-data.md Update encrypt-data.md --- .../zh-cn/docs/tasks/administer-cluster/encrypt-data.md | 9 ++++++++- .../zh-cn/docs/tasks/administer-cluster/kms-provider.md | 8 ++++---- .../tutorials/services/connect-applications-service.md | 2 +- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/content/zh-cn/docs/tasks/administer-cluster/encrypt-data.md b/content/zh-cn/docs/tasks/administer-cluster/encrypt-data.md index 748456b68007c..ff01227373f62 100644 --- a/content/zh-cn/docs/tasks/administer-cluster/encrypt-data.md +++ b/content/zh-cn/docs/tasks/administer-cluster/encrypt-data.md @@ -1294,10 +1294,17 @@ API server. 要允许自动重新加载, 可使用 `--encryption-provider-config-automatic-reload=true` 运行 API 服务器。 +该功能启用后,每分钟会轮询文件变化以监测修改情况。 +`apiserver_encryption_config_controller_automatic_reload_last_timestamp_seconds` 指标用于标识新配置生效的时间。 +这种设置可以在不重启 API 服务器的情况下轮换加密密钥。 ## {{% heading "whatsnext" %}} diff --git a/content/zh-cn/docs/tasks/administer-cluster/kms-provider.md b/content/zh-cn/docs/tasks/administer-cluster/kms-provider.md index c80d571e45144..213f18d20155a 100644 --- a/content/zh-cn/docs/tasks/administer-cluster/kms-provider.md +++ b/content/zh-cn/docs/tasks/administer-cluster/kms-provider.md @@ -540,12 +540,12 @@ defined in a CustomResourceDefinition, your cluster must be running Kubernetes v providers: - kms: name: myKmsPluginFoo - endpoint: unix:///tmp/socketfile.sock + endpoint: unix:///tmp/socketfile-foo.sock cachesize: 100 timeout: 3s - kms: name: myKmsPluginBar - endpoint: unix:///tmp/socketfile.sock + endpoint: unix:///tmp/socketfile-bar.sock cachesize: 100 timeout: 3s ``` @@ -564,12 +564,12 @@ defined in a CustomResourceDefinition, your cluster must be running Kubernetes v - kms: apiVersion: v2 name: myKmsPluginFoo - endpoint: unix:///tmp/socketfile.sock + endpoint: unix:///tmp/socketfile-foo.sock timeout: 3s - kms: apiVersion: v2 name: myKmsPluginBar - endpoint: unix:///tmp/socketfile.sock + endpoint: unix:///tmp/socketfile-bar.sock timeout: 3s ``` diff --git a/content/zh-cn/docs/tutorials/services/connect-applications-service.md b/content/zh-cn/docs/tutorials/services/connect-applications-service.md index faf1af0651334..c093f4a090f20 100644 --- a/content/zh-cn/docs/tutorials/services/connect-applications-service.md +++ b/content/zh-cn/docs/tutorials/services/connect-applications-service.md @@ -185,7 +185,7 @@ As mentioned previously, a Service is backed by a group of Pods. These Pods are exposed through {{}}. The Service's selector will be evaluated continuously and the results will be POSTed -to an EndpointSlice that is connected to the Service using a +to an EndpointSlice that is connected to the Service using {{< glossary_tooltip text="labels" term_id="label" >}}. When a Pod dies, it is automatically removed from the EndpointSlices that contain it as an endpoint. New Pods that match the Service's selector will automatically get added From f800d8f857e5ef4b279e4b960f1eec3bce1e5d87 Mon Sep 17 00:00:00 2001 From: steve-hardman <132999137+steve-hardman@users.noreply.github.com> Date: Sat, 11 May 2024 19:17:26 +0100 Subject: [PATCH 21/27] Add banner for KubeCon China 2024 --- data/announcements/scheduled.yaml | 15 +++++++++++++++ .../announcements/kubecon-china-2024-white.svg | 1 + 2 files changed, 16 insertions(+) create mode 100644 static/images/announcements/kubecon-china-2024-white.svg diff --git a/data/announcements/scheduled.yaml b/data/announcements/scheduled.yaml index 1ebf187440de7..56d0b4288d671 100644 --- a/data/announcements/scheduled.yaml +++ b/data/announcements/scheduled.yaml @@ -232,3 +232,18 @@ announcements: Buy your ticket now! 19 - 22 March | Paris, France + +- name: KubeCon 2024 China + startTime: 2024-07-26T00:00:00 #Added in https://github.com/kubernetes/website/pull/46431 + endTime: 2024-08-23T18:00:00 + style: >- + background: linear-gradient(90deg, rgba(229,64,216,1) 60%, rgba(0,212,255,1) 100%); + color: #fffff; + title: | + + KubeCon + CloudNativeCon + Open Source Summit China 2024 + message: | + Join us for three days of incredible opportunities to collaborate, learn and share with the cloud native community.
+ + Buy your ticket now! 21 - 23 August | Hong Kong + diff --git a/static/images/announcements/kubecon-china-2024-white.svg b/static/images/announcements/kubecon-china-2024-white.svg new file mode 100644 index 0000000000000..e0f6051974b3a --- /dev/null +++ b/static/images/announcements/kubecon-china-2024-white.svg @@ -0,0 +1 @@ + \ No newline at end of file From 54318fb23e4f02cfe1795d4a2ce867c97a68a6ea Mon Sep 17 00:00:00 2001 From: tico88612 <17496418+tico88612@users.noreply.github.com> Date: Tue, 21 May 2024 08:37:22 +0800 Subject: [PATCH 22/27] [zh-cn] sync reference/node content Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com> --- content/zh-cn/docs/reference/node/kubelet-checkpoint-api.md | 2 +- .../node/topics-on-dockershim-and-cri-compatible-runtimes.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/zh-cn/docs/reference/node/kubelet-checkpoint-api.md b/content/zh-cn/docs/reference/node/kubelet-checkpoint-api.md index f3c602d11c490..ebdb6866f642f 100644 --- a/content/zh-cn/docs/reference/node/kubelet-checkpoint-api.md +++ b/content/zh-cn/docs/reference/node/kubelet-checkpoint-api.md @@ -118,7 +118,7 @@ POST /checkpoint/{namespace}/{pod}/{container} @@ -103,6 +103,6 @@ You can provide feedback via the GitHub issue [**Dockershim removal feedback & i * Mirantis 博客:[Dockershim 的未来是 cri-dockerd](https://www.mirantis.com/blog/the-future-of-dockershim-is-cri-dockerd/)(发表于 2021/04/21) -* Mirantis: [Mirantis/cri-dockerd](https://github.com/Mirantis/cri-dockerd) Git 仓库(在 GitHub 上) +* Mirantis: [Mirantis/cri-dockerd](https://mirantis.github.io/cri-dockerd/) 官方文档 * Tripwire:[Dockershim 即将弃用如何影响你的 Kubernetes](https://www.tripwire.com/state-of-security/security-data-protection/cloud/how-dockershim-forthcoming-deprecation-affects-your-kubernetes/) (发表于 2021/07/01) From 328133994b145aa9e219fb5c1d0a6f7a36afdfba Mon Sep 17 00:00:00 2001 From: windsonsea Date: Tue, 21 May 2024 10:59:20 +0800 Subject: [PATCH 23/27] Fix dashes in front matter to 2024-02-22-k8s-book-club --- .../_posts/2024-02-22-k8s-book-club/index.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/content/en/blog/_posts/2024-02-22-k8s-book-club/index.md b/content/en/blog/_posts/2024-02-22-k8s-book-club/index.md index 74e2c4f70ab24..11091f1b94e83 100644 --- a/content/en/blog/_posts/2024-02-22-k8s-book-club/index.md +++ b/content/en/blog/_posts/2024-02-22-k8s-book-club/index.md @@ -1,4 +1,4 @@ ------- +--- layout: blog title: "A look into the Kubernetes Book Club" slug: k8s-book-club @@ -106,8 +106,7 @@ Book Club's reach and impact in the community. **CS**: There are three steps to join: -- First, join the [Kubernetes Book Club - Community](https://community.cncf.io/kubernetes-virtual-book-club/) +- First, join the [Kubernetes Book Club Community](https://community.cncf.io/kubernetes-virtual-book-club/) - Then RSVP to the [events](https://community.cncf.io/kubernetes-virtual-book-club/) on the community page @@ -117,10 +116,10 @@ Book Club's reach and impact in the community. **FSM**: Excellent, thank you! Any final comments you would like to share? **CS**: The Kubernetes Book Club is more than just a group of professionals discussing books; it's a -vibrant community and amazing volunteers that help organize and host [Neependra -Khare](https://www.linkedin.com/in/neependra/), [Eric -Smalling](https://www.linkedin.com/in/ericsmalling/), [Sevi -Karakulak](https://www.linkedin.com/in/sevikarakulak/), [Chad -M. Crowell](https://www.linkedin.com/in/chadmcrowell/), and [Walid (CNJ) -Shaari](https://www.linkedin.com/in/walidshaari/). Look us up at KubeCon and get your Kubernetes -Book Club sticker! +vibrant community and amazing volunteers that help organize and host +[Neependra Khare](https://www.linkedin.com/in/neependra/), +[Eric Smalling](https://www.linkedin.com/in/ericsmalling/), +[Sevi Karakulak](https://www.linkedin.com/in/sevikarakulak/), +[Chad M. Crowell](https://www.linkedin.com/in/chadmcrowell/), +and [Walid (CNJ) Shaari](https://www.linkedin.com/in/walidshaari/). +Look us up at KubeCon and get your Kubernetes Book Club sticker! From f6794570678f2e732f5e9f5de7737924f369d80a Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 21 May 2024 20:47:33 +0800 Subject: [PATCH 24/27] [zh] Sync reference/scheduling/config.md --- .../zh-cn/docs/reference/scheduling/config.md | 61 ++++++++++++++++--- 1 file changed, 52 insertions(+), 9 deletions(-) diff --git a/content/zh-cn/docs/reference/scheduling/config.md b/content/zh-cn/docs/reference/scheduling/config.md index 352e5b77ad322..f8786ace6bf13 100644 --- a/content/zh-cn/docs/reference/scheduling/config.md +++ b/content/zh-cn/docs/reference/scheduling/config.md @@ -8,6 +8,7 @@ title: Scheduler Configuration content_type: concept weight: 20 --> + {{< feature-state for_k8s_version="v1.25" state="stable" >}} KubeSchedulerConfiguration v1beta3 在 v1.26 中已被弃用, -并将在 v1.29 中被移除。请将 KubeSchedulerConfiguration 迁移到 [v1](/zh-cn/docs/reference/config-api/kube-scheduler-config.v1/)。 +并将在 v1.29 中被移除。请将 KubeSchedulerConfiguration 迁移到 +[v1](/zh-cn/docs/reference/config-api/kube-scheduler-config.v1/)。 {{< /note >}} -10. `bind`:这个插件将 Pod 与节点绑定。`bind` 插件是按顺序调用的,只要有一个插件完成了绑定,其余插件都会跳过。`bind` 插件至少需要一个。 +10. `bind`:这个插件将 Pod 与节点绑定。`bind` 插件是按顺序调用的,只要有一个插件完成了绑定, + 其余插件都会跳过。`bind` 插件至少需要一个。 -Pod 的调度事件把 `.spec.schedulerName` 字段值作为 ReportingController。 +Pod 的调度事件把 `.spec.schedulerName` 字段值作为它们的 `ReportingController`。 领导者选举事件使用列表中第一个配置文件的调度器名称。 + +有关更多信息,请参阅 +[Event API 参考文档](/zh-cn/docs/reference/kubernetes-api/cluster-resources/event-v1/)中的 +`reportingController` 一节。 {{< /note >}} {{< note >}} @@ -495,7 +504,8 @@ profile config, `multiPoint`, which allows for easily enabling or disabling a pl across several extension points. The intent of `multiPoint` config is to simplify the configuration needed for users and administrators when using custom profiles. --> -从 `kubescheduler.config.k8s.io/v1beta3` 开始,配置文件配置中有一个附加字段 `multiPoint`,它允许跨多个扩展点轻松启用或禁用插件。 +从 `kubescheduler.config.k8s.io/v1beta3` 开始,配置文件配置中有一个附加字段 +`multiPoint`,它允许跨多个扩展点轻松启用或禁用插件。 `multiPoint` 配置的目的是简化用户和管理员在使用自定义配置文件时所需的配置。 在 `v1beta3` 之前的配置版本中,没有 `multiPoint`,上面的代码片段等同于: + ```yaml apiVersion: kubescheduler.config.k8s.io/v1beta2 kind: KubeSchedulerConfiguration @@ -781,7 +824,7 @@ as well as its seamless integration with the existing methods for configuring ex * The scheduler plugin `NodeLabel` is deprecated; instead, use the [`NodeAffinity`](/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) plugin (enabled by default) to achieve similar behavior. --> * 调度器插件 `NodeLabel` 已弃用; - 相反,要使用 [`NodeAffinity`](/zh-cn/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) + 相反,要使用 [`NodeAffinity`](/zh-cn/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) 插件(默认启用)来实现类似的行为。 * 调度器插件 `NodePreferAvoidPods` 已弃用; - 相反,使用 [节点污点](/zh-cn/docs/concepts/scheduling-eviction/taint-and-toleration/) 来实现类似的行为。 + 相反,使用[节点污点](/zh-cn/docs/concepts/scheduling-eviction/taint-and-toleration/)来实现类似的行为。 即使你没有目标系统的 root 权限,仍然可以将 kubectl 安装到目录 `~/.local/bin` 中: + ```bash chmod +x kubectl mkdir -p ~/.local/bin @@ -202,13 +205,13 @@ Or use this for detailed view of version: ```shell sudo apt-get update # apt-transport-https may be a dummy package; if so, you can skip that package - sudo apt-get install -y apt-transport-https ca-certificates curl + sudo apt-get install -y apt-transport-https ca-certificates curl gnupg ``` --> ```shell sudo apt-get update # apt-transport-https 可以是一个虚拟包;如果是这样,你可以跳过这个包 - sudo apt-get install -y apt-transport-https ca-certificates curl + sudo apt-get install -y apt-transport-https ca-certificates curl gnupg ``` +--> 要将 kubectl 升级到别的次要版本,你需要先升级 `/etc/apt/sources.list.d/kubernetes.list` 中的版本, 再运行 `apt-get update` 和 `apt-get upgrade` 命令。 更详细的步骤可以在[更改 Kubernetes 软件包存储库](/zh-cn/docs/tasks/administer-cluster/kubeadm/change-package-repository/)中找到。 @@ -268,7 +271,6 @@ To upgrade kubectl to another minor release, you'll need to bump the version in - 4. 更新 `apt` 包索引,然后安装 kubectl: ```shell @@ -377,14 +379,14 @@ To upgrade kubectl to another minor release, you'll need to bump the version in 此过程在[更改 Kubernetes 软件包仓库](/zh-cn/docs/tasks/administer-cluster/kubeadm/change-package-repository/)中有更详细的描述。 {{< /note >}} - - 2. 使用 `zypper` 安装 kubectl: + +2. 使用 `zypper` 安装 kubectl: - ```bash - sudo zypper install -y kubectl - ``` + ```bash + sudo zypper install -y kubectl + ``` {{% /tab %}} From bb16b85bd4881d236e1e8e5a61f3520163e18fdf Mon Sep 17 00:00:00 2001 From: Mauren Berti Date: Tue, 21 May 2024 19:37:05 -0400 Subject: [PATCH 26/27] [pt-br] Update navbar items for vanilla Docsy Update navbar items in the Brazilian Portuguese localization so layout renders correctly using vanilla Docsy. --- content/pt-br/blog/_index.md | 4 +--- content/pt-br/case-studies/_index.md | 3 +++ content/pt-br/community/_index.html | 3 +++ content/pt-br/docs/home/_index.md | 2 -- content/pt-br/docs/tutorials/hello-minikube.md | 6 ------ content/pt-br/partners/_index.html | 4 ++++ 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/content/pt-br/blog/_index.md b/content/pt-br/blog/_index.md index 0dc046378f528..715377917f4a8 100644 --- a/content/pt-br/blog/_index.md +++ b/content/pt-br/blog/_index.md @@ -4,7 +4,5 @@ linkTitle: Blog menu: main: title: "Blog" - weight: 40 - post: > -

Leia as últimas novidades sobre Kubernetes e contêineres em geral, e obtenha detalhes técnicos atualizados

+ weight: 20 --- diff --git a/content/pt-br/case-studies/_index.md b/content/pt-br/case-studies/_index.md index 427d5bf143e96..386dea7e0e518 100644 --- a/content/pt-br/case-studies/_index.md +++ b/content/pt-br/case-studies/_index.md @@ -6,4 +6,7 @@ abstract: Alguns usuários que estão executando o Kubernetes em produção. layout: basic class: gridPage cid: caseStudies +menu: + main: + weight: 60 --- \ No newline at end of file diff --git a/content/pt-br/community/_index.html b/content/pt-br/community/_index.html index fa7726379f2b7..11cf8b1160003 100644 --- a/content/pt-br/community/_index.html +++ b/content/pt-br/community/_index.html @@ -3,6 +3,9 @@ layout: basic cid: community community_styles_migrated: true +menu: + main: + weight: 50 --- -

Aprenda a usar o Kubernetes com documentação conceitual, tutorial e de referência. Você também pode ajudar a contribuir para a documentação!

overview: > O Kubernetes é uma engine de orquestração de contêineres Open Source utilizado para automatizar a implantação, dimensionamento e gerenciamento de aplicativos em contêiner. O projeto é hospedado por the Cloud Native Computing Foundation (CNCF). cards: diff --git a/content/pt-br/docs/tutorials/hello-minikube.md b/content/pt-br/docs/tutorials/hello-minikube.md index 3101c62416fae..9ad8304cb2d18 100644 --- a/content/pt-br/docs/tutorials/hello-minikube.md +++ b/content/pt-br/docs/tutorials/hello-minikube.md @@ -2,12 +2,6 @@ title: Olá, Minikube! content_type: tutorial weight: 5 -menu: - main: - title: "Iniciar" - weight: 10 - post: > -

Pronto para meter a mão na massa? Vamos criar um cluster Kubernetes simples e executar uma aplicação exemplo.

card: name: tutorials weight: 10 diff --git a/content/pt-br/partners/_index.html b/content/pt-br/partners/_index.html index d656e1a06a700..822bf7314ee2c 100644 --- a/content/pt-br/partners/_index.html +++ b/content/pt-br/partners/_index.html @@ -4,6 +4,10 @@ abstract: Crescendo o ecossistema do Kubernetes. class: gridPage cid: parceiros +body_class: partners +menu: + main: + weight: 40 ---
From e01500f5e1a267ea71e6a19b50fc5efeb7a21c82 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Tue, 21 May 2024 13:58:12 +0800 Subject: [PATCH 27/27] Fix feature gates that have been been removed in 1.30 --- .../feature-gates/api-self-subject-review.md | 2 ++ .../feature-gates/csi-migration-azure-file.md | 2 ++ .../feature-gates/expanded-dns-config.md | 2 ++ .../experimental-host-user-namespace-defaulting.md | 2 ++ .../feature-gates/ip-tables-ownership-cleanup.md | 2 ++ .../feature-gates/kubelet-pod-resources-get-allocatable.md | 2 ++ .../feature-gates/kubelet-pod-resources.md | 2 ++ .../feature-gates/legacy-service-account-token-tracking.md | 3 ++- .../feature-gates/minimize-ip-tables-restore.md | 2 ++ .../feature-gates/proxy-terminating-endpoints.md | 2 ++ .../feature-gates/security-context-deny.md | 2 ++ 11 files changed, 22 insertions(+), 1 deletion(-) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/api-self-subject-review.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/api-self-subject-review.md index dc706fb51af52..a0d46d6d87c76 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/api-self-subject-review.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/api-self-subject-review.md @@ -18,6 +18,8 @@ stages: - stage: stable defaultValue: true fromVersion: "1.28" + toVersion: "1.29" +removed: true --- Activate the `SelfSubjectReview` API which allows users to see the requesting subject's authentication information. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-file.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-file.md index 0b7b4550600e8..456c99e19291c 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-file.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/csi-migration-azure-file.md @@ -21,6 +21,8 @@ stages: - stage: stable defaultValue: true fromVersion: "1.26" + toVersion: "1.29" +removed: true --- Enables shims and translation logic to route volume operations from the Azure-File in-tree plugin to AzureFile CSI plugin. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/expanded-dns-config.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/expanded-dns-config.md index eb2adb3b4d068..1c1d37e97579d 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/expanded-dns-config.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/expanded-dns-config.md @@ -17,6 +17,8 @@ stages: - stage: stable defaultValue: true fromVersion: "1.28" + toVersion: "1.29" +removed: true --- Enable kubelet and kube-apiserver to allow more DNS search paths and longer list of DNS search paths. This feature requires container diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/experimental-host-user-namespace-defaulting.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/experimental-host-user-namespace-defaulting.md index ceab94cb9e1a6..4eeec95c82a0c 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/experimental-host-user-namespace-defaulting.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/experimental-host-user-namespace-defaulting.md @@ -13,6 +13,8 @@ stages: - stage: deprecated defaultValue: false fromVersion: "1.28" + toVersion: "1.29" +removed: true --- Enabling the defaulting user namespace to host. This is for containers that are using other host namespaces, diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/ip-tables-ownership-cleanup.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/ip-tables-ownership-cleanup.md index 9144f61e407e7..93d36b1052025 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/ip-tables-ownership-cleanup.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/ip-tables-ownership-cleanup.md @@ -17,5 +17,7 @@ stages: - stage: stable defaultValue: true fromVersion: "1.28" + toVersion: "1.29" +removed: true --- This causes kubelet to no longer create legacy iptables rules. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get-allocatable.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get-allocatable.md index 4ab61fbec8b26..b23a7c626cda5 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get-allocatable.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-get-allocatable.md @@ -17,6 +17,8 @@ stages: - stage: stable defaultValue: true fromVersion: "1.28" + toVersion: "1.29" +removed: true --- Enable the kubelet's pod resources `GetAllocatableResources` functionality. This API augments the diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources.md index 80c3f1a35c761..4a7a4ac13bd76 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources.md @@ -17,6 +17,8 @@ stages: - stage: stable defaultValue: true fromVersion: "1.28" + toVersion: "1.29" +removed: true --- Enable the kubelet's pod resources gRPC endpoint. See [Support Device Monitoring](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/606-compute-device-assignment/README.md) diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-tracking.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-tracking.md index 26a4af593051f..6b281525898b4 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-tracking.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/legacy-service-account-token-tracking.md @@ -17,7 +17,8 @@ stages: - stage: stable defaultValue: true fromVersion: "1.28" - + toVersion: "1.29" +removed: true --- Track usage of Secret-based [service account tokens](/docs/concepts/security/service-accounts/#get-a-token). diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/minimize-ip-tables-restore.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/minimize-ip-tables-restore.md index 0e8f0c7d1fb3e..5e8dc0feaa388 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/minimize-ip-tables-restore.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/minimize-ip-tables-restore.md @@ -17,6 +17,8 @@ stages: - stage: stable defaultValue: true fromVersion: "1.28" + toVersion: "1.29" +removed: true --- Enables new performance improvement logics in the kube-proxy iptables mode. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/proxy-terminating-endpoints.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/proxy-terminating-endpoints.md index debb78efafcdf..1076ed5340eaa 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/proxy-terminating-endpoints.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/proxy-terminating-endpoints.md @@ -17,6 +17,8 @@ stages: - stage: stable defaultValue: true fromVersion: "1.28" + toVersion: "1.29" +removed: true --- Enable the kube-proxy to handle terminating endpoints when `ExternalTrafficPolicy=Local`. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/security-context-deny.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/security-context-deny.md index d4947c6d41a4f..29bf02d194567 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/security-context-deny.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/security-context-deny.md @@ -9,5 +9,7 @@ stages: - stage: alpha defaultValue: false fromVersion: "1.27" + toVersion: "1.29" +removed: true --- This gate signals that the `SecurityContextDeny` admission controller is deprecated.