From 90b7489ecfc0cd7cd7129ab0a5aafdcbd2246483 Mon Sep 17 00:00:00 2001 From: XsWack Date: Tue, 8 Aug 2017 14:22:27 +0800 Subject: [PATCH 01/24] Update set-up-cluster-federation-kubefed.md fix typo and unified format --- docs/tasks/federation/set-up-cluster-federation-kubefed.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/tasks/federation/set-up-cluster-federation-kubefed.md b/docs/tasks/federation/set-up-cluster-federation-kubefed.md index 4df407f4a02e5..cf74b87eef20b 100644 --- a/docs/tasks/federation/set-up-cluster-federation-kubefed.md +++ b/docs/tasks/federation/set-up-cluster-federation-kubefed.md @@ -67,9 +67,9 @@ kubefed is available as a [snap](https://snapcraft.io/) application. 1. If you are on Ubuntu or one of other Linux distributions that support [snap](https://snapcraft.io/docs/core/install) package manager, you can install with: - sudo snap install kubefed --classic + sudo snap install kubefed --classic -2. Run `kubefed version` to verify that the verison you've installed is sufficiently up-to-date. +2. Run `kubefed version` to verify that the version you've installed is sufficiently up-to-date. ## Choosing a host cluster. @@ -422,7 +422,7 @@ in the federation don't follow In such cases, you can specify a cluster name that conforms to the [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt) label naming rules and specify the cluster context using the `--cluster-context` flag. -For example, if context of the cluster your are joining is +For example, if context of the cluster you are joining is `gondor_needs-no_king`, then you can join the cluster by running: ```shell From 8bbae8df49d19c400c85b41f78d3dc15475ce88c Mon Sep 17 00:00:00 2001 From: Slava Semushin Date: Fri, 4 Aug 2017 15:56:54 +0200 Subject: [PATCH 02/24] encrypt-data.md: update all secrets in all namespaces. --- docs/tasks/administer-cluster/encrypt-data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tasks/administer-cluster/encrypt-data.md b/docs/tasks/administer-cluster/encrypt-data.md index dc0889295a45f..9a6e596e9bd69 100644 --- a/docs/tasks/administer-cluster/encrypt-data.md +++ b/docs/tasks/administer-cluster/encrypt-data.md @@ -148,7 +148,7 @@ program to retrieve the contents of your secret. Since secrets are encrypted on write, performing an update on a secret will encrypt that content. ``` -kubectl get secrets -o json | kubectl replace -f - +kubectl get secrets --all-namespaces -o json | kubectl replace -f - ``` The command above reads all secrets and then updates them to apply server side encryption. From 230abbce22adf470b28dcfd08a7aa0c06c9b09b3 Mon Sep 17 00:00:00 2001 From: XsWack Date: Tue, 8 Aug 2017 23:20:20 +0800 Subject: [PATCH 03/24] Update declarative-object-management-configuration.md fix typo --- .../declarative-object-management-configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorials/object-management-kubectl/declarative-object-management-configuration.md b/docs/tutorials/object-management-kubectl/declarative-object-management-configuration.md index fa226b11b1e23..315e2a471b6d8 100644 --- a/docs/tutorials/object-management-kubectl/declarative-object-management-configuration.md +++ b/docs/tutorials/object-management-kubectl/declarative-object-management-configuration.md @@ -484,7 +484,7 @@ TODO(1.6): For 1.6, add the following bullet point to 1. ### How different types of fields are merged How a particular field in a configuration file is merged with -with the live configuration depends on the +the live configuration depends on the type of the field. There are several types of fields: - *primitive*: A field of type string, integer, or boolean. From 179e188919ec75fbc23ce2a97b4e16f830cc3ac5 Mon Sep 17 00:00:00 2001 From: Zachary Corleissen Date: Tue, 8 Aug 2017 16:15:42 -0700 Subject: [PATCH 04/24] Automatic review assignment (#4697) * Add automatic review assignment * Remove approvers section --- OWNERS | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/OWNERS b/OWNERS index f1cef0b5bb77d..ec534bfbfb6c8 100644 --- a/OWNERS +++ b/OWNERS @@ -1,6 +1,3 @@ -approvers: -- smarterclayton -- janetkuo -- pwittrock -- kelseyhightower -- jaredbhatti +reviewers: +- chenopis +- zacharysarah From b5e030dcbdd496c4baab41a5dde8badd05498c54 Mon Sep 17 00:00:00 2001 From: lichuqiang Date: Tue, 8 Aug 2017 21:13:27 +0800 Subject: [PATCH 05/24] fix typo in connect-application-service.md --- .../services-networking/connect-applications-service.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/concepts/services-networking/connect-applications-service.md b/docs/concepts/services-networking/connect-applications-service.md index c9ba693510a71..bca732ac0bac5 100644 --- a/docs/concepts/services-networking/connect-applications-service.md +++ b/docs/concepts/services-networking/connect-applications-service.md @@ -101,7 +101,7 @@ Kubernetes supports 2 primary modes of finding a Service - environment variables ### Environment Variables -When a Pod is run on a Node, the kubelet adds a set of environment variables for each active Service. This introduces an ordering problem. To see why, inspect the environment of your running nginx pods (your pod name will be different): +When a Pod runs on a Node, the kubelet adds a set of environment variables for each active Service. This introduces an ordering problem. To see why, inspect the environment of your running nginx pods (your pod name will be different): ```shell $ kubectl exec my-nginx-3800858182-jr4a2 -- printenv | grep SERVICE From 091f52f90143a433f1488385abd37c3581bed0d4 Mon Sep 17 00:00:00 2001 From: Andrew Chen Date: Tue, 8 Aug 2017 15:30:34 -0700 Subject: [PATCH 06/24] escape liquid curly braces --- docs/getting-started-guides/mesos/index.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/getting-started-guides/mesos/index.md b/docs/getting-started-guides/mesos/index.md index bb189a922aec7..a01d2efad89b1 100644 --- a/docs/getting-started-guides/mesos/index.md +++ b/docs/getting-started-guides/mesos/index.md @@ -228,13 +228,16 @@ Note that we have passed these two values already as parameter to the apiserver A template for a replication controller spinning up the pod with the 3 containers can be found at [cluster/addons/dns/kubedns-controller.yaml.in][12] in the repository. The following steps are necessary in order to get a valid replication controller yaml file: -- replace `{% raw %}{{ pillar['dns_replicas'] }}{% endraw %}` with `1` -- replace `{% raw %}{{ pillar['dns_domain'] }}{% endraw %}` with `cluster.local.` +{% assign dns_replicas = "{{ pillar['dns_replicas'] }}" %} +{% assign dns_domain = "{{ pillar['dns_domain'] }}" %} +- replace `{{ dns_replicas }}` with `1` +- replace `{{ dns_domain }}` with `cluster.local.` - add `--kube_master_url=${KUBERNETES_MASTER}` parameter to the kube2sky container command. In addition the service template at [cluster/addons/dns/kubedns-controller.yaml.in][12] needs the following replacement: -- `{% raw %}{{ pillar['dns_server'] }}{% endraw %}` with `10.10.10.10`. +{% assign dns_server = "{{ pillar['dns_server'] }}" %} +- `{{ dns_server }}` with `10.10.10.10`. To do this automatically: From 01778992aadc5624c5eb8a5ab6ecdf909fcb0dd7 Mon Sep 17 00:00:00 2001 From: Stewart-YU <30410021+stewart-yu@users.noreply.github.com> Date: Tue, 8 Aug 2017 21:06:25 +0800 Subject: [PATCH 07/24] Update review-issues.md spelling mistake --- docs/home/contribute/review-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/home/contribute/review-issues.md b/docs/home/contribute/review-issues.md index d6cc0bdb01217..815edff9c9fbc 100644 --- a/docs/home/contribute/review-issues.md +++ b/docs/home/contribute/review-issues.md @@ -55,7 +55,7 @@ The following labels and definitions should be used to prioritize issues. If you ## Handling special issue types ### Duplicate issues -If a single problem has one or more issues open for it, the problem should be consolodated into a single issue. You should decide which issue to keep open (or open a new issue), port over all relevant information, link related issues, and close all the other issues that describe the same problem. Only having a single issue to work on will help reduce confusion and avoid duplicating work on the same problem. +If a single problem has one or more issues open for it, the problem should be consolidated into a single issue. You should decide which issue to keep open (or open a new issue), port over all relevant information, link related issues, and close all the other issues that describe the same problem. Only having a single issue to work on will help reduce confusion and avoid duplicating work on the same problem. ### Dead link issues Depending on where the dead link is reported, different actions are required to resolve the issue. Dead links in the API and Kubectl docs are automation issues and should be assigned a P1 until the problem can be fully understood. All other dead links are issues that need to be manually fixed and can be assigned a P3. From d4d5f3ec3cf763ff733973ffa0ee0844432f0ffe Mon Sep 17 00:00:00 2001 From: Kaitlyn Barnard Date: Tue, 8 Aug 2017 14:57:21 -0700 Subject: [PATCH 08/24] Adding online tutorials to nav --- _data/tutorials.yml | 6 ++++-- docs/tutorials/index.md | 4 +++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/_data/tutorials.yml b/_data/tutorials.yml index 3989024606eeb..479135958e0b1 100644 --- a/_data/tutorials.yml +++ b/_data/tutorials.yml @@ -29,8 +29,11 @@ toc: section: - docs/tutorials/kubernetes-basics/update-intro.html - docs/tutorials/kubernetes-basics/update-interactive.html -- title: Online Training Course +- title: Online Training Courses + section: Scalable Microservices with Kubernetes (Udacity) path: https://www.udacity.com/course/scalable-microservices-with-kubernetes--ud615 + section: Introduction to Kubernetes (edX) + path: https://www.edx.org/course/introduction-kubernetes-linuxfoundationx-lfs158x# - docs/tutorials/stateless-application/hello-minikube.md - title: Configuration section: @@ -61,4 +64,3 @@ toc: - title: Services section: - docs/tutorials/services/source-ip.md - diff --git a/docs/tutorials/index.md b/docs/tutorials/index.md index 9f48c6b9ea7a5..e0a9b24d95aeb 100644 --- a/docs/tutorials/index.md +++ b/docs/tutorials/index.md @@ -9,7 +9,9 @@ each of which has a sequence of steps. * [Kubernetes Basics](/docs/tutorials/kubernetes-basics/) is an in-depth interactive tutorial that helps you understand the Kubernetes system and try out some basic Kubernetes features. -* [Online Training Course](https://www.udacity.com/course/scalable-microservices-with-kubernetes--ud615) +* [Scalable Microservices with Kubernetes (Udacity)](https://www.udacity.com/course/scalable-microservices-with-kubernetes--ud615) + +* [Introduction to Kubernetes (edX)](https://www.edx.org/course/introduction-kubernetes-linuxfoundationx-lfs158x#) * [Hello Minikube](/docs/tutorials/stateless-application/hello-minikube/) From 544891a7e25f67c79ef64def6ced07ebe51b647b Mon Sep 17 00:00:00 2001 From: XsWack Date: Wed, 9 Aug 2017 08:58:32 +0800 Subject: [PATCH 09/24] Update configmap.md fix typo --- docs/tasks/configure-pod-container/configmap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tasks/configure-pod-container/configmap.md b/docs/tasks/configure-pod-container/configmap.md index 8f84bbdb083e3..508f32e2e3390 100644 --- a/docs/tasks/configure-pod-container/configmap.md +++ b/docs/tasks/configure-pod-container/configmap.md @@ -223,7 +223,7 @@ metadata: ConfigMaps allow you to decouple configuration artifacts from image content to keep containerized applications portable. The ConfigMap API resource stores configuration data as key-value pairs. The data can be consumed in pods or provide the configurations for system components such as controllers. ConfigMap is similar to [Secrets](/docs/concepts/configuration/secret/), but provides a means of working with strings that don't contain sensitive information. Users and system components alike can store configuration data in ConfigMap. -Note: ConfigMaps should reference properties files, not replace them. Think of the ConfigMap as representing something similar to the a Linux `/etc` directory and its contents. For example, if you create a [Kubernetes Volume](/docs/concepts/storage/volumes/) from a ConfigMap, each data item in the ConfigMap is represented by an individual file in the volume. +Note: ConfigMaps should reference properties files, not replace them. Think of the ConfigMap as representing something similar to the Linux `/etc` directory and its contents. For example, if you create a [Kubernetes Volume](/docs/concepts/storage/volumes/) from a ConfigMap, each data item in the ConfigMap is represented by an individual file in the volume. The ConfigMap's `data` field contains the configuration data. As shown in the example below, this can be simple -- like individual properties defined using `--from-literal` -- or complex -- like configuration files or JSON blobs defined using `--from-file`. From 36c4ea8923b691a33d4999db7dfe37e412fc7233 Mon Sep 17 00:00:00 2001 From: Brad Beam Date: Wed, 9 Aug 2017 00:23:10 -0500 Subject: [PATCH 10/24] Updates for kubespray deployment (#4690) * Updates for kubespray deployment * Update kubespray.md --- docs/getting-started-guides/kubespray.md | 138 ++++++++++++----------- 1 file changed, 73 insertions(+), 65 deletions(-) diff --git a/docs/getting-started-guides/kubespray.md b/docs/getting-started-guides/kubespray.md index 6bf2fd66e95ea..eee97f6a2a17c 100644 --- a/docs/getting-started-guides/kubespray.md +++ b/docs/getting-started-guides/kubespray.md @@ -4,94 +4,102 @@ title: Installing Kubernetes On-premises/Cloud Providers with Kubespray ## Overview -This quickstart helps to install a Kubernetes cluster hosted -on GCE, Azure, OpenStack, AWS or Baremetal with -[`Kubespray`](https://github.com/kubernetes-incubator/kubespray) tool. - -Kubespray is a composition of [Ansible](http://docs.ansible.com/) playbooks, -[inventory](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/ansible.md) -generation CLI tools and domain knowledge for generic OS/Kubernetes -clusters configuration management tasks. It provides: - -* [High available cluster](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/ha-mode.md) -* [Composable](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/vars.md) - (Choice of the network plugin, for instance) -* Support most popular Linux - [distributions](https://github.com/kubernetes-incubator/kubespray#supported-linux-distributions) -* Continuous integration tests - -To choose a tool which fits your use case the best, you may want to read this -[comparison](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/comparisons.md) -to [kubeadm](../kubeadm) and [kops](../kops). +This quickstart helps to install a Kubernetes cluster hosted on GCE, Azure, OpenStack, AWS, or Baremetal with [Kubespray](https://github.com/kubernetes-incubator/kubespray). + +Kubespray is a composition of [Ansible](http://docs.ansible.com/) playbooks, [inventory](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/ansible.md), provisioning tools, and domain knowledge for generic OS/Kubernetes clusters configuration management tasks. Kubespray provides: + +* a highly available cluster +* composable attributes +* support for most popular Linux distributions +* continuous integration tests + +To choose a tool which best fits your use case, read [this comparison](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/comparisons.md) to [kubeadm](../kubeadm) and [kops](../kops). ## Creating a cluster -### (1/4) Ensure the underlay [requirements](https://github.com/kubernetes-incubator/kubespray#requirements) are met +### (1/5) Meet the underlay [requirements](https://github.com/kubernetes-incubator/kubespray#requirements) + +Provision servers with the following requirements: + +* `Ansible v2.3` (or newer) +* `Jinja 2.9` (or newer) +* `python-netaddr` installed on the machine that running Ansible commands +* Target servers must have access to the Internet in order to pull docker images +* Target servers are configured to allow IPv4 forwarding +* Target servers have SSH connectivity ( tcp/22 ) directly to your nodes or through a bastion host/ssh jump box +* Target servers have a privileged user +* Your SSH key must be copied to all the servers that are part of your inventory +* Firewall rules configured properly to allow Ansible and Kubernetes components to communicate +* If using a cloud provider, you must have the appropriate credentials available and exported as environment variables + +Kubespray provides the following utilities to help provision your environment: + +* [Terraform](https://www.terraform.io/) scripts for the following cloud providers: + * [AWS](https://github.com/kubernetes-incubator/kubespray/tree/master/contrib/terraform/aws) + * [OpenStack](https://github.com/kubernetes-incubator/kubespray/tree/master/contrib/terraform/aws) +* [kubespray-cli](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/getting-started.md) + +**Note:** kubespray-cli is no longer actively maintained. +{. :note} + +### (2/5) Compose an inventory file + +After you provision your servers, create an [inventory file for Ansible](http://docs.ansible.com/ansible/intro_inventory.html). You can do this manually or via a dynamic inventory script. For more information, see "[Building your own inventory](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/getting-started.md#building-your-own-inventory)". + +### (3/5) Plan your cluster deployment + +Kubespray provides the ability to customize many aspects of the deployment: + +* CNI (networking) plugins +* DNS configuration +* Choice of control plane: native/binary or containerized with docker or rkt) +* Component versions +* Calico route reflectors +* Component runtime options +* Certificate generation methods + +Kubespray customizations can be made to a [variable file](http://docs.ansible.com/ansible/playbooks_variables.html). If you are just getting started with Kubespray, consider using the Kubespray defaults to deploy your cluster and explore Kubernetes. + +### (4/5) Deploy a Cluster -#### Checklist +Next, deploy your cluster with one of two methods: -* You must have cloud instances or baremetal nodes running for your future Kubernetes cluster. - A way to achieve that is to use the - [kubespray-cli tool](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/getting-started.md). -* Or provision baremetal hosts with a tool-of-your-choice or launch cloud instances, - then create an inventory file for Ansible with this [tool](https://github.com/kubernetes-incubator/kubespray/blob/master/contrib/inventory_builder/inventory.py). +* [ansible-playbook](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/getting-started.md#starting-custom-deployment). +* [kubespray-cli tool](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/getting-started.md) -### (2/4) Compose the deployment +**Note:** kubespray-cli is no longer actively maintained. +{. :note} -#### Checklist +Both methods run the default [cluster definition file](https://github.com/kubernetes-incubator/kubespray/blob/master/cluster.yml). -* Customize your deployment by usual Ansible meanings, which is - [generating inventory](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/getting-started.md#building-your-own-inventory) - and overriding default data [variables](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/vars.md). - Or just stick with default values (Kubespray will choose Calico networking plugin for you - then). This includes steps like deciding on the: - * DNS [configuration options](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/dns-stack.md) - * [Networking plugin](https://github.com/kubernetes-incubator/kubespray#network-plugins) to use - * [Versions](https://github.com/kubernetes-incubator/kubespray#versions-of-supported-components) - of components. - * Additional node groups like [bastion hosts](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/ansible.md#bastion-host) or - [Calico BGP route reflectors](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/calico.md#optional--bgp-peering-with-border-routers). -* Plan custom deployment steps, if any, or use the default composition layer in the - [cluster definition file](https://github.com/kubernetes-incubator/kubespray/blob/master/cluster.yml). - Taking the best from Ansible world, Kubespray allows users to execute arbitrary steps via the - ``ansible-playbook`` with given inventory, playbooks, data overrides and tags, limits, batches - of nodes to deploy and so on. -* For large deployments (100+ nodes), you may want to - [tweak things](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/large-deployments.md) - for best results. +Large deployments (100+ nodes) may require [specific adjustments](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/large-deployments.md) for best results. -### (3/4) Run the deployment +### (5/5) Verify the deployment -#### Checklist +Kubespray provides a way to verify inter-pod connectivity and DNS resolve with [Netchecker](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/netcheck.md). Netchecker ensures the netchecker-agents pods can resolve DNS requests and ping each over within the default namespace. Those pods mimic similar behavior of the rest of the workloads and serve as cluster health indicators. -* Apply deployment with - [kubespray-cli tool](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/getting-started.md) - or ``ansible-playbook`` - [manual commands](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/getting-started.md#starting-custom-deployment). +## Cluster operations -### (4/4) (Optional) verify inter-pods connectivity and DNS resolve with [Netchecker](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/netcheck.md) +Kubespray provides additional playbooks to manage your cluster: _scale_ and _upgrade_. -#### Checklist +### Scale your cluster -* Ensure the netchecker-agent's pods can resolve DNS requests and ping each over within the default namespace. - Those pods mimic similar behavior of the rest of the workloads and serve as cluster health indicators. +You can scale your cluster by running the scale playbook. For more information, see "[Adding nodes](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/getting-started.md#Adding-nodes)". -## Explore contributed add-ons +### Upgrade your cluster -See the [list of contributed playbooks](https://github.com/kubernetes-incubator/kubespray/tree/master/contrib) -to explore other deployment options. +You can upgrade your cluster by running the upgrade-cluster playbook. For more information, see "[Upgrades](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/upgrades.md)". ## What's next -Kubespray has quite a few [marks on the radar](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/roadmap.md). +Check out planned work on Kubespray's [roadmap](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/roadmap.md). ## Cleanup -To delete your scratch cluster, you can apply the -[reset role](https://github.com/kubernetes-incubator/kubespray/blob/master/roles/reset/tasks/main.yml) -with the manual ``ansible-playbook`` command. +You can reset your nodes and wipe out all components installed with Kubespray via the [reset playbook](https://github.com/kubernetes-incubator/kubespray/blob/master/reset.yml). -Note, that it is highly unrecommended to delete production clusters with the reset playbook! +**Caution:** When running the reset playbook, be sure not to accidentally target your production cluster! +{. :caution} ## Feedback From 627ff5d40a6abf9d5f330e03dd485b6a554f7b27 Mon Sep 17 00:00:00 2001 From: dengyi1996 Date: Wed, 9 Aug 2017 13:49:09 +0800 Subject: [PATCH 11/24] Update weave-network-policy.md (#4683) * Update weave-network-policy.md add weavenet networkpolicy example * Edits from zacharysarah * Merge branch 'master' into patch-10 * Merge branch 'patch-10' of github.com:dengyi1996/kubernetes.github.io into patch-10 * Merge branch 'master' into patch-10 --- .../weave-network-policy.md | 82 ++++++++++++++++++- 1 file changed, 81 insertions(+), 1 deletion(-) diff --git a/docs/tasks/administer-cluster/weave-network-policy.md b/docs/tasks/administer-cluster/weave-network-policy.md index cc4111c2081f2..85537e93f3647 100644 --- a/docs/tasks/administer-cluster/weave-network-policy.md +++ b/docs/tasks/administer-cluster/weave-network-policy.md @@ -26,9 +26,89 @@ The Weave Net Addon for Kubernetes comes with a [Network Policy Controller](http {% endcapture %} +{% capture example %} + +## Namespace isolation example + +1. Create a namespace with `DefaultDeny`. + +```yaml +kind: Namespace +apiVersion: v1 +metadata: + name: myns + annotations: + net.beta.kubernetes.io/network-policy: | + { + "ingress": { + "isolation": "DefaultDeny" + } + } +``` + +2. Create 2 pods inside this namespace. + +```yaml +kind: Pod +apiVersion: v1 +metadata: + name: pod1 + namespace: myns + labels: + inns: "yes" +spec: + containers: + - name: pod1 + image: nginx +--- +kind: Pod +apiVersion: v1 +metadata: + name: pod2 + namespace: myns + labels: + inns: "yes" +spec: + containers: + - name: pod2 + image: nginx +``` + +3. Get the IP addresses of the pods. + +```shell +kubectl get po -n myns -o wide +``` +**Note:** If your cURL requests to pods are forbidden, try making cURL requests to other pods from within a pod. +{: .note} + +4. Create a Kubernetes NetworkPolicy that allows pods within the same namespace to connect with each other. + +```yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: aaa + namespace: myns +spec: + podSelector: + matchExpressions: + - {key: inns, operator: In, values: ["yes"]} + ingress: + - from: + - podSelector: + matchExpressions: + - {key: inns, operator: In, values: ["yes"]} +``` +**Caution:** After applying the network policy, pods outside the namespace you specify may be unable to connect with pods inside the namespace. +{. :caution} + +{% endcapture %} + + {% capture whatsnext %} -Once you have installed the Weave Net Addon you can follow the [NetworkPolicy getting started guide](/docs/getting-started-guides/network-policy/walkthrough) to try out Kubernetes NetworkPolicy. +Once you have installed the Weave Net addon, you can follow the [NetworkPolicy getting started guide](/docs/getting-started-guides/network-policy/walkthrough) to try out Kubernetes NetworkPolicy. {% endcapture %} From b9ef86b07ec93092c6419510cb0ff28992ad8e73 Mon Sep 17 00:00:00 2001 From: Stewart-YU <30410021+stewart-yu@users.noreply.github.com> Date: Thu, 10 Aug 2017 00:10:53 +0800 Subject: [PATCH 12/24] Update style-guide.md (#4699) spelling mistake --- docs/home/contribute/style-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/home/contribute/style-guide.md b/docs/home/contribute/style-guide.md index 8b214458d4bfa..594b5eb5b54fd 100644 --- a/docs/home/contribute/style-guide.md +++ b/docs/home/contribute/style-guide.md @@ -231,7 +231,7 @@ I didn't read the stlye guide. ### Ordered Lists -Callouts will interupt numbered lists unless you indent three spaces before the notice and the tag. +Callouts will interrupt numbered lists unless you indent three spaces before the notice and the tag. For example: From 646880aabaacd143ef98068cd6d9f0c9790613b3 Mon Sep 17 00:00:00 2001 From: XsWack Date: Wed, 9 Aug 2017 08:22:52 +0800 Subject: [PATCH 13/24] Update resource-usage-monitoring.md fix typo --- .../debug-application-cluster/resource-usage-monitoring.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tasks/debug-application-cluster/resource-usage-monitoring.md b/docs/tasks/debug-application-cluster/resource-usage-monitoring.md index 02c11adff233e..159426e29e816 100644 --- a/docs/tasks/debug-application-cluster/resource-usage-monitoring.md +++ b/docs/tasks/debug-application-cluster/resource-usage-monitoring.md @@ -50,7 +50,7 @@ Here is a video showing how to setup and run a Google Cloud Monitoring backed He [![how to setup and run a Google Cloud Monitoring backed Heapster](http://img.youtube.com/vi/xSMNR2fcoLs/0.jpg)](http://www.youtube.com/watch?v=xSMNR2fcoLs) -Here is a snapshot of the a Google Cloud Monitoring dashboard showing cluster-wide resource usage. +Here is a snapshot of the Google Cloud Monitoring dashboard showing cluster-wide resource usage. ![Google Cloud Monitoring dashboard](/images/docs/gcm.png) From 1ebeb23b48e3f395019c81ebc64c2d50d1e18935 Mon Sep 17 00:00:00 2001 From: XsWack Date: Wed, 9 Aug 2017 08:32:16 +0800 Subject: [PATCH 14/24] Update user-guide.md fix typo --- docs/tools/kompose/user-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tools/kompose/user-guide.md b/docs/tools/kompose/user-guide.md index 3135dcdd0b5e8..1a54860bba270 100644 --- a/docs/tools/kompose/user-guide.md +++ b/docs/tools/kompose/user-guide.md @@ -30,7 +30,7 @@ file "redis-deployment.yaml" created ## Installation -We have multiple ways to install Kompose. Our prefered method is downloading the binary from the latest GitHub release. +We have multiple ways to install Kompose. Our preferred method is downloading the binary from the latest GitHub release. ### GitHub release From dad3701316949eb6eed4047a882933df84a0ee90 Mon Sep 17 00:00:00 2001 From: Michelle Au Date: Tue, 8 Aug 2017 18:31:12 -0700 Subject: [PATCH 15/24] Fix statefulset storageclass example --- docs/concepts/workloads/controllers/statefulset.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/concepts/workloads/controllers/statefulset.md b/docs/concepts/workloads/controllers/statefulset.md index d45c44412a1d2..7f017a0bef280 100644 --- a/docs/concepts/workloads/controllers/statefulset.md +++ b/docs/concepts/workloads/controllers/statefulset.md @@ -94,10 +94,9 @@ spec: volumeClaimTemplates: - metadata: name: www - annotations: - volume.beta.kubernetes.io/storage-class: anything spec: accessModes: [ "ReadWriteOnce" ] + storageClassName: my-storage-class resources: requests: storage: 1Gi @@ -143,7 +142,8 @@ Note that Cluster Domain will be set to `cluster.local` unless Kubernetes creates one [PersistentVolume](/docs/concepts/storage/volumes/) for each VolumeClaimTemplate. In the nginx example above, each Pod will receive a single PersistentVolume -with a storage class of `anything` and 1 Gib of provisioned storage. When a Pod is (re)scheduled +with a StorageClass of `my-storage-class` and 1 Gib of provisioned storage. If no StorageClass +is specified, then the default StorageClass will be used. When a Pod is (re)scheduled onto a node, its `volumeMounts` mount the PersistentVolumes associated with its PersistentVolume Claims. Note that, the PersistentVolumes associated with the Pods' PersistentVolume Claims are not deleted when the Pods, or StatefulSet are deleted. From 2d47c4834f47f687d5d522195f372233664a150f Mon Sep 17 00:00:00 2001 From: Stewart-YU <30410021+stewart-yu@users.noreply.github.com> Date: Wed, 9 Aug 2017 09:04:57 +0800 Subject: [PATCH 16/24] Update upgrades.md spelling mistake --- docs/getting-started-guides/ubuntu/upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/getting-started-guides/ubuntu/upgrades.md b/docs/getting-started-guides/ubuntu/upgrades.md index 52bb1bdd80b71..d065993f28a80 100644 --- a/docs/getting-started-guides/ubuntu/upgrades.md +++ b/docs/getting-started-guides/ubuntu/upgrades.md @@ -40,7 +40,7 @@ The Kubernetes Charms use snap channels to drive payloads. The channels are defi | beta | Latest alpha or beta of Kubernetes for that minor release | | edge | Nightly builds of that minor release of Kubernetes | -If a release isn't available, the next highest channel is used. For example, 1.6/beta will load `/candidate` or `/stable` depending on availablility of release. Development versions of Kubernetes are available in that minor releases edge channel. There is no guarantee that edge or master will work with the current charms. +If a release isn't available, the next highest channel is used. For example, 1.6/beta will load `/candidate` or `/stable` depending on availability of release. Development versions of Kubernetes are available in that minor releases edge channel. There is no guarantee that edge or master will work with the current charms. ## Master Upgrades From 64d8c68a3f3dc72e4c1ba2cdd24af5af292e97ed Mon Sep 17 00:00:00 2001 From: XsWack Date: Wed, 9 Aug 2017 10:40:33 +0800 Subject: [PATCH 17/24] Update configure-liveness-readiness-probes.md Fix bad url. http://k8s.io/docs/user-guide/liveness/image/server.go is a bad url and it should be https://github.com/kubernetes/kubernetes/blob/master/test/images/liveness/server.go --- .../configure-liveness-readiness-probes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tasks/configure-pod-container/configure-liveness-readiness-probes.md b/docs/tasks/configure-pod-container/configure-liveness-readiness-probes.md index 4dc47cc5a6d1d..088090f415490 100644 --- a/docs/tasks/configure-pod-container/configure-liveness-readiness-probes.md +++ b/docs/tasks/configure-pod-container/configure-liveness-readiness-probes.md @@ -136,7 +136,7 @@ Any code greater than or equal to 200 and less than 400 indicates success. Any other code indicates failure. You can see the source code for the server in -[server.go](http://k8s.io/docs/user-guide/liveness/image/server.go). +[server.go](https://github.com/kubernetes/kubernetes/blob/master/test/images/liveness/server.go). For the first 10 seconds that the Container is alive, the `/healthz` handler returns a status of 200. After that, the handler returns a status of 500. From 23b482294e0a62fafae2eb7b55c078469a9e8645 Mon Sep 17 00:00:00 2001 From: supereagle Date: Wed, 9 Aug 2017 14:41:10 +0800 Subject: [PATCH 18/24] Update configure-pod-configmap.md --- docs/tasks/configure-pod-container/configure-pod-configmap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tasks/configure-pod-container/configure-pod-configmap.md b/docs/tasks/configure-pod-container/configure-pod-configmap.md index e4c523d33f743..9abe97e560c7b 100644 --- a/docs/tasks/configure-pod-container/configure-pod-configmap.md +++ b/docs/tasks/configure-pod-container/configure-pod-configmap.md @@ -234,7 +234,7 @@ special.level special.type ``` -### Add ConfigMap data to a specific path in the Volume: +### Add ConfigMap data to a specific path in the Volume Use the `path` field to specify the desired file path for specific ConfigMap items. In this case, the `special.level` item will be mounted in the `config-volume` volume at `/etc/config/keys`. From eceb421911841e62a4e70c46eec9c82efd5865cc Mon Sep 17 00:00:00 2001 From: SrinivasChilveri Date: Wed, 9 Aug 2017 22:36:22 +0530 Subject: [PATCH 19/24] Update master-node-communication.md (#4691) * Update master-node-communication.md Not working Links are updated * Update master-node-communication.md changed based on suggestion * updated as per suggestion --- docs/concepts/architecture/master-node-communication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/concepts/architecture/master-node-communication.md b/docs/concepts/architecture/master-node-communication.md index a650cc9a3a8ba..c94a4e8aed603 100644 --- a/docs/concepts/architecture/master-node-communication.md +++ b/docs/concepts/architecture/master-node-communication.md @@ -77,7 +77,7 @@ To verify this connection, use the `--kubelet-certificate-authority` flag to provide the apiserver with a root certificates bundle to use to verify the kubelet's serving certificate. -If that is not possible, use [SSH tunneling](/docs/admin/master-node-communication/#ssh-tunnels) +If that is not possible, use [SSH tunneling](/docs/concepts/architecture/master-node-communication/#ssh-tunnels) between the apiserver and kubelet if required to avoid connecting over an untrusted or public network. From da139b36be8faf55f097f3037e5f51e18a03738e Mon Sep 17 00:00:00 2001 From: Xiaoyu Zhang Date: Thu, 10 Aug 2017 01:07:21 +0800 Subject: [PATCH 20/24] Update kubectl get scale's output (#4708) --- .../horizontal-pod-autoscale-walkthrough.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md b/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md index ac47ca09d4110..b44baa485f77c 100644 --- a/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md +++ b/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md @@ -60,8 +60,8 @@ We may check the current status of autoscaler by running: ```shell $ kubectl get hpa -NAME REFERENCE TARGET CURRENT MINPODS MAXPODS AGE -php-apache Deployment/php-apache/scale 50% 0% 1 10 18s +NAME REFERENCE TARGET MINPODS MAXPODS REPLICAS AGE +php-apache Deployment/php-apache/scale 0% / 50% 1 10 1 18s ``` @@ -85,8 +85,8 @@ Within a minute or so, we should see the higher CPU load by executing: ```shell $ kubectl get hpa -NAME REFERENCE TARGET CURRENT MINPODS MAXPODS AGE -php-apache Deployment/php-apache/scale 50% 305% 1 10 3m +NAME REFERENCE TARGET CURRENT MINPODS MAXPODS REPLICAS AGE +php-apache Deployment/php-apache/scale 305% / 50% 305% 1 10 1 3m ``` @@ -114,8 +114,8 @@ Then we will verify the result state (after a minute or so): ```shell $ kubectl get hpa -NAME REFERENCE TARGET CURRENT MINPODS MAXPODS AGE -php-apache Deployment/php-apache/scale 50% 0% 1 10 11m +NAME REFERENCE TARGET MINPODS MAXPODS REPLICAS AGE +php-apache Deployment/php-apache/scale 0% / 50% 1 10 1 11m $ kubectl get deployment php-apache NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE From 97f27d6f4f242db5a2ffb307d3b620937658ec56 Mon Sep 17 00:00:00 2001 From: XsWack Date: Wed, 9 Aug 2017 19:10:01 +0800 Subject: [PATCH 21/24] fix typo fix typo --- docs/concepts/workloads/pods/init-containers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/concepts/workloads/pods/init-containers.md b/docs/concepts/workloads/pods/init-containers.md index aa2d4a634a9a0..4eb2fe796ef21 100644 --- a/docs/concepts/workloads/pods/init-containers.md +++ b/docs/concepts/workloads/pods/init-containers.md @@ -83,7 +83,7 @@ Here are some ideas for how to use Init Containers: * Wait for some time before starting the app Container with a command like `sleep 60`. * Clone a git repository into a volume. * Place values into a configuration file and run a template tool to dynamically - generate a configuration file for the the main app Container. For example, + generate a configuration file for the main app Container. For example, place the POD_IP value in a configuration and generate the main app configuration file using Jinja. From cd90b08c06723543a2dc84b3eb9459a30375f0e2 Mon Sep 17 00:00:00 2001 From: Rohit Sharma Date: Wed, 9 Aug 2017 14:03:44 +0200 Subject: [PATCH 22/24] Update extend-api-third-party-resource.md --- .../access-kubernetes-api/extend-api-third-party-resource.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tasks/access-kubernetes-api/extend-api-third-party-resource.md b/docs/tasks/access-kubernetes-api/extend-api-third-party-resource.md index c7e09287bde10..f66eb6939669b 100644 --- a/docs/tasks/access-kubernetes-api/extend-api-third-party-resource.md +++ b/docs/tasks/access-kubernetes-api/extend-api-third-party-resource.md @@ -127,7 +127,7 @@ $ kubectl get crontab -o json "uid": "6f65e7a3-8601-11e6-a23e-42010af0000c" } } - ] + ], "kind": "List", "metadata": {}, "resourceVersion": "", From da5872845fbb1f37ed0a6935ceb4b051e119a060 Mon Sep 17 00:00:00 2001 From: Stewart-YU <30410021+stewart-yu@users.noreply.github.com> Date: Wed, 9 Aug 2017 20:11:33 +0800 Subject: [PATCH 23/24] Update daemonset.md The first letter needs to be capitalized --- docs/concepts/workloads/controllers/daemonset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/concepts/workloads/controllers/daemonset.md b/docs/concepts/workloads/controllers/daemonset.md index 57b67447aee9c..ce48aa5213ff9 100644 --- a/docs/concepts/workloads/controllers/daemonset.md +++ b/docs/concepts/workloads/controllers/daemonset.md @@ -93,7 +93,7 @@ Normally, the machine that a pod runs on is selected by the Kubernetes scheduler created by the Daemon controller have the machine already selected (`.spec.nodeName` is specified when the pod is created, so it is ignored by the scheduler). Therefore: - - the [`unschedulable`](/docs/admin/node/#manual-node-administration) field of a node is not respected + - The [`unschedulable`](/docs/admin/node/#manual-node-administration) field of a node is not respected by the DaemonSet controller. - DaemonSet controller can make pods even when the scheduler has not been started, which can help cluster bootstrap. From 25f0f0977552ce96d7d9867ef5ec624f28aab9e4 Mon Sep 17 00:00:00 2001 From: lichuqiang Date: Wed, 9 Aug 2017 20:06:56 +0800 Subject: [PATCH 24/24] fix typo --- docs/concepts/overview/working-with-objects/namespaces.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/concepts/overview/working-with-objects/namespaces.md b/docs/concepts/overview/working-with-objects/namespaces.md index a16ae8e1cde44..0f66878964490 100644 --- a/docs/concepts/overview/working-with-objects/namespaces.md +++ b/docs/concepts/overview/working-with-objects/namespaces.md @@ -82,7 +82,7 @@ across namespaces, you need to use the fully qualified domain name (FQDN). ## Not All Objects are in a Namespace Most Kubernetes resources (e.g. pods, services, replication controllers, and others) are -in some namespace. However namespace resources are not themselves in a namespace. +in some namespaces. However namespace resources are not themselves in a namespace. And low-level resources, such as [nodes](/docs/admin/node) and persistentVolumes, are not in any namespace. Events are an exception: they may or may not have a namespace, depending on the object the event is about.