Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kms provider doc #7479

Merged
merged 2 commits into from
Feb 25, 2018
Merged

Kms provider doc #7479

merged 2 commits into from
Feb 25, 2018

Conversation

vineet-garg
Copy link

@vineet-garg vineet-garg commented Feb 21, 2018

issue# 7399, Create KMS-provider.md and update encrypt-data.md


This change is Reviewable

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Feb 21, 2018
@k8sio-netlify-preview-bot
Copy link
Collaborator

k8sio-netlify-preview-bot commented Feb 21, 2018

Deploy preview for kubernetes-io-master-staging ready!

Built with commit ae8e35e

https://deploy-preview-7479--kubernetes-io-master-staging.netlify.com

title: Using a KMS provider for data encryption
---
{% capture overview %}
This page shows how to configure a Key Management Service (KMS) provider and plugin to enable secret data encryption.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Insert this:

{% assign for_k8s_version="v1.10" %}{% include feature-state-alpha.md %}

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done


* etcd v3 or later is required

*The KMS provider is alpha in Kubernetes version 1.10.0, which means that it may change without notice. You may be required to decrypt your data prior to upgrading to 1.11.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general, do not put statement about future here. We don't know what will happen in v1.11 yet.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, the * sign in line 18 is treated as a flag for slant.

So ... please consider remove line 18 completely.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.


{% capture steps %}

The KMS encryption provider uses an envelope encryption scheme to encrypt data in etcd. The Key encryption keys (KEKs) are
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please explain what is a "KMS encryption provider" and what is a "KMS encryption plugin" here, before diving into the configuration steps.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

have added a few more details.


The KMS encryption provider uses an envelope encryption scheme to encrypt data in etcd. The Key encryption keys (KEKs) are
stored and managed in a remote KMS. The KMS provider uses gRPC to communicate with a specific KMS
plugin. The KMS plugin, which is implemented as a gRPC server and deployed on the same host(s) as the Kubernetes master(s), is responsible for all communication with the remote KMS.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There have been some discussions about the term "master" and some people are not happy about it. Please consider using "control plane" instead?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The term "master" is used in all kubernetes document: https://kubernetes.io/docs/concepts/


## Configuring the KMS provider

To configure a KMS provider on the API server, include a provider of type kms in the providers array in the encryption configuration file and set the following properties:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

of type kms in the providers array -> of type kms in the providers array

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done


## Implementing a KMS plugin

To implement a KMS plugin, you can develop a new plugin gRPC server or enable a KMS plugin already provided by your cloud provider. You then integrate the plugin with the remote KMS and deploy it on the Kubernetes master.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alright, "implement" here can mean "developing a new plugin" or "enabling an existing one" ...
I was confused by the verb used.

### Enabling the KMS supported by your cloud provider
Refer to your cloud provider for instructions on enabling the cloud provider-specific KMS plugin.

### Developing a KMS plugin gRPC server
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could have a topic on its own right ...

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vineet-garg I think Developing a KMS plugin has to be a separate topic.

endpoint: <UNIX domain socket listen address of the gRPC server (KMS plugin)>
cachesize: <number of data encryption keys (DEKs) to be cached in the clear>
- identity: {}
```
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the syntax for this YAML is already outlined above, we may want to present a real sample here.

```
ETCDCTL_API=3 etcdctl get /kubernetes.io/secrets/default/secret1 [...] | hexdump -C
```
where [...] must be the additional arguments for connecting to the etcd server.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[...] -> [...]

## Decrypting your data
To disable encryption at rest:

1. Place the identity provider as the first entry in the configuration file:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • should identity be identity ?
  • the config below is doing BOTH decryption and encryption disabling? This is confusing. Sounds like this section is about disabling encryption and decryption is a necessary step for turning encryption off?

@k8s-ci-robot k8s-ci-robot removed the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Feb 22, 2018
@k8s-ci-robot
Copy link
Contributor

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.


  • If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
  • If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
  • If you have done the above and are still having issues with the CLA being reported as unsigned, please email the CNCF helpdesk: [email protected]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Feb 22, 2018
@kksriram
Copy link

screen shot 2018-02-22 at 8 33 27 pm

How do we make "Using a KMS provider for data encryption" (and "Developing a KMS Provider gRPC Plugin") as separate children under "Encrypting Secret Data at Rest"?

Such a grouping would keep all KMS/Encryption related content together.

@heckj heckj added this to the 1.10 milestone Feb 23, 2018
@heckj
Copy link
Contributor

heckj commented Feb 23, 2018

@kksriram could you please target this PR against the release-1.10 branch rather than master? We collect together all the content for the 1.10 release into that branch to lock into the main docs at release time, where anything against master goes against the “current live” documentation.

I’ve also applied the 1.10 milestone to this to track the PR for release time...

@heckj
Copy link
Contributor

heckj commented Feb 23, 2018

/assign

@vineet-garg vineet-garg changed the title Kms provider doc (#3) Kms provider doc Feb 23, 2018
@vineet-garg vineet-garg changed the base branch from master to release-1.10 February 23, 2018 19:56
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 23, 2018
@vineet-garg vineet-garg changed the base branch from release-1.10 to master February 23, 2018 19:56
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Feb 23, 2018
@k8s-ci-robot
Copy link
Contributor

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.


  • If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
  • If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
  • If you have done the above and are still having issues with the CLA being reported as unsigned, please email the CNCF helpdesk: [email protected]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Feb 23, 2018
@heckj
Copy link
Contributor

heckj commented Feb 24, 2018

@kksriram it looks like you did manage to retarget the base, but then it was switched back to master? Could you double check and set this again to the release-1.10 branch and we'll get it merged

@heckj
Copy link
Contributor

heckj commented Feb 24, 2018

/approve
/hold

hold is pending retargeting to the release-1.10 branch

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 24, 2018
@vineet-garg
Copy link
Author

@heckj I will rebase the source branch and target to 1.10 today.

@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 24, 2018
@vineet-garg vineet-garg changed the base branch from master to release-1.10 February 24, 2018 18:32
@vineet-garg vineet-garg changed the base branch from release-1.10 to master February 24, 2018 18:33
@k8s-ci-robot
Copy link
Contributor

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.


  • If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
  • If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
  • If you have done the above and are still having issues with the CLA being reported as unsigned, please email the CNCF helpdesk: [email protected]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. and removed cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Feb 24, 2018
* issue# 7399, Create KMS-provider.md and update encrypt-data.md
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Feb 25, 2018
@vineet-garg vineet-garg changed the base branch from master to release-1.10 February 25, 2018 08:59
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Feb 25, 2018
@vineet-garg
Copy link
Author

@heckj I Rebased source branch to release-1.10 and targeted the pull to release-1.10

@heckj
Copy link
Contributor

heckj commented Feb 25, 2018

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Feb 25, 2018
@heckj
Copy link
Contributor

heckj commented Feb 25, 2018

@tengqm I think it's pretty much ready to go, please take a look and add an '/lgtm' comment if you're good with the updates.

/assign @tengqm

@tengqm
Copy link
Contributor

tengqm commented Feb 25, 2018

/lgtm

Agree to kick this in and leave the plugin development doc separation to future work.

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 25, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: heckj, tengqm

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit cf48480 into kubernetes:release-1.10 Feb 25, 2018
@kksriram
Copy link

kksriram commented Mar 5, 2018

Fixes #7399

steveperry-53 pushed a commit that referenced this pull request Mar 27, 2018
* 1.10 update (#7151)

* Fix partition value expected behaviour explanation (#7123)

Fixes issue #7057

* Correct "On-Premise" to "On-Premises"

* Updates the Calico installation page (#7094)

* All files for Haufe Groups case study (#7051)

* Fix typo (#7127)

* fix typo of device-plugins.md (#7106)

* fix broken links (#7136)

* Updated configure-service-account (#7147)

Error from server resolved by escaping kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "myregistrykey"}]}' JSON string by '\'

* Remove docs related to 'require-kubeconfig' (#7138)

With kubernetes/kubernetes#58367 merged, v1.10 will not use the
"require-kubeconfig" flag. The flag has become a no-op solely to ensure
existing deployments won't break.

* Added Verification Scenario for a Pod that Uses a PVC in Terminating State (#7164)

The below PR:
kubernetes/kubernetes#55873
modified scheduler in such a way that scheduling of a pod that uses a PVC in Terminating state fails.

That's why verification of such scenario was added to documentation.

* fix LimitPodHardAntiAffinityTopology name (#7221)

* Document the removal of the KubeletConfigFile feature gate (#7140)

With kubernetes/kubernetes#58978 merged, the said feature gate is
removed. This PR removes texts related to the gate and revises the
Feature Gates reference to reflect this change.

* deprecate three admission controller (#7363)

* Document the removal of Accelerators feature gate (#7389)

The `Accelerators` feature gate will be removed in 1.11. 1.10 will be
its last mile.
References: kubernetes/kubernetes#57384

* Update local storage docs for beta (#7473)

* Document that HugePages feature gate is Beta (#7387)

The `HugePages` feature gate has graduated to Beta in v1.10. This PR
documents this fact.

* Add HyperVContainer feature gates (#7502)

* Remove the beta reference from Taints and Tolerations doc (#7493)

* Kms provider doc (#7479)

* Kms provider doc

* issue# 7399, Create KMS-provider.md and update encrypt-data.md

* address review comments

* Document that Device Plugin feature is Beta (1.10) (#7512)

* Add docs for CRD features for 1.10 (#7439)

* Add docs for CRD features for 1.10

* Add CustomResourcesSubresources to list of feature gates

* Add latest changes to custom resources doc

* Add crds as abbreviated alias (#7437)

* Bring PVC Protection Feature to Beta (#7165)

* Bring PVC Protection Feature to Beta

The PR: kubernetes/kubernetes#59052
brought PVC Protection feature to beta.

That's why the documentation is updated accordingly.

* The PVC Protection feature was renamed to Storage Protection. That's why the documentation is updated.

* promote PodNodeSelector to stable; document detailed behavior (#7134)

* promote PodNodeSelector to stable; document detailed behavior

* respond to feedback

* Update CPU manager feature enabling (#7390)

With `CPUManager` feature graduating to beta. No explicit enabling is
required starting v1.10.
References: kubernetes/kubernetes#55977

* Adding block volumeMode documentation for local volumes. (#7531)

Code review comments.

Changed property to field.

Address tech review comment.

* remove description kubectl --show-all (#7574)

--show-all has been deprecated and set to true by default.
kubernetes/kubernetes#60210

* fix description about contribute style guide (#7592)

* fix description about KUBECONFIG (#7589)

s/envrionment/environment

* fix description about cni (#7588)

s/simultanously/simultaneously/

* fix description about MutatingAdmissionWebhook and ValidatingAdmissionWebhook (#7587)

* fix description about persistent volume binding (#7590)

s/slighty/slightly/

* Doc change for configurable pod resolv.conf Beta (#7611)

* fix description about out of resource handling (#7597)

s/threshhold/threshold

* fix description about zookeeper (#7598)

s/achive/achieve

* fix description about kubeadm (#7594)

s/compatability/compatibility/

* fix description about kubeadm (#7593)

* fix description about kubeadm implementation details (#7595)

* fix description about api concepts (#7596)

* Storage Protection was renamed to Storage Object in Use Protection (#7576)

* Storage Protection was renamed to Storage Object in Use Protection

The K8s PR: kubernetes/kubernetes#59901
renamed Storage Protection to Storage Object in Use Protection.

That's why the same is also renamed in the documentation.

* Moved Storage Object in Use Protection admission plugin description down according to alphabetic order.

* Use PSP from policy API group. (#7562)

* update kubeletconfig docs for v1.10, beta (#7561)

* Update port-forwarding docs (#7575)

* add pv protection description (#7620)

* fix description about client library (#7634)

* Add docs on configuring NodePort IP (#7631)

* Document that LocalStorageCapacityIsolation is beta (#7635)

A follow-up to the kubernetes/kubernetes#60159 change which has promoted
the `LocalStorageCapacityIsolation` feature gate to Beta.

* Update CoreDNS docs for beta (#7638)

* Update CoreDNS docs for beta

* Review comments

* Fix typo (#7640)

* Update feature gates move to beta (#7662)

* Added the inability to use colon ':' character as environment variable names and described workaround (#7657)

* merge master to 1.10, with fixes (#7682)

* Flag names changed (s/admission-control/enable-admission-plugins); disable-admissions-plugin entry added; removed reference to admission controller/plugins requiring set order (for v1.10), redundant example enabling specific plugin, and redundant version-specific info (#7449)

* Documentation for MountPropagation beta (#7655)

* Remove job's scale-related operations (#7684)

* authentication: document client-go exec plugins (#7648)

* authentication: document client-go exec plugins

* Update authentication.md

* Update local ephemeral storage feature to beta (#7685)

Update local ephemeral storage feature to beta

* Update docs for windows container resources (#7653)

* add server-side print docs (#7671)

* Create a task describing Pod process namespace sharing (#7489)

* Add external metrics to HPA docs (#7664)

* Add external metrics to HPA docs

* Update horizontal-pod-autoscale-walkthrough.md

* Apply review comments to HPA walkthrough

* remove description about "scale jobs" (#7712)

* CSI Docs for K8s v1.10 (#7698)

* Add a warning about increased memory consumption for audit logging feature. (#7725)

Signed-off-by: Mik Vyatskov <[email protected]>

* Update Audit Logging documentation for 1.10 (#7679)

Signed-off-by: Mik Vyatskov <[email protected]>

* Fix stage names in audit logging documentation (#7746)

Signed-off-by: Mik Vyatskov <[email protected]>

* Feature gate update for release 1.10 (#7742)

* State in the docs that the value of default Node labels are not reliable. (#7794)

* Kill the reference to --admission-control option (#7755)

The `--admission-control` option has been replaced by two new options in
v1.10. This PR kills the last appearance of the old option in the doc.

* Pvcprotection toc (#7807)

* Refreshing installation instructions (#7495)

* Refreshing installation instructions

Added conjure-up. Updated displays and juju versions to current versions.

* Updated anchors

* Fixed image value version typo (#7768)

Was inconsistent with other values

* Update flocker reference to the github repo (#7784)

* Fix typo in federation document (#7779)

* an user -> a user (#7778)

* Events are namespaced (#7767)

* fix 'monitoring' link lose efficacy problem' (#7764)

* docs/concepts/policy/pod-security-policy.md: minor fix. (#7659)

* Update downward-api-volume-expose-pod-information.md (#7771)

* Update downward-api-volume-expose-pod-information.md

The pod spec puts the downward api files into /etc/podinfo, not directly in /etc. Updated docs to reflect this fact.

* Update downward-api-volume-expose-pod-information.md

One more spot needed fixing.

* Update downward-api-volume-expose-pod-information.md

Yet another fix, in the container example.

* Add Amadeus Case Study (#7783)

* Add Amadeus Case Study

* add Amadeus logo

* Fixed Cyrillic с in 'kube-proxy-cm' (#7787)

There was a typo (wrong character) in kube-proxy-cm.yaml - Cyrillic с (UTF-8 0x0441) was used instead of Latin c.

* install-kubectl: choose one installation method (#7705)

The previous text layout suggested that all installations had to be done, one after another.

* Update install-kubeadm.md (#7781)

Add note to kubeadm install instruction to help install in other arch i.e. aarch64, ppc64le etc.

* repair failure link (#7788)

* repair failure link

* repair failure link

* do change as required

* Update k8s201.md (#7777)

* Update k8s201.md

Change instructions to download yams files directly from the website (as used in other pages.)

Added instructions to delete labeled pod to avoid warnings in the subsequent deployment step.

* Update k8s201.md

Added example of using the exposed host from the a node running Kubernetes. (This works on AWS with Weave; not able to test it on other variations...)

* Gramatical fix to kompose introduction (#7792)

The original wording didn't through very well. As much of the original sentence has been preserved as possible, primarily to ensure the kompose web address is see both in text and as a href link.

* update amadeus.html (#7800)

* Fix a missing word in endpoint reconciler section (#7804)

* add toc entry for pvcprotection downgrade issue doc

* Pvcprotection toc (#7809)

* Refreshing installation instructions (#7495)

* Refreshing installation instructions

Added conjure-up. Updated displays and juju versions to current versions.

* Updated anchors

* Fixed image value version typo (#7768)

Was inconsistent with other values

* Update flocker reference to the github repo (#7784)

* Fix typo in federation document (#7779)

* an user -> a user (#7778)

* Events are namespaced (#7767)

* fix 'monitoring' link lose efficacy problem' (#7764)

* docs/concepts/policy/pod-security-policy.md: minor fix. (#7659)

* Update downward-api-volume-expose-pod-information.md (#7771)

* Update downward-api-volume-expose-pod-information.md

The pod spec puts the downward api files into /etc/podinfo, not directly in /etc. Updated docs to reflect this fact.

* Update downward-api-volume-expose-pod-information.md

One more spot needed fixing.

* Update downward-api-volume-expose-pod-information.md

Yet another fix, in the container example.

* Add Amadeus Case Study (#7783)

* Add Amadeus Case Study

* add Amadeus logo

* Fixed Cyrillic с in 'kube-proxy-cm' (#7787)

There was a typo (wrong character) in kube-proxy-cm.yaml - Cyrillic с (UTF-8 0x0441) was used instead of Latin c.

* install-kubectl: choose one installation method (#7705)

The previous text layout suggested that all installations had to be done, one after another.

* Update install-kubeadm.md (#7781)

Add note to kubeadm install instruction to help install in other arch i.e. aarch64, ppc64le etc.

* repair failure link (#7788)

* repair failure link

* repair failure link

* do change as required

* Update k8s201.md (#7777)

* Update k8s201.md

Change instructions to download yams files directly from the website (as used in other pages.)

Added instructions to delete labeled pod to avoid warnings in the subsequent deployment step.

* Update k8s201.md

Added example of using the exposed host from the a node running Kubernetes. (This works on AWS with Weave; not able to test it on other variations...)

* Gramatical fix to kompose introduction (#7792)

The original wording didn't through very well. As much of the original sentence has been preserved as possible, primarily to ensure the kompose web address is see both in text and as a href link.

* update amadeus.html (#7800)

* Fix a missing word in endpoint reconciler section (#7804)

* add toc entry for pvcprotection downgrade issue doc

* revert TOC change

* Release 1.10 (#7818)

* Refreshing installation instructions (#7495)

* Refreshing installation instructions

Added conjure-up. Updated displays and juju versions to current versions.

* Updated anchors

* Fixed image value version typo (#7768)

Was inconsistent with other values

* Update flocker reference to the github repo (#7784)

* Fix typo in federation document (#7779)

* an user -> a user (#7778)

* Events are namespaced (#7767)

* fix 'monitoring' link lose efficacy problem' (#7764)

* docs/concepts/policy/pod-security-policy.md: minor fix. (#7659)

* Update downward-api-volume-expose-pod-information.md (#7771)

* Update downward-api-volume-expose-pod-information.md

The pod spec puts the downward api files into /etc/podinfo, not directly in /etc. Updated docs to reflect this fact.

* Update downward-api-volume-expose-pod-information.md

One more spot needed fixing.

* Update downward-api-volume-expose-pod-information.md

Yet another fix, in the container example.

* Add Amadeus Case Study (#7783)

* Add Amadeus Case Study

* add Amadeus logo

* Fixed Cyrillic с in 'kube-proxy-cm' (#7787)

There was a typo (wrong character) in kube-proxy-cm.yaml - Cyrillic с (UTF-8 0x0441) was used instead of Latin c.

* install-kubectl: choose one installation method (#7705)

The previous text layout suggested that all installations had to be done, one after another.

* Update install-kubeadm.md (#7781)

Add note to kubeadm install instruction to help install in other arch i.e. aarch64, ppc64le etc.

* repair failure link (#7788)

* repair failure link

* repair failure link

* do change as required

* Update k8s201.md (#7777)

* Update k8s201.md

Change instructions to download yams files directly from the website (as used in other pages.)

Added instructions to delete labeled pod to avoid warnings in the subsequent deployment step.

* Update k8s201.md

Added example of using the exposed host from the a node running Kubernetes. (This works on AWS with Weave; not able to test it on other variations...)

* Gramatical fix to kompose introduction (#7792)

The original wording didn't through very well. As much of the original sentence has been preserved as possible, primarily to ensure the kompose web address is see both in text and as a href link.

* update amadeus.html (#7800)

* Fix a missing word in endpoint reconciler section (#7804)

* Partners page updates (#7802)

* Partners page updates

* Update to ZTE link

* Make using sysctls a task instead of a concept (#6808)

Closes: #4505

* add a note when mount a configmap to pod (#7745)

* adjust a note format (#7812)

* Update docker-cli-to-kubectl.md (#7748)

* Update docker-cli-to-kubectl.md

Edited the document for adherence to the style guide and word usage.

* Update docker-cli-to-kubectl.md

* Incorporated the changes suggested.

* Mount propagation update to include docker config (#7854)

* update overridden config for 1.10 (#7847)

* update overridden config for 1.10

* fix config file per comments

* Update Extended Resource doc wrt cluster-level resources (#7759)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants