diff --git a/content/en/docs/concepts/cluster-administration/system-metrics.md b/content/en/docs/concepts/cluster-administration/system-metrics.md index ff6b41bbcd0ef..84204b034b4ca 100644 --- a/content/en/docs/concepts/cluster-administration/system-metrics.md +++ b/content/en/docs/concepts/cluster-administration/system-metrics.md @@ -214,7 +214,7 @@ allow-list: Additionally, the `cardinality_enforcement_unexpected_categorizations_total` meta-metric records the count of unexpected categorizations during cardinality enforcement, that is, whenever a label value -is encountered that is not allowed with respect to the allow-list contraints. +is encountered that is not allowed with respect to the allow-list constraints. ## {{% heading "whatsnext" %}} diff --git a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md index 8dd955cdad965..6516179150e43 100644 --- a/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md +++ b/content/en/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins.md @@ -114,7 +114,7 @@ The general workflow of a device plugin includes the following steps: // informed allocation decision when possible. rpc GetPreferredAllocation(PreferredAllocationRequest) returns (PreferredAllocationResponse) {} - // PreStartContainer is called, if indicated by Device Plugin during registeration phase, + // PreStartContainer is called, if indicated by Device Plugin during registration phase, // before each container start. Device plugin can run device specific operations // such as resetting the device before making devices available to the container. rpc PreStartContainer(PreStartContainerRequest) returns (PreStartContainerResponse) {} @@ -346,7 +346,7 @@ update and Kubelet needs to be restarted to reflect the correct resource capacit {{< /note >}} ```gRPC -// AllocatableResourcesResponses contains informations about all the devices known by the kubelet +// AllocatableResourcesResponses contains information about all the devices known by the kubelet message AllocatableResourcesResponse { repeated ContainerDevices devices = 1; repeated int64 cpu_ids = 2; diff --git a/content/en/docs/concepts/policy/_index.md b/content/en/docs/concepts/policy/_index.md index de4ebf99f82bc..0998b7ec14b04 100644 --- a/content/en/docs/concepts/policy/_index.md +++ b/content/en/docs/concepts/policy/_index.md @@ -64,5 +64,5 @@ Dynamic Admission Controllers that act as flexible policy engines are being deve ## Apply policies using Kubelet configurations Kubernetes allows configuring the Kubelet on each worker node. Some Kubelet configurations act as policies: -* [Process ID limts and reservations](/docs/concepts/policy/pid-limiting/) are used to limit and reserve allocatable PIDs. +* [Process ID limits and reservations](/docs/concepts/policy/pid-limiting/) are used to limit and reserve allocatable PIDs. * [Node Resource Managers](/docs/concepts/policy/node-resource-managers/) can manage compute, memory, and device resources for latency-critical and high-throughput workloads. diff --git a/content/en/docs/concepts/security/security-checklist.md b/content/en/docs/concepts/security/security-checklist.md index ce96812567c82..0bb3c91d4a7f1 100644 --- a/content/en/docs/concepts/security/security-checklist.md +++ b/content/en/docs/concepts/security/security-checklist.md @@ -390,7 +390,7 @@ availability state and recommended to improve your security posture: [`NodeRestriction`](/docs/reference/access-authn-authz/admission-controllers/#noderestriction) : Restricts kubelet's permissions to only modify the pods API resources they own -or the node API ressource that represent themselves. It also prevents kubelet +or the node API resource that represent themselves. It also prevents kubelet from using the `node-restriction.kubernetes.io/` annotation, which can be used by an attacker with access to the kubelet's credentials to influence pod placement to the controlled node. diff --git a/content/en/docs/concepts/services-networking/endpoint-slices.md b/content/en/docs/concepts/services-networking/endpoint-slices.md index 985e9e6c81e6c..15e38744872a2 100644 --- a/content/en/docs/concepts/services-networking/endpoint-slices.md +++ b/content/en/docs/concepts/services-networking/endpoint-slices.md @@ -210,7 +210,7 @@ perfectly full distribution of EndpointSlices. As an example, if there are 10 new endpoints to add and 2 EndpointSlices with room for 5 more endpoints each, this approach will create a new EndpointSlice instead of filling up the 2 existing EndpointSlices. In other words, a single EndpointSlice creation is -preferrable to multiple EndpointSlice updates. +preferable to multiple EndpointSlice updates. With kube-proxy running on each Node and watching EndpointSlices, every change to an EndpointSlice becomes relatively expensive since it will be transmitted to diff --git a/content/en/docs/concepts/workloads/controllers/job.md b/content/en/docs/concepts/workloads/controllers/job.md index cc51f6f84a7a0..be5775973b83d 100644 --- a/content/en/docs/concepts/workloads/controllers/job.md +++ b/content/en/docs/concepts/workloads/controllers/job.md @@ -395,7 +395,7 @@ for pod failures independently for each index. To do so, set the `.spec.backoffLimitPerIndex` to specify the maximal number of pod failures per index. -When the per-index backoff limit is exceeded for an index, Kuberentes considers the index as failed and adds it to the +When the per-index backoff limit is exceeded for an index, Kubernetes considers the index as failed and adds it to the `.status.failedIndexes` field. The succeeded indexes, those with a successfully executed pods, are recorded in the `.status.completedIndexes` field, regardless of whether you set the `backoffLimitPerIndex` field. @@ -940,7 +940,7 @@ the Job status, allowing the Pod to be removed by other controllers or users. {{< note >}} See [My pod stays terminating](/docs/tasks/debug/debug-application/debug-pods/) if you -observe that pods from a Job are stucked with the tracking finalizer. +observe that pods from a Job are stuck with the tracking finalizer. {{< /note >}} ### Elastic Indexed Jobs diff --git a/content/en/docs/concepts/workloads/controllers/replicaset.md b/content/en/docs/concepts/workloads/controllers/replicaset.md index 46306db0fe9b1..c419f98fe1a04 100644 --- a/content/en/docs/concepts/workloads/controllers/replicaset.md +++ b/content/en/docs/concepts/workloads/controllers/replicaset.md @@ -225,7 +225,7 @@ pod1 1/1 Running 0 36s pod2 1/1 Running 0 36s ``` -In this manner, a ReplicaSet can own a non-homogenous set of Pods +In this manner, a ReplicaSet can own a non-homogeneous set of Pods ## Writing a ReplicaSet manifest diff --git a/content/en/docs/contribute/style/diagram-guide.md b/content/en/docs/contribute/style/diagram-guide.md index 6a0d44828f5af..438ed5d8b0dfb 100644 --- a/content/en/docs/contribute/style/diagram-guide.md +++ b/content/en/docs/contribute/style/diagram-guide.md @@ -624,7 +624,7 @@ caption and the diagram referral. flowchart A[Diagram

Inline Mermaid or
SVG image files] B[Diagram Caption

Add Figure Number. and
Caption Text] -C[Diagram Referral

Referenence Figure Number
in text] +C[Diagram Referral

Reference Figure Number
in text] classDef box fill:#fff,stroke:#000,stroke-width:1px,color:#000; class A,B,C box diff --git a/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md b/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md index ec13b0badefca..b3d0a15238c8d 100644 --- a/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md +++ b/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md @@ -438,7 +438,7 @@ controller in the cluster, so they have several security features: `/*`. * Signer-linked ClusterTrustBundles **must** be named with a prefix derived from their `spec.signerName` field. Slashes (`/`) are replaced with colons (`:`), - and a final colon is appended. This is followed by an arbitary name. For + and a final colon is appended. This is followed by an arbitrary name. For example, the signer `example.com/mysigner` can be linked to a ClusterTrustBundle `example.com:mysigner:`. diff --git a/content/en/docs/reference/access-authn-authz/service-accounts-admin.md b/content/en/docs/reference/access-authn-authz/service-accounts-admin.md index f2f1025701bf8..1f1fa64f60b46 100644 --- a/content/en/docs/reference/access-authn-authz/service-accounts-admin.md +++ b/content/en/docs/reference/access-authn-authz/service-accounts-admin.md @@ -166,7 +166,7 @@ purged by the control plane. If users use an invalidated auto-generated token, the token validator will 1. add an audit annotation for the key-value pair - `authentication.k8s.io/legacy-token-invalidated: /`, + `authentication.k8s.io/legacy-token-invalidated: /`, 1. increment the `invalid_legacy_auto_token_uses_total` metric count, 1. update the Secret label `kubernetes.io/legacy-token-last-used` with the new date, diff --git a/content/en/docs/reference/access-authn-authz/validating-admission-policy.md b/content/en/docs/reference/access-authn-authz/validating-admission-policy.md index 58d351c163667..f7f705aa9f59e 100644 --- a/content/en/docs/reference/access-authn-authz/validating-admission-policy.md +++ b/content/en/docs/reference/access-authn-authz/validating-admission-policy.md @@ -375,7 +375,7 @@ When an API request is validated with this admission policy, the resulting audit ``` In this example the annotation will only be included if the `spec.replicas` of the Deployment is more than -50, otherwise the CEL expression evalutes to null and the annotation will not be included. +50, otherwise the CEL expression evaluates to null and the annotation will not be included. Note that audit annotation keys are prefixed by the name of the `ValidatingAdmissionWebhook` and a `/`. If another admission controller, such as an admission webhook, uses the exact same audit annotation key, the diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamice-resources.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamice-resources.md index 11a3397d7550a..bece80b822c01 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamice-resources.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamice-resources.md @@ -8,5 +8,5 @@ _build: Extend the kubelet's pod resources gRPC endpoint to to include resources allocated in `ResourceClaims` via `DynamicResourceAllocation` API. See [resource allocation reporting](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources) for more details. -with informations about the allocatable resources, enabling clients to properly +with information about the allocatable resources, enabling clients to properly track the free compute resources on a node. diff --git a/content/en/docs/reference/command-line-tools-reference/kubelet.md b/content/en/docs/reference/command-line-tools-reference/kubelet.md index dbb3254ca3d81..ff53fc63b2fb4 100644 --- a/content/en/docs/reference/command-line-tools-reference/kubelet.md +++ b/content/en/docs/reference/command-line-tools-reference/kubelet.md @@ -609,7 +609,7 @@ ZeroLimitedNominalConcurrencyShares=true|false (BETA - default=false)
--kube-reserved strings     Default: <None> -A set of <resource name>=<resource quantity> (e.g. "cpu=200m,memory=500Mi,ephemeral-storage=1Gi,pid='100'&auot;) pairs that describe resources reserved for kubernetes system components. Currently cpu, memory and local ephemeral-storage for root file system are supported. See here for more detail. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config flag. See kubelet-config-file for more information.) +A set of <resource name>=<resource quantity> (e.g. "cpu=200m,memory=500Mi,ephemeral-storage=1Gi,pid='100'") pairs that describe resources reserved for kubernetes system components. Currently cpu, memory and local ephemeral-storage for root file system are supported. See here for more detail. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config flag. See kubelet-config-file for more information.) @@ -1087,5 +1087,4 @@ Insecure values: Specifies interval for kubelet to calculate and cache the volume disk usage for all pods and volumes. To disable volume calculations, set to a negative number. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's --config flag. See kubelet-config-file for more information.) - - + \ No newline at end of file diff --git a/content/en/docs/reference/config-api/apiserver-audit.v1.md b/content/en/docs/reference/config-api/apiserver-audit.v1.md index 7f9314292b94d..f2d38f1a675a5 100644 --- a/content/en/docs/reference/config-api/apiserver-audit.v1.md +++ b/content/en/docs/reference/config-api/apiserver-audit.v1.md @@ -253,7 +253,7 @@ be specified per rule in which case the union of both are omitted.

OmitManagedFields indicates whether to omit the managed fields of the request and response bodies from being written to the API audit log. -This is used as a global default - a value of 'true' will omit the managed fileds, +This is used as a global default - a value of 'true' will omit the managed fields, otherwise the managed fields will be included in the API audit log. Note that this can also be specified per rule in which case the value specified in a rule will override the global default.

@@ -527,7 +527,7 @@ An empty list means no restrictions will apply.

and response bodies from being written to the API audit log.

  • a value of 'true' will drop the managed fields from the API audit log
    • -
  • a value of 'false' indicates that the managed fileds should be included +
  • a value of 'false' indicates that the managed fields should be included in the API audit log Note that the value, if specified, in this rule will override the global default If a value is not specified then the global default specified in diff --git a/content/en/docs/reference/config-api/kubeadm-config.v1beta4.md b/content/en/docs/reference/config-api/kubeadm-config.v1beta4.md index c194ccacd1280..d92bcf2234113 100644 --- a/content/en/docs/reference/config-api/kubeadm-config.v1beta4.md +++ b/content/en/docs/reference/config-api/kubeadm-config.v1beta4.md @@ -16,7 +16,7 @@ Use APIServer.ExtraEnvs, ControllerManager.ExtraEnvs, Etcd.Local.ExtraEnvs.
  • The ResetConfiguration API type is now supported in v1beta4. Users are able to reset a node by passing a --config file to kubeadm reset.
    • -
  • dry-run mode is now configureable in InitConfiguration and JoinConfiguration config files.
    • +
  • dry-run mode is now configurable in InitConfiguration and JoinConfiguration config files.
  • Replace the existing string/string extra argument maps with structured extra arguments that support duplicates. The change applies to ClusterConfiguration - APIServer.ExtraArgs, ControllerManager.ExtraArgs, Scheduler.ExtraArgs. Also to NodeRegistrationOptions.KubeletExtraArgs.
    • diff --git a/content/en/docs/reference/config-api/kubeconfig.v1.md b/content/en/docs/reference/config-api/kubeconfig.v1.md index 72a5c63358ce8..6ec5b00ae437e 100644 --- a/content/en/docs/reference/config-api/kubeconfig.v1.md +++ b/content/en/docs/reference/config-api/kubeconfig.v1.md @@ -55,21 +55,21 @@ TODO(jlowdermilk): remove this after eliminating downstream dependencies.

    []NamedCluster -

    Clusters is a map of referencable names to cluster configs

    +

    Clusters is a map of referenceable names to cluster configs

    users [Required]
    []NamedAuthInfo -

    AuthInfos is a map of referencable names to user configs

    +

    AuthInfos is a map of referenceable names to user configs

    contexts [Required]
    []NamedContext -

    Contexts is a map of referencable names to context configs

    +

    Contexts is a map of referenceable names to context configs

    current-context [Required]
    diff --git a/content/en/docs/reference/config-api/kubelet-config.v1beta1.md b/content/en/docs/reference/config-api/kubelet-config.v1beta1.md index 5751831a8393a..d872f892039da 100644 --- a/content/en/docs/reference/config-api/kubelet-config.v1beta1.md +++ b/content/en/docs/reference/config-api/kubelet-config.v1beta1.md @@ -545,7 +545,7 @@ Default: 50

    eventBurst is the maximum size of a burst of event creations, temporarily allows event creations to burst to this number, while still not exceeding -eventRecordQPS. This field canot be a negative number and it is only used +eventRecordQPS. This field cannot be a negative number and it is only used when eventRecordQPS > 0. Default: 100

    diff --git a/content/en/docs/reference/config-api/kubelet-credentialprovider.v1.md b/content/en/docs/reference/config-api/kubelet-credentialprovider.v1.md index 8575b92303461..9ad1c310cd9cc 100644 --- a/content/en/docs/reference/config-api/kubelet-credentialprovider.v1.md +++ b/content/en/docs/reference/config-api/kubelet-credentialprovider.v1.md @@ -63,7 +63,7 @@ This response should be set to the same apiVersion as CredentialProviderRequest. PluginCacheKeyType -

    cacheKeyType indiciates the type of caching key to use based on the image provided +

    cacheKeyType indicates the type of caching key to use based on the image provided in the request. There are three valid values for the cache key type: Image, Registry, and Global. If an invalid value is specified, the response will NOT be used by the kubelet.

    diff --git a/content/en/docs/reference/instrumentation/metrics.md b/content/en/docs/reference/instrumentation/metrics.md index 0bc4338b60431..f90ebc22dd042 100644 --- a/content/en/docs/reference/instrumentation/metrics.md +++ b/content/en/docs/reference/instrumentation/metrics.md @@ -1482,14 +1482,14 @@ Alpha metrics do not have any API guarantees. These metrics must be used at your
ephemeral_volume_controller_create_failures_total
-
Number of PersistenVolumeClaims creation requests
+
Number of PersistentVolumeClaims creation requests
  • ALPHA
  • Counter
ephemeral_volume_controller_create_total
-
Number of PersistenVolumeClaims creation requests
+
Number of PersistentVolumeClaims creation requests
  • ALPHA
  • Counter
    • diff --git a/content/en/docs/reference/kubernetes-api/cluster-resources/api-service-v1.md b/content/en/docs/reference/kubernetes-api/cluster-resources/api-service-v1.md index 59df5a5e0e670..e2a395017efce 100644 --- a/content/en/docs/reference/kubernetes-api/cluster-resources/api-service-v1.md +++ b/content/en/docs/reference/kubernetes-api/cluster-resources/api-service-v1.md @@ -62,7 +62,7 @@ APIServiceSpec contains information for locating and communicating with a server - **groupPriorityMinimum** (int32), required - GroupPriorityMininum is the priority this group should have at least. Higher priority means that the group is preferred by clients over lower priority ones. Note that other versions of this group might specify even higher GroupPriorityMininum values such that the whole group gets a higher priority. The primary sort is based on GroupPriorityMinimum, ordered highest number to lowest (20 before 10). The secondary sort is based on the alphabetical comparison of the name of the object. (v1.bar before v1.foo) We'd recommend something like: *.k8s.io (except extensions) at 18000 and PaaSes (OpenShift, Deis) are recommended to be in the 2000s + GroupPriorityMinimum is the priority this group should have at least. Higher priority means that the group is preferred by clients over lower priority ones. Note that other versions of this group might specify even higher GroupPriorityMinimum values such that the whole group gets a higher priority. The primary sort is based on GroupPriorityMinimum, ordered highest number to lowest (20 before 10). The secondary sort is based on the alphabetical comparison of the name of the object. (v1.bar before v1.foo) We'd recommend something like: *.k8s.io (except extensions) at 18000 and PaaSes (OpenShift, Deis) are recommended to be in the 2000s - **versionPriority** (int32), required diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md index 8f331c62bd097..2749f96647616 100644 --- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md +++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md @@ -15,7 +15,7 @@ The file is auto-generated from the Go source code of the component using a gene [generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how to generate the reference documentation, please read [Contributing to the reference documentation](/docs/contribute/generate-ref-docs/). -To update the reference content, please follow the +To update the reference content, please follow the [Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/) guide. You can file document formatting bugs against the [reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project. @@ -59,60 +59,60 @@ CSIDriverSpec is the specification of a CSIDriver. - **attachRequired** (boolean) attachRequired indicates this CSI volume driver requires an attach operation (because it implements the CSI ControllerPublishVolume() method), and that the Kubernetes attach detach controller should call the attach volume interface which checks the volumeattachment status and waits until the volume is attached before proceeding to mounting. The CSI external-attacher coordinates with CSI volume driver and updates the volumeattachment status when the attach operation is complete. If the CSIDriverRegistry feature gate is enabled and the value is specified to false, the attach operation will be skipped. Otherwise the attach operation will be called. - + This field is immutable. - **fsGroupPolicy** (string) fsGroupPolicy defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details. - + This field is immutable. - + Defaults to ReadWriteOnceWithFSType, which will examine each volume to determine if Kubernetes should modify ownership and permissions of the volume. With the default policy the defined fsGroup will only be applied if a fstype is defined and the volume's access mode contains ReadWriteOnce. - **podInfoOnMount** (boolean) podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations, if set to true. If set to false, pod information will not be passed on mount. Default is false. - + The CSI driver specifies podInfoOnMount as part of driver deployment. If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. - - The following VolumeConext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. "csi.storage.k8s.io/pod.name": pod.Name "csi.storage.k8s.io/pod.namespace": pod.Namespace "csi.storage.k8s.io/pod.uid": string(pod.UID) "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume + + The following VolumeContext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. "csi.storage.k8s.io/pod.name": pod.Name "csi.storage.k8s.io/pod.namespace": pod.Namespace "csi.storage.k8s.io/pod.uid": string(pod.UID) "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume defined by a CSIVolumeSource, otherwise "false" - + "csi.storage.k8s.io/ephemeral" is a new feature in Kubernetes 1.16. It is only required for drivers which support both the "Persistent" and "Ephemeral" VolumeLifecycleMode. Other drivers can leave pod info disabled and/or ignore this field. As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when deployed on such a cluster and the deployment determines which mode that is, for example via a command line parameter of the driver. - + This field is immutable. - **requiresRepublish** (boolean) requiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false. - + Note: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container. - **seLinuxMount** (boolean) seLinuxMount specifies if the CSI driver supports "-o context" mount option. - + When "true", the CSI driver must ensure that all volumes provided by this CSI driver can be mounted separately with different `-o context` options. This is typical for storage backends that provide volumes as filesystems on block devices or as independent shared volumes. Kubernetes will call NodeStage / NodePublish with "-o context=xyz" mount option when mounting a ReadWriteOncePod volume used in Pod that has explicitly set SELinux context. In the future, it may be expanded to other volume AccessModes. In any case, Kubernetes will ensure that the volume is mounted only with a single SELinux context. - + When "false", Kubernetes won't pass any special SELinux mount options to the driver. This is typical for volumes that represent subdirectories of a bigger shared filesystem. - + Default is "false". - **storageCapacity** (boolean) storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information, if set to true. - + The check can be enabled immediately when deploying a driver. In that case, provisioning new volumes with late binding will pause until the driver deployment has published some suitable CSIStorageCapacity object. - + Alternatively, the driver can be deployed with the field unset or false and it can be flipped later when storage capacity information has been published. - + This field was immutable in Kubernetes \<= 1.22 and now is mutable. - **tokenRequests** ([]TokenRequest) *Atomic: will be replaced during a merge* - + tokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: "csi.storage.k8s.io/serviceAccount.tokens": { "\": { "token": \, @@ -120,7 +120,7 @@ CSIDriverSpec is the specification of a CSIDriver. }, ... } - + Note: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically. @@ -137,13 +137,13 @@ CSIDriverSpec is the specification of a CSIDriver. - **volumeLifecycleModes** ([]string) *Set: unique values will be kept during a merge* - + volumeLifecycleModes defines what kind of volumes this CSI volume driver supports. The default if the list is empty is "Persistent", which is the usage defined by the CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism. - + The other mode is "Ephemeral". In this mode, volumes are defined inline inside the pod spec with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume. - + For more information about implementing this mode, see https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html A driver can support one or more of these modes and more modes may be added in the future. - + This field is beta. This field is immutable. @@ -297,7 +297,7 @@ POST /apis/storage.k8s.io/v1/csidrivers - **body**: }}">CSIDriver, required - + - **dryRun** (*in query*): string @@ -349,7 +349,7 @@ PUT /apis/storage.k8s.io/v1/csidrivers/{name} - **body**: }}">CSIDriver, required - + - **dryRun** (*in query*): string @@ -399,7 +399,7 @@ PATCH /apis/storage.k8s.io/v1/csidrivers/{name} - **body**: }}">Patch, required - + - **dryRun** (*in query*): string @@ -454,7 +454,7 @@ DELETE /apis/storage.k8s.io/v1/csidrivers/{name} - **body**: }}">DeleteOptions - + - **dryRun** (*in query*): string @@ -499,7 +499,7 @@ DELETE /apis/storage.k8s.io/v1/csidrivers - **body**: }}">DeleteOptions - + - **continue** (*in query*): string @@ -568,5 +568,4 @@ DELETE /apis/storage.k8s.io/v1/csidrivers 200 (}}">Status): OK -401: Unauthorized - +401: Unauthorized \ No newline at end of file diff --git a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1.md b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1.md index bc8d3629dcbd9..df462802f4709 100644 --- a/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1.md +++ b/content/en/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1.md @@ -75,7 +75,7 @@ VolumeAttachmentSpec is the specification of a VolumeAttachment request. source represents the volume that should be attached. - *VolumeAttachmentSource represents a volume that should be attached. Right now only PersistenVolumes can be attached via external attacher, in future we may allow also inline volumes in pods. Exactly one member can be set.* + *VolumeAttachmentSource represents a volume that should be attached. Right now only PersistentVolumes can be attached via external attacher, in future we may allow also inline volumes in pods. Exactly one member can be set.* - **source.inlineVolumeSpec** (}}">PersistentVolumeSpec) diff --git a/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md b/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md index 92a773bcec541..cb16ea14a1026 100644 --- a/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md +++ b/content/en/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1.md @@ -139,7 +139,7 @@ EndpointSlice represents a subset of the endpoints that implement a service. For - **ports.name** (string) - name represents the name of this port. All ports in an EndpointSlice must have a unique name. If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name. Name must either be an empty string or pass DNS_LABEL validation: * must be no more than 63 characters long. * must consist of lower case alphanumeric characters or '-'. * must start and end with an alphanumeric character. Default is empty string. + name represents the name of this port. All ports in an EndpointSlice must have a unique name. If the EndpointSlice is derived from a Kubernetes service, this corresponds to the Service.ports[].name. Name must either be an empty string or pass DNS_LABEL validation: * must be no more than 63 characters long. * must consist of lower case alphanumeric characters or '-'. * must start and end with an alphanumeric character. Default is empty string. - **ports.appProtocol** (string) diff --git a/content/en/docs/reference/labels-annotations-taints/_index.md b/content/en/docs/reference/labels-annotations-taints/_index.md index 04cb002f47bfa..7c12db03205aa 100644 --- a/content/en/docs/reference/labels-annotations-taints/_index.md +++ b/content/en/docs/reference/labels-annotations-taints/_index.md @@ -898,7 +898,7 @@ This is achieved via _SelectorSpreadPriority_. _SelectorSpreadPriority_ is a best effort placement. If the zones in your cluster are heterogeneous (for example: different numbers of nodes, different types of nodes, or different pod resource requirements), this placement might prevent equal spreading of your Pods across zones. -If desired, you can use homogenous zones (same number and types of nodes) to reduce the probability +If desired, you can use homogeneous zones (same number and types of nodes) to reduce the probability of unequal spreading. The scheduler (through the _VolumeZonePredicate_ predicate) also will ensure that Pods, @@ -1375,7 +1375,7 @@ Example: `batch.kubernetes.io/controller-uid: "$UID"` Used on: Jobs and Pods controlled by Jobs This label is used as a programmatic way to get all Pods corresponding to a Job. -The `controller-uid` is a unique identifer that gets set in the `selector` field so the Job +The `controller-uid` is a unique identifier that gets set in the `selector` field so the Job controller can get all the corresponding Pods. ### scheduler.alpha.kubernetes.io/defaultTolerations {#scheduleralphakubernetesio-defaulttolerations} @@ -1948,7 +1948,7 @@ Example: `service.beta.kubernetes.io/aws-load-balancer-security-groups: "sg-53fa Used on: Service -The AWS load balancer controller uses this annotation to specify a comma seperated list +The AWS load balancer controller uses this annotation to specify a comma separated list of security groups you want to attach to an AWS load balancer. Both name and ID of security are supported where name matches a `Name` tag, not the `groupName` attribute. diff --git a/content/en/docs/reference/labels-annotations-taints/audit-annotations.md b/content/en/docs/reference/labels-annotations-taints/audit-annotations.md index 7c076132058fb..94a099cd927ba 100644 --- a/content/en/docs/reference/labels-annotations-taints/audit-annotations.md +++ b/content/en/docs/reference/labels-annotations-taints/audit-annotations.md @@ -115,7 +115,7 @@ Example: `validation.policy.admission.k8s.io/validation_failure: '[{"message": " Used by Kubernetes version v1.27 and later. -This annotation indicates that a admission policy validation evaluted to false +This annotation indicates that a admission policy validation evaluated to false for an API request, or that the validation resulted in an error while the policy was configured with `failurePolicy: Fail`. diff --git a/content/en/docs/reference/node/kubelet-checkpoint-api.md b/content/en/docs/reference/node/kubelet-checkpoint-api.md index e93464141c652..97effdff29693 100644 --- a/content/en/docs/reference/node/kubelet-checkpoint-api.md +++ b/content/en/docs/reference/node/kubelet-checkpoint-api.md @@ -68,7 +68,7 @@ POST /checkpoint/{namespace}/{pod}/{container} - **timeout** (*in query*): integer Timeout in seconds to wait until the checkpoint creation is finished. - If zero or no timeout is specfied the default {{}} timeout value will be used. Checkpoint creation time depends directly on the used memory of the container. The more memory a container uses the more time is required to create diff --git a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_validate.md b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_validate.md index 9a65b7e6930da..69a92868c27de 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_validate.md +++ b/content/en/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_validate.md @@ -18,7 +18,7 @@ Read a file containing the kubeadm configuration API and report any validation p This command lets you validate a kubeadm configuration API file and report any warnings and errors. If there are no errors the exit status will be zero, otherwise it will be non-zero. -Any unmarshaling problems such as unknown API fields will trigger errors. Unknown API versions and +Any unmarshalling problems such as unknown API fields will trigger errors. Unknown API versions and fields with invalid values will also trigger errors. Any other errors or warnings may be reported depending on contents of the input file. diff --git a/content/en/docs/reference/tools/map-crictl-dockercli.md b/content/en/docs/reference/tools/map-crictl-dockercli.md index c95836f2f6d36..5b35988a45331 100644 --- a/content/en/docs/reference/tools/map-crictl-dockercli.md +++ b/content/en/docs/reference/tools/map-crictl-dockercli.md @@ -70,4 +70,4 @@ crictl | Description `runp` | Run a new pod `rmp` | Remove one or more pods `stopp` | Stop one or more running pods -{{< /table >}} +{{< /table >}} \ No newline at end of file diff --git a/content/en/docs/reference/using-api/cel.md b/content/en/docs/reference/using-api/cel.md index 06b1c793826b0..694bce6b33e9c 100644 --- a/content/en/docs/reference/using-api/cel.md +++ b/content/en/docs/reference/using-api/cel.md @@ -192,7 +192,7 @@ Rules](/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition are fully type checked. Some Kubernetes API fields contain partially type checked CEL expressions. A -partially type checked expression is an experessions where some of the variables +partially type checked expression is an expressions where some of the variables are statically typed but others are dynamically typed. For example, in the CEL expressions of [ValidatingAdmissionPolicies](/docs/reference/access-authn-authz/validating-admission-policy/) diff --git a/content/en/docs/reference/using-api/server-side-apply.md b/content/en/docs/reference/using-api/server-side-apply.md index 830a09133466f..7db7120b7be79 100644 --- a/content/en/docs/reference/using-api/server-side-apply.md +++ b/content/en/docs/reference/using-api/server-side-apply.md @@ -135,7 +135,7 @@ request fails. It is however possible to change `.metadata.managedFields` through an **update**, or through a **patch** operation that does not use Server-Side Apply. Doing so is highly discouraged, but might be a reasonable option to try if, -for example, the `.metatadata.managedFields` get into an inconsistent state +for example, the `.metadata.managedFields` get into an inconsistent state (which should not happen in normal operations). The format of `managedFields` is [described](/docs/reference/kubernetes-api/common-definitions/object-meta/#System) diff --git a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md index b745a22792c75..b9978eb380309 100644 --- a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md +++ b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md @@ -445,7 +445,7 @@ a new `kubelet.conf.csr`, sign the certificate, embed it in `kubelet.conf` and restart the kubelet. If this does not apply to your setup, you can skip processing the `kubelet.conf.csr` -on secondary control plane and on workers nodes (all nodes tha call `kubeadm join ...`). +on secondary control plane and on workers nodes (all nodes that call `kubeadm join ...`). That is because the active kube-controller-manager will be responsible for signing new kubelet client certificates. @@ -598,4 +598,4 @@ Once CSR files have been signed and required certificates are in place on the ho you want to use as nodes, you can use the commands `kubeadm init` and `kubeadm join` to create a Kubernetes cluster from these nodes. During `init` and `join`, kubeadm uses existing certificates, encryption keys and kubeconfig files that it finds in the -`/etc/kubernetes` tree on the host's local filesystem. +`/etc/kubernetes` tree on the host's local filesystem. \ No newline at end of file diff --git a/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/troubleshooting-cni-plugin-related-errors.md b/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/troubleshooting-cni-plugin-related-errors.md index 5dd0453648d7e..3a8534889fb1a 100644 --- a/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/troubleshooting-cni-plugin-related-errors.md +++ b/content/en/docs/tasks/administer-cluster/migrating-from-dockershim/troubleshooting-cni-plugin-related-errors.md @@ -42,7 +42,7 @@ If the version of the plugin is missing in the CNI plugin config, the pod may run. However, stopping the pod generates an error similar to: ``` -ERRO[2022-04-26T00:43:24.518165483Z] StopPodSandbox for "b" failed +ERROR[2022-04-26T00:43:24.518165483Z] StopPodSandbox for "b" failed error="failed to destroy network for sandbox \"bbc85f891eaf060c5a879e27bba9b6b06450210161dfdecfbb2732959fb6500a\": invalid version \"\": the version is empty" ``` diff --git a/content/en/docs/tasks/administer-cluster/verify-signed-artifacts.md b/content/en/docs/tasks/administer-cluster/verify-signed-artifacts.md index f1f8a232a1b17..e2815b3b65dd4 100644 --- a/content/en/docs/tasks/administer-cluster/verify-signed-artifacts.md +++ b/content/en/docs/tasks/administer-cluster/verify-signed-artifacts.md @@ -55,7 +55,7 @@ To learn more about keyless signing, please refer to [Keyless Signatures](https: Previous versions of Cosign required that you set `COSIGN_EXPERIMENTAL=1`. -For additional information, plase refer to the [sigstore Blog](https://blog.sigstore.dev/cosign-2-0-released/) +For additional information, please refer to the [sigstore Blog](https://blog.sigstore.dev/cosign-2-0-released/) {{< /note >}} ## Verifying image signatures @@ -144,4 +144,4 @@ cosign verify-blob \ --certificate-identity krel-staging@k8s-releng-prod.iam.gserviceaccount.com \ --certificate-oidc-issuer https://accounts.google.com \ "$VERSION.spdx" -``` +``` \ No newline at end of file diff --git a/content/en/docs/tasks/configure-pod-container/configure-service-account.md b/content/en/docs/tasks/configure-pod-container/configure-service-account.md index 002fc3708e965..fe3b6f5abb015 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-service-account.md +++ b/content/en/docs/tasks/configure-pod-container/configure-service-account.md @@ -185,14 +185,14 @@ command line argument to `kubectl create token` (the actual duration of the issu token might be shorter, or could even be longer). When the `ServiceAccountTokenNodeBinding` and `ServiceAccountTokenNodeBindingValidation` -features are enabled and the `KUBECTL_NODE_BOUND_TOKENS` enviroment variable is set to `true`, +features are enabled and the `KUBECTL_NODE_BOUND_TOKENS` environment variable is set to `true`, it is possible to create a service account token that is directly bound to a `Node`: ```shell KUBECTL_NODE_BOUND_TOKENS=true kubectl create token build-robot --bound-object-kind Node --bound-object-name node-001 --bound-object-uid 123...456 ``` -The token will be valid until it expires or either the assocaited `Node` or service account are deleted. +The token will be valid until it expires or either the associated `Node` or service account are deleted. {{< note >}} Versions of Kubernetes before v1.22 automatically created long term credentials for diff --git a/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md b/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md index fe973d912f67c..235bf1187d484 100644 --- a/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md +++ b/content/en/docs/tasks/configure-pod-container/pull-image-private-registry.md @@ -6,8 +6,8 @@ weight: 130 This page shows how to create a Pod that uses a -{{< glossary_tooltip text="Secret" term_id="secret" >}} to pull an image -from a private container image registry or repository. There are many private +{{< glossary_tooltip text="Secret" term_id="secret" >}} to pull an image +from a private container image registry or repository. There are many private registries in use. This task uses [Docker Hub](https://www.docker.com/products/docker-hub) as an example registry. @@ -19,8 +19,8 @@ as an example registry. * To do this exercise, you need the `docker` command line tool, and a [Docker ID](https://docs.docker.com/docker-id/) for which you know the password. -* If you are using a different private container registry, you need the command - line tool for that registry and any login information for the registry. +* If you are using a different private container registry, you need the command + line tool for that registry and any login information for the registry. @@ -39,7 +39,7 @@ When prompted, enter your Docker ID, and then the credential you want to use (ac or the password for your Docker ID). The login process creates or updates a `config.json` file that holds an authorization token. -Review [how Kubernetes interprets this file](/docs/concepts/containers/images#config-json). +Review [how Kubernetes interprets this file](/docs/concepts/containers/images#config-json). View the `config.json` file: @@ -245,4 +245,4 @@ Events: * Learn more about [using a private registry](/docs/concepts/containers/images/#using-a-private-registry). * Learn more about [adding image pull secrets to a service account](/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account). * See [kubectl create secret docker-registry](/docs/reference/generated/kubectl/kubectl-commands/#-em-secret-docker-registry-em-). -* See the `imagePullSecrets` field within the [container definitions](/docs/reference/kubernetes-api/workload-resources/pod-v1/#containers) of a Pod +* See the `imagePullSecrets` field within the [container definitions](/docs/reference/kubernetes-api/workload-resources/pod-v1/#containers) of a Pod \ No newline at end of file diff --git a/content/en/docs/tasks/debug/debug-application/debug-pods.md b/content/en/docs/tasks/debug/debug-application/debug-pods.md index 7723a5c79097f..3f42ddae84508 100644 --- a/content/en/docs/tasks/debug/debug-application/debug-pods.md +++ b/content/en/docs/tasks/debug/debug-application/debug-pods.md @@ -109,15 +109,15 @@ If your pod is not behaving as you expected, it may be that there was an error i pod description (e.g. `mypod.yaml` file on your local machine), and that the error was silently ignored when you created the pod. Often a section of the pod description is nested incorrectly, or a key name is typed incorrectly, and so the key is ignored. -For example, if you misspelled `command` as `commnd` then the pod will be created but +For example, if you misspelled `command` as `command` then the pod will be created but will not use the command line you intended it to use. The first thing to do is to delete your pod and try creating it again with the `--validate` option. For example, run `kubectl apply --validate -f mypod.yaml`. -If you misspelled `command` as `commnd` then will give an error like this: +If you misspelled `command` as `command` then will give an error like this: ```shell -I0805 10:43:25.129850 46757 schema.go:126] unknown field: commnd +I0805 10:43:25.129850 46757 schema.go:126] unknown field: command I0805 10:43:25.129973 46757 schema.go:129] this may be a false alarm, see https://github.com/kubernetes/kubernetes/issues/6842 pods/mypod ``` diff --git a/content/en/docs/tasks/debug/debug-cluster/windows.md b/content/en/docs/tasks/debug/debug-cluster/windows.md index a7315e4f03cfc..d47fb31b7b4d3 100644 --- a/content/en/docs/tasks/debug/debug-cluster/windows.md +++ b/content/en/docs/tasks/debug/debug-cluster/windows.md @@ -22,7 +22,7 @@ content_type: concept {{< note >}} If using containerd as your container runtime the pause image is specified in the - `plugins.plugins.cri.sandbox_image` field of the of config.toml configration file. + `plugins.plugins.cri.sandbox_image` field of the of config.toml configuration file. {{< /note >}} 1. My pods show status as `ErrImgPull` or `ImagePullBackOff` diff --git a/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md b/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md index 6e665427cb1bb..f2e3e5d1e0ae2 100644 --- a/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md +++ b/content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md @@ -394,7 +394,7 @@ would be sent to the API server. #### Controlling pruning By default, all unspecified fields for a custom resource, across all versions, are pruned. It is possible though to -opt-out of that for specifc sub-trees of fields by adding `x-kubernetes-preserve-unknown-fields: true` in the +opt-out of that for specific sub-trees of fields by adding `x-kubernetes-preserve-unknown-fields: true` in the [structural OpenAPI v3 validation schema](#specifying-a-structural-schema). For example: diff --git a/content/en/docs/tasks/extend-kubernetes/socks5-proxy-access-api.md b/content/en/docs/tasks/extend-kubernetes/socks5-proxy-access-api.md index 2de5a39c522af..3e607a9cbaa38 100644 --- a/content/en/docs/tasks/extend-kubernetes/socks5-proxy-access-api.md +++ b/content/en/docs/tasks/extend-kubernetes/socks5-proxy-access-api.md @@ -91,7 +91,7 @@ apiVersion: v1 clusters: - cluster: certificate-authority-data: LRMEMMW2 # shortened for readability - server: https://:6443 # the "Kubernetes API" server, in other words the IP address of kubernetes-remote-server.example + server: https://:6443 # the "Kubernetes API" server, in other words the IP address of kubernetes-remote-server.example proxy-url: socks5://localhost:1080 # the "SSH SOCKS5 proxy" in the diagram above name: default contexts: