Update Audit Logging documentation for 1.10 #7679
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k8s-ci-robot
added
cncf-cla: yes
|
/milestone v1.10 |
11 tasks
|
Deploy preview for kubernetes-io-vnext-staging ready! Built with commit d03415c https://deploy-preview-7679--kubernetes-io-vnext-staging.netlify.com |
ericchiang
reviewed
Mar 8, 2018
There was a problem hiding this comment.
Thanks for this!
Can someone from the docs team comment on the use of "you" and "your"? Instead of:
Parameters should be set to accommodate your load on the apiserver.
I generally prefer:
Parameters should be set to accommodate expected apiserver load.
Though I see "you" and "your" used throughout the docs, so it doesn't seem like we have a hard rule.
| @@ -72,6 +72,9 @@ In both cases, audit events structure is defined by the API in the | |||
| `audit.k8s.io` API group. The current version of the API is | |||
| [`v1beta1`][auditing-api]. | |||
|
|
|||
| **Note:** in case of patches, request objects are arrays, containing operations, not the appropriate | |||
| API objects. You should design your system to behave correctly in this case. | |||
There was a problem hiding this comment.
Drop "You should design your system to behave correctly in this case." It's already implied.
|
|
||
| The following flags are only used in the `batch` mode. | ||
|
|
||
| - `--audit-webhook-batch-buffer-size` defines the size of the buffer to store events before batching. |
There was a problem hiding this comment.
s/size of the buffer to store events/number of events to buffer/
| 10 batches, i.e. 1000 events. | ||
|
|
||
| In most cases however, the default parameters should be sufficient and you don't have to worry about | ||
| setting them manually. You can look at the Prometheus metric `apiserver_audit_error_total` and |
There was a problem hiding this comment.
Does apiserver_audit_error_total include dropped events? If it doesn't can we include the dropped metric here too?
Also can you link to a doc explaining how an admin can scrape the API server?
There was a problem hiding this comment.
Added apiserver_audit_error_total to the description
Also can you link to a doc explaining how an admin can scrape the API server?
Couldn't find any good place to link :( It seems we lack such documentation
@piosz FYI
| ## Multi-cluster setup | ||
|
|
||
| If you're extending the Kubernetes API with the [aggregation layer][kube-aggregator], you can also | ||
| set up audit logging for the aggregated apiserver. To do this, pass the same configuration options |
There was a problem hiding this comment.
Is the same configuration required? Should we mark it "MUST"?
There was a problem hiding this comment.
No, configuration can be different
What I meant to say is that all the flags are the same
Clarified, thanks
| @@ -72,6 +72,9 @@ In both cases, audit events structure is defined by the API in the | |||
| `audit.k8s.io` API group. The current version of the API is | |||
| [`v1beta1`][auditing-api]. | |||
|
|
|||
| **Note:** in case of patches, request objects are arrays, containing operations, not the appropriate | |||
There was a problem hiding this comment.
Maybe:
Audit events for PATCH requests are an array of request objects containing operations, not the entire API object.
what do you think?
There was a problem hiding this comment.
That's a limiting statement. Who knows what types of request will support using JSON arrays as a request body in the future? Rewrote the paragraph though
| - `--audit-webhook-batch-throttle-burst` defines the maximum number of batches generated per second | ||
| if the allowed QPS was underutilized previously | ||
|
|
||
| #### How to set up parameters |
|
Per request of @Bradamant3 putting a temporary hold on anything going into 1.10 until her big patch merges |
bradtopol
added
the
do-not-merge/hold
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
|
In this case it's probably better to avoid "you" not because the style guide says so (the style guide actually recommends "you" over "we", for example), but because load isn't a thing that makes sense to apply personal ownership to. I'd take @ericchiang's suggestion.
|
CaoShuFeng
reviewed
Mar 9, 2018
| @@ -72,6 +72,9 @@ In both cases, audit events structure is defined by the API in the | |||
| `audit.k8s.io` API group. The current version of the API is | |||
| [`v1beta1`][auditing-api]. | |||
|
|
|||
| **Note:** in case of patches, request objects are arrays, containing operations, not the appropriate | |||
| API objects. You should design your system to behave correctly in this case. | |||
There was a problem hiding this comment.
in case of patches, request objects are arrays, containing operations, not the appropriate API objects. You should design your system to behave correctly in this case.
Sorry, in fact, I don't understand this sentence at all....:crying_cat_face:
What's the relation between audit objects and patches?
When would we patch an audit object?
There was a problem hiding this comment.
Maybe an example would help?
|
@crassirostris can you get the requested changes in today? We need to get docs PRs for 1.10 merged. Thanks! (or give an ETA if today's impossible?) |
|
@Bradamant3 can I apply the fixes on Monday? |
|
@crassirostris we can make that work. Thanks for the update! |
|
@Bradamant3 thanks a lot! First thing Monday morning then |
CaoShuFeng
reviewed
Mar 10, 2018
| batching events in the queue | ||
| - `--audit-webhook-batch-throttle-qps` defines the maximum average number of batches generated | ||
| per second | ||
| - `--audit-webhook-batch-throttle-burst` defines the maximum number of batches generated per second |
There was a problem hiding this comment.
per second -> at the same moment
crassirostris
force-pushed
the
audit-release-1.10
branch
from
1940c2c
to
a961913
Compare
crassirostris
commented
Mar 12, 2018
| batching events in the queue | ||
| - `--audit-webhook-batch-throttle-qps` defines the maximum average number of batches generated | ||
| per second | ||
| - `--audit-webhook-batch-throttle-burst` defines the maximum number of batches generated per second |
| - `--audit-webhook-batch-throttle-burst` defines the maximum number of batches generated per second | ||
| if the allowed QPS was underutilized previously | ||
|
|
||
| #### How to set up parameters |
| 10 batches, i.e. 1000 events. | ||
|
|
||
| In most cases however, the default parameters should be sufficient and you don't have to worry about | ||
| setting them manually. You can look at the Prometheus metric `apiserver_audit_error_total` and |
There was a problem hiding this comment.
Added apiserver_audit_error_total to the description
Also can you link to a doc explaining how an admin can scrape the API server?
Couldn't find any good place to link :( It seems we lack such documentation
@piosz FYI
| ## Multi-cluster setup | ||
|
|
||
| If you're extending the Kubernetes API with the [aggregation layer][kube-aggregator], you can also | ||
| set up audit logging for the aggregated apiserver. To do this, pass the same configuration options |
There was a problem hiding this comment.
No, configuration can be different
What I meant to say is that all the flags are the same
Clarified, thanks
|
|
||
| The following flags are only used in the `batch` mode. | ||
|
|
||
| - `--audit-webhook-batch-buffer-size` defines the size of the buffer to store events before batching. |
| @@ -72,6 +72,9 @@ In both cases, audit events structure is defined by the API in the | |||
| `audit.k8s.io` API group. The current version of the API is | |||
| [`v1beta1`][auditing-api]. | |||
|
|
|||
| **Note:** in case of patches, request objects are arrays, containing operations, not the appropriate | |||
| API objects. You should design your system to behave correctly in this case. | |||
| @@ -72,6 +72,9 @@ In both cases, audit events structure is defined by the API in the | |||
| `audit.k8s.io` API group. The current version of the API is | |||
| [`v1beta1`][auditing-api]. | |||
|
|
|||
| **Note:** in case of patches, request objects are arrays, containing operations, not the appropriate | |||
| API objects. You should design your system to behave correctly in this case. | |||
| @@ -72,6 +72,9 @@ In both cases, audit events structure is defined by the API in the | |||
| `audit.k8s.io` API group. The current version of the API is | |||
| [`v1beta1`][auditing-api]. | |||
|
|
|||
| **Note:** in case of patches, request objects are arrays, containing operations, not the appropriate | |||
There was a problem hiding this comment.
That's a limiting statement. Who knows what types of request will support using JSON arrays as a request body in the future? Rewrote the paragraph though
crassirostris
force-pushed
the
audit-release-1.10
branch
from
a961913
to
22e2c1a
Compare
|
Also addressed some out of place "you"s |
|
@Bradamant3 Could you please review this PR? |
Bradamant3
suggested changes
Mar 13, 2018
| @@ -72,6 +72,24 @@ In both cases, audit events structure is defined by the API in the | |||
| `audit.k8s.io` API group. The current version of the API is | |||
| [`v1beta1`][auditing-api]. | |||
|
|
|||
| **Note:** for example, in case of patches, request body is a JSON array with patch operations, not | |||
There was a problem hiding this comment.
Nit, but do we need this first "for example"? (Starts the second sentence also)
if you omit, s/in/In
There was a problem hiding this comment.
Removed first for example. I think the second one is legitimate, since it indicates that an example follows
| This is the default | ||
| - `blocking` - block API server responses on sending each event to the external service | ||
| - `--audit-webhook-initial-backoff` specifies the amount of time to wait after the first failed | ||
| request before retrying. From the second request and so on, exponential backoff is used. |
There was a problem hiding this comment.
edit last sentence here to:
"Subsequent requests are retried with exponential backoff."
("and so on" indicates other types of events, not additional requests)
| name. By default, batching is enabled in `webhook` and disabled in `log`. Similarly, by default | ||
| throttling is enabled in `webhook` and disabled in `log`. | ||
|
|
||
| - `--audit-webhook-mode` define the buffering strategy, one of the following: |
There was a problem hiding this comment.
s/define/defines (as below).
s/,/.
s/one/One
| throttling is enabled in `webhook` and disabled in `log`. | ||
|
|
||
| - `--audit-webhook-mode` define the buffering strategy, one of the following: | ||
| - `batch` - buffer events and asynchronously process then in batches. This is the default |
There was a problem hiding this comment.
add period (.) at the end.
|
|
||
| - `--audit-webhook-mode` define the buffering strategy, one of the following: | ||
| - `batch` - buffer events and asynchronously process then in batches. This is the default | ||
| - `blocking` - block API server responses on processing each individual event |
| The following flags are only used in the `batch` mode. | ||
|
|
||
| - `--audit-webhook-batch-buffer-size` defines the number of events to buffer before batching. | ||
| If the rate of incoming events is too high and the buffer is overflown, events are dropped |
There was a problem hiding this comment.
s/is overflown/overflows
Add period at end.
| - `--audit-webhook-batch-throttle-qps` defines the maximum average number of batches generated | ||
| per second | ||
| - `--audit-webhook-batch-throttle-burst` defines the maximum number of batches generated at the same | ||
| moment if the allowed QPS was underutilized previously |
There was a problem hiding this comment.
Add periods at the end of these four items
crassirostris
commented
Mar 13, 2018
There was a problem hiding this comment.
@Bradamant3 Addressed your comments, thanks a lot for the review!
| @@ -72,6 +72,24 @@ In both cases, audit events structure is defined by the API in the | |||
| `audit.k8s.io` API group. The current version of the API is | |||
| [`v1beta1`][auditing-api]. | |||
|
|
|||
| **Note:** for example, in case of patches, request body is a JSON array with patch operations, not | |||
There was a problem hiding this comment.
Removed first for example. I think the second one is legitimate, since it indicates that an example follows
| This is the default | ||
| - `blocking` - block API server responses on sending each event to the external service | ||
| - `--audit-webhook-initial-backoff` specifies the amount of time to wait after the first failed | ||
| request before retrying. From the second request and so on, exponential backoff is used. |
| throttling is enabled in `webhook` and disabled in `log`. | ||
|
|
||
| - `--audit-webhook-mode` define the buffering strategy, one of the following: | ||
| - `batch` - buffer events and asynchronously process then in batches. This is the default |
|
|
||
| - `--audit-webhook-mode` define the buffering strategy, one of the following: | ||
| - `batch` - buffer events and asynchronously process then in batches. This is the default | ||
| - `blocking` - block API server responses on processing each individual event |
| name. By default, batching is enabled in `webhook` and disabled in `log`. Similarly, by default | ||
| throttling is enabled in `webhook` and disabled in `log`. | ||
|
|
||
| - `--audit-webhook-mode` define the buffering strategy, one of the following: |
| The following flags are only used in the `batch` mode. | ||
|
|
||
| - `--audit-webhook-batch-buffer-size` defines the number of events to buffer before batching. | ||
| If the rate of incoming events is too high and the buffer is overflown, events are dropped |
| - `--audit-webhook-batch-throttle-qps` defines the maximum average number of batches generated | ||
| per second | ||
| - `--audit-webhook-batch-throttle-burst` defines the maximum number of batches generated at the same | ||
| moment if the allowed QPS was underutilized previously |
crassirostris
force-pushed
the
audit-release-1.10
branch
from
22e2c1a
to
db026ee
Compare
Bradamant3
reviewed
Mar 13, 2018
| throttling is enabled in `webhook` and disabled in `log`. | ||
|
|
||
| - `--audit-webhook-mode` defines the buffering strategy. One of the following: | ||
| - `batch` - buffer events and asynchronously process then in batches. This is the default. |
There was a problem hiding this comment.
Sorry, missed a misspelling.
s/then/them
Bradamant3
reviewed
Mar 13, 2018
| - `batch` - buffer events and asynchronously process then in batches. This is the default. | ||
| - `blocking` - block API server responses on processing each individual event. | ||
|
|
||
| The following flags are only used in the `batch` mode. |
There was a problem hiding this comment.
and only bc there's already another fix:
"The following flags are used only in the the batch mode."
|
@crassirostris sorry caught two more things. Thank you! |
Signed-off-by: Mik Vyatskov <vmik@google.com>
crassirostris
force-pushed
the
audit-release-1.10
branch
from
db026ee
to
d03415c
Compare
|
@Bradamant3 Done, thanks so much for your thorough review! |
|
/approve /lgtm (because tech reviewer forgot the slash on the /lgtm) |
k8s-ci-robot
added
the
lgtm
Bradamant3
approved these changes
Mar 14, 2018
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Bradamant3 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
tengqm
reviewed
Mar 14, 2018
| Parameters should be set to accommodate the load on the apiserver. | ||
|
|
||
| For example, if kube-apiserver receives 100 requests each second, and each request is audited only | ||
| on `StageResponseStarted` and `StageResponseComplete` stages, you should account for ~200 audit |
There was a problem hiding this comment.
These should be ResponseStarted and ResponseComplete respectively.
There was a problem hiding this comment.
Good point, thanks! Filed #7746
steveperry-53
pushed a commit
that referenced
this pull request
Mar 27, 2018
* 1.10 update (#7151) * Fix partition value expected behaviour explanation (#7123) Fixes issue #7057 * Correct "On-Premise" to "On-Premises" * Updates the Calico installation page (#7094) * All files for Haufe Groups case study (#7051) * Fix typo (#7127) * fix typo of device-plugins.md (#7106) * fix broken links (#7136) * Updated configure-service-account (#7147) Error from server resolved by escaping kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "myregistrykey"}]}' JSON string by '\' * Remove docs related to 'require-kubeconfig' (#7138) With kubernetes/kubernetes#58367 merged, v1.10 will not use the "require-kubeconfig" flag. The flag has become a no-op solely to ensure existing deployments won't break. * Added Verification Scenario for a Pod that Uses a PVC in Terminating State (#7164) The below PR: kubernetes/kubernetes#55873 modified scheduler in such a way that scheduling of a pod that uses a PVC in Terminating state fails. That's why verification of such scenario was added to documentation. * fix LimitPodHardAntiAffinityTopology name (#7221) * Document the removal of the KubeletConfigFile feature gate (#7140) With kubernetes/kubernetes#58978 merged, the said feature gate is removed. This PR removes texts related to the gate and revises the Feature Gates reference to reflect this change. * deprecate three admission controller (#7363) * Document the removal of Accelerators feature gate (#7389) The `Accelerators` feature gate will be removed in 1.11. 1.10 will be its last mile. References: kubernetes/kubernetes#57384 * Update local storage docs for beta (#7473) * Document that HugePages feature gate is Beta (#7387) The `HugePages` feature gate has graduated to Beta in v1.10. This PR documents this fact. * Add HyperVContainer feature gates (#7502) * Remove the beta reference from Taints and Tolerations doc (#7493) * Kms provider doc (#7479) * Kms provider doc * issue# 7399, Create KMS-provider.md and update encrypt-data.md * address review comments * Document that Device Plugin feature is Beta (1.10) (#7512) * Add docs for CRD features for 1.10 (#7439) * Add docs for CRD features for 1.10 * Add CustomResourcesSubresources to list of feature gates * Add latest changes to custom resources doc * Add crds as abbreviated alias (#7437) * Bring PVC Protection Feature to Beta (#7165) * Bring PVC Protection Feature to Beta The PR: kubernetes/kubernetes#59052 brought PVC Protection feature to beta. That's why the documentation is updated accordingly. * The PVC Protection feature was renamed to Storage Protection. That's why the documentation is updated. * promote PodNodeSelector to stable; document detailed behavior (#7134) * promote PodNodeSelector to stable; document detailed behavior * respond to feedback * Update CPU manager feature enabling (#7390) With `CPUManager` feature graduating to beta. No explicit enabling is required starting v1.10. References: kubernetes/kubernetes#55977 * Adding block volumeMode documentation for local volumes. (#7531) Code review comments. Changed property to field. Address tech review comment. * remove description kubectl --show-all (#7574) --show-all has been deprecated and set to true by default. kubernetes/kubernetes#60210 * fix description about contribute style guide (#7592) * fix description about KUBECONFIG (#7589) s/envrionment/environment * fix description about cni (#7588) s/simultanously/simultaneously/ * fix description about MutatingAdmissionWebhook and ValidatingAdmissionWebhook (#7587) * fix description about persistent volume binding (#7590) s/slighty/slightly/ * Doc change for configurable pod resolv.conf Beta (#7611) * fix description about out of resource handling (#7597) s/threshhold/threshold * fix description about zookeeper (#7598) s/achive/achieve * fix description about kubeadm (#7594) s/compatability/compatibility/ * fix description about kubeadm (#7593) * fix description about kubeadm implementation details (#7595) * fix description about api concepts (#7596) * Storage Protection was renamed to Storage Object in Use Protection (#7576) * Storage Protection was renamed to Storage Object in Use Protection The K8s PR: kubernetes/kubernetes#59901 renamed Storage Protection to Storage Object in Use Protection. That's why the same is also renamed in the documentation. * Moved Storage Object in Use Protection admission plugin description down according to alphabetic order. * Use PSP from policy API group. (#7562) * update kubeletconfig docs for v1.10, beta (#7561) * Update port-forwarding docs (#7575) * add pv protection description (#7620) * fix description about client library (#7634) * Add docs on configuring NodePort IP (#7631) * Document that LocalStorageCapacityIsolation is beta (#7635) A follow-up to the kubernetes/kubernetes#60159 change which has promoted the `LocalStorageCapacityIsolation` feature gate to Beta. * Update CoreDNS docs for beta (#7638) * Update CoreDNS docs for beta * Review comments * Fix typo (#7640) * Update feature gates move to beta (#7662) * Added the inability to use colon ':' character as environment variable names and described workaround (#7657) * merge master to 1.10, with fixes (#7682) * Flag names changed (s/admission-control/enable-admission-plugins); disable-admissions-plugin entry added; removed reference to admission controller/plugins requiring set order (for v1.10), redundant example enabling specific plugin, and redundant version-specific info (#7449) * Documentation for MountPropagation beta (#7655) * Remove job's scale-related operations (#7684) * authentication: document client-go exec plugins (#7648) * authentication: document client-go exec plugins * Update authentication.md * Update local ephemeral storage feature to beta (#7685) Update local ephemeral storage feature to beta * Update docs for windows container resources (#7653) * add server-side print docs (#7671) * Create a task describing Pod process namespace sharing (#7489) * Add external metrics to HPA docs (#7664) * Add external metrics to HPA docs * Update horizontal-pod-autoscale-walkthrough.md * Apply review comments to HPA walkthrough * remove description about "scale jobs" (#7712) * CSI Docs for K8s v1.10 (#7698) * Add a warning about increased memory consumption for audit logging feature. (#7725) Signed-off-by: Mik Vyatskov <vmik@google.com> * Update Audit Logging documentation for 1.10 (#7679) Signed-off-by: Mik Vyatskov <vmik@google.com> * Fix stage names in audit logging documentation (#7746) Signed-off-by: Mik Vyatskov <vmik@google.com> * Feature gate update for release 1.10 (#7742) * State in the docs that the value of default Node labels are not reliable. (#7794) * Kill the reference to --admission-control option (#7755) The `--admission-control` option has been replaced by two new options in v1.10. This PR kills the last appearance of the old option in the doc. * Pvcprotection toc (#7807) * Refreshing installation instructions (#7495) * Refreshing installation instructions Added conjure-up. Updated displays and juju versions to current versions. * Updated anchors * Fixed image value version typo (#7768) Was inconsistent with other values * Update flocker reference to the github repo (#7784) * Fix typo in federation document (#7779) * an user -> a user (#7778) * Events are namespaced (#7767) * fix 'monitoring' link lose efficacy problem' (#7764) * docs/concepts/policy/pod-security-policy.md: minor fix. (#7659) * Update downward-api-volume-expose-pod-information.md (#7771) * Update downward-api-volume-expose-pod-information.md The pod spec puts the downward api files into /etc/podinfo, not directly in /etc. Updated docs to reflect this fact. * Update downward-api-volume-expose-pod-information.md One more spot needed fixing. * Update downward-api-volume-expose-pod-information.md Yet another fix, in the container example. * Add Amadeus Case Study (#7783) * Add Amadeus Case Study * add Amadeus logo * Fixed Cyrillic с in 'kube-proxy-cm' (#7787) There was a typo (wrong character) in kube-proxy-cm.yaml - Cyrillic с (UTF-8 0x0441) was used instead of Latin c. * install-kubectl: choose one installation method (#7705) The previous text layout suggested that all installations had to be done, one after another. * Update install-kubeadm.md (#7781) Add note to kubeadm install instruction to help install in other arch i.e. aarch64, ppc64le etc. * repair failure link (#7788) * repair failure link * repair failure link * do change as required * Update k8s201.md (#7777) * Update k8s201.md Change instructions to download yams files directly from the website (as used in other pages.) Added instructions to delete labeled pod to avoid warnings in the subsequent deployment step. * Update k8s201.md Added example of using the exposed host from the a node running Kubernetes. (This works on AWS with Weave; not able to test it on other variations...) * Gramatical fix to kompose introduction (#7792) The original wording didn't through very well. As much of the original sentence has been preserved as possible, primarily to ensure the kompose web address is see both in text and as a href link. * update amadeus.html (#7800) * Fix a missing word in endpoint reconciler section (#7804) * add toc entry for pvcprotection downgrade issue doc * Pvcprotection toc (#7809) * Refreshing installation instructions (#7495) * Refreshing installation instructions Added conjure-up. Updated displays and juju versions to current versions. * Updated anchors * Fixed image value version typo (#7768) Was inconsistent with other values * Update flocker reference to the github repo (#7784) * Fix typo in federation document (#7779) * an user -> a user (#7778) * Events are namespaced (#7767) * fix 'monitoring' link lose efficacy problem' (#7764) * docs/concepts/policy/pod-security-policy.md: minor fix. (#7659) * Update downward-api-volume-expose-pod-information.md (#7771) * Update downward-api-volume-expose-pod-information.md The pod spec puts the downward api files into /etc/podinfo, not directly in /etc. Updated docs to reflect this fact. * Update downward-api-volume-expose-pod-information.md One more spot needed fixing. * Update downward-api-volume-expose-pod-information.md Yet another fix, in the container example. * Add Amadeus Case Study (#7783) * Add Amadeus Case Study * add Amadeus logo * Fixed Cyrillic с in 'kube-proxy-cm' (#7787) There was a typo (wrong character) in kube-proxy-cm.yaml - Cyrillic с (UTF-8 0x0441) was used instead of Latin c. * install-kubectl: choose one installation method (#7705) The previous text layout suggested that all installations had to be done, one after another. * Update install-kubeadm.md (#7781) Add note to kubeadm install instruction to help install in other arch i.e. aarch64, ppc64le etc. * repair failure link (#7788) * repair failure link * repair failure link * do change as required * Update k8s201.md (#7777) * Update k8s201.md Change instructions to download yams files directly from the website (as used in other pages.) Added instructions to delete labeled pod to avoid warnings in the subsequent deployment step. * Update k8s201.md Added example of using the exposed host from the a node running Kubernetes. (This works on AWS with Weave; not able to test it on other variations...) * Gramatical fix to kompose introduction (#7792) The original wording didn't through very well. As much of the original sentence has been preserved as possible, primarily to ensure the kompose web address is see both in text and as a href link. * update amadeus.html (#7800) * Fix a missing word in endpoint reconciler section (#7804) * add toc entry for pvcprotection downgrade issue doc * revert TOC change * Release 1.10 (#7818) * Refreshing installation instructions (#7495) * Refreshing installation instructions Added conjure-up. Updated displays and juju versions to current versions. * Updated anchors * Fixed image value version typo (#7768) Was inconsistent with other values * Update flocker reference to the github repo (#7784) * Fix typo in federation document (#7779) * an user -> a user (#7778) * Events are namespaced (#7767) * fix 'monitoring' link lose efficacy problem' (#7764) * docs/concepts/policy/pod-security-policy.md: minor fix. (#7659) * Update downward-api-volume-expose-pod-information.md (#7771) * Update downward-api-volume-expose-pod-information.md The pod spec puts the downward api files into /etc/podinfo, not directly in /etc. Updated docs to reflect this fact. * Update downward-api-volume-expose-pod-information.md One more spot needed fixing. * Update downward-api-volume-expose-pod-information.md Yet another fix, in the container example. * Add Amadeus Case Study (#7783) * Add Amadeus Case Study * add Amadeus logo * Fixed Cyrillic с in 'kube-proxy-cm' (#7787) There was a typo (wrong character) in kube-proxy-cm.yaml - Cyrillic с (UTF-8 0x0441) was used instead of Latin c. * install-kubectl: choose one installation method (#7705) The previous text layout suggested that all installations had to be done, one after another. * Update install-kubeadm.md (#7781) Add note to kubeadm install instruction to help install in other arch i.e. aarch64, ppc64le etc. * repair failure link (#7788) * repair failure link * repair failure link * do change as required * Update k8s201.md (#7777) * Update k8s201.md Change instructions to download yams files directly from the website (as used in other pages.) Added instructions to delete labeled pod to avoid warnings in the subsequent deployment step. * Update k8s201.md Added example of using the exposed host from the a node running Kubernetes. (This works on AWS with Weave; not able to test it on other variations...) * Gramatical fix to kompose introduction (#7792) The original wording didn't through very well. As much of the original sentence has been preserved as possible, primarily to ensure the kompose web address is see both in text and as a href link. * update amadeus.html (#7800) * Fix a missing word in endpoint reconciler section (#7804) * Partners page updates (#7802) * Partners page updates * Update to ZTE link * Make using sysctls a task instead of a concept (#6808) Closes: #4505 * add a note when mount a configmap to pod (#7745) * adjust a note format (#7812) * Update docker-cli-to-kubectl.md (#7748) * Update docker-cli-to-kubectl.md Edited the document for adherence to the style guide and word usage. * Update docker-cli-to-kubectl.md * Incorporated the changes suggested. * Mount propagation update to include docker config (#7854) * update overridden config for 1.10 (#7847) * update overridden config for 1.10 * fix config file per comments * Update Extended Resource doc wrt cluster-level resources (#7759)
zacharysarah
pushed a commit
that referenced
this pull request
Apr 16, 2018
Signed-off-by: Mik Vyatskov <vmik@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sorry for the late PR
This is a docs PR for the Advanced Audit Logging feature. Items to address in this update are listed in the umbrella issue for this release.
Fixes kubernetes/kubernetes#60110
/cc @tallclair @sttts @ericchiang @CaoShuFeng