Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Promote sysctls to Beta #8804

Merged
merged 5 commits into from Jun 15, 2018

Conversation

@ingvagabund
Copy link
Contributor

ingvagabund commented May 29, 2018

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
For 1.11 Features: set Milestone to 1.11 and Base Branch to release-1.11
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
NOTE: After opening the PR, please un-check and re-check the "Allow edits from maintainers" box so that maintainers can work on your patch and speed up the review process. This is a temporary workaround to address a known issue with GitHub.>

Please delete this note before submitting the pull request.

Blocked until kubernetes/kubernetes#63717 gets merged

Edit: kubernetes/kubernetes#63717 merged

@k8sio-netlify-preview-bot

This comment has been minimized.

Copy link
Collaborator

k8sio-netlify-preview-bot commented May 29, 2018

Deploy preview for kubernetes-io-master-staging ready!

Built with commit 025c86b

https://deploy-preview-8804--kubernetes-io-master-staging.netlify.com

@ingvagabund ingvagabund force-pushed the ingvagabund:update-sysctl-docs branch 2 times, most recently from ee7fe38 to 025c86b May 29, 2018

@ingvagabund ingvagabund referenced this pull request May 29, 2018

Open

Add sysctl support #34

16 of 20 tasks complete

@ingvagabund ingvagabund force-pushed the ingvagabund:update-sysctl-docs branch from 025c86b to 876bde3 May 29, 2018

@k8s-ci-robot k8s-ci-robot added size/L and removed size/M labels May 29, 2018

@ingvagabund ingvagabund changed the base branch from master to release-1.11 May 29, 2018

@k8s-ci-robot k8s-ci-robot added size/M and removed size/L labels May 29, 2018

@mistyhacks mistyhacks added this to the 1.11 milestone May 29, 2018

@@ -105,20 +105,25 @@ manually by the cluster admin, either by means of the underlying Linux
distribution of the nodes (e.g. via `/etc/sysctls.conf`) or using a DaemonSet
with privileged containers.

The sysctl feature is an alpha API. Therefore, sysctls are set using annotations
The sysctl feature is a beta API. The sysctls are set through pod security context

This comment has been minimized.

@mistyhacks

mistyhacks May 29, 2018

Member

Can you use the feature shortcode for this instead of just having it in a paragraph? Syntax is like:

{{< feature-state for_k8s_version="v1.11" state="beta" >}}

This is lots easier to maintain than having to hunt through the Markdown files for mentions of "alpha", "beta" etc in the flow of the text.

- name: kernel.shm_rmid_forced
value: 1
- name: net.ipv4.route.min_pmtu
value: 1000,

This comment has been minimized.

@mistyhacks

mistyhacks May 29, 2018

Member

I think the comma might be spurious

- name: net.ipv4.route.min_pmtu
value: 1000,
- name: kernel.msgmax
value: 1 2 3

This comment has been minimized.

@mistyhacks

mistyhacks May 29, 2018

Member

Is this a placeholder? Doesn't look right.

@ingvagabund ingvagabund force-pushed the ingvagabund:update-sysctl-docs branch from 876bde3 to d6de5e9 May 30, 2018

@k8sio-netlify-preview-bot

This comment has been minimized.

Copy link
Collaborator

k8sio-netlify-preview-bot commented May 30, 2018

Deploy preview for kubernetes-io-vnext-staging processing.

Built with commit 8156163

https://app.netlify.com/sites/kubernetes-io-vnext-staging/deploys/5b2338eb3672df657e45285e

@ingvagabund ingvagabund force-pushed the ingvagabund:update-sysctl-docs branch from d6de5e9 to 8a84906 May 30, 2018

@ingvagabund ingvagabund changed the title WIP: Promote sysctls to Beta Promote sysctls to Beta May 30, 2018

@ingvagabund

This comment has been minimized.

Copy link
Contributor Author

ingvagabund commented May 30, 2018

/hold

@@ -213,6 +214,7 @@ Each feature gate is designed for enabling/disabling a specific feature:
- `SupportIPVSProxyMode`: Enable providing in-cluster service load balancing using IPVS.
See [service proxies](/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies) for more details.
- `SupportPodPidsLimit`: Enable the support to limiting PIDs in Pods.
- `Sysctls`: Comma-separated whitelist of unsafe sysctls or unsafe sysctl patterns (ending in `*`)

This comment has been minimized.

@php-coder

php-coder May 30, 2018

Contributor

Looks like copy&pasted text. I'd expect it to briefly explain what support will be enabled by activating this gate.

This comment has been minimized.

@tengqm

tengqm May 31, 2018

Contributor

Agree to @php-coder, we'd better:

  • briefly explain the differences this feature gate has made to the system;
  • provide a link to the docs/tasks/administer-cluster/sysctl-cluster/ doc

This comment has been minimized.

@ingvagabund

ingvagabund May 31, 2018

Author Contributor

Changed to:

- `Sysctls`: Enable the sysctl support for tunning kernel parameters to better isolate resources of container.
  See [sysctls](/docs/tasks/administer-cluster/sysctl-cluster/) for more details.
or sysctl patterns (which end in `*`). The string `*` matches all sysctls.

The `allowedUnsafeSysctls` field excludes sysctls from the whitelist (`*` means
no safe sysctls allowed).

This comment has been minimized.

@tengqm

tengqm May 31, 2018

Contributor

* means no safe sysctls allowed

This is confusing... If there is a foo in this field, I'm expecting foo as an unsafe sysctl is allowed. If there is a * in the list, I'm expecting that all unsafe sysctls are allowed. This has nothing to do with safe sysctls, right?

This comment has been minimized.

@ingvagabund

ingvagabund May 31, 2018

Author Contributor

Right, allowedUnsafeSysctls <-> forbiddenSysctls. Thanks for noticing that.

This comment has been minimized.

@ingvagabund

ingvagabund May 31, 2018

Author Contributor

Fixed.

The `allowedUnsafeSysctls` field excludes sysctls from the whitelist (`*` means
no safe sysctls allowed).
Any sysctl specified by the `forbiddenSysctls` is on the other hand allowed (`*`
means all unsafe sysctls allowed).

This comment has been minimized.

@tengqm

tengqm May 31, 2018

Contributor

IIUC, this field doesn't distinguish whether a sysctl is safe or not, a * means no sysctls can be set in a Pod's spec.securityContext.sysctls. Please clarify.

This comment has been minimized.

@ingvagabund

ingvagabund May 31, 2018

Author Contributor

Fixed.


{{< note >}}
**Note**: Even though the `allowedUnsafeSysctls` allows certain unsafe sysctls,
if they are not allowed on the kubelet side, the pod fails to start.

This comment has been minimized.

@tengqm

tengqm May 31, 2018

Contributor

Should we mention the --experimental-allowed-unsafe-sysctls flag of kubelet here?

This comment has been minimized.

@ingvagabund

ingvagabund May 31, 2018

Author Contributor

Done.

{{< warning >}}
**Warning**: If you use the `--allowed-unsafe-sysctls` flag when starting the
pod and the value of the flag conflicts with the contents of the
`allowedUnsafeSysctls` field in the PodSecurityPolicy, the pod will fail to

This comment has been minimized.

@sttts

sttts Jun 11, 2018

Contributor

what does "conflicts with the contents of the allowedUnsafeSysctls field" mean? The is no directly relation between the two. This would be correct: If you whitelist unsafe sysctls via the allowedUnsafeSysctls field in a PSP, any pod using such a sysctl will fail to start if the sysctl is not whitelisted via the --allowed-unsafe-sysctls kubelet flag as well on that node.

Copyedits
Signed-off-by: Misty Stanley-Jones <mistyhacks@google.com>

@ingvagabund ingvagabund force-pushed the ingvagabund:update-sysctl-docs branch from 2afd0a1 to 4e1ab6e Jun 12, 2018


The sysctl feature is an alpha API. Therefore, sysctls are set using annotations
on pods. They apply to all containers in the same pod.
In general, use the pod security context on pods to configure sysctls.

This comment has been minimized.

@mistyhacks

mistyhacks Jun 12, 2018

Member

Maybe "When possible, use the pod security context to configure sysctls on pods. This context applies to all containers on a given pod."

This comment has been minimized.

@sttts

sttts Jun 13, 2018

Contributor

"when possible" is misleading. The pod security context is the way to configure sysctls. There is no alternative.


Here is an example, it authorizes binding user creating pod with corresponding sysctls.
It's not allowed to configure these two fields such that there is overlap.

This comment has been minimized.

@mistyhacks

mistyhacks Jun 12, 2018

Member

s/It's not allowed/Do not

What happens if you do? Is there an error?

This comment has been minimized.

@mistyhacks

mistyhacks Jun 12, 2018

Member

I think that my question is answered by the warning below. Maybe this sentence belongs as part of the warning.

This comment has been minimized.

@sttts

sttts Jun 13, 2018

Contributor

I still think the warning here is wrong. An overlap is simply not allowed by validation. Such a PSP is rejected. Nothing bad happens if you try.

This comment has been minimized.

@sttts

sttts Jun 13, 2018

Contributor

The warning and this sentence are unrelated. The warning is about pods which will be unable to launch even though the PSP allows them, but the kubelet does not. This sentence here is about the overlap of both fields in the PSP.

@mistyhacks

This comment has been minimized.

Copy link
Member

mistyhacks commented Jun 14, 2018

I just pushed another copyedit commit. PTAL @sttts @ingvagabund and lift the hold if this is now good to go.

/hold
/approve


The following sysctls are known to be _namespaced_:
The following sysctls are _namespaced_:

This comment has been minimized.

@sttts

sttts Jun 14, 2018

Contributor

this list might change from kernel to kernel. This was the reason for the "known to be".

This comment has been minimized.

@mistyhacks

mistyhacks Jun 15, 2018

Member

Thanks for the clarification. I misunderstood the intent.

with privileged containers.
Sysctls with no namespace are called _node-level_ sysctls. If you need to set
them, you must manually configure them on each node's operating system, or by
using a DaemonSet with privileged containers.

This comment has been minimized.

@sttts

sttts Jun 14, 2018

Contributor

👍


The sysctl feature is an alpha API. Therefore, sysctls are set using annotations
on pods. They apply to all containers in the same pod.
For namespaced sysctls, use the pod securityContext to configure sysctls. They

This comment has been minimized.

@sttts

sttts Jun 14, 2018

Contributor

nit: to configure them.

## PodSecurityPolicy Annotations
## PodSecurityPolicy

To control which sysctls can be set in pods, specify the

This comment has been minimized.

@sttts

sttts Jun 14, 2018

Contributor

nit: To further control

To control which sysctls can be set in pods, specify the
`forbiddenSysctls` and/or `allowedUnsafeSysctls` fields in the PodSecurityPolicy.

By default, all safe sysctls in the whitelist are allowed.

This comment has been minimized.

@sttts

sttts Jun 14, 2018

Contributor

nit: the whitelist defines the safe sysctls. "in the whitelist" is redundant.


The use of sysctl in pods can be controlled via annotation on the PodSecurityPolicy.
The `forbiddenSysctls` field excludes specific sysctls, and can include a

This comment has been minimized.

@sttts

sttts Jun 14, 2018

Contributor

nit: excludes vs. include is confusing. Better use a different word for "include".

not present in the `forbiddenSysctls` field, that sysctl can be used in Pods under
this PodSecurityPolicy. In order to allow all unsafe sysctls in the PodSecurityPolicy
to be set (except for those explicitly forbidden by `forbiddenSysctls`),
use `*` on its own.

This comment has been minimized.

@sttts

sttts Jun 14, 2018

Contributor

unfortunately this does not work: you cannot use * and forbid some in forbiddenSysctls at the same time. Just drop the parenthesis.

**Warning**: If you whitelist unsafe sysctls via the `allowedUnsafeSysctls` field
in a PodSecurityPolicy, any pod using such a sysctl will fail to start
if the sysctl is not whitelisted via the `--allowed-unsafe-sysctls` kubelet
flag as well on that node.

This comment has been minimized.

@sttts

sttts Jun 14, 2018

Contributor

👍

@sttts

This comment has been minimized.

Copy link
Contributor

sttts commented Jun 14, 2018

@mistyhacks left some remaining comments. Overall, it looks much better now.

@mistyhacks

This comment has been minimized.

Copy link
Member

mistyhacks commented Jun 15, 2018

Addressed remaining feedback.
/hold cancel
/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added lgtm and removed do-not-merge/hold labels Jun 15, 2018

@k8s-ci-robot

This comment has been minimized.

Copy link

k8s-ci-robot commented Jun 15, 2018

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mistyhacks

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 5239150 into kubernetes:release-1.11 Jun 15, 2018

4 checks passed

cla/linuxfoundation mistyhacks authorized
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
deploy/netlify Deploy preview ready!
Details
tide In merge pool.
Details

@ingvagabund ingvagabund deleted the ingvagabund:update-sysctl-docs branch Jun 15, 2018

mistyhacks added a commit that referenced this pull request Jun 20, 2018

Promote sysctls to Beta (#8804)
* Promote sysctls to Beta

* Copyedits

Signed-off-by: Misty Stanley-Jones <mistyhacks@google.com>

* Review comments

* Address feedback

* More feedback

mistyhacks added a commit that referenced this pull request Jun 27, 2018

Promote sysctls to Beta (#8804)
* Promote sysctls to Beta

* Copyedits

Signed-off-by: Misty Stanley-Jones <mistyhacks@google.com>

* Review comments

* Address feedback

* More feedback

mistyhacks added a commit that referenced this pull request Jun 27, 2018

Promote sysctls to Beta (#8804)
* Promote sysctls to Beta

* Copyedits

Signed-off-by: Misty Stanley-Jones <mistyhacks@google.com>

* Review comments

* Address feedback

* More feedback

k8s-ci-robot added a commit that referenced this pull request Jun 27, 2018

Release docs for Kubernetes 1.11 (#9171)
* Seperate priority and preemption (#8144)

* Doc about PID pressure condition. (#8211)

* Doc about PID pressure condition.

Signed-off-by: Da K. Ma <klaus1982.cn@gmail.com>

* "so" -> "too"

* Update version selector for 1.11

* StorageObjectInUseProtection is GA (#8291)

* Feature gate: StorageObjectInUseProtection is GA

Update feature gate reference for 1.11

* Trivial commit to re-trigger Netlify

* CRIContainerLogRotation is Beta in 1.11 (#8665)

* Seperate priority and preemption (#8144)

* CRIContainerLogRotation is Beta in 1.11

xref: kubernetes/kubernetes#64046

* Bring StorageObjectInUseProtection feature to GA (#8159)

* StorageObjectInUseProtection is GA (#8291)

* Feature gate: StorageObjectInUseProtection is GA

Update feature gate reference for 1.11

* Trivial commit to re-trigger Netlify

* Bring StorageObjectInUseProtection feature to GA

StorageObjectInUseProtection is Beta in K8s 1.10.

It's brought to GA in K8s 1.11.

* Fixed typo and added feature state tags.

* Remove KUBE_API_VERSIONS doc (#8292)

The support to the KUBER_API_VERSIONS environment variable is completely
dropped (no deprecation). This PR removes the related doc in
release-1.11.

xref: kubernetes/kubernetes#63165

* Remove InitialResources from admission controllers (#8293)

The feature (was experimental) is dropped in 1.11.

xref: kubernetes/kubernetes#58784

* Remove docs related to in-tree support to GPU (#8294)

* Remove docs related to in-tree support to GPU

The in-tree support to GPU is completely removed in release 1.11.
This PR removes the related docs in release-1.11 branch.

xref: kubernetes/kubernetes#61498

* Update content updated by PR to Hugo syntax

Signed-off-by: Misty Stanley-Jones <mistyhacks@google.com>

* Update the doc about extra volume in kubeadm config (#8453)

Signed-off-by: Xianglin Gao <xianglin.gxl@alibaba-inc.com>

* Update CRD Subresources for 1.11 (#8519)

* coredns: update notes in administer-cluster/coredns.md (#8697)

CoreDNS is installed by default in 1.11.
Add notes on how to install kube-dns instead.

Update notes about CoreDNS->CoreDNS upgrades as in 1.11
the Corefile is retained.

Add example on upgrading from kube-dns to CoreDNS.

* kubeadm-alpha: CoreDNS related changes (#8727)

Update note about CoreDNS feature gate.

This change also updates a tab as a kubeadm sub-command
will change.

It looks for a new generated file:
generated/kubeadm_alpha_phase_addon_coredns.md
instead of:
generated/kubeadm_alpha_phase_addon_kube-dns.md

* Update cloud controller manager docs to beta 1.11 (#8756)

* Update cloud controller manager docs to beta 1.11

* Use Hugo shortcode for feature state

* kubeadm-upgrade: include new command `kubeadm upgrade diff` (#8617)

Also:
- Include note that this was added in 1.11.
- Modify the note about upgrade guidance.

* independent: update CoreDNS mentions for kubeadm (#8753)

Give CoreDNS instead of kube-dns examples in:
- docs/setup/independent/create-cluster-kubeadm.md
- docs/setup/independent/troubleshooting-kubeadm.md

* update 1.11 --server-print info (#8870)

* update 1.11 --server-print info

* Copyedit

* Mark ExpandPersistentVolumes feature to beta (#8778)

* Update version selector for 1.11

* Mark ExpandPersistentVolumes Beta

xref: kubernetes/kubernetes#64288

* fix shortcode, add placeholder files to fix deploy failures (#8874)

* declare ipvs ga (#8850)

* kubeadm: update info about CoreDNS in kubeadm-init.md (#8728)

Add info to install kube-dns instead of CoreDNS, as CoreDNS
is the default DNS server in 1.11.

Add notes that kubeadm config images can be used to list and pull
the required images in 1.11.

* kubeadm: update implementation-details.md about CoreDNS (#8829)

- Replace examples from kube-dns to CoreDNS
- Add notes about the CoreDNS feature gate status in 1.11
- Add note that the service name for CoreDNS is also
called `kube-dns`

* Update block device support for 1.11 (#8895)

* Update block device support for 1.11

* Copyedits

* Fix typo 'fiber channel' (#8957)

Signed-off-by: Misty Stanley-Jones <mistyhacks@google.com>

* kubeadm-upgrade: add the 'node [config]' sub-command (#8960)

- Add includes for the generated pages
- Include placeholder generated pages

* kubeadm-init: update the example for the MasterConfiguration (#8958)

- include godocs link for MasterConfiguration
- include example MasterConfiguration
- add note that `kubeadm config print-default` can be used

* kubeadm-config: include new commands (#8862)

Add notes and includes for these new commands in 1.11:
- kubeadm config print-default
- kubeadm config migrate
- kubeadm config images list
- kubeadm config images pull

Include placeholder generated files for the above.

* administer-cluster/coredns: include more changes (#8985)

It was requested that for this page a couple of methods
should be outlined:
- manual installation for CoreDNS explained at the Kubernetes
section of the GitHub project for CoreDNS
- installation and upgrade via kubeadm

Make the above changes and also add a section "About CoreDNS".

This commit also lowercases a section title.

* Update CRD subresources doc for 1.11 (#8918)

* Add docs for volume expansion and online resizing (#8896)

* Add docs for volume expansion going beta

* Copyedit

* Address feedback

* Update exec plugin docs with TLS credentials (#8826)

* Update exec plugin docs with TLS credentials

kubernetes/kubernetes#61803 implements TLS client credential support for
1.11.

* Copyedit

* More copyedits for clarification

* Additional copyedit

* Change token->credential

* NodeRestriction admission prevents kubelet taint removal (#8911)

* dns-custom-namerserver: break down the page into mutliple sections (#8900)

* dns-custom-namerserver: break down the page into mutliple sections

This page is currently about kube-dns and is a bit outdated.
Introduce the heading `# Customizing kube-dns`.

Introduce a separate section about CoreDNS.

* Copyedits, fix headings for customizing DNS

Hey Lubomir,
I coypedited pretty heavily because this workflow is so much easier for docs and because I'm trying to help improve everything touching kubeadm as much as possible.

But there's one outstanding issue wrt headings and intro content: you can't add a heading 1 to a topic to do what you wanted to do. The page title in the front matter is rendered as a heading 1 and everything else has to start at heading 2. (We still need to doc this better in the docs contributing content, I know.)

Instead, I think we need to rewrite the top-of-page intro content to explain better the relationship between kube-dns and CoreDNS. I'm happy to write something, but I thought I'd push this commit first so you can see what I'm doing.

Hope it's all clear -- ping here or on Slack with any questions ~ Jennifer

* Interim fix for talking about CoreDNS

* Fix CoreDNS details

* PSP readOnly hostPath (#8898)

* Add documentation for crictl (#8880)

* Add documentation for crictl

* Copyedit

Signed-off-by: Misty Stanley-Jones <mistyhacks@google.com>

* Final copyedit

* VolumeSubpathEnvExpansion alpha feature (#8835)

* Note that Heapster is deprecated (#8827)

* Note that Heapster is deprecated

This notes that Heapster is deprecated, and migrates the relevant
docs to talk about metrics-server or other solutions by default.

* Copyedits and improvements

Signed-off-by: Misty Stanley-Jones <mistyhacks@google.com>

* Address feedback

* fix shortcode to troubleshoot deploy (#9057)

* update dynamic kubelet config docs for v1.11 (#8766)

* update dynamic kubelet config docs for v1.11

* Substantial copyedit

* Address feedback

* Reference doc for kubeadm (release-1.11) (#9044)

* Reference doc for kubeadm (release-1.11)

* fix shortcode to troubleshoot deploy (#9057)

* Reference doc for kube-components (release-1.11) (#9045)

* Reference doc for kube-components (release-1.11)

* Update cloud-controller-manager.md

* fix shortcode to troubleshoot deploy (#9057)

* Documentation on lowercasing kubeadm init apiserver SANs (#9059)

* Documentation on lowercasing kubeadm init apiserver SANs

* fix shortcode to troubleshoot deploy (#9057)

* Clarification in dynamic Kubelet config doc (#9061)

* Promote sysctls to Beta (#8804)

* Promote sysctls to Beta

* Copyedits

Signed-off-by: Misty Stanley-Jones <mistyhacks@google.com>

* Review comments

* Address feedback

* More feedback

* kubectl reference docs for 1.11 (#9080)

* Update Kubernetes API 1.11 ref docs (#8977)

* Update v1alpha1 to v1beta1.

* Adjust left nav for 1.11 ref docs.

* Trim list of old ref docs.

* Update Federation API ref docs for 1.11. (#9064)

* Update Federation API ref docs for 1.11.

* Add titles.

* Update definitions.html

* CRD versioning Public Documentation (#8834)

* CRD versioning Public Documentation

* Copyedit

Signed-off-by: Misty Stanley-Jones <mistyhacks@google.com>

* Address feedback

* More rewrites

* Address feedback

* Update main CRD page in light of versioning

* Reorg CRD docs

* Further reorg

* Tweak title

* CSI documentation update for raw block volume support (#8927)

* CSI documetation update for raw block volume support

* minor edits for "CSI raw block volume support"

Some small grammar and style nits.

* minor CSIBlockVolume edits

* Update kubectl component ref page for 1.11. (#9094)

* Update kubectl component ref page for 1.11.

* Add title. Replace stevepe with username.

* crd versioning doc: fix nits (#9142)

* Update `DynamicKubeletConfig` feature to beta (#9110)

xref: kubernetes/kubernetes#64275

* Documentation for dynamic volume limits based on node type (#8871)

* add cos for storage limits

* Update docs specific for aws and gce

* fix some minor things

* Update storage-limits.md

* Add k8s version to feature-state shortcode

* The Doc update for ScheduleDaemonSetPods (#8842)

Signed-off-by: Da K. Ma <klaus1982.cn@gmail.com>

* Update docs related to PersistentVolumeLabel admission control (#9109)

The said admission controller is disabled by default in 1.11
(kubernetes/kubernetes#64326) and scheduled to be removed in future
release.

* client exec auth: updates for 1.11 (#9154)

* Updates HA kubeadm docs (#9066)

* Updates HA kubeadm docs

Signed-off-by: Chuck Ha <ha.chuck@gmail.com>

* kubeadm HA - Add stacked control plane steps

* ssh instructions and some typos in the bash scripts

Signed-off-by: Chuck Ha <ha.chuck@gmail.com>

* Fix typos and copypasta errors

* Fix rebase issues

* Integrate more changes

Signed-off-by: Chuck Ha <ha.chuck@gmail.com>

* copyedits, layout and formatting fixes

* final copyedits

* Adds a sanity check for load balancer connection

Signed-off-by: Chuck Ha <ha.chuck@gmail.com>

* formatting fixes, copyedits

* fix typos, formatting

* Document the Pod Ready++ feature (#9180)

Closes: #9107
Xref: kubernetes/kubernetes#64057

* Mention 'KubeletPluginsWatcher' feature (#9177)

* Mention 'KubeletPluginsWatcher' feature

This feature is more developers oriented than users oriented, so simply
mention it in the feature gate should be fine.
In future, when the design doc is migrated from Google doc to the
kubernetes/community repo, we can add links to it for users who want to
dig deeper.

Closes: #9108
Xref: kubernetes/kubernetes#63328, kubernetes/kubernetes#64605

* Copyedit

* Amend dynamic volume list docs (#9181)

The dynamic volume list feature has been documented but the feature gate
related was not there yet.

Closes: #9105

* Document for service account projection (#9182)

This adds docs for the service account projection feature.

Xref: kubernetes/kubernetes#63819, kubernetes/community#1973
Closes: #9102

* Update pod priority and preemption user docs (#9172)

* Update pod priority and preemption user docs

* Copyedit

* Documentation on setting node name with Kubeadm (#8925)

* Documentation on setting node name with Kubeadm

* copyedit

* Add kubeadm upgrade docs for 1.11 (#9089)

* Add kubeadm upgrade docs for 1.11

* Initial docs review feedback

* Add 1-11 to outline

* Fix formatting on tab blocks

* Move file to correct location

* Add `kubeadm upgrade node config` step

* Overzealous ediffing

* copyedit, fix lists and headings

* clarify --force flag for fixing bad state

* Get TOML ready for 1.11 release

* Blog post for 1.11 release (#9254)

* Blog post for 1.11 release

* Update 2018-06-26-kubernetes-1.11-release-announcement.md

* Update 2018-06-26-kubernetes-1.11-release-announcement.md

* Update 2018-06-26-kubernetes-1.11-release-announcement.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.