diff --git a/docs/cinder-csi.md b/docs/cinder-csi.md index b7dadf1e45e..a6954526988 100644 --- a/docs/cinder-csi.md +++ b/docs/cinder-csi.md @@ -99,4 +99,4 @@ For the moment, only Cinder v3 is supported by the CSI Driver. ## More info -For further information about the Cinder CSI Driver, you can refer to this page: [Cloud Provider OpenStack](https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/using-cinder-csi-plugin.md). +For further information about the Cinder CSI Driver, you can refer to this page: [Cloud Provider OpenStack](https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/cinder-csi-plugin/using-cinder-csi-plugin.md). diff --git a/docs/dns-stack.md b/docs/dns-stack.md index 6e51504ab54..3ba3669ff19 100644 --- a/docs/dns-stack.md +++ b/docs/dns-stack.md @@ -1,6 +1,6 @@ # K8s DNS stack by Kubespray -For K8s cluster nodes, Kubespray configures a [Kubernetes DNS](https://kubernetes.io/docs/admin/dns/) +For K8s cluster nodes, Kubespray configures a [Kubernetes DNS](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/) [cluster add-on](https://releases.k8s.io/master/cluster/addons/README.md) to serve as an authoritative DNS server for a given ``dns_domain`` and its ``svc, default.svc`` default subdomains (a total of ``ndots: 5`` max levels). diff --git a/docs/hardening.md b/docs/hardening.md index d791c4dee66..b485c036cc6 100644 --- a/docs/hardening.md +++ b/docs/hardening.md @@ -118,7 +118,7 @@ Let's take a deep look to the resultant **kubernetes** configuration: * The `enable-admission-plugins` has not the `PodSecurityPolicy` admission plugin. This because it is going to be definitely removed from **kubernetes** `v1.25`. For this reason we decided to set the newest `PodSecurity` (for more details, please take a look here: ). Then, we set the `EventRateLimit` plugin, providing additional configuration files (that are automatically created under the hood and mounted inside the `kube-apiserver` container) to make it work. * The `encryption-provider-config` provide encryption at rest. This means that the `kube-apiserver` encrypt data that is going to be stored before they reach `etcd`. So the data is completely unreadable from `etcd` (in case an attacker is able to exploit this). * The `rotateCertificates` in `KubeletConfiguration` is set to `true` along with `serverTLSBootstrap`. This could be used in alternative to `tlsCertFile` and `tlsPrivateKeyFile` parameters. Additionally it automatically generates certificates by itself. By default the CSRs are approved automatically via [kubelet-csr-approver](https://github.com/postfinance/kubelet-csr-approver). You can customize approval configuration by modifying Helm values via `kubelet_csr_approver_values`. - See for more information on the subject. + See for more information on the subject. * If you are installing **kubernetes** in an AppArmor-based OS (eg. Debian/Ubuntu) you can enable the `AppArmor` feature gate uncommenting the lines with the comment `# AppArmor-based OS` on top. * The `kubelet_systemd_hardening`, both with `kubelet_secure_addresses` setup a minimal firewall on the system. To better understand how these variables work, here's an explanatory image: ![kubelet hardening](img/kubelet-hardening.png) diff --git a/docs/kubernetes-reliability.md b/docs/kubernetes-reliability.md index 116b4e173f7..d4cca2ebdf4 100644 --- a/docs/kubernetes-reliability.md +++ b/docs/kubernetes-reliability.md @@ -2,7 +2,7 @@ Distributed system such as Kubernetes are designed to be resilient to the failures. More details about Kubernetes High-Availability (HA) may be found at -[Building High-Availability Clusters](https://kubernetes.io/docs/admin/high-availability/) +[Building High-Availability Clusters](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/high-availability/) To have a simple view the most of the parts of HA will be skipped to describe Kubelet<->Controller Manager communication only. diff --git a/docs/vars.md b/docs/vars.md index 6ff12c3cd18..83ba9a5efcf 100644 --- a/docs/vars.md +++ b/docs/vars.md @@ -120,7 +120,7 @@ following default cluster parameters: alpha/experimental Kubeadm features. (defaults is `[]`) * *authorization_modes* - A list of [authorization mode]( - https://kubernetes.io/docs/admin/authorization/#using-flags-for-your-authorization-module) + https://kubernetes.io/docs/reference/access-authn-authz/authorization/#using-flags-for-your-authorization-module) that the cluster should be configured for. Defaults to `['Node', 'RBAC']` (Node and RBAC authorizers). Note: `Node` and `RBAC` are enabled by default. Previously deployed clusters can be