From 2028d9097b02a71e1c0e98e86c829128c23d40a9 Mon Sep 17 00:00:00 2001 From: Ivange Larry Date: Tue, 5 Dec 2017 14:57:24 -0600 Subject: [PATCH 1/6] Add glossory entry for ReplicaSet --- _data/glossary/replica-set.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 _data/glossary/replica-set.yml diff --git a/_data/glossary/replica-set.yml b/_data/glossary/replica-set.yml new file mode 100644 index 0000000000000..74d987b588654 --- /dev/null +++ b/_data/glossary/replica-set.yml @@ -0,0 +1,13 @@ +id: replica-set +name: ReplicaSet +full-link: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ +related: +- replication-controller +tags: +- core-object +- architecture +short-description: > + ReplicaSet is the next-generation Replication Controller. +long-description: > + ReplicaSet, like ReplicationController, ensures that a specified number of pods replicas are running at one time. + ReplicaSet supports the new set-based selector requirements as described in the labels user guide, whereas a Replication Controller only supports equality-based selector requirements. From e866db8d0df7e522ef67ce40356c3845faf99ccd Mon Sep 17 00:00:00 2001 From: Vijay Dhama Date: Wed, 13 Dec 2017 20:21:22 +0530 Subject: [PATCH 2/6] Fixed a typo `illgal` --- docs/tasks/debug-application-cluster/audit.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tasks/debug-application-cluster/audit.md b/docs/tasks/debug-application-cluster/audit.md index 3105b7cb15375..76d7c7bab69ad 100644 --- a/docs/tasks/debug-application-cluster/audit.md +++ b/docs/tasks/debug-application-cluster/audit.md @@ -113,7 +113,7 @@ Some new fields are supported in beta version, like `resourceNames` and `omitSta In Kubernetes 1.8 `kind` and `apiVersion` along with `rules` __must__ be provided in the audit policy file. A policy file with 0 rules, or a policy file that doesn't provide -a valid `apiVersion` and `kind` value will be treated as illgal. +a valid `apiVersion` and `kind` value will be treated as illegal. Some example audit policy files: From 7ae915bb0c88095acfc9e4a66c997fbc8cfedd02 Mon Sep 17 00:00:00 2001 From: Slava Semushin Date: Wed, 13 Dec 2017 17:25:45 +0100 Subject: [PATCH 3/6] concepts/policy/pod-security-policy.md: fix broken links. --- docs/concepts/policy/pod-security-policy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/concepts/policy/pod-security-policy.md b/docs/concepts/policy/pod-security-policy.md index f1373a71302f8..ad9a75e257990 100644 --- a/docs/concepts/policy/pod-security-policy.md +++ b/docs/concepts/policy/pod-security-policy.md @@ -127,7 +127,7 @@ paired with system groups to grant access to all pods run in the namespace: ``` For more examples of RBAC bindings, see [Role Binding -Examples](docs/admin/authorization/rbac/#role-binding-examples). For a complete +Examples](/docs/admin/authorization/rbac/#role-binding-examples). For a complete example of authorizing a PodSecurityPolicy, see [below](#example). @@ -140,7 +140,7 @@ have superuser permissions. Otherwise requests would bypass authentication and authorization modules, all PodSecurityPolicy objects would be allowed, and users would be able to create privileged containers. For more details on configuring Controller Manager authorization, see [Controller -Roles](docs/admin/authorization/rbac/#controller-roles). +Roles](/docs/admin/authorization/rbac/#controller-roles). ## Policy Order From cee74d4ae774570041d51efcca8ab6e1a107087b Mon Sep 17 00:00:00 2001 From: Rick Date: Wed, 13 Dec 2017 18:12:03 +0100 Subject: [PATCH 4/6] Fixed typo --- docs/concepts/configuration/assign-pod-node.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/concepts/configuration/assign-pod-node.md b/docs/concepts/configuration/assign-pod-node.md index e57e11ff51c1e..c6fc8ebf3a988 100644 --- a/docs/concepts/configuration/assign-pod-node.md +++ b/docs/concepts/configuration/assign-pod-node.md @@ -316,7 +316,7 @@ Highly Available database statefulset has one master and three replicas, one may |:--------------------:|:-------------------:|:------------------:|:------------------:| | *DB-MASTER* | *DB-REPLICA-1* | *DB-REPLICA-2* | *DB-REPLICA-3* | -[Here](https://kubernetes.io/docs/tutorials/stateful-application/zookeeper/#tolerating-node-failure) is an example of zookeper statefulset configured with anti-affinity for high availability. +[Here](https://kubernetes.io/docs/tutorials/stateful-application/zookeeper/#tolerating-node-failure) is an example of Zookeeper statefulset configured with anti-affinity for high availability. For more information on inter-pod affinity/anti-affinity, see the design doc [here](https://git.k8s.io/community/contributors/design-proposals/scheduling/podaffinity.md). From 3908be3173bf0f1df8af91a6218f822216d9549f Mon Sep 17 00:00:00 2001 From: Stewart-YU Date: Thu, 14 Dec 2017 03:25:11 +0800 Subject: [PATCH 5/6] Update audit.md (#6381) Fix format. --- docs/tasks/debug-application-cluster/audit.md | 195 ++++++++++-------- 1 file changed, 108 insertions(+), 87 deletions(-) diff --git a/docs/tasks/debug-application-cluster/audit.md b/docs/tasks/debug-application-cluster/audit.md index 3105b7cb15375..69eff766a8463 100644 --- a/docs/tasks/debug-application-cluster/audit.md +++ b/docs/tasks/debug-application-cluster/audit.md @@ -359,57 +359,66 @@ Note that this example requries json format output support in Kubernetes 1.8. 1. install [fluentd, fluent-plugin-forest and fluent-plugin-rewrite-tag-filter][fluentd_install_doc] in the kube-apiserver node 1. create a config file for fluentd - $ cat < /etc/fluentd/config - # fluentd conf runs in the same host with kube-apiserver - - @type tail - # audit log path of kube-apiserver - path /var/log/audit - pos_file /var/log/audit.pos - format json - time_key time - time_format %Y-%m-%dT%H:%M:%S.%N%z - tag audit - + ```shell + $ cat < /etc/fluentd/config + # fluentd conf runs in the same host with kube-apiserver + + @type tail + # audit log path of kube-apiserver + path /var/log/audit + pos_file /var/log/audit.pos + format json + time_key time + time_format %Y-%m-%dT%H:%M:%S.%N%z + tag audit + - - #https://github.com/fluent/fluent-plugin-rewrite-tag-filter/issues/13 - type record_transformer - enable_ruby - - namespace ${record["objectRef"].nil? ? "none":(record["objectRef"]["namespace"].nil? ? "none":record["objectRef"]["namespace"])} - - + + #https://github.com/fluent/fluent-plugin-rewrite-tag-filter/issues/13 + type record_transformer + enable_ruby + + namespace ${record["objectRef"].nil? ? "none":(record["objectRef"]["namespace"].nil? ? "none":record["objectRef"]["namespace"])} + + - - # route audit according to namespace element in context - @type rewrite_tag_filter - rewriterule1 namespace ^(.+) ${tag}.$1 - + + # route audit according to namespace element in context + @type rewrite_tag_filter + rewriterule1 namespace ^(.+) ${tag}.$1 + - - @type record_transformer - remove_keys namespace - + + @type record_transformer + remove_keys namespace + - - @type forest - subtype file - remove_prefix audit - - + + @type forest + subtype file + remove_prefix audit + + + ``` + 1. start fluentd - $ fluentd -c /etc/fluentd/config -vv + ```shell + $ fluentd -c /etc/fluentd/config -vv + ``` + 1. start kube-apiserver with the following options: - --audit-policy-file=/etc/kubernetes/audit-policy.yaml --audit-log-path=/var/log/kube-audit --audit-log-format=json + ```shell + --audit-policy-file=/etc/kubernetes/audit-policy.yaml --audit-log-path=/var/log/kube-audit --audit-log-format=json + ``` + 1. check audits for different namespaces in /var/log/audit-*.log #### Use logstash to collect and distribute audit events from webhook backend @@ -421,56 +430,68 @@ different users into different files. 1. install [logstash][logstash_install_doc] 1. create config file for logstash - $ cat < /etc/logstash/config - input{ - http{ - #TODO, figure out a way to use kubeconfig file to authenticate to logstash - #https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html#plugins-inputs-http-ssl - port=>8888 - } - } - filter{ - split{ - # Webhook audit backend sends several events together with EventList - # split each event here. - field=>[items] - # We only need event subelement, remove others. - remove_field=>[headers, metadata, apiVersion, "@timestamp", kind, "@version", host] - } - mutate{ - rename => {items=>event} - } - } - output{ - file{ - # Audit events from different users will be saved into different files. - path=>"/var/log/kube-audit-%{[event][user][username]}/audit" - } - } + ```shell + $ cat < /etc/logstash/config + input{ + http{ + #TODO, figure out a way to use kubeconfig file to authenticate to logstash + #https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html#plugins-inputs-http-ssl + port=>8888 + } + } + filter{ + split{ + # Webhook audit backend sends several events together with EventList + # split each event here. + field=>[items] + # We only need event subelement, remove others. + remove_field=>[headers, metadata, apiVersion, "@timestamp", kind, "@version", host] + } + mutate{ + rename => {items=>event} + } + } + output{ + file{ + # Audit events from different users will be saved into different files. + path=>"/var/log/kube-audit-%{[event][user][username]}/audit" + } + } + ``` + 1. start logstash - $ bin/logstash -f /etc/logstash/config --path.settings /etc/logstash/ + ```shell + $ bin/logstash -f /etc/logstash/config --path.settings /etc/logstash/ + ``` + 1. create a [kubeconfig file](/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig/) for kube-apiserver webhook audit backend - $ cat < /etc/kubernetes/audit-webhook-kubeconfig - apiVersion: v1 - clusters: - - cluster: - server: http://:8888 - name: logstash - contexts: - - context: - cluster: logstash - user: "" - name: default-context - current-context: default-context - kind: Config - preferences: {} - users: [] - EOF + ```shell + $ cat < /etc/kubernetes/audit-webhook-kubeconfig + apiVersion: v1 + clusters: + - cluster: + server: http://:8888 + name: logstash + contexts: + - context: + cluster: logstash + user: "" + name: default-context + current-context: default-context + kind: Config + preferences: {} + users: [] + EOF + ``` + 1. start kube-apiserver with the following options: - --audit-policy-file=/etc/kubernetes/audit-policy.yaml --audit-webhook-config-file=/etc/kubernetes/audit-webhook-kubeconfig + ```shell + --audit-policy-file=/etc/kubernetes/audit-policy.yaml --audit-webhook-config-file=/etc/kubernetes/audit-webhook-kubeconfig + ``` + 1. check audits in logstash node's directories /var/log/kube-audit-*/audit Note that in addition to file output plugin, logstash has a variety of outputs that From 8a06c09712d5a934b4984e982324c12590184d54 Mon Sep 17 00:00:00 2001 From: Andrew Chen Date: Thu, 14 Dec 2017 00:57:38 -0600 Subject: [PATCH 6/6] [maintenance] December link fixes (#6680) --- _data/glossary/node.yaml | 2 +- _data/glossary/volume.yaml | 2 +- _data/tools.yml | 2 +- _redirects | 10 +++++---- docs/admin/authentication.md | 2 +- .../cluster-administration/device-plugins.md | 2 +- docs/concepts/overview/extending.md | 22 +++++++++---------- docs/concepts/policy/pod-security-policy.md | 4 ++-- .../administer-cluster/access-cluster-api.md | 2 +- .../horizontal-pod-autoscale-walkthrough.md | 4 ++-- 10 files changed, 27 insertions(+), 25 deletions(-) diff --git a/_data/glossary/node.yaml b/_data/glossary/node.yaml index 3586dd5ca089f..fe0b91a15882f 100644 --- a/_data/glossary/node.yaml +++ b/_data/glossary/node.yaml @@ -1,6 +1,6 @@ id: node name: Node -full-link: /docs/concepts/architecture/node +full-link: /docs/concepts/architecture/nodes/ aka: - Minion related: diff --git a/_data/glossary/volume.yaml b/_data/glossary/volume.yaml index 60d0fe231e77d..b89b139d52500 100644 --- a/_data/glossary/volume.yaml +++ b/_data/glossary/volume.yaml @@ -1,6 +1,6 @@ id: volume name: Volume -full-link: kubernetes.io/docs/concepts/storage/volumes/ +full-link: /docs/concepts/storage/volumes/ related: - pod - container diff --git a/_data/tools.yml b/_data/tools.yml index b5e3a29e7f8af..53a9e5ef434be 100644 --- a/_data/tools.yml +++ b/_data/tools.yml @@ -6,7 +6,7 @@ toc: - title: Native Tools section: - title: Kubectl - path: /docs/user-guide/kubectl/ + path: /docs/reference/kubectl/overview/ - title: Kubeadm path: /docs/getting-started-guides/kubeadm - title: Kubefed diff --git a/_redirects b/_redirects index 7066f706d6225..f4c609dab92b8 100644 --- a/_redirects +++ b/_redirects @@ -138,8 +138,8 @@ /docs/contribute/style-guide/ /docs/home/contribute/style-guide/ 301 /docs/contribute/write-new-topic/ /docs/home/contribute/write-new-topic/ 301 -/docs/deprecate/ /ddocs/reference/deprecation-policy/ 301 -/docs/deprecated/ /ddocs/reference/deprecation-policy/ 301 +/docs/deprecate/ /docs/reference/deprecation-policy/ 301 +/docs/deprecated/ /docs/reference/deprecation-policy/ 301 /docs/deprecation-policy/ /docs/reference/deprecation-policy/ 301 /docs/federation/api-reference/ /docs/reference/federation/v1/operations/ 301 @@ -165,6 +165,7 @@ /docs/getting-started-guides/juju/ /docs/getting-started-guides/ubuntu/installation/ 301 /docs/getting-started-guides/kargo/ /docs/getting-started-guides/kubespray/ 301 /docs/getting-started-guides/kubeadm/ /docs/setup/independent/create-cluster-kubeadm/ 301 +/docs/getting-started-guides/kubectl/ /docs/reference/kubectl/overview/ 301 /docs/getting-started-guides/logging/ /docs/concepts/cluster-administration/logging/ 301 /docs/getting-started-guides/logging-elasticsearch/ /docs/tasks/debug-application-cluster/logging-elasticsearch-kibana/ 301 /docs/getting-started-guides/meanstack/ https://medium.com/google-cloud/running-a-mean-stack-on-google-cloud-platform-with-kubernetes-149ca81c2b5d/ 301 @@ -229,6 +230,7 @@ /docs/tasks/configure-pod-container/downward-api-volume-expose-pod-information/ /docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/ 301 /docs/tasks/configure-pod-container/environment-variable-expose-pod-information/ /docs/tasks/inject-data-application/environment-variable-expose-pod-information/ 301 /docs/tasks/configure-pod-container/limit-range/ /docs/tasks/administer-cluster/cpu-memory-limit/ 301 +/docs/tasks/configure-pod-container/opaque-integer-resource/ /docs/concepts/configuration/manage-compute-resources-container/#opaque-integer-resources-alpha-feature 301 /docs/tasks/configure-pod-container/projected-volume/ /docs/tasks/configure-pod-container/configure-projected-volume-storage/ 301 /docs/tasks/configure-pod-container/romana-network-policy/ /docs/tasks/administer-cluster/romana-network-policy/ 301 /docs/tasks/configure-pod-container/weave-network-policy/ /docs/tasks/administer-cluster/weave-network-policy/ 301 @@ -337,7 +339,7 @@ /docs/user-guide/kubectl-conventions/ /docs/reference/kubectl/conventions/ /docs/user-guide/kubectl-cheatsheet/ /docs/reference/kubectl/cheatsheet/ /docs/user-guide/kubectl/1_5/* https://v1-5.docs.kubernetes.io/docs/user-guide/kubectl/v1.5/ 301 -/docs/user-guide/kubectl/kubectl_*/ /docs/user-guide/kubectl/v1.7/#:splat 301 +/docs/user-guide/kubectl/kubectl_*/ /docs/reference/generated/kubectl/kubectl-commands#:splat 301 /docs/user-guide/kubectl/v1.5/node_modules/* https://v1-5.docs.kubernetes.io/docs/user-guide/kubectl/v1.5/ 301 /docs/user-guide/kubectl/v1.6/node_modules/* https://v1-6.docs.kubernetes.io/docs/user-guide/kubectl/v1.6/ 301 /docs/user-guide/labels/ /docs/concepts/overview/working-with-objects/labels/ 301 @@ -416,7 +418,7 @@ /v1.1/docs/admin/networking.html /docs/concepts/cluster-administration/networking/ 301 /v1.1/docs/getting-started-guides/ /docs/tutorials/kubernetes-basics/ 301 -https://kubernetes-io-v1-7.netlify.com/* https://v1-7.docs.kubernetes.io/"splat 301 +https://kubernetes-io-v1-7.netlify.com/* https://v1-7.docs.kubernetes.io/:splat 301 /docs/admin/cloud-controller-manager/ /docs/reference/generated/cloud-controller-manager/ 301 /docs/admin/kube-apiserver/ /docs/reference/generated/kube-apiserver/ 301 diff --git a/docs/admin/authentication.md b/docs/admin/authentication.md index 95604f4e7929a..2dc4e9fd5887b 100644 --- a/docs/admin/authentication.md +++ b/docs/admin/authentication.md @@ -317,7 +317,7 @@ For an identity provider to work with Kubernetes it must: 3. Have a CA signed certificate (even if the CA is not a commercial CA or is self signed) A note about requirement #3 above, requiring a CA signed certificate. If you deploy your own identity provider (as opposed to one of the cloud providers like Google or Microsoft) you MUST have your identity provider's web server certificate signed by a certificate with the `CA` flag set to `TRUE`, even if it is self signed. This is due to GoLang's TLS client implementation being very strict to the standards around certificate validation. If you don't have a CA handy, you can use [this script](https://github.com/coreos/dex/blob/1ee5920c54f5926d6468d2607c728b71cfe98092/examples/k8s/gencert.sh) from the CoreOS team to create a simple CA and a signed certificate and key pair. -Or you can use [this similar script](https://raw.githubusercontent.com/TremoloSecurity/openunison-qs-kubernetes/master/makecerts.sh) that generates SHA256 certs with a longer life and larger key size. +Or you can use [this similar script](https://raw.githubusercontent.com/TremoloSecurity/openunison-qs-kubernetes/master/src/main/bash/makessl.sh) that generates SHA256 certs with a longer life and larger key size. Setup instructions for specific systems: diff --git a/docs/concepts/cluster-administration/device-plugins.md b/docs/concepts/cluster-administration/device-plugins.md index 635c8232b299c..310c2793df5ce 100644 --- a/docs/concepts/cluster-administration/device-plugins.md +++ b/docs/concepts/cluster-administration/device-plugins.md @@ -48,7 +48,7 @@ to advertise 2 `vendor-domain/foo`. Then, developers can request devices in a [Container](/docs/api-reference/{{page.version}}/#container-v1-core) specification by using the same process that is used for -[opaque integer resources](/docs/tasks/configure-pod-container/opaque-integer-resource/). +[opaque integer resources](/docs/concepts/configuration/manage-compute-resources-container/#opaque-integer-resources-alpha-feature). In version 1.8, extended resources are supported only as integer resources and must have `limit` equal to `request` in the Container specification. diff --git a/docs/concepts/overview/extending.md b/docs/concepts/overview/extending.md index 89c34a40c4110..889b2df9c8f9a 100644 --- a/docs/concepts/overview/extending.md +++ b/docs/concepts/overview/extending.md @@ -94,13 +94,13 @@ This diagram shows the extension points in a Kubernetes system. -1. Users often interact with the Kubernetes API using `kubectl`. [Kubectl plugins](docs/tasks/extend-kubectl/kubectl-plugins) extend the kubectl binary. They only affect the individual user's local environment, and so cannot enforce site-wide policies. -2. The apiserver handles all requests. Several types of extension points in the apiserver allow authenticating requests, or blocking them based on their content, editing content, and handling deletion. These are described in the [API Access Extensions](docs/concepts/overview/extending#api-access-extensions) section. -3. The apiserver serves various kinds of *resources*. *Built-in resource kinds*, like `pods`, are defined by the Kubernetes project and can't be changed. You can also add resources that you define, or that other projects have defined, called *Custom Resources*, as explained in the [Custom Resources](docs/concepts/overview/extending#custom-resources) section. Custom Resources are often used with API Access Extensions. -4. The Kubernetes scheduler decides which nodes to place pods on. There are several ways to extend scheduling. These are described in the [Scheduler Extensions](docs/concepts/overview/extending#shceduler-extensions) section. +1. Users often interact with the Kubernetes API using `kubectl`. [Kubectl plugins](/docs/tasks/extend-kubectl/kubectl-plugins/) extend the kubectl binary. They only affect the individual user's local environment, and so cannot enforce site-wide policies. +2. The apiserver handles all requests. Several types of extension points in the apiserver allow authenticating requests, or blocking them based on their content, editing content, and handling deletion. These are described in the [API Access Extensions](/docs/concepts/overview/extending#api-access-extensions) section. +3. The apiserver serves various kinds of *resources*. *Built-in resource kinds*, like `pods`, are defined by the Kubernetes project and can't be changed. You can also add resources that you define, or that other projects have defined, called *Custom Resources*, as explained in the [Custom Resources](/docs/concepts/overview/extending#custom-resources) section. Custom Resources are often used with API Access Extensions. +4. The Kubernetes scheduler decides which nodes to place pods on. There are several ways to extend scheduling. These are described in the [Scheduler Extensions](/docs/concepts/overview/extending#scheduler-extensions) section. 5. Much of the behavior of Kubernetes is implemented by programs called Controllers which are clients of the API-Server. Controllers are often used in conjunction with Custom Resources. -6. The kubelet runs on servers, and helps pods appear like virtual servers with their own IPs on the cluster network. [Network Plugins](docs/concepts/overview/extending#network-plugins) allow for different implementations of pod networking. -7. The kubelet also mounts and unmounts volumes for containers. New types of storage can be supported via [Storage Plugins](docs/concepts/overview/extending#storage-plugins). +6. The kubelet runs on servers, and helps pods appear like virtual servers with their own IPs on the cluster network. [Network Plugins](/docs/concepts/overview/extending#network-plugins) allow for different implementations of pod networking. +7. The kubelet also mounts and unmounts volumes for containers. New types of storage can be supported via [Storage Plugins](/docs/concepts/overview/extending#storage-plugins). If you are unsure where to start, this flowchart can help. Note that some solutions may involve several types of extensions. @@ -116,7 +116,7 @@ Consider adding a Custom Resource to Kubernetes if you want to define new contro Do not use a Custom Resource as data storage for application, user, or monitoring data. -For more about Custom Resources, see the [Custom Resources concept guide](/docs/concepts/api-extension/custom-resources.md). +For more about Custom Resources, see the [Custom Resources concept guide](/docs/concepts/api-extension/custom-resources/). ### Combining New APIs with Automation @@ -200,11 +200,11 @@ the nodes chosen for a pod. {% capture whatsnext %} * Learn more about [Custom Resources](/docs/concepts/api-extension/custom-resources/) -* Learn about [Dynamic admission control](/docs/admin/extensible-admission-controller) +* Learn about [Dynamic admission control](/docs/admin/extensible-admission-controllers/) * Learn more about Infrastructure extensions - * [Network Plugins](/docs/concepts/cluster-administration/network-plugin) - * [Device Plugins](/docs/concepts/cluster-administration/device-plugins.md) -* Learn about [kubectl plugins](/docs/tasks/extend-kubectl/kubectl-plugin) + * [Network Plugins](/docs/concepts/cluster-administration/network-plugins/) + * [Device Plugins](/docs/concepts/cluster-administration/device-plugins/) +* Learn about [kubectl plugins](/docs/tasks/extend-kubectl/kubectl-plugins/) * See examples of Automation * [List of Operators](https://github.com/coreos/awesome-kubernetes-extensions) diff --git a/docs/concepts/policy/pod-security-policy.md b/docs/concepts/policy/pod-security-policy.md index f1373a71302f8..ad9a75e257990 100644 --- a/docs/concepts/policy/pod-security-policy.md +++ b/docs/concepts/policy/pod-security-policy.md @@ -127,7 +127,7 @@ paired with system groups to grant access to all pods run in the namespace: ``` For more examples of RBAC bindings, see [Role Binding -Examples](docs/admin/authorization/rbac/#role-binding-examples). For a complete +Examples](/docs/admin/authorization/rbac/#role-binding-examples). For a complete example of authorizing a PodSecurityPolicy, see [below](#example). @@ -140,7 +140,7 @@ have superuser permissions. Otherwise requests would bypass authentication and authorization modules, all PodSecurityPolicy objects would be allowed, and users would be able to create privileged containers. For more details on configuring Controller Manager authorization, see [Controller -Roles](docs/admin/authorization/rbac/#controller-roles). +Roles](/docs/admin/authorization/rbac/#controller-roles). ## Policy Order diff --git a/docs/tasks/administer-cluster/access-cluster-api.md b/docs/tasks/administer-cluster/access-cluster-api.md index c7fa3107e3842..8cf2ae92bc5d7 100644 --- a/docs/tasks/administer-cluster/access-cluster-api.md +++ b/docs/tasks/administer-cluster/access-cluster-api.md @@ -32,7 +32,7 @@ $ kubectl config view ``` Many of the [examples](https://github.com/kubernetes/examples/tree/{{page.githubbranch}}/) provide an introduction to using -kubectl. Complete documentation is found in the [kubectl manual](/docs/user-guide/kubectl/index). +kubectl. Complete documentation is found in the [kubectl manual](/docs/reference/kubectl/overview/). ### Directly accessing the REST API diff --git a/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md b/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md index 0a65970345e4f..6fcf333481558 100644 --- a/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md +++ b/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough.md @@ -11,7 +11,7 @@ Horizontal Pod Autoscaler automatically scales the number of pods in a replication controller, deployment or replica set based on observed CPU utilization (or, with beta support, on some other, application-provided metrics). -This document walks you through an example of enabling Horizontal Pod Autoscaler for the php-apache server. For more information on how Horizontal Pod Autoscaler behaves, see the [Horizontal Pod Autoscaler user guide](/docs/tasks/run-application/horizontal-pod-autoscaler/). +This document walks you through an example of enabling Horizontal Pod Autoscaler for the php-apache server. For more information on how Horizontal Pod Autoscaler behaves, see the [Horizontal Pod Autoscaler user guide](/docs/tasks/run-application/horizontal-pod-autoscale/). ## Prerequisites @@ -24,7 +24,7 @@ heapster monitoring will be turned-on by default). To specify multiple resource metrics for a Horizontal Pod Autoscaler, you must have a Kubernetes cluster and kubectl at version 1.6 or later. Furthermore, in order to make use of custom metrics, your cluster must be able to communicate with the API server providing the custom metrics API. -See the [Horizontal Pod Autoscaler user guide](/docs/tasks/run-application/horizontal-pod-autoscaler/#support-for-custom-metrics) for more details. +See the [Horizontal Pod Autoscaler user guide](/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics) for more details. ## Step One: Run & expose php-apache server