diff --git a/Makefile b/Makefile index d044b640eba59..dc1833c43174a 100644 --- a/Makefile +++ b/Makefile @@ -609,18 +609,11 @@ prow-postsubmit: version-dist .PHONY: live-docs live-docs: - docker build -t kops/mkdocs images/mkdocs - docker run --rm -it -p 3000:3000 -v ${PWD}:/docs kops/mkdocs + ${KOPS_ROOT}/hack/build-mdbook.sh serve .PHONY: build-docs build-docs: - docker build --pull -t kops/mkdocs images/mkdocs - docker run --rm -v ${PWD}:/docs kops/mkdocs build - -.PHONY: build-docs-netlify -build-docs-netlify: - pip install -r ${KOPS_ROOT}/images/mkdocs/requirements.txt - python -m mkdocs build + ${KOPS_ROOT}/hack/build-mdbook.sh build #----------------------------------------------------------- # development targets diff --git a/book.toml b/book.toml new file mode 100644 index 0000000000000..dd98127cf2e3c --- /dev/null +++ b/book.toml @@ -0,0 +1,32 @@ +[book] +title = "kOps - Kubernetes Operations" +authors = ["The Kubernetes Authors"] +description = "Production-grade Kubernetes cluster lifecycle management" +src = "docs" +language = "en" + +[build] +build-dir = "site" + +[output.html] +git-repository-url = "https://github.com/kubernetes/kops" +edit-url-template = "https://github.com/kubernetes/kops/edit/master/docs/{path}" +site-url = "/" +default-theme = "light" +preferred-dark-theme = "navy" +no-section-label = true +additional-css = ["docs/extra.css"] + +[output.html.fold] +enable = true +level = 1 + +[output.html.search] +enable = true +limit-results = 30 +use-boolean-and = true +boost-title = 2 +boost-hierarchy = 1 +boost-paragraph = 1 +expand = true +heading-split-level = 3 diff --git a/docs/.pages b/docs/.pages deleted file mode 100644 index ea52f17b0867c..0000000000000 --- a/docs/.pages +++ /dev/null @@ -1,10 +0,0 @@ -arrange: -- index.md -- advisories -- api-server -- cli -- development -- examples -- tutorial -- releases -- getting_started/aws.md diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md new file mode 100644 index 0000000000000..7c952749c3852 --- /dev/null +++ b/docs/SUMMARY.md @@ -0,0 +1,243 @@ +# Summary + +[Welcome](index.md) + +# Welcome + +- [Releases & Versioning](welcome/releases.md) +- [Office Hours](welcome/office_hours.md) +- [Values](values.md) + +# Getting Started + +- [Installing](getting_started/install.md) +- [Binary install](install.md) +- [Deploying to AWS](getting_started/aws.md) +- [Deploying to GCE](getting_started/gce.md) +- [Deploying to Digital Ocean - Beta](getting_started/digitalocean.md) +- [Deploying to Hetzner - Beta](getting_started/hetzner.md) +- [Deploying to OpenStack - Beta](getting_started/openstack.md) +- [Deploying to Azure - Alpha](getting_started/azure.md) +- [Deploying to Scaleway - Alpha](getting_started/scaleway.md) +- [Deploying to Spot Ocean - Alpha](getting_started/spot-ocean.md) +- [kOps Commands](getting_started/commands.md) +- [kOps Arguments](getting_started/arguments.md) +- [kubectl usage](getting_started/kubectl.md) +- [Production setup](getting_started/production.md) + +# CLI + +- [kops](cli/kops.md) +- [kops completion](cli/kops_completion.md) + - [kops completion bash](cli/kops_completion_bash.md) + - [kops completion fish](cli/kops_completion_fish.md) + - [kops completion powershell](cli/kops_completion_powershell.md) + - [kops completion zsh](cli/kops_completion_zsh.md) +- [kops create](cli/kops_create.md) + - [kops create cluster](cli/kops_create_cluster.md) + - [kops create instancegroup](cli/kops_create_instancegroup.md) + - [kops create keypair](cli/kops_create_keypair.md) + - [kops create secret](cli/kops_create_secret.md) + - [kops create secret ciliumpassword](cli/kops_create_secret_ciliumpassword.md) + - [kops create secret dockerconfig](cli/kops_create_secret_dockerconfig.md) + - [kops create secret encryptionconfig](cli/kops_create_secret_encryptionconfig.md) + - [kops create sshpublickey](cli/kops_create_sshpublickey.md) +- [kops delete](cli/kops_delete.md) + - [kops delete cluster](cli/kops_delete_cluster.md) + - [kops delete instance](cli/kops_delete_instance.md) + - [kops delete instancegroup](cli/kops_delete_instancegroup.md) + - [kops delete secret](cli/kops_delete_secret.md) + - [kops delete sshpublickey](cli/kops_delete_sshpublickey.md) +- [kops distrust](cli/kops_distrust.md) + - [kops distrust keypair](cli/kops_distrust_keypair.md) +- [kops edit](cli/kops_edit.md) + - [kops edit cluster](cli/kops_edit_cluster.md) + - [kops edit instancegroup](cli/kops_edit_instancegroup.md) +- [kops export](cli/kops_export.md) + - [kops export kubeconfig](cli/kops_export_kubeconfig.md) +- [kops get](cli/kops_get.md) + - [kops get all](cli/kops_get_all.md) + - [kops get assets](cli/kops_get_assets.md) + - [kops get clusters](cli/kops_get_clusters.md) + - [kops get instancegroups](cli/kops_get_instancegroups.md) + - [kops get instances](cli/kops_get_instances.md) + - [kops get keypairs](cli/kops_get_keypairs.md) + - [kops get secrets](cli/kops_get_secrets.md) + - [kops get sshpublickeys](cli/kops_get_sshpublickeys.md) +- [kops promote](cli/kops_promote.md) + - [kops promote keypair](cli/kops_promote_keypair.md) +- [kops reconcile](cli/kops_reconcile.md) + - [kops reconcile cluster](cli/kops_reconcile_cluster.md) +- [kops replace](cli/kops_replace.md) +- [kops rolling-update](cli/kops_rolling-update.md) + - [kops rolling-update cluster](cli/kops_rolling-update_cluster.md) +- [kops toolbox](cli/kops_toolbox.md) + - [kops toolbox addons](cli/kops_toolbox_addons.md) + - [kops toolbox addons apply](cli/kops_toolbox_addons_apply.md) + - [kops toolbox addons list](cli/kops_toolbox_addons_list.md) + - [kops toolbox clusterapi](cli/kops_toolbox_clusterapi.md) + - [kops toolbox clusterapi generate](cli/kops_toolbox_clusterapi_generate.md) + - [kops toolbox clusterapi generate machinedeployment](cli/kops_toolbox_clusterapi_generate_machinedeployment.md) + - [kops toolbox dump](cli/kops_toolbox_dump.md) + - [kops toolbox enroll](cli/kops_toolbox_enroll.md) + - [kops toolbox instance-selector](cli/kops_toolbox_instance-selector.md) + - [kops toolbox template](cli/kops_toolbox_template.md) +- [kops trust](cli/kops_trust.md) + - [kops trust keypair](cli/kops_trust_keypair.md) +- [kops update](cli/kops_update.md) + - [kops update cluster](cli/kops_update_cluster.md) +- [kops upgrade](cli/kops_upgrade.md) + - [kops upgrade cluster](cli/kops_upgrade_cluster.md) +- [kops validate](cli/kops_validate.md) + - [kops validate cluster](cli/kops_validate_cluster.md) +- [kops version](cli/kops_version.md) + +# API + +- [Cluster Resource](cluster_spec.md) +- [InstanceGroup Resource](instance_groups.md) +- [Addon Objects](addon_objects.md) + +# Addons + +- [Addons](addons.md) + +# Operations + +- [Updates & Upgrades](operations/updates_and_upgrades.md) +- [Rolling Updates](operations/rolling-update.md) +- [Working with Instance Groups](tutorial/working-with-instancegroups.md) +- [Upgrading Kubernetes](tutorial/upgrading-kubernetes.md) +- [Using Manifests and Customizing](manifests_and_customizing_via_api.md) +- [High Availability](operations/high_availability.md) +- [Scaling](operations/scaling.md) +- [Karpenter](operations/karpenter.md) +- [Local asset repositories](operations/asset-repository.md) +- [Instancegroup images](operations/images.md) +- [Cluster configuration management](changing_configuration.md) +- [Cluster Templating](operations/cluster_template.md) +- [GPU setup](gpu.md) +- [Label management](labels.md) +- [Rotate Secrets](operations/rotate-secrets.md) +- [Service Account Issuer Migration](operations/service_account_issuer_migration.md) +- [Service Account Token Volume](operations/service_account_token_volumes.md) +- [Moving from a Single Master to Multiple HA Masters](single-to-multi-master.md) +- [Running kOps in a CI environment](continuous_integration.md) +- [Gossip DNS](gossip.md) +- [etcd administration](operations/etcd_administration.md) +- [etcd backup, restore and encryption](operations/etcd_backup_restore_encryption.md) +- [etcd3 Migration](etcd3-migration.md) +- [Troubleshooting](operations/troubleshoot.md) +- [E2E Failure Troubleshooting](e2e-failure-troubleshooting.md) + +# Networking + +- [Networking Overview](networking.md) +- [AWS VPC](networking/aws-vpc.md) +- [Calico](networking/calico.md) +- [Cilium](networking/cilium.md) +- [Flannel](networking/flannel.md) +- [Kindnet](networking/kindnet.md) +- [Kube-Router](networking/kube-router.md) +- [IPv6](networking/ipv6.md) +- [Run kOps in an existing VPC](run_in_existing_vpc.md) +- [Supported network topologies](topology.md) +- [Subdomain setup](creating_subdomain.md) + +# Security + +- [Security](security.md) +- [Advisories](advisories/README.md) + - [CVE-2017-14491](advisories/cve_2017_14491.md) + - [CVE-2019-5736](advisories/cve_2019_5736.md) + - [etcd-manager certificate expiration](advisories/etcd-manager-certificate-expiration.md) + - [Spectre/Meltdown kernel update](advisories/spectre-meltdown-kernel-update.md) +- [Bastion setup](bastion.md) +- [Instance IAM roles](iam_roles.md) +- [MFA setup](mfa.md) +- [Security Groups](security_groups.md) + +# Advanced + +- [Download Config](advanced/download_config.md) +- [Subdomain NS Records](advanced/ns.md) +- [Experimental](advanced/experimental.md) +- [Cluster boot sequence](boot-sequence.md) +- [Philosophy](philosophy.md) +- [State store](state.md) +- [AWS China](aws-china.md) +- [Custom CA](custom_ca.md) +- [Horizontal Pod Autoscaling](horizontal_pod_autoscaling.md) +- [Egress Proxy](http_proxy.md) +- [Node Resource Allocation](node_resource_handling.md) +- [Terraform](terraform.md) +- [Authentication](authentication.md) +- [Bare Metal](metal.md) +- [OpenTelemetry](opentelemetry.md) +- [kops-controller Architecture](architecture/kops-controller.md) + +# Contributing + +- [Getting Involved and Contributing](contributing/index.md) +- [New Kubernetes Version](contributing/new_kubernetes_version.md) +- [Our Release Process](contributing/release-process.md) +- [Releasing With Homebrew](contributing/homebrew.md) +- [Updating The Default Base AMI](contributing/update_ami_versions.md) +- [Building](contributing/building.md) +- [Adding a feature](contributing/adding_a_feature.md) +- [Testing](contributing/testing.md) +- [Testing preview versions](contributing/test_versions.md) +- [Developing using Docker](contributing/Docker.md) +- [Documentation Guidelines](contributing/documentation.md) +- [Hack Directory](contributing/hack.md) +- [How to update kOps API](contributing/api_updates.md) +- [Low level description on how kOps works](contributing/how_it_works.md) +- [Notes on Gossip design](contributing/gossip.md) +- [Notes on master instance sizing](contributing/instancesizes.md) +- [Vendoring](contributing/vendoring.md) +- [Ports](contributing/ports.md) +- [Cluster Addons & Manager](contributing/addons.md) +- [Proposing a Cherry-Pick](contributing/proposing-a-cherry-pick.md) + +# Examples + +- [Examples Overview](examples/README.md) +- [Basic Requirements](examples/basic-requirements.md) +- [CoreOS Multi-master](examples/coreos-kops-tests-multimaster.md) +- [Route53 Subdomain](examples/kops-test-route53-subdomain.md) +- [Private Net with Bastion](examples/kops-tests-private-net-bastion-host.md) + +# Releases + +- [1.36](releases/1.36-NOTES.md) +- [1.35](releases/1.35-NOTES.md) +- [1.34](releases/1.34-NOTES.md) +- [1.33](releases/1.33-NOTES.md) +- [1.32](releases/1.32-NOTES.md) +- [1.31](releases/1.31-NOTES.md) +- [1.30](releases/1.30-NOTES.md) +- [1.29](releases/1.29-NOTES.md) +- [1.28](releases/1.28-NOTES.md) +- [1.27](releases/1.27-NOTES.md) +- [1.26](releases/1.26-NOTES.md) +- [1.25](releases/1.25-NOTES.md) +- [1.24](releases/1.24-NOTES.md) +- [1.23](releases/1.23-NOTES.md) +- [1.22](releases/1.22-NOTES.md) +- [1.21](releases/1.21-NOTES.md) +- [1.20](releases/1.20-NOTES.md) +- [1.19](releases/1.19-NOTES.md) +- [1.18](releases/1.18-NOTES.md) +- [1.17](releases/1.17-NOTES.md) +- [1.16](releases/1.16-NOTES.md) +- [1.15](releases/1.15-NOTES.md) +- [1.14](releases/1.14-NOTES.md) +- [1.13](releases/1.13-NOTES.md) +- [1.12](releases/1.12-NOTES.md) +- [1.11](releases/1.11-NOTES.md) +- [1.10](releases/1.10-NOTES.md) +- [1.9](releases/1.9-NOTES.md) +- [1.8](releases/1.8-NOTES.md) +- [1.7](releases/1.7-NOTES.md) +- [1.6](releases/1.6-NOTES.md) +- [1.4](releases/1.4-NOTES.md) diff --git a/docs/addons.md b/docs/addons.md index ef28ba80c9e19..fc2bf7ba5b940 100644 --- a/docs/addons.md +++ b/docs/addons.md @@ -12,7 +12,9 @@ The following addons are managed by kOps and will be upgraded following the kOps ### Available addons #### AWS Load Balancer Controller -{{ kops_feature_table(kops_added_default='1.20') }} +| Introduced | +| :-: | +| kOps 1.20 | AWS Load Balancer Controller offers additional functionality for provisioning ELBs. @@ -30,7 +32,9 @@ Though the AWS Load Balancer Controller can integrate the AWS WAF and Shield services with your Application Load Balancers (ALBs), kOps disables those capabilities by default. -{{ kops_feature_table(kops_added_default='1.24') }} +| Introduced | +| :-: | +| kOps 1.24 | You can enable use of either or both of the WAF and WAF Classic services by including the following fields in the cluster spec: @@ -69,7 +73,9 @@ change. Read more in the [official documentation](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/). #### Cluster autoscaler -{{ kops_feature_table(kops_added_default='1.19') }} +| Introduced | +| :-: | +| kOps 1.19 | Cluster autoscaler can be enabled to automatically adjust the size of the kubernetes cluster. @@ -100,7 +106,9 @@ Read more about cluster autoscaler in the [official documentation](https://githu Cluster autoscaler supports several different [expander strategies](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders). ###### Priority Expander configuration -{{ kops_feature_table(kops_added_default='1.26') }} +| Introduced | +| :-: | +| kOps 1.26 | The `priority` expander requires additional configuration through a ConfigMap as described in [its documentation](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/expander/priority/readme.md) @@ -137,7 +145,9 @@ clusterAutoscaler: ``` ##### Disabling cluster autoscaler for a given instance group -{{ kops_feature_table(kops_added_default='1.20') }} +| Introduced | +| :-: | +| kOps 1.20 | You can disable the autoscaler for a given instance group by adding the following to the instance group spec. @@ -147,7 +157,9 @@ spec: ``` #### Cert-manager -{{ kops_feature_table(kops_added_default='1.20', k8s_min='1.16') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.20 | k8s 1.16 | Cert-manager handles x509 certificates for your cluster. @@ -163,7 +175,9 @@ either remove this installation prior to enabling this addon, or mark cert-mange As long as you are using v1 versions of the cert-manager resources, it is safe to remove existing installs and replace it with this addon** ##### Self-provisioned cert-manager -{{ kops_feature_table(kops_added_default='1.20.2', k8s_min='1.16') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.20.2 | k8s 1.16 | The following cert-manager configuration allows provisioning cert-manager externally and allows all dependent plugins to be deployed. Please note that addons might run into errors until cert-manager is deployed. @@ -176,7 +190,9 @@ spec: ``` ##### DNS nameserver configuration for cert-manager pod -{{ kops_feature_table(kops_added_default='1.23.3', k8s_min='1.16') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.23.3 | k8s 1.16 | Optional list of DNS nameserver IP addresses for the cert-manager pod to use. This is useful if you have a public and private DNS zone for the same domain to ensure that cert-manager can access ingress, or DNS01 challenge TXT records at all times. @@ -193,7 +209,9 @@ spec: ##### Enabling dns-01 challenges -{{ kops_feature_table(kops_added_default='1.25.0') }} +| Introduced | +| :-: | +| kOps 1.25.0 | Cert Manager may be granted the necessary IAM privileges to solve dns-01 challenges by adding a list of hostedzone IDs. This requires [external permissions for service accounts](/cluster_spec/#service-account-issuer-discovery-and-aws-iam-roles-for-service-accounts-irsa) to be enabled. @@ -211,7 +229,9 @@ spec: Read more about cert-manager in the [official documentation](https://cert-manager.io/docs/) #### Karpenter -{{ kops_feature_table(kops_added_default='1.24') }} +| Introduced | +| :-: | +| kOps 1.24 | The Karpenter addon enables Karpenter-managed InstanceGroups. @@ -224,7 +244,9 @@ spec: See more details on how to configure Karpenter in the [kOps Karpenter docs](/operations/karpenter) and the [official documentation](https://karpenter.sh) #### Metrics server -{{ kops_feature_table(kops_added_default='1.19') }} +| Introduced | +| :-: | +| kOps 1.19 | Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. @@ -238,7 +260,9 @@ Read more about Metrics Server in the [official documentation](https://github.co ##### Secure TLS -{{ kops_feature_table(kops_added_default='1.20') }} +| Introduced | +| :-: | +| kOps 1.20 | By default, API server will not verify the metrics server TLS certificate. To enable TLS verification, set the following in the cluster spec: @@ -256,7 +280,9 @@ This requires that cert-manager is installed in the cluster. #### Node local DNS cache -{{ kops_feature_table(kops_added_default='1.18', k8s_min='1.15') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.18 | k8s 1.15 | NodeLocal DNSCache can be enabled if you are using CoreDNS. It is used to improve the Cluster DNS performance by running a dns caching agent on cluster nodes as a DaemonSet. @@ -276,7 +302,9 @@ spec: #### Node termination handler -{{ kops_feature_table(kops_added_default='1.19') }} +| Introduced | +| :-: | +| kOps 1.19 | [Node Termination Handler](https://github.com/aws/aws-node-termination-handler) ensures that the Kubernetes control plane responds appropriately to events that can cause your EC2 instance to become unavailable, such as EC2 maintenance events, EC2 Spot interruptions, and EC2 instance rebalance recommendations. If not handled, your application code may not stop gracefully, take longer to recover full availability, or accidentally schedule work to nodes that are going down. @@ -294,7 +322,9 @@ spec: ##### Queue Processor Mode -{{ kops_feature_table(kops_added_default='1.21') }} +| Introduced | +| :-: | +| kOps 1.21 | If `enableSQSTerminationDraining` is not false Node Termination Handler will operate in Queue Processor mode. In addition to the events mentioned above, Queue Processor mode allows Node Termination Handler to take care of ASG Scale-In, AZ-Rebalance, Unhealthy Instances, EC2 Instance Termination via the API or Console, and more. kOps will provision the necessary infrastructure: an SQS queue, EventBridge rules, and ASG Lifecycle hooks. `managedASGTag` can be configured with Queue Processor mode to distinguish resource ownership between multiple clusters. @@ -333,7 +363,9 @@ The kOps CLI requires additional IAM permissions to manage the requisite EventBr #### Node Problem Detector -{{ kops_feature_table(kops_added_default='1.22') }} +| Introduced | +| :-: | +| kOps 1.22 | [Node Problem Detector](https://github.com/kubernetes/node-problem-detector) aims to make various node problems visible to the upstream layers in the cluster management stack. It is a daemon that runs on each node, detects node problems and reports them to apiserver. @@ -347,7 +379,9 @@ spec: #### Pod Identity Webhook -{{ kops_feature_table(kops_added_default='1.23') }} +| Introduced | +| :-: | +| kOps 1.23 | When using [IAM roles for Service Accounts](/cluster_spec/#service-account-issuer-discovery-and-aws-iam-roles-for-service-accounts-irsa) (IRSA), Pods require an additinal token to authenticate with the AWS API. In addition, the SDK requires specific environment variables set to make use of these tokens. This addon will mutate Pods configured to use IRSA so that users do not need to do this themselves. @@ -368,7 +402,9 @@ Read more about Pod Identity Webhook in the [official documentation](https://git #### Snapshot controller -{{ kops_feature_table(kops_added_default='1.21', k8s_min='1.20') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.21 | k8s 1.20 | Snapshot controller implements the [volume snapshot features](https://kubernetes.io/docs/concepts/storage/volume-snapshots/) of the Container Storage Interface (CSI). @@ -391,7 +427,9 @@ spec: ##### Self-managed aws-ebs-csi-driver -{{ kops_feature_table(kops_added_default='1.25') }} +| Introduced | +| :-: | +| kOps 1.25 | The following configuration allows for a self-managed aws-ebs-csi-driver. Please note that if you’re using Amazon EBS volumes, you must install the Amazon EBS CSI driver. If the Amazon EBS CSI plugin is not installed, then volume operations will fail. diff --git a/docs/bastion.md b/docs/bastion.md index 11ffadbe4e899..7a0315e5993ed 100644 --- a/docs/bastion.md +++ b/docs/bastion.md @@ -73,7 +73,9 @@ spec: ``` ### Using an internal (VPC only) load balancer -{{ kops_feature_table(kops_added_default='1.23') }} +| Introduced | +| :-: | +| kOps 1.23 | When configuring a LoadBalancer, you can also choose to have a public load balancer or an internal (VPC only) load balancer. The `type` field should be `Public` or `Internal` (defaults to `Public` if omitted). @@ -86,7 +88,9 @@ spec: ``` ### Additional security groups to ELB -{{ kops_feature_table(kops_added_default='1.18') }} +| Introduced | +| :-: | +| kOps 1.18 | If you want to add security groups to the bastion ELB diff --git a/docs/cluster_spec.md b/docs/cluster_spec.md index 553ec093c142e..96ee5f14204db 100644 --- a/docs/cluster_spec.md +++ b/docs/cluster_spec.md @@ -88,7 +88,9 @@ spec: **AWS only** -{{ kops_feature_table(kops_added_default='1.19') }} +| Introduced | +| :-: | +| kOps 1.19 | You can choose to have either a Network Load Balancer (NLB) or a Classic Load Balancer (CLB). The `class` field should be either `Network` (default) or `Classic` (deprecated). @@ -238,7 +240,9 @@ etcdClusters: ``` ### etcd metrics -{{ kops_feature_table(kops_added_default='1.18') }} +| Introduced | +| :-: | +| kOps 1.18 | You can expose /metrics endpoint for the etcd instances and control their type (`basic` or `extensive`) by defining env vars: @@ -259,7 +263,9 @@ etcdClusters: *Note:* If you are running multiple etcd clusters you need to expose the metrics on different ports for each cluster as etcd is running as a service on the master nodes. ### etcd backups interval -{{ kops_feature_table(kops_added_default='1.24.1') }} +| Introduced | +| :-: | +| kOps 1.24.1 | You can set the interval between backups using the `backupInterval` parameter: @@ -274,7 +280,9 @@ etcdClusters: ``` ### etcd backups retention -{{ kops_feature_table(kops_added_default='1.18') }} +| Introduced | +| :-: | +| kOps 1.18 | As of kOps 1.27, the default etcd backup retention duration is 90 days. You can adjust the retention duration using the `backupRetentionDays` parameter: @@ -317,7 +325,9 @@ spec: - 12.34.56.78/32 ``` -{{ kops_feature_table(kops_added_default='1.23') }} +| Introduced | +| :-: | +| kOps 1.23 | In AWS, instead of listing all CIDRs, it is possible to specify a pre-existing [AWS Prefix List](https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html) ID. @@ -333,7 +343,9 @@ spec: - 12.34.56.78/32 ``` -{{ kops_feature_table(kops_added_default='1.23') }} +| Introduced | +| :-: | +| kOps 1.23 | In AWS, instead of listing all CIDRs, it is possible to specify a pre-existing [AWS Prefix List](https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html) ID. @@ -413,7 +425,9 @@ spec: ### additionalRoutes -{{ kops_feature_table(kops_added_default='1.24') }} +| Introduced | +| :-: | +| kOps 1.24 | Add routes in the route tables of the subnet. Targets of routes can be an instance, a peering connection, a NAT gateway, a transit gateway, an internet gateway or an egress-only internet gateway. Currently, only AWS is supported. @@ -540,7 +554,9 @@ spec: ``` ### Request Timeout -{{ kops_feature_table(kops_added_default='1.19') }} +| Introduced | +| :-: | +| kOps 1.19 | The duration a handler must keep a request open before timing it out and can be overridden by other flags for specific types of requests. Note that you must fill empty units of time with zeros. (default 1m0s) @@ -552,7 +568,9 @@ spec: ``` ### Profiling -{{ kops_feature_table(kops_added_default='1.18') }} +| Introduced | +| :-: | +| kOps 1.18 | Profiling via web interface `host:port/debug/pprof/`. (default: true) @@ -794,7 +812,9 @@ spec: ``` ### Protect Kernel Defaults -{{ kops_feature_table(kops_added_default='1.18', k8s_min='1.4') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.18 | k8s 1.4 | Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults. @@ -805,7 +825,9 @@ spec: ``` ### Housekeeping Interval -{{ kops_feature_table(kops_added_default='1.19', k8s_min='1.2') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.19 | k8s 1.2 | The interval between container housekeepings defaults to `10s`. This can be too small or too high for some use cases and can be modified with the following addition to the kubelet spec. @@ -816,7 +838,9 @@ spec: ``` ### Pod PIDs Limit -{{ kops_feature_table(kops_added_default='1.22', k8s_min='1.20') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.22 | k8s 1.20 | `podPidsLimit` allows to configure the maximum number of pids (process ids) in any pod. [Read more](https://kubernetes.io/docs/concepts/policy/pid-limiting/) in Kubernetes documentation. @@ -828,7 +852,9 @@ spec: ``` ### Event QPS -{{ kops_feature_table(kops_added_default='1.19') }} +| Introduced | +| :-: | +| kOps 1.19 | The limit event creations per second in kubelet. Default value is `0` which means unlimited event creations. @@ -839,7 +865,9 @@ spec: ``` ### Event Burst -{{ kops_feature_table(kops_added_default='1.19') }} +| Introduced | +| :-: | +| kOps 1.19 | Maximum size of a bursty event records, temporarily allows event records to burst to this number, while still not exceeding EventQPS. Only used if EventQPS > 0. @@ -861,7 +889,9 @@ spec: ### Graceful Node Shutdown -{{ kops_feature_table(kops_added_default='1.23', k8s_min='1.21') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.23 | k8s 1.21 | Graceful node shutdown allows kubelet to prevent instance shutdown until Pods have been safely terminated or a timeout has been reached. @@ -1209,7 +1239,9 @@ spec: ### mode -{{ kops_feature_table(kops_added_default='1.24') }} +| Introduced | +| :-: | +| kOps 1.24 | Optionally, `mode` allows you to specify a file's mode and permission bits. @@ -1251,7 +1283,9 @@ spec: ``` ### manageStorageClasses -{{ kops_feature_table(kops_added_default='1.20') }} +| Introduced | +| :-: | +| kOps 1.20 | By default kops will create `StorageClass` resources with some opinionated settings specific to cloud provider on which the cluster is installed. One of those storage classes will be defined as default applying the annotation `storageclass.kubernetes.io/is-default-class: "true"`. This may not always be a desirable behaviour and some cluster admins rather prefer to have more control of storage classes and manage them outside of kops. When set to `false`, kOps will no longer create any `StorageClass` objects. Any such objects that kOps created in the past are left as is, and kOps will no longer reconcile them against future changes. @@ -1265,7 +1299,9 @@ spec: ``` ## containerRuntime -{{ kops_feature_table(kops_added_default='1.18', k8s_min='1.11') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.18 | k8s 1.11 | As of Kubernetes 1.20, the default [container runtime](https://kubernetes.io/docs/setup/production-environment/container-runtimes) is containerd. Previously, the default container runtime was Docker. @@ -1318,7 +1354,9 @@ tar tf cri-containerd-cni-1.4.4-linux-amd64.tar.gz ``` ### Runc Version and Packages -{{ kops_feature_table(kops_added_default='1.24.2') }} +| Introduced | +| :-: | +| kOps 1.24.2 | kOps uses the binaries from https://github.com/opencontainers/runc for installing runc on any supported OS. This makes it easy to specify the desired release version: @@ -1342,7 +1380,9 @@ spec: ``` ### Registry Mirrors -{{ kops_feature_table(kops_added_default='1.19') }} +| Introduced | +| :-: | +| kOps 1.19 | If you have many instances running, each time one of them pulls an image that is not present on the host, it will fetch it from the internet. By caching these images, you can keep the traffic within your local network and avoid egress bandwidth usage. @@ -1467,7 +1507,9 @@ spec: ``` ## sysctlParameters -{{ kops_feature_table(kops_added_default='1.17') }} +| Introduced | +| :-: | +| kOps 1.17 | To add custom kernel runtime parameters to your all instance groups in the cluster, specify the `sysctlParameters` field as an array of strings. Each @@ -1530,7 +1572,9 @@ spec: ## Service Account Issuer Discovery and AWS IAM Roles for Service Accounts (IRSA) -{{ kops_feature_table(kops_added_default='1.21') }} +| Introduced | +| :-: | +| kOps 1.21 | **Warning**: Enabling the following configuration on an existing cluster can be disruptive due to the control plane provisioning tokens with different issuers. The symptom is that Pods are unable to authenticate to the Kubernetes API. To resolve this, delete Service Account token secrets that exists in the cluster and kill all pods unable to authenticate. diff --git a/docs/contributing/adding_a_feature.md b/docs/contributing/adding_a_feature.md index 72f57ef050f75..4f31bcdc428b1 100644 --- a/docs/contributing/adding_a_feature.md +++ b/docs/contributing/adding_a_feature.md @@ -57,20 +57,20 @@ one file per range of Kubernetes versions. These files are referenced by upup/pk First we add to the `cilium-config` ConfigMap: ```go - {{ '{{ with .Ipam }}' }} - ipam: {{ '{{ . }}' }} - {{ '{{ if eq . "eni" }}' }} + {{ with .Ipam }} + ipam: {{ . }} + {{ if eq . "eni" }} enable-endpoint-routes: "true" auto-create-cilium-node-resource: "true" blacklist-conflicting-routes: "false" - {{ '{{ end }}' }} - {{ '{{ end }}' }} + {{ end }} + {{ end }} ``` Then we conditionally move cilium-operator to masters: ```go - {{ '{{ if eq .Ipam "eni" }}' }} + {{ if eq .Ipam "eni" }} nodeSelector: node-role.kubernetes.io/master: "" tolerations: @@ -84,7 +84,7 @@ Then we conditionally move cilium-operator to masters: key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 - {{ '{{ end }}' }} + {{ end }} ``` After changing manifest files remember to run `bash hack/update-expected.sh` in order to get updated [manifestHash](https://github.com/kubernetes/kops/blob/master/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml#L74) values. diff --git a/docs/contributing/documentation.md b/docs/contributing/documentation.md index b49df3a1eb202..91262d7c89beb 100644 --- a/docs/contributing/documentation.md +++ b/docs/contributing/documentation.md @@ -19,8 +19,11 @@ It does not update the cloud resources, to apply the changes use "kops update cl * `Example`: Example(s) of how to use the command. This field is formatted as a code snippet in the docs, so make sure if you have comments that these are written as a bash comment (e.g. `# this is a comment`). -## Mkdocs +## mdBook -`make live-docs` runs a docker container to live build and view docs when working on them locally +`make live-docs` runs a local mdBook server on port 3000 for previewing docs. -`make build-docs` will build a final version of docs which will be checked in via automation. \ No newline at end of file +`make build-docs` builds the static site into `site/`. + +The site navigation is hand-maintained in [docs/SUMMARY.md](https://github.com/kubernetes/kops/tree/master/docs/SUMMARY.md); +new pages must be linked there to be rendered. \ No newline at end of file diff --git a/docs/contributing/release-process.md b/docs/contributing/release-process.md index a3fbf576531c5..820d1a7ab3c72 100644 --- a/docs/contributing/release-process.md +++ b/docs/contributing/release-process.md @@ -219,7 +219,7 @@ This step is only necessary for a first beta minor release (a ".0-beta.1"). Create a PR that updates the following document: -* Add a reference to the version's release notes in [mkdocs.yml](https://github.com/kubernetes/kops/tree/master/mkdocs.yml) +* Add a reference to the version's release notes in [docs/SUMMARY.md](https://github.com/kubernetes/kops/tree/master/docs/SUMMARY.md) ### Update the alpha channel and/or stable channel diff --git a/docs/extra.css b/docs/extra.css index f8631890fb63a..1af60e3abb5ce 100644 --- a/docs/extra.css +++ b/docs/extra.css @@ -8,7 +8,7 @@ display: none; } -.md-content { - /* Needed so that content doesn't overflow under right sidebar (and not be copyable) */ +/* Wrap long CLI strings/URLs so they don't overflow mdBook's content column. */ +.content { overflow-wrap: break-word; } \ No newline at end of file diff --git a/docs/gpu.md b/docs/gpu.md index 049607a63aff8..1d033a4845e4d 100644 --- a/docs/gpu.md +++ b/docs/gpu.md @@ -2,7 +2,9 @@ ## kOps managed device driver -{{ kops_feature_table(kops_added_default='1.22') }} +| Introduced | +| :-: | +| kOps 1.22 | kOps can install nvidia device drivers, plugin, and runtime, as well as configure containerd to make use of the runtime. diff --git a/docs/iam_roles.md b/docs/iam_roles.md index f6734b29bb4c0..495b4cd0c7027 100644 --- a/docs/iam_roles.md +++ b/docs/iam_roles.md @@ -47,7 +47,9 @@ The additional permissions are: ``` ## Permissions Boundaries -{{ kops_feature_table(kops_added_default='1.19') }} +| Introduced | +| :-: | +| kOps 1.19 | AWS Permissions Boundaries enable you to use a policy (managed or custom) to set the maximum permissions that roles created by kOps will be able to grant to instances they're attached to. It can be useful to prevent possible privilege escalations. @@ -61,7 +63,9 @@ iam: ## Adding External Policies -{{ kops_feature_table(kops_added_default='1.18') }} +| Introduced | +| :-: | +| kOps 1.18 | At times, you may want to attach policies shared to you by another AWS account or that are maintained by an outside application. You can specify managed policies through the `externalPolicies` spec field. diff --git a/docs/instance_groups.md b/docs/instance_groups.md index eea2d460acd10..bde1963a15bc6 100644 --- a/docs/instance_groups.md +++ b/docs/instance_groups.md @@ -141,7 +141,9 @@ spec: ``` ## compressUserData -{{ kops_feature_table(kops_added_default='1.19') }} +| Introduced | +| :-: | +| kOps 1.19 | Compresses parts of the user-data to save space and help with the size limit in certain clouds. Currently only the Specs in nodeup.sh will be compressed. @@ -152,7 +154,9 @@ spec: ``` ## packages -{{ kops_feature_table(kops_added_default='1.24') }} +| Introduced | +| :-: | +| kOps 1.24 | To install additional packages to hosts in the instance group, specify the `packages` field as an array of strings. @@ -171,7 +175,9 @@ spec: ``` ## sysctlParameters -{{ kops_feature_table(kops_added_default='1.17') }} +| Introduced | +| :-: | +| kOps 1.17 | To add custom kernel runtime parameters to your instance group, specify the `sysctlParameters` field as an array of strings. Each string must take the form @@ -270,14 +276,18 @@ The number of Spot Instance pools across which to allocate your Spot Instances. ### CapacityRebalance -{{ kops_feature_table(kops_added_default='1.26') }} +| Introduced | +| :-: | +| kOps 1.26 | If using spot instances, it's recommended to enable CapacityRebalance in your InstanceGroup. This configures ASGs to proactively replace spot instances when ASG receives a rebalance recommendation. https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-capacity-rebalancing.html ### instanceRequirements -{{ kops_feature_table(kops_added_default='1.24') }} +| Introduced | +| :-: | +| kOps 1.24 | Instead of configuring specific machine types, the InstanceGroup can be configured to use all machine types that satisfy a given set of requirements. @@ -314,7 +324,9 @@ spec: ## warmPool (AWS Only) -{{ kops_feature_table(kops_added_default='1.21') }} +| Introduced | +| :-: | +| kOps 1.21 | A Warm Pool contains pre-initialized EC2 instances that can join the cluster significantly faster than regular instances. These instances run the kOps configuration process, pull known container images, and then shut down. When the ASG needs to scale out it will pull instances from the warm pool if any are available. @@ -370,7 +382,9 @@ spec: ## maxInstanceLifetime (AWS Only) -{{ kops_feature_table(kops_added_default='1.24') }} +| Introduced | +| :-: | +| kOps 1.24 | The maximum instance lifetime specifies the maximum amount of time (in go duration [format](https://pkg.go.dev/time#ParseDuration)) that an instance can be in service before it is terminated and replaced. A common use case might be a requirement to replace your instances on a schedule because of internal security policies or external compliance controls. diff --git a/docs/networking/calico.md b/docs/networking/calico.md index 21c7c4046679e..bf1e824f3294d 100644 --- a/docs/networking/calico.md +++ b/docs/networking/calico.md @@ -123,7 +123,9 @@ It is possible to configure Calico to use Typha by editing a cluster and adding ``` ### Configuring the eBPF dataplane -{{ kops_feature_table(kops_added_default='1.19', k8s_min='1.16') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.19 | k8s 1.16 | Calico supports using an [eBPF dataplane](https://docs.projectcalico.org/about/about-ebpf) as an alternative to the standard Linux dataplane (which is based on iptables). While the standard dataplane focuses on compatibility by relying on kube-proxy and your own iptables rules, the eBPF dataplane focuses on performance, latency, and improving user experience with features that aren’t possible in the standard dataplane. As part of that, the eBPF dataplane replaces kube-proxy with an eBPF implementation. The main “user experience” feature is to preserve the source IP address of traffic from outside the cluster when traffic hits a node port; this makes the server-side logs and network policy much more useful on that path. @@ -154,7 +156,9 @@ You can further tune Calico's eBPF dataplane with additional options, such as en **Note:** Transitioning to or from Calico's eBPF dataplane in an existing cluster is disruptive. kOps cannot orchestrate this transition automatically today. ### Configuring WireGuard (IPv4 only) -{{ kops_feature_table(kops_added_default='1.19', k8s_min='1.16') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.19 | k8s 1.16 | In IPv4 clusters, Calico supports WireGuard to encrypt pod-to-pod traffic. If you enable this options, WireGuard encryption is automatically enabled for all nodes. At the moment, kOps installs WireGuard automatically only when the host OS is *Ubuntu*. For other OSes, WireGuard has to be part of the base image or installed via a hook. diff --git a/docs/networking/cilium.md b/docs/networking/cilium.md index 4aaffb0136a25..423cb0ae3c455 100644 --- a/docs/networking/cilium.md +++ b/docs/networking/cilium.md @@ -27,7 +27,9 @@ kops create cluster \ ### Using etcd for agent state sync -{{ kops_feature_table(kops_added_beta='1.18', kops_added_default='1.26') }} +| Beta | Default | +| :-: | :-: | +| kOps 1.18 | kOps 1.26 | By default, Cilium will use CRDs for synchronizing agent state. This can cause performance problems on larger clusters. As of kOps 1.18, kOps can manage an etcd cluster using etcd-manager dedicated for cilium agent state sync. The [Cilium docs](https://docs.cilium.io/en/v1.13/installation/k8s-install-external-etcd/) contains recommendations for when this must be enabled. @@ -110,7 +112,9 @@ kops rolling-update cluster --yes ### Enabling Cilium ENI IPAM (IPv4 only) -{{ kops_feature_table(kops_added_beta='1.18', kops_added_default='1.26') }} +| Beta | Default | +| :-: | :-: | +| kOps 1.18 | kOps 1.26 | You can have Cilium provision AWS managed addresses and attach them directly to Pods much like AWS VPC. See [the Cilium docs for more information](https://docs.cilium.io/en/v1.13/network/concepts/ipam/eni/) @@ -138,7 +142,9 @@ Also note that this feature has only been tested on the default kOps AMIs. #### Enabling Encryption in Cilium (IPv4 only) ##### IPsec -{{ kops_feature_table(kops_added_default='1.19', k8s_min='1.17') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.19 | k8s 1.17 | As of kOps 1.19, it is possible to enable encryption for Cilium agent in IPv4 clusters. In order to enable encryption, you must first generate the pre-shared key using this command: @@ -156,7 +162,9 @@ Once the secret has been created, encryption can be enabled by setting `enableEn ``` ##### WireGuard -{{ kops_feature_table(kops_added_default='1.22', k8s_min='1.17') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.22 | k8s 1.17 | Cilium can make use of the [wireguard protocol for transparent encryption](https://docs.cilium.io/en/v1.13/security/network/encryption-wireguard/). Take care to familiarise yourself with the [limitations](https://docs.cilium.io/en/v1.13/security/network/encryption-wireguard/#limitations). @@ -169,7 +177,9 @@ Cilium can make use of the [wireguard protocol for transparent encryption](https ``` ### Resources in Cilium -{{ kops_feature_table(kops_added_default='1.21', k8s_min='1.20') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.21 | k8s 1.20 | As of kOps 1.20, it is possible to choose your own values for Cilium Agents + Operator. Example: ```yaml @@ -180,7 +190,9 @@ As of kOps 1.20, it is possible to choose your own values for Cilium Agents + Op ``` ### CNI Exclusive -{{ kops_feature_table(kops_added_default='1.32') }} +| Introduced | +| :-: | +| kOps 1.32 | If you want to use additional CNI plugins, for example when using service meshes like Istio or Linkerd, It is required to disable the `cni-exclusive` option so that Cilium does not remove the other CNI configuration files. @@ -191,7 +203,9 @@ If you want to use additional CNI plugins, for example when using service meshes ``` ## Hubble -{{ kops_feature_table(kops_added_default='1.20.1', k8s_min='1.20') }} +| Introduced | Minimum K8s Version | +| :-: | :-: | +| kOps 1.20.1 | k8s 1.20 | Hubble is the observability layer of Cilium and can be used to obtain cluster-wide visibility into the network and security layer of your Kubernetes cluster. See the [Hubble documentation](https://docs.cilium.io/en/v1.13/gettingstarted/hubble_setup/) for more information. @@ -251,7 +265,9 @@ Note that you can create an ingress resource for Hubble UI by configuring the `h ## Gateway API Support -{{ kops_feature_table(kops_added_default='1.32') }} +| Introduced | +| :-: | +| kOps 1.32 | Cilium supports the Kubernetes Gateway API, which provides a more expressive and extensible way to configure ingress traffic. To enable Gateway API support in Cilium, you need to: diff --git a/docs/networking/ipv6.md b/docs/networking/ipv6.md index ef24a075cd0e9..4d24c6d378e6d 100644 --- a/docs/networking/ipv6.md +++ b/docs/networking/ipv6.md @@ -1,6 +1,8 @@ # IPv6 -{{ kops_feature_table(kops_added_ff='1.23', kops_added_beta='1.26') }} +| Alpha (Feature Flag) | Beta | +| :-: | :-: | +| kOps 1.23 | kOps 1.26 | kOps has beta support for configuring clusters with IPv6-only pods and IPv6-only or dual-stack nodes. diff --git a/docs/operations/asset-repository.md b/docs/operations/asset-repository.md index b0d2a829a8ee2..7a074d71b3958 100644 --- a/docs/operations/asset-repository.md +++ b/docs/operations/asset-repository.md @@ -47,7 +47,9 @@ through a particular AWS Endpoint. ## Copying assets into repositories -{{ kops_feature_table(kops_added_default='1.22') }} +| Introduced | +| :-: | +| kOps 1.22 | You can copy assets into their repositories either by running `kops get assets --copy` or through an external process. @@ -60,7 +62,9 @@ A GCS bucket must be configured with a prefix of `https://storage.googleapis.com ## Listing assets -{{ kops_feature_table(kops_added_default='1.22') }} +| Introduced | +| :-: | +| kOps 1.22 | You can obtain a list of image and file assets used by a particular cluster by running `kops get assets`. You can get output in table, YAML, or JSON format. You can feed this into a process, external to kOps, for copying the assets to their respective repositories. diff --git a/docs/operations/cluster_template.md b/docs/operations/cluster_template.md index d51c31dbb5d33..6ecf91cb5caa9 100644 --- a/docs/operations/cluster_template.md +++ b/docs/operations/cluster_template.md @@ -13,11 +13,11 @@ apiVersion: kops.k8s.io/v1alpha2 kind: InstanceGroup metadata: labels: - kops.k8s.io/cluster: {{ '{{.clusterName}}.{{.dnsZone}}' }} + kops.k8s.io/cluster: {{.clusterName}}.{{.dnsZone}} name: nodes spec: - image: {{ '{{ ChannelRecommendedImage .cloud .kubernetesVersion .architecture }}' }} - kubernetesVersion: {{ '{{ ChannelRecommendedKubernetesUpgradeVersion .kubernetesVersion }}' }} + image: {{ ChannelRecommendedImage .cloud .kubernetesVersion .architecture }} + kubernetesVersion: {{ ChannelRecommendedKubernetesUpgradeVersion .kubernetesVersion }} machineType: m4.large maxPrice: "0.5" maxSize: 20 @@ -25,9 +25,9 @@ spec: role: Node rootVolumeSize: 100 subnets: - - {{ '{{.awsRegion}}' }}a - - {{ '{{.awsRegion}}' }}b - - {{ '{{.awsRegion}}' }}c + - {{.awsRegion}}a + - {{.awsRegion}}b + - {{.awsRegion}}c ``` You can pass configuration such as an environment file by using the `--values PATH` command line option. Note `--values` is a slice so can be defined multiple times; the configuration is overridden by each configuration file *(so order is important assuming duplicating values)*; a use-case for this would be a default configuration which upstream clusters can override. @@ -108,15 +108,15 @@ The example below assumes you have placed the appropriate files i.e. *(nodes.jso apiVersion: kops.k8s.io/v1alpha2 kind: Cluster metadata: - name: {{ '{{ .environment }}.{{ .dns_zone }}' }} + name: {{ .environment }}.{{ .dns_zone }} spec: docker: - {{ '{{ include "docker" . | indent 4 }}' }} + {{ include "docker" . | indent 4 }} additionalPolicies: master: | - {{ '{{ include "masters.json" . | indent 6 }}' }} + {{ include "masters.json" . | indent 6 }} node: | - {{ '{{ include "nodes.json" . | indent 6 }}' }} + {{ include "nodes.json" . | indent 6 }} ``` ### Template Functions @@ -140,10 +140,10 @@ This function returns the recommended image for the given cloud provider and kub The entire set of [Sprig functions](https://masterminds.github.io/sprig/) are available within the templates for you. Note if you want to use the 'defaults' functions switch off the verification check on the command line by `--fail-on-missing=false`; ```YAML -image: {{ '{{ default $image $node.image }}' }} -machineType: {{ '{{ default $instance $node.machine_type }}' }} -maxSize: {{ '{{ default "10" $node.max_size }}' }} -minSize: {{ '{{ default "1" $node.min_size }}' }} +image: {{ default $image $node.image }} +machineType: {{ default $instance $node.machine_type }} +maxSize: {{ default "10" $node.max_size }} +minSize: {{ default "1" $node.min_size }} ``` Assigning entire arrays is also supported with Sprig's [toJson function](https://masterminds.github.io/sprig/defaults.html). @@ -151,7 +151,7 @@ Assigning entire arrays is also supported with Sprig's [toJson function](https:/ ```yaml # template spec: - kubernetesApiAccess: {{ '{{.allowedIPs | toJson }}' }} + kubernetesApiAccess: {{.allowedIPs | toJson }} ``` ```yaml diff --git a/docs/operations/rotate-secrets.md b/docs/operations/rotate-secrets.md index d5f1f3bac95cc..83956ecdcfaa4 100644 --- a/docs/operations/rotate-secrets.md +++ b/docs/operations/rotate-secrets.md @@ -19,7 +19,9 @@ There are two types of credentials managed by kOps: ## Rotating keypairs -{{ kops_feature_table(kops_added_default='1.22') }} +| Introduced | +| :-: | +| kOps 1.22 | You may gracefully rotate keypairs of keysets that are either Certificate Authorities or are "service-account" by performing the following procedure. Other keypairs will be diff --git a/docs/operations/scaling.md b/docs/operations/scaling.md index d86da79d5c1dc..cf499d62f25e8 100644 --- a/docs/operations/scaling.md +++ b/docs/operations/scaling.md @@ -4,7 +4,9 @@ ### Dedicated API Server nodes -{{ kops_feature_table(kops_added_default='1.21') }} +| Introduced | +| :-: | +| kOps 1.21 | A common bottleneck of the control plane is the API server. As the number of pods and nodes grow, you will want to add more resources to handle the load. diff --git a/docs/state.md b/docs/state.md index 79d137d5735b4..13ab54c15ac10 100644 --- a/docs/state.md +++ b/docs/state.md @@ -48,7 +48,9 @@ There are a few ways to configure your state store. In priority order: + config file `$HOME/.kops/config` ## Local filesystem state stores -{{ kops_feature_table(kops_added_default='1.17') }} +| Introduced | +| :-: | +| kOps 1.17 | The local filesystem state store (`file://`) is **not** functional for running clusters. It is permitted so as to enable review workflows. diff --git a/docs/tutorial/working-with-instancegroups.md b/docs/tutorial/working-with-instancegroups.md index dc6dffd10f510..d68897739a8a1 100644 --- a/docs/tutorial/working-with-instancegroups.md +++ b/docs/tutorial/working-with-instancegroups.md @@ -194,7 +194,9 @@ using preemptible/spot instances you might be waiting for a long time. ## Fetching images via AWS SSM (AWS Only) -{{ kops_feature_table(kops_added_default='1.25.3') }} +| Introduced | +| :-: | +| kOps 1.25.3 | If you are using AWS, you can dynamically fetch instance group images from an AWS SSM Parameter. kOps will automatically fetch SSM Parameter and lookup the AMI ID on every `kops update cluster` run. This is useful if you often update your images and don't want to update your instance group configuration every time. Your SSM Parameter must start with `ssm:` and contain the full path of the SSM Parameter. @@ -270,7 +272,9 @@ spec: ``` ## Encrypting the root volume -{{ kops_feature_table(kops_added_default='1.19') }} +| Introduced | +| :-: | +| kOps 1.19 | You can encrypt the root volume _(note, presently confined to AWS)_ via the instancegroup specification. @@ -289,7 +293,9 @@ In the above example the encryption key is optional. The default key for EBS enc The encryption key can specified as the key ID, alias or ARN, as described in the [AWS docs](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id). ## Adding additional storage to the instance groups -{{ kops_feature_table(kops_added_default='1.12') }} +| Introduced | +| :-: | +| kOps 1.12 | You can add additional storage _(note, presently confined to AWS)_ via the instancegroup specification. @@ -436,7 +442,9 @@ So the procedure is: * (no instances need to be relaunched, so no rolling-update is needed) ## Creating an instance group of mixed instances types (AWS Only) -{{ kops_feature_table(kops_added_default='1.12') }} +| Introduced | +| :-: | +| kOps 1.12 | AWS permits the creation of mixed instance EC2 Autoscaling Groups using a [mixed instance policy](https://aws.amazon.com/blogs/aws/new-ec2-auto-scaling-groups-with-multiple-instance-types-purchase-options/), allowing the users to build a target capacity and make up of on-demand and spot instances while offloading the allocation strategy to AWS. diff --git a/hack/build-mdbook.sh b/hack/build-mdbook.sh new file mode 100755 index 0000000000000..bd337c12d2f82 --- /dev/null +++ b/hack/build-mdbook.sh @@ -0,0 +1,60 @@ +#!/usr/bin/env bash + +# Copyright 2026 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Installs a pinned mdBook binary (if missing) and builds the docs site. +# Usage: ./hack/build-mdbook.sh [build|serve] (default: build) + +set -o errexit +set -o nounset +set -o pipefail + +MDBOOK_VERSION="${MDBOOK_VERSION:-0.5.2}" +CMD="${1:-build}" + +KOPS_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +BIN_DIR="${KOPS_ROOT}/.build/bin" +MDBOOK="${BIN_DIR}/mdbook" + +# Map host OS/arch to upstream release asset names. +case "$(uname -m)" in + x86_64|amd64) ARCH="x86_64" ;; + arm64|aarch64) ARCH="aarch64" ;; + *) echo "unsupported arch: $(uname -m)" >&2; exit 1 ;; +esac +case "$(uname -s)" in + Darwin) OS="apple-darwin" ;; + Linux) + # Upstream ships musl for aarch64 and gnu for x86_64. + if [[ "${ARCH}" == "aarch64" ]]; then OS="unknown-linux-musl"; else OS="unknown-linux-gnu"; fi + ;; + *) echo "unsupported OS: $(uname -s)" >&2; exit 1 ;; +esac + +if [[ ! -x "${MDBOOK}" ]] || ! "${MDBOOK}" --version 2>/dev/null | grep -q "${MDBOOK_VERSION}"; then + mkdir -p "${BIN_DIR}" + TARBALL="mdbook-v${MDBOOK_VERSION}-${ARCH}-${OS}.tar.gz" + URL="https://github.com/rust-lang/mdBook/releases/download/v${MDBOOK_VERSION}/${TARBALL}" + echo "Downloading ${URL}" + curl -fsSL "${URL}" | tar -xz -C "${BIN_DIR}" +fi + +cd "${KOPS_ROOT}" +PORT="${PORT:-3000}" +case "${CMD}" in + build) "${MDBOOK}" build ;; + serve) "${MDBOOK}" serve --hostname localhost --port "${PORT}" ;; + *) echo "unknown command: ${CMD}" >&2; exit 1 ;; +esac diff --git a/hack/mkdocs_macros/__init__.py b/hack/mkdocs_macros/__init__.py deleted file mode 100644 index 07cf403f59564..0000000000000 --- a/hack/mkdocs_macros/__init__.py +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env python3 - -# Copyright 2020 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -from .feature_stability_table import define_env - - -def main(): - pass - - -if __name__ == "__main__": - main() diff --git a/hack/mkdocs_macros/feature_stability_table.py b/hack/mkdocs_macros/feature_stability_table.py deleted file mode 100644 index 577ed148a2786..0000000000000 --- a/hack/mkdocs_macros/feature_stability_table.py +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/env python3 - -# Copyright 2020 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -def define_env(env): - """Hook function""" - - @env.macro - def kops_feature_table(**kwargs): - """ - Generate a markdown table which will be rendered when called, along with the supported passed keyword args. - :param kwargs: - kops_added_ff => kOps version in which this feature was added as a feature flag - kops_added_beta => kOps version in which this feature was introduced as beta - kops_added_default => kOps version in which this feature was introduced as stable - k8s_min => Minimum k8s version which supports this feature - :return: rendered markdown table - """ - - # this dict object maps the kwarg to its description, which will be used in the final table - supported_args = { - 'kops_added_ff': 'Alpha (Feature Flag)', - 'kops_added_beta': 'Beta', - 'kops_added_default': 'Default', - 'k8s_min': 'Minimum K8s Version' - } - - # Create the initial strings to which we'll concatenate the relevant columns - title = '|' - separators = '|' - values = '|' - - # Iterate over provided supported kwargs and match them with the provided values. - for arg, header in supported_args.items(): - if arg not in kwargs.keys(): - continue - if arg == 'kops_added_default' and 'kops_added_ff' not in kwargs.keys() and 'kops_added_beta' not in kwargs.keys(): - title += ' Introduced |' - else: - title += f' {header} |' - separators += ' :-: |' - if arg == 'k8s_min': - values += f' k8s {kwargs[arg]} |' - else: - values += f' kOps {kwargs[arg]} |' - - # Create a list object containing all the table rows, - # Then return a string object which contains every list item in a new line. - table = [ - title, - separators, - values - ] - return '\n'.join(table) - - -def main(): - pass - - -if __name__ == "__main__": - main() diff --git a/images/mkdocs/.dockerignore b/images/mkdocs/.dockerignore deleted file mode 100644 index 1d1fe94df4921..0000000000000 --- a/images/mkdocs/.dockerignore +++ /dev/null @@ -1 +0,0 @@ -Dockerfile \ No newline at end of file diff --git a/images/mkdocs/Dockerfile b/images/mkdocs/Dockerfile deleted file mode 100644 index 605ffd8595aa6..0000000000000 --- a/images/mkdocs/Dockerfile +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 2019 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM alpine:3.22 - -RUN apk add --no-cache \ - bash \ - git \ - git-fast-import \ - openssh \ - python3 \ - python3-dev \ - curl \ - build-base \ - && python3 -m ensurepip \ - && rm -r /usr/lib/python*/ensurepip \ - && pip3 install --upgrade pip setuptools \ - && rm -r /root/.cache \ - && rm -rf /var/cache/apk/* - -COPY requirements.txt /requirements.txt -RUN pip install -U -r /requirements.txt - -WORKDIR /docs - -EXPOSE 3000 - -COPY entrypoint.sh / - -ENTRYPOINT ["/entrypoint.sh"] diff --git a/images/mkdocs/entrypoint.sh b/images/mkdocs/entrypoint.sh deleted file mode 100755 index 19d8399278b78..0000000000000 --- a/images/mkdocs/entrypoint.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -# Copyright 2019 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o pipefail - -CMD=$1 - -if [ "$CMD" == "build" ]; -then - mkdocs build - exit 0; -fi - -mkdocs serve --dev-addr=0.0.0.0:3000 --livereload diff --git a/images/mkdocs/requirements.txt b/images/mkdocs/requirements.txt deleted file mode 100644 index 1b2fad7b6690d..0000000000000 --- a/images/mkdocs/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -mkdocs-material==9.6.19 -mkdocs-macros-plugin==1.3.7 diff --git a/mkdocs.yml b/mkdocs.yml deleted file mode 100644 index 515012f0d2413..0000000000000 --- a/mkdocs.yml +++ /dev/null @@ -1,205 +0,0 @@ -site_name: kOps - Kubernetes Operations -# strict: true -repo_name: 'kubernetes/kops' -repo_url: 'https://github.com/kubernetes/kops' -site_url: 'https://kops.sigs.k8s.io' -markdown_extensions: - - admonition - - codehilite - - pymdownx.inlinehilite - - pymdownx.tasklist: - custom_checkbox: true - - pymdownx.superfences - - pymdownx.tilde - - toc: - permalink: ' ¶' -theme: - name: material - features: - - navigation.tabs - icon: - logo: 'material/cloud-outline' - favicon: 'img/logo-notext.svg' - palette: - # Palette toggle for automatic mode - - media: "(prefers-color-scheme)" - toggle: - icon: material/brightness-auto - name: Switch to light mode - - # Palette toggle for light mode - - media: "(prefers-color-scheme: light)" - scheme: default - primary: 'teal' - accent: 'green' - toggle: - icon: material/brightness-7 - name: Switch to dark mode - - # Palette toggle for dark mode - - media: "(prefers-color-scheme: dark)" - scheme: slate - toggle: - icon: material/brightness-4 - name: Match OS theme (Automatic) - -plugins: - - search - - macros: - module_name: hack/mkdocs_macros/feature_stability_table -extra_css: [extra.css] - -nav: - - Welcome: - - Welcome: "index.md" - - Releases & Versioning: "welcome/releases.md" - - Office Hours: "welcome/office_hours.md" - - Values: "values.md" - - Getting Started: - - Installing: "getting_started/install.md" - - Deploying to AWS: "getting_started/aws.md" - - Deploying to GCE: "getting_started/gce.md" - - Deploying to Digital Ocean - Beta: "getting_started/digitalocean.md" - - Deploying to Hetzner - Beta: "getting_started/hetzner.md" - - Deploying to OpenStack - Beta: "getting_started/openstack.md" - - Deploying to Azure - Alpha: "getting_started/azure.md" - - Deploying to Spot Ocean - Alpha: "getting_started/spot-ocean.md" - - kOps Commands: "getting_started/commands.md" - - kOps Arguments: "getting_started/arguments.md" - - kubectl usage: "getting_started/kubectl.md" - - Production setup: "getting_started/production.md" - - CLI: - - kops: "cli/kops.md" - - kops completion: "cli/kops_completion.md" - - kops create: "cli/kops_create.md" - - kops delete: "cli/kops_delete.md" - - kops distrust: "cli/kops_distrust.md" - - kops edit: "cli/kops_edit.md" - - kops export: "cli/kops_export.md" - - kops get: "cli/kops_get.md" - - kops promote: "cli/kops_promote.md" - - kops replace: "cli/kops_replace.md" - - kops rolling-update: "cli/kops_rolling-update.md" - - kops toolbox: "cli/kops_toolbox.md" - - kops trust: "cli/kops_trust.md" - - kops update: "cli/kops_update.md" - - kops upgrade: "cli/kops_upgrade.md" - - kops validate: "cli/kops_validate.md" - - kops version: "cli/kops_version.md" - - API: - - Cluster Resource: "cluster_spec.md" - - InstanceGroup Resource: "instance_groups.md" - - Addons: - - Addons: "addons.md" - - Operations: - - Updates & Upgrades: "operations/updates_and_upgrades.md" - - Rolling Updates: "operations/rolling-update.md" - - Working with Instance Groups: "tutorial/working-with-instancegroups.md" - - Using Manifests and Customizing: "manifests_and_customizing_via_api.md" - - High Availability: "operations/high_availability.md" - - Scaling: "operations/scaling.md" - - Karpenter: "operations/karpenter.md" - - Local asset repositories: "operations/asset-repository.md" - - Instancegroup images: "operations/images.md" - - Cluster configuration management: "changing_configuration.md" - - Cluster Templating: "operations/cluster_template.md" - - GPU setup: "gpu.md" - - Label management: "labels.md" - - Rotate Secrets: "operations/rotate-secrets.md" - - Service Account Issuer Migration: "operations/service_account_issuer_migration.md" - - Service Account Token Volume: "operations/service_account_token_volumes.md" - - Moving from a Single Master to Multiple HA Masters: "single-to-multi-master.md" - - Running kOps in a CI environment: "continuous_integration.md" - - Gossip DNS: "gossip.md" - - etcd: - - etcd administration: "operations/etcd_administration.md" - - etcd backup, restore and encryption: "operations/etcd_backup_restore_encryption.md" - - Moving from a Single Master to Multiple HA Masters: "single-to-multi-master.md" - - etcd3 Migration: "etcd3-migration.md" - - Troubleshooting: "operations/troubleshoot.md" - - - Networking: - - Networking Overview: "networking.md" - - CNI: - - AWS VPC: "networking/aws-vpc.md" - - Calico: "networking/calico.md" - - Cilium: "networking/cilium.md" - - Flannel: "networking/flannel.md" - - Kube-Router: "networking/kube-router.md" - - IPv6: "networking/ipv6.md" - - Run kOps in an existing VPC: "run_in_existing_vpc.md" - - Supported network topologies: "topology.md" - - Subdomain setup: "creating_subdomain.md" - - Security: - - Security: "security.md" - - Advisories: "advisories/README.md" - - Bastion setup: "bastion.md" - - Instance IAM roles: "iam_roles.md" - - MFA setup: "mfa.md" - - Security Groups: "security_groups.md" - - Advanced: - - Download Config: "advanced/download_config.md" - - Subdomain NS Records: "advanced/ns.md" - - Experimental: "advanced/experimental.md" - - Cluster boot sequence: "boot-sequence.md" - - Philosophy: "philosophy.md" - - State store: "state.md" - - AWS China: "aws-china.md" - - Custom CA: "custom_ca.md" - - Horizontal Pod Autoscaling: "horizontal_pod_autoscaling.md" - - Egress Proxy: "http_proxy.md" - - Node Resource Allocation: "node_resource_handling.md" - - Terraform: "terraform.md" - - Authentication: "authentication.md" - - Contributing: - - Getting Involved and Contributing: "contributing/index.md" - - New Kubernetes Version: "contributing/new_kubernetes_version.md" - - Our Release Process: "contributing/release-process.md" - - Releasing With Homebrew: "contributing/homebrew.md" - - Updating The Default Base AMI: "contributing/update_ami_versions.md" - - Building: "contributing/building.md" - - Adding a feature: "contributing/adding_a_feature.md" - - Testing: "contributing/testing.md" - - Testing preview versions: "contributing/test_versions.md" - - Developing using Docker: "contributing/Docker.md" - - Documentation Guidelines: "contributing/documentation.md" - - Hack Directory: "contributing/hack.md" - - How to update kOps API: "contributing/api_updates.md" - - Low level description on how kOps works: "contributing/how_it_works.md" - - Notes on Gossip design: "contributing/gossip.md" - - Notes on master instance sizing: "contributing/instancesizes.md" - - Vendoring: "contributing/vendoring.md" - - Ports: "contributing/ports.md" - - Cluster Addons & Manager : "contributing/addons.md" - - Releases: - - "1.35": releases/1.35-NOTES.md - - "1.34": releases/1.34-NOTES.md - - "1.33": releases/1.33-NOTES.md - - "1.32": releases/1.32-NOTES.md - - "1.31": releases/1.31-NOTES.md - - "1.30": releases/1.30-NOTES.md - - "1.29": releases/1.29-NOTES.md - - "1.28": releases/1.28-NOTES.md - - "1.27": releases/1.27-NOTES.md - - "1.26": releases/1.26-NOTES.md - - "1.25": releases/1.25-NOTES.md - - "1.24": releases/1.24-NOTES.md - - "1.23": releases/1.23-NOTES.md - - "1.22": releases/1.22-NOTES.md - - "1.21": releases/1.21-NOTES.md - - "1.20": releases/1.20-NOTES.md - - "1.19": releases/1.19-NOTES.md - - "1.18": releases/1.18-NOTES.md - - "1.17": releases/1.17-NOTES.md - - "1.16": releases/1.16-NOTES.md - - "1.15": releases/1.15-NOTES.md - - "1.14": releases/1.14-NOTES.md - - "1.13": releases/1.13-NOTES.md - - "1.12": releases/1.12-NOTES.md - - "1.11": releases/1.11-NOTES.md - - "1.10": releases/1.10-NOTES.md - - "1.9": releases/1.9-NOTES.md - - "1.8": releases/1.8-NOTES.md - - "1.7": releases/1.7-NOTES.md - - "1.6": releases/1.6-NOTES.md - - "1.4": releases/1.4-NOTES.md diff --git a/netlify.toml b/netlify.toml index 2443cbc3a07f3..a0f98051f1479 100644 --- a/netlify.toml +++ b/netlify.toml @@ -1,5 +1,7 @@ -# netlify configuration +# Netlify build for the kOps documentation site. [build] publish = "site" -command = "make build-docs-netlify" -environment = { PYTHON_VERSION = "3.12" } \ No newline at end of file +command = "./hack/build-mdbook.sh build" + +# Default pretty_urls (true) lets the legacy mkdocs-style /foo/ paths +# resolve to mdBook's /foo.html output without per-page rewrites.