Merge branch 'master' into foxish-fix-link

Author: foxish

_data/guides.yml

@@ -252,6 +252,8 @@ toc:
     path: /docs/admin/
   - title: Cluster Management Guide
     path: /docs/admin/cluster-management/
+  - title: kubeadm reference
+    path: /docs/admin/kubeadm/
   - title: Installing Addons
     path: /docs/admin/addons/
   - title: Sharing a Cluster with Namespaces

_data/tutorials.yml

@@ -4,6 +4,8 @@ toc:
   path: /docs/tutorials/
 - title: Kubernetes Basics
   section:
+  - title: Overview
+    path: /docs/tutorials/kubernetes-basics/
   - title: 1. Create a Cluster
     section:
     - title: Using Minikube to Create a Cluster

docs/admin/accessing-the-api.md

@@ -52,8 +52,8 @@ On GCE, Client Certificates, Password, Plain Tokens, and JWT Tokens are all enab
 If the request cannot be authenticated, it is rejected with HTTP status code 401.
 Otherwise, the user is authenticated as a specific `username`, and the user name
 is available to subsequent steps to use in their decisions.  Some authenticators
-may also provide the group memberships of the user, while other authenticators
-do not (and expect the authorizer to determine these).
+also provide the group memberships of the user, while other authenticators
+do not.
 
 While Kubernetes uses "usernames" for access control decisions and in request logging,
 it does not have a `user` object nor does it store usernames or other information about

docs/admin/authorization.md

@@ -53,7 +53,7 @@ A request has the following attributes that can be considered for authorization:
   - what resource is being accessed (for resource requests only)
   - what subresource is being accessed (for resource requests only)
   - the namespace of the object being accessed (for namespaced resource requests only)
-  - the API group being accessed (for resource requests only)
+  - the API group being accessed (for resource requests only); an empty string designates the [core API group](../api.md#api-groups)
 
 The request verb for a resource API endpoint can be determined by the HTTP verb used and whether or not the request acts on an individual resource or a collection of resources:
 
@@ -231,7 +231,7 @@ metadata:
   namespace: default
   name: pod-reader
 rules:
-  - apiGroups: [""] # The API group "" indicates the default API Group.
+  - apiGroups: [""] # The API group "" indicates the core API Group.
     resources: ["pods"]
     verbs: ["get", "watch", "list"]
     nonResourceURLs: []
@@ -632,4 +632,4 @@ subjectaccessreview "" created
 ```
 
 This is useful for debugging access problems, in that you can use this resource
-to determine what access an authorizer is granting.
+to determine what access an authorizer is granting.

docs/admin/kubeadm.md

@@ -0,0 +1,150 @@
+---
+assignees:
+- mikedanese
+- luxas
+- errordeveloper
+
+---
+
+
+This document provides information on how to use kubeadm's advanced options.
+
+Running kubeadm init bootstraps a Kubernetes cluster. This consists of the
+following steps:
+
+1. kubeadm generates a token that additional nodes can use to register themselves
+with the master in future.
+
+1. kubeadm generates a self-signed CA using openssl to provision identities
+for each node in the cluster, and for the API server to secure communication
+with clients.
+
+1. Outputting a kubeconfig file for the kubelet to use to connect to the API server,
+as well as an additional kubeconfig file for administration.
+
+1. kubeadm generates Kubernetes resource manifests for the API server, controller manager
+and scheduler, and placing them in `/etc/kubernetes/manifests`. The kubelet watches
+this directory for static resources to create on startup. These are the core
+components of Kubernetes, and once they are up and running we can use `kubectl`
+to set up/manage any additional components.
+
+1. kubeadm installs any add-on components, such as DNS or discovery, via the API server.
+
+## Usage
+
+Fields that support multiple values do so either with comma separation, or by specifying
+the flag multiple times.
+
+### `kubeadm init`
+
+It is usually sufficient to run `kubeadm init` without any flags,
+but in some cases you might like to override the default behaviour.
+Here we specify all the flags that can be used to customise the Kubernetes
+installation.
+
+- `--api-advertise-addresses` (multiple values are allowed)
+- `--api-external-dns-names` (multiple values are allowed)
+
+By default, `kubeadm init` automatically detects IP addresses and uses
+these to generate certificates for the API server. This uses the IP address
+of the default network interface. If you would like to access the API server
+through a different IP address, or through a hostname, you can override these
+defaults with `--api-advertise-addresses` and `--api-external-dns-names`.
+For example, to generate certificates that verify the API server at addresses
+`10.100.245.1` and `100.123.121.1`, you could use
+`--api-advertise-addresses=10.100.245.1,100.123.121.1`. To allow it to be accessed
+with a hostname, `--api-external-dns-names=kubernetes.example.com,kube.example.com`
+Specifying `--api-advertise-addresses` disables auto detection of IP addresses.
+
+- `--cloud-provider`
+
+Currently, `kubeadm init` does not provide autodetection of cloud provider.
+This means that load balancing and persistent volumes are not supported out
+of the box. You can specify a cloud provider using `--cloud-provider`.
+Valid values are the ones supported by `controller-manager`, namely `"aws"`,
+`"azure"`, `"cloudstack"`, `"gce"`, `"mesos"`, `"openstack"`, `"ovirt"`,
+`"rackspace"`, `"vsphere"`. In order to provide additional configuration for
+the cloud provider, you should create a `/etc/kubernetes/cloud-config.json`
+file manually, before running `kubeadm init`. `kubeadm` automatically
+picks those settings up and ensures other nodes are configured correctly.
+You must also set the `--cloud-provider` and `--cloud-config` parameters
+yourself by editing the `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf`
+file appropriately.
+
+- `--external-etcd-cafile` etcd certificate authority file
+- `--external-etcd-endpoints` (multiple values are allowed)
+- `--external-etcd-certfile` etcd client certificate file
+- `--external-etcd-keyfile` etcd client key file
+
+By default, `kubeadm` deploys a single node etcd cluster on the master
+to store Kubernetes state. This means that any failure on the master node
+requires you to rebuild your cluster from scratch. Currently `kubeadm init`
+does not support automatic deployment of a highly available etcd cluster.
+If you would like to use your own etcd cluster, you can override this
+behaviour with `--external-etcd-endpoints`. `kubeadm` supports etcd client
+authentication using the `--external-etcd-cafile`, `--external-etcd-certfile`
+and `--external-etcd-keyfile` flags.
+
+- `--pod-network-cidr`
+
+By default, `kubeadm init` does not set node CIDR's for pods and allows you to
+bring your own networking configuration through a CNI compatible network
+controller addon such as [Weave Net](https://github.com/weaveworks/weave-kube),
+[Calico](https://github.com/projectcalico/calico-containers/tree/master/docs/cni/kubernetes/manifests/kubeadm)
+or [Canal](https://github.com/tigera/canal/tree/master/k8s-install/kubeadm).
+If you are using a compatible cloud provider or flannel, you can specify a
+subnet to use for each pod on the cluster with the `--pod-network-cidr` flag.
+This should be a minimum of a /16 so that kubeadm is able to assign /24 subnets
+to each node in the cluster.
+
+- `--service-cidr` (default '10.12.0.0/12')
+
+You can use the `--service-cidr` flag to override the subnet Kubernetes uses to
+assign pods IP addresses. If you do, you will also need to update the
+`/etc/systemd/system/kubelet.service.d/10-kubeadm.conf` file to reflect this change
+else DNS will not function correctly.
+
+- `--service-dns-domain` (default 'cluster.local')
+
+By default, `kubeadm init` deploys a cluster that assigns services with DNS names
+`<service_name>.<namespace>.svc.cluster.local`. You can use the `--service-dns-domain`
+to change the DNS name suffix. Again, you will need to update the
+`/etc/systemd/system/kubelet.service.d/10-kubeadm.conf` file accordingly else DNS will
+not function correctly.
+
+- `--token`
+
+By default, `kubeadm init` automatically generates the token used to initialise
+each new node. If you would like to manually specify this token, you can use the
+`--token` flag. The token must be of the format '<6 character string>.<16 character string>'.
+
+- `--use-kubernetes-version` (default 'v1.4.1') the kubernetes version to initialise
+
+`kubeadm` was originally built for Kubernetes version **v1.4.0**, older versions are not
+supported. With this flag you can try any future version, e.g. **v1.5.0-beta.1**
+whenever it comes out (check [releases page](https://github.com/kubernetes/kubernetes/releases)
+for a full list of available versions).
+
+### `kubeadm join`
+
+`kubeadm join` has one mandatory flag, the token used to secure cluster bootstrap,
+and one mandatory argument, the master IP address.
+
+Here's an example on how to use it:
+
+`kubeadm join --token=the_secret_token 192.168.1.1`
+
+- `--token=<token>`
+
+By default, when `kubeadm init` runs, a token is generated and revealed in the output.
+That's the token you should use here.
+
+## Troubleshooting
+
+* Some users on RHEL/CentOS 7 have reported issues with traffic being routed incorrectly due to iptables being bypassed. You should ensure `net.bridge.bridge-nf-call-iptables` is set to 1 in your sysctl config, eg.
+
+```
+# cat /etc/sysctl.d/k8s.conf
+net.bridge.bridge-nf-call-ip6tables = 1
+net.bridge.bridge-nf-call-iptables = 1
+```

docs/getting-started-guides/kubeadm.md

@@ -178,7 +178,7 @@ As an example, install a sample microservices application, a socks shop, to put
 To learn more about the sample microservices app, see the [GitHub README](https://github.com/microservices-demo/microservices-demo).
 
     # git clone https://github.com/microservices-demo/microservices-demo
-    # kubectl apply -f microservices-demo/deploy/kubernetes/manifests
+    # kubectl apply -f microservices-demo/deploy/kubernetes/manifests/sock-shop-ns.yml -f microservices-demo/deploy/kubernetes/manifests
 
 You can then find out the port that the [NodePort feature of services](/docs/user-guide/services/) allocated for the front-end service by running:
 
@@ -211,6 +211,7 @@ See the [list of add-ons](/docs/admin/addons/) to explore other add-ons, includi
 
 * Learn more about [Kubernetes concepts and kubectl in Kubernetes 101](/docs/user-guide/walkthrough/).
 * Install Kubernetes with [a cloud provider configurations](/docs/getting-started-guides/) to add Load Balancer and Persistent Volume support.
+* Learn about `kubeadm`'s advanced usage on the [advanced reference doc](/docs/admin/kubeadm/)
 
 
 ## Cleanup

docs/index.md

@@ -77,9 +77,9 @@ h2, h3, h4 {
     <a href="/docs/whatisk8s/" class="button">Read the Overview</a>
   </div>
   <div class="col3rd">
-    <h3>Hello World on Google Container Engine</h3>
-    <p>In this quickstart, we’ll be creating a Kubernetes instance that stands up a simple “Hello World” app using Node.js. In just a few minutes you'll go from zero to deployed Kubernetes app on Google Container Engine (GKE), a hosted service from Google.</p>
-    <a href="/docs/hellonode/" class="button">Get Started on GKE</a>
+    <h3>Kubernetes Basics Interactive Tutorial</h3>
+    <p>The Kubernetes Basics interactive tutorials let you try out Kubernetes features using Minikube right out of your web browser in a virtual terminal. Learn about the Kubernetes system and deploy, expose, scale, and upgrade a containerized application in just a few minutes.</p>
+    <a href="/docs/tutorials/kubernetes-basics/" class="button">Try the Interactive Tutorials</a>
   </div>
   <div class="col3rd">
     <h3>Installing Kubernetes on Linux with kubeadm</h3>

docs/tutorials/index.md

@@ -3,6 +3,10 @@
 
 The Tutorials section of the Kubernetes documentation is a work in progress.
 
+#### Kubernetes Basics
+
+* [Kubernetes Basics](/docs/tutorials/kubernetes-basics/) is an in-depth interactive tutorial that helps you understand the Kubernetes system and try out some basic Kubernetes features.
+
 #### Stateless Applications
 
 * [Running a Stateless Application Using a Deployment](/docs/tutorials/stateless-application/run-stateless-application-deployment/)

docs/tutorials/kubernetes-basics/index.html

@@ -15,66 +15,74 @@
 
     <div class="row">
       <div class="col-md-9">
-        <h2>Getting Started with Kubernetes</h2>
-        <p><i style="color: #3771e3;">By the end of this tutorial you will understand what Kubernetes does. You will also learn how to deploy, scale, update and debug containerized applications on a Kubernetes cluster using an interactive online terminal.</i></p>
+        <h2>Kubernetes Basics</h2>
+        <p>This tutorial provides a walkthrough of the basics of the Kubernetes cluster orchestration system. Each module contains some background information on major Kubernetes features and concepts, and includes an interactive online tutorial. These interactive tutorials let you manage a simple cluster and its containerized applications for yourself.</p>
+        <p>Using the interactive tutorials, you can learn to:</p>
+        <ul>
+        <li>Deploy a containerized application on a cluster</li>
+        <li>Scale the deployment</li>
+        <li>Update the containerized application with a new software version</li>
+        <li>Debug the containerized application</li>
+        </ul>
+        <p>The tutorials use Katacoda to run a virtual terminal in your web browser that runs Minikube, a small-scale local deployment of Kubernetes that can run anywhere. There's no need to install any software or configure anything; each interactive tutorial runs directly out of your web browser itself.</p>
       </div>
     </div>
 
     <br>
 
     <div class="row">
       <div class="col-md-9">
-        <h2>Why Kubernetes?</h2>
-        <p>Today users expect applications to be available 24/7, while developers expect to deploy new versions of those applications several times a day. The way we build software is moving in this direction, enabling applications to be released and updated in an easy and fast way without downtime. We also need to be able to scale application in line with the user demand and we expect them to make intelligent use of the available resources. <a href="http://kubernetes.io/docs/whatisk8s/">Kubernetes</a>  is a platform designed to meet those requirements, using the experience accumulated by Google in this area, combined with best-of-breed ideas from the community.</p>
+        <h2>What can Kubernetes do for you?</h2>
+        <p>With modern web services, users expect applications to be available 24/7, and developers expect to deploy new versions of those applications several times a day. Containzerization helps package software to serve these goals, enabling applications to be released and updated in an easy and fast way without downtime. Kubernetes helps you make sure those containerized applications run where and when you want, and helps them find the resources and tools they need to work. <a href="http://kubernetes.io/docs/whatisk8s/">Kubernetes</a>  is a production-ready, open source platform designed with the Google's accumulated experience in container orchestration, combined with best-of-breed ideas from the community.</p>
       </div>
     </div>
 
     <div class="content__modules">
-      <h2>Getting Started Modules</h2>
+      <h2>Kubernetes Basics Modules</h2>
       <div class="row">
         <div class="col-md-4">
           <div class="thumbnail">
-            <a href="/docs/tutorials/kubernetes-basics/create-cluster.html"><img src="./public/images/module_01.svg?v=1469803628347" alt=""></a>
+            <a href="/docs/tutorials/kubernetes-basics/cluster-intro.html"><img src="./public/images/module_01.svg?v=1469803628347" alt=""></a>
             <div class="caption">
               <a href="1-0.html"><h5>1. Create a Kubernetes cluster</h5></a>
             </div>
           </div>
         </div>
         <div class="col-md-4">
           <div class="thumbnail">
-            <a href="/docs/tutorials/kubernetes-basics/deploy-app.html"><img src="./public/images/module_02.svg?v=1469803628347" alt=""></a>
+            <a href="/docs/tutorials/kubernetes-basics/deploy-intro.html"><img src="./public/images/module_02.svg?v=1469803628347" alt=""></a>
             <div class="caption">
               <a href="2-0.html"><h5>2. Deploy an app</h5></a>
             </div>
           </div>
         </div>
         <div class="col-md-4">
           <div class="thumbnail">
-            <a href="/docs/tutorials/kubernetes-basics/explore-app.html"><img src="./public/images/module_03.svg?v=1469803628347" alt=""></a>
+            <a href="/docs/tutorials/kubernetes-basics/explore-intro.html"><img src="./public/images/module_03.svg?v=1469803628347" alt=""></a>
             <div class="caption">
               <a href="3-0.html"><h5>3. Explore your app</h5></a>
             </div>
           </div>
         </div>
         <div class="col-md-4">
           <div class="thumbnail">
-            <a href="/docs/tutorials/kubernetes-basics/expose-app.html"><img src="./public/images/module_04.svg?v=1469803628347" alt=""></a>
+            <a href="/docs/tutorials/kubernetes-basics/expose-intro.html"><img src="./public/images/module_04.svg?v=1469803628347" alt=""></a>
             <div class="caption">
               <a href="4-0.html"><h5>4. Expose your app publicly</h5></a>
             </div>
           </div>
         </div>
         <div class="col-md-4">
           <div class="thumbnail">
-            <a href="/docs/tutorials/kubernetes-basics/scale-app.html"><img src="./public/images/module_05.svg?v=1469803628347" alt=""></a>
+            <a href="/docs/tutorials/kubernetes-basics/scale-intro.html"><img src="./public/images/module_05.svg?v=1469803628347" alt=""></a>
             <div class="caption">
               <a href="5-0.html"><h5>5. Scale up your app</h5></a>
             </div>
           </div>
         </div>
         <div class="col-md-4">
           <div class="thumbnail">
-            <a href="/docs/tutorials/kubernetes-basics/update-app.html"><img src="./public/images/module_06.svg?v=1469803628347" alt=""></a>
+            <a href="/docs/tutorials/kubernetes-basics/update-intro.html"><img src="./public/images/module_06.svg?v=1469803628347" alt=""></a>
             <div class="caption">
               <a href="6-0.html"><h5>6. Update your app</h5></a>
             </div>