change underscores to dashes to match the command line argument

docs/admin/admission-controllers.md

@@ -159,7 +159,7 @@ Yes.
 For Kubernetes 1.0, we strongly recommend running the following set of admission control plug-ins (order matters):
 
 ```
---admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
+--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
 ```
 
 

docs/admin/authentication.md

@@ -35,13 +35,13 @@ Documentation for other releases can be found at
 
 Kubernetes uses client certificates, tokens, or http basic auth to authenticate users for API calls.
 
-**Client certificate authentication** is enabled by passing the `--client_ca_file=SOMEFILE`
+**Client certificate authentication** is enabled by passing the `--client-ca-file=SOMEFILE`
 option to apiserver. The referenced file must contain one or more certificates authorities
 to use to validate client certificates presented to the apiserver. If a client certificate
 is presented and verified, the common name of the subject is used as the user name for the
 request.
 
-**Token authentication** is enabled by passing the `--token_auth_file=SOMEFILE` option
+**Token authentication** is enabled by passing the `--token-auth-file=SOMEFILE` option
 to apiserver.  Currently, tokens last indefinitely, and the token list cannot
 be changed without restarting apiserver.  We plan in the future for tokens to
 be short-lived, and to be generated as needed rather than stored in a file.
@@ -52,7 +52,7 @@ and is a csv file with 3 columns: token, user name, user uid.
 When using token authentication from an http client the apiserver expects an `Authorization`
 header with a value of `Bearer SOMETOKEN`.
 
-**Basic authentication** is enabled by passing the `--basic_auth_file=SOMEFILE`
+**Basic authentication** is enabled by passing the `--basic-auth-file=SOMEFILE`
 option to apiserver. Currently, the basic auth credentials last indefinitely,
 and the password cannot be changed without restarting apiserver. Note that basic
 authentication is currently supported for convenience while we finish making the

docs/admin/authorization.md

@@ -45,9 +45,9 @@ the request, (such as user, resource, and namespace) with access
 policies.  An API call must be allowed by some policy in order to proceed.
 
 The following implementations are available, and are selected by flag:
-  - `--authorization_mode=AlwaysDeny`
-  - `--authorization_mode=AlwaysAllow`
-  - `--authorization_mode=ABAC`
+  - `--authorization-mode=AlwaysDeny`
+  - `--authorization-mode=AlwaysAllow`
+  - `--authorization-mode=ABAC`
 
 `AlwaysDeny` blocks all requests (used in tests).
 `AlwaysAllow` allows all requests; use if you don't need authorization.
@@ -72,13 +72,13 @@ to assist in policy management.
 
 ### Policy File Format
 
-For mode `ABAC`, also specify `--authorization_policy_file=SOME_FILENAME`.
+For mode `ABAC`, also specify `--authorization-policy-file=SOME_FILENAME`.
 
 The file format is [one JSON object per line](http://jsonlines.org/).  There should be no enclosing list or map, just
 one map per line.
 
 Each line is a "policy object".  A policy object is a map with the following properties:
-  - `user`, type string; the user-string from `--token_auth_file`
+  - `user`, type string; the user-string from `--token-auth-file`
   - `readonly`, type boolean, when true, means that the policy only applies to GET
       operations.
   - `resource`, type string; a resource from an URL, such as `pods`.

docs/admin/kube-apiserver.md

@@ -73,12 +73,12 @@ cluster's shared state through which all other components interact.
   -h, --help=false: help for kube-apiserver
       --insecure-bind-address=<nil>: The IP address on which to serve the --insecure-port (set to 0.0.0.0 for all interfaces). Defaults to localhost.
       --insecure-port=0: The port on which to serve unsecured, unauthenticated access. Default 8080. It is assumed that firewall rules are set up such that this port is not reachable from outside of the cluster and that port 443 on the cluster's public address is proxied to this port. This is performed by nginx in the default setup.
-      --kubelet_certificate_authority="": Path to a cert. file for the certificate authority.
-      --kubelet_client_certificate="": Path to a client key file for TLS.
-      --kubelet_client_key="": Path to a client key file for TLS.
-      --kubelet_https=false: Use https for kubelet connections
-      --kubelet_port=0: Kubelet port
-      --kubelet_timeout=0: Timeout for kubelet operations
+      --kubelet-certificate-authority="": Path to a cert. file for the certificate authority.
+      --kubelet-client-certificate="": Path to a client key file for TLS.
+      --kubelet-client-key="": Path to a client key file for TLS.
+      --kubelet-https=false: Use https for kubelet connections
+      --kubelet-port=0: Kubelet port
+      --kubelet-timeout=0: Timeout for kubelet operations
       --long-running-request-regexp="(/|^)((watch|proxy)(/|$)|(logs|portforward|exec)/?$)": A regular expression matching long running requests which should be excluded from maximum inflight request handling.
       --master-service-namespace="": The namespace from which the Kubernetes master services should be injected into pods
       --max-requests-inflight=400: The maximum number of requests in flight at a given time.  When the server exceeds this, it rejects requests.  Zero for no limit.

docs/admin/kube-controller-manager.md

@@ -58,7 +58,7 @@ controller, and serviceaccounts controller.
       --cluster-cidr=<nil>: CIDR Range for Pods in cluster.
       --cluster-name="": The instance prefix for the cluster
       --concurrent-endpoint-syncs=0: The number of endpoint syncing operations that will be done concurrently. Larger number = faster endpoint updating, but more CPU (and network) load
-      --concurrent_rc_syncs=0: The number of replication controllers that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load
+      --concurrent-rc-syncs=0: The number of replication controllers that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load
       --deleting-pods-burst=10: Number of nodes on which pods are bursty deleted in case of node failure. For more details look into RateLimiter.
       --deleting-pods-qps=0.1: Number of nodes per second on which pods are deleted in case of node failure.
   -h, --help=false: help for kube-controller-manager

docs/admin/kubelet.md

@@ -64,8 +64,8 @@ HTTP server: The kubelet can also listen for HTTP and respond to a simple API
       --allow-privileged=false: If true, allow containers to request privileged mode. [default=false]
       --api-servers=[]: List of Kubernetes API servers for publishing events, and reading pods and services. (ip:port), comma separated.
       --cadvisor-port=0: The port of the localhost cAdvisor endpoint
-      --cert-dir="": The directory where the TLS certs are located (by default /var/run/kubernetes). If --tls_cert_file and --tls_private_key_file are provided, this flag will be ignored.
-      --cgroup_root="": Optional root cgroup to use for pods. This is handled by the container runtime on a best effort basis. Default: '', which means use the container runtime default.
+      --cert-dir="": The directory where the TLS certs are located (by default /var/run/kubernetes). If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.
+      --cgroup-root="": Optional root cgroup to use for pods. This is handled by the container runtime on a best effort basis. Default: '', which means use the container runtime default.
       --chaos-chance=0: If > 0.0, introduce random client errors and latency. Intended for testing. [default=0.0]
       --cloud-config="": The path to the cloud provider configuration file.  Empty string for no configuration file.
       --cloud-provider="": The provider for cloud services.  Empty string for no provider.
@@ -73,7 +73,7 @@ HTTP server: The kubelet can also listen for HTTP and respond to a simple API
       --cluster-domain="": Domain for this cluster.  If set, kubelet will configure all containers to search this domain in addition to the host's search domains
       --config="": Path to the config file or directory of files
       --configure-cbr0=false: If true, kubelet will configure cbr0 based on Node.Spec.PodCIDR.
-      --container_runtime="": The container runtime to use. Possible values: 'docker', 'rkt'. Default: 'docker'.
+      --container-runtime="": The container runtime to use. Possible values: 'docker', 'rkt'. Default: 'docker'.
       --containerized=false: Experimental support for running kubelet in a container.  Intended for testing. [default=false]
       --docker-endpoint="": If non-empty, use this for the docker endpoint to communicate with
       --docker-exec-handler="": Handler to use when executing a command in a container. Valid values are 'native' and 'nsenter'. Defaults to 'native'.
@@ -105,16 +105,16 @@ HTTP server: The kubelet can also listen for HTTP and respond to a simple API
       --read-only-port=0: The read-only port for the Kubelet to serve on (set to 0 to disable)
       --really-crash-for-testing=false: If true, when panics occur crash. Intended for testing.
       --register-node=false: Register the node with the apiserver (defaults to true if --api-server is set)
-      --registry-burst=0: Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry_qps.  Only used if --registry_qps > 0
+      --registry-burst=0: Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry_qps.  Only used if --registry-qps > 0
       --registry-qps=0: If > 0, limit registry pull QPS to this value.  If 0, unlimited. [default=0.0]
       --resource-container="": Absolute name of the resource-only container to create and run the Kubelet in (Default: /kubelet).
       --root-dir="": Directory path for managing kubelet files (volume mounts,etc).
-      --runonce=false: If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api_servers, and --enable-server
+      --runonce=false: If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api-servers, and --enable-server
       --streaming-connection-idle-timeout=0: Maximum time a streaming connection can be idle before the connection is automatically closed.  Example: '5m'
       --sync-frequency=0: Max period between synchronizing running containers and config
       --system-container="": Optional resource-only container in which to place all non-kernel processes that are not already in a container. Empty for no container. Rolling back the flag requires a reboot. (Default: "").
-      --tls-cert-file="": File containing x509 Certificate for HTTPS.  (CA cert, if any, concatenated after server cert). If --tls_cert_file and --tls_private_key_file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory passed to --cert_dir.
-      --tls-private-key-file="": File containing x509 private key matching --tls_cert_file.
+      --tls-cert-file="": File containing x509 Certificate for HTTPS.  (CA cert, if any, concatenated after server cert). If --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory passed to --cert-dir.
+      --tls-private-key-file="": File containing x509 private key matching --tls-cert-file.
 ```
 
 ###### Auto generated by spf13/cobra at 2015-07-06 18:03:36.451093085 +0000 UTC

docs/admin/resource-quota.md

@@ -64,7 +64,7 @@ Neither contention nor changes to quota will affect already-running pods.
 ## Enabling Resource Quota
 
 Resource Quota support is enabled by default for many Kubernetes distributions.  It is
-enabled when the apiserver `--admission_control=` flag has `ResourceQuota` as
+enabled when the apiserver `--admission-control=` flag has `ResourceQuota` as
 one of its arguments.
 
 Resource Quota is enforced in a particular namespace when there is a