github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

change underscores to dashes to match the command line argument

Browse Source
This commit is contained in:
David Walter
2015-07-29 15:09:04 -05:00
parent 2e72cdb722
commit f8667f73e3
23 changed files with 61 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/admin/admission-controllers.md
View File

@@ -159,7 +159,7 @@ Yes.
For Kubernetes 1.0, we strongly recommend running the following set of admission control plug-ins (order matters):
```
--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
```

6
docs/admin/authentication.md
View File

@@ -35,13 +35,13 @@ Documentation for other releases can be found at
Kubernetes uses client certificates, tokens, or http basic auth to authenticate users for API calls.
**Client certificate authentication** is enabled by passing the `--client_ca_file=SOMEFILE`
**Client certificate authentication** is enabled by passing the `--client-ca-file=SOMEFILE`
option to apiserver. The referenced file must contain one or more certificates authorities
to use to validate client certificates presented to the apiserver. If a client certificate
is presented and verified, the common name of the subject is used as the user name for the
request.
**Token authentication** is enabled by passing the `--token_auth_file=SOMEFILE` option
**Token authentication** is enabled by passing the `--token-auth-file=SOMEFILE` option
to apiserver. Currently, tokens last indefinitely, and the token list cannot
be changed without restarting apiserver. We plan in the future for tokens to
be short-lived, and to be generated as needed rather than stored in a file.
@@ -52,7 +52,7 @@ and is a csv file with 3 columns: token, user name, user uid.
When using token authentication from an http client the apiserver expects an `Authorization`
header with a value of `Bearer SOMETOKEN`.
**Basic authentication** is enabled by passing the `--basic_auth_file=SOMEFILE`
**Basic authentication** is enabled by passing the `--basic-auth-file=SOMEFILE`
option to apiserver. Currently, the basic auth credentials last indefinitely,
and the password cannot be changed without restarting apiserver. Note that basic
authentication is currently supported for convenience while we finish making the

10
docs/admin/authorization.md
View File

@@ -45,9 +45,9 @@ the request, (such as user, resource, and namespace) with access
policies. An API call must be allowed by some policy in order to proceed.
The following implementations are available, and are selected by flag:
- `--authorization_mode=AlwaysDeny`
- `--authorization_mode=AlwaysAllow`
- `--authorization_mode=ABAC`
- `--authorization-mode=AlwaysDeny`
- `--authorization-mode=AlwaysAllow`
- `--authorization-mode=ABAC`
`AlwaysDeny` blocks all requests (used in tests).
`AlwaysAllow` allows all requests; use if you don't need authorization.
@@ -72,13 +72,13 @@ to assist in policy management.
### Policy File Format
For mode `ABAC`, also specify `--authorization_policy_file=SOME_FILENAME`.
For mode `ABAC`, also specify `--authorization-policy-file=SOME_FILENAME`.
The file format is [one JSON object per line](http://jsonlines.org/). There should be no enclosing list or map, just
one map per line.
Each line is a "policy object". A policy object is a map with the following properties:
- `user`, type string; the user-string from `--token_auth_file`
- `user`, type string; the user-string from `--token-auth-file`
- `readonly`, type boolean, when true, means that the policy only applies to GET
operations.
- `resource`, type string; a resource from an URL, such as `pods`.

12
docs/admin/kube-apiserver.md
View File

@@ -73,12 +73,12 @@ cluster's shared state through which all other components interact.
-h, --help=false: help for kube-apiserver
--insecure-bind-address=<nil>: The IP address on which to serve the --insecure-port (set to 0.0.0.0 for all interfaces). Defaults to localhost.
--insecure-port=0: The port on which to serve unsecured, unauthenticated access. Default 8080. It is assumed that firewall rules are set up such that this port is not reachable from outside of the cluster and that port 443 on the cluster's public address is proxied to this port. This is performed by nginx in the default setup.
--kubelet_certificate_authority="": Path to a cert. file for the certificate authority.
--kubelet_client_certificate="": Path to a client key file for TLS.
--kubelet_client_key="": Path to a client key file for TLS.
--kubelet_https=false: Use https for kubelet connections
--kubelet_port=0: Kubelet port
--kubelet_timeout=0: Timeout for kubelet operations
--kubelet-certificate-authority="": Path to a cert. file for the certificate authority.
--kubelet-client-certificate="": Path to a client key file for TLS.
--kubelet-client-key="": Path to a client key file for TLS.
--kubelet-https=false: Use https for kubelet connections
--kubelet-port=0: Kubelet port
--kubelet-timeout=0: Timeout for kubelet operations
--long-running-request-regexp="(/|^)((watch|proxy)(/|$)|(logs|portforward|exec)/?$)": A regular expression matching long running requests which should be excluded from maximum inflight request handling.
--master-service-namespace="": The namespace from which the Kubernetes master services should be injected into pods
--max-requests-inflight=400: The maximum number of requests in flight at a given time. When the server exceeds this, it rejects requests. Zero for no limit.

2
docs/admin/kube-controller-manager.md
View File

@@ -58,7 +58,7 @@ controller, and serviceaccounts controller.
--cluster-cidr=<nil>: CIDR Range for Pods in cluster.
--cluster-name="": The instance prefix for the cluster
--concurrent-endpoint-syncs=0: The number of endpoint syncing operations that will be done concurrently. Larger number = faster endpoint updating, but more CPU (and network) load
--concurrent_rc_syncs=0: The number of replication controllers that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load
--concurrent-rc-syncs=0: The number of replication controllers that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load
--deleting-pods-burst=10: Number of nodes on which pods are bursty deleted in case of node failure. For more details look into RateLimiter.
--deleting-pods-qps=0.1: Number of nodes per second on which pods are deleted in case of node failure.
-h, --help=false: help for kube-controller-manager

14
docs/admin/kubelet.md
View File

@@ -64,8 +64,8 @@ HTTP server: The kubelet can also listen for HTTP and respond to a simple API
--allow-privileged=false: If true, allow containers to request privileged mode. [default=false]
--api-servers=[]: List of Kubernetes API servers for publishing events, and reading pods and services. (ip:port), comma separated.
--cadvisor-port=0: The port of the localhost cAdvisor endpoint
--cert-dir="": The directory where the TLS certs are located (by default /var/run/kubernetes). If --tls_cert_file and --tls_private_key_file are provided, this flag will be ignored.
--cgroup_root="": Optional root cgroup to use for pods. This is handled by the container runtime on a best effort basis. Default: '', which means use the container runtime default.
--cert-dir="": The directory where the TLS certs are located (by default /var/run/kubernetes). If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.
--cgroup-root="": Optional root cgroup to use for pods. This is handled by the container runtime on a best effort basis. Default: '', which means use the container runtime default.
--chaos-chance=0: If > 0.0, introduce random client errors and latency. Intended for testing. [default=0.0]
--cloud-config="": The path to the cloud provider configuration file. Empty string for no configuration file.
--cloud-provider="": The provider for cloud services. Empty string for no provider.
@@ -73,7 +73,7 @@ HTTP server: The kubelet can also listen for HTTP and respond to a simple API
--cluster-domain="": Domain for this cluster. If set, kubelet will configure all containers to search this domain in addition to the host's search domains
--config="": Path to the config file or directory of files
--configure-cbr0=false: If true, kubelet will configure cbr0 based on Node.Spec.PodCIDR.
--container_runtime="": The container runtime to use. Possible values: 'docker', 'rkt'. Default: 'docker'.
--container-runtime="": The container runtime to use. Possible values: 'docker', 'rkt'. Default: 'docker'.
--containerized=false: Experimental support for running kubelet in a container. Intended for testing. [default=false]
--docker-endpoint="": If non-empty, use this for the docker endpoint to communicate with
--docker-exec-handler="": Handler to use when executing a command in a container. Valid values are 'native' and 'nsenter'. Defaults to 'native'.
@@ -105,16 +105,16 @@ HTTP server: The kubelet can also listen for HTTP and respond to a simple API
--read-only-port=0: The read-only port for the Kubelet to serve on (set to 0 to disable)
--really-crash-for-testing=false: If true, when panics occur crash. Intended for testing.
--register-node=false: Register the node with the apiserver (defaults to true if --api-server is set)
--registry-burst=0: Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry_qps. Only used if --registry_qps > 0
--registry-burst=0: Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry_qps. Only used if --registry-qps > 0
--registry-qps=0: If > 0, limit registry pull QPS to this value. If 0, unlimited. [default=0.0]
--resource-container="": Absolute name of the resource-only container to create and run the Kubelet in (Default: /kubelet).
--root-dir="": Directory path for managing kubelet files (volume mounts,etc).
--runonce=false: If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api_servers, and --enable-server
--runonce=false: If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api-servers, and --enable-server
--streaming-connection-idle-timeout=0: Maximum time a streaming connection can be idle before the connection is automatically closed. Example: '5m'
--sync-frequency=0: Max period between synchronizing running containers and config
--system-container="": Optional resource-only container in which to place all non-kernel processes that are not already in a container. Empty for no container. Rolling back the flag requires a reboot. (Default: "").
--tls-cert-file="": File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If --tls_cert_file and --tls_private_key_file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory passed to --cert_dir.
--tls-private-key-file="": File containing x509 private key matching --tls_cert_file.
--tls-cert-file="": File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory passed to --cert-dir.
--tls-private-key-file="": File containing x509 private key matching --tls-cert-file.
```
###### Auto generated by spf13/cobra at 2015-07-06 18:03:36.451093085 +0000 UTC

2
docs/admin/resource-quota.md
View File

@@ -64,7 +64,7 @@ Neither contention nor changes to quota will affect already-running pods.
## Enabling Resource Quota
Resource Quota support is enabled by default for many Kubernetes distributions. It is
enabled when the apiserver `--admission_control=` flag has `ResourceQuota` as
enabled when the apiserver `--admission-control=` flag has `ResourceQuota` as
one of its arguments.
Resource Quota is enforced in a particular namespace when there is a

8
docs/getting-started-guides/centos/centos_manual_config.md
View File

@@ -104,7 +104,7 @@ echo "192.168.121.9 centos-master
```sh
# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd_servers=http://centos-master:4001"
KUBE_ETCD_SERVERS="--etcd-servers=http://centos-master:4001"
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"
@@ -113,7 +113,7 @@ KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow_privileged=false"
KUBE_ALLOW_PRIV="--allow-privileged=false"
```
* Disable the firewall on both the master and node, as docker does not play well with other firewall rule managers
@@ -138,7 +138,7 @@ KUBE_API_PORT="--port=8080"
KUBE_MASTER="--master=http://centos-master:8080"
# Port kubelets listen on
KUBELET_PORT="--kubelet_port=10250"
KUBELET_PORT="--kubelet-port=10250"
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
@@ -171,7 +171,7 @@ KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_PORT="--port=10250"
# You may leave this blank to use the actual hostname
KUBELET_HOSTNAME="--hostname_override=centos-minion"
KUBELET_HOSTNAME="--hostname-override=centos-minion"
# Add your own!
KUBELET_ARGS=""

12
docs/getting-started-guides/coreos/bare_metal_offline.md
View File

@@ -423,7 +423,7 @@ On the PXE server make and fill in the variables `vi /var/www/html/coreos/pxe-cl
--address=0.0.0.0 \
--port=8080 \
--service-cluster-ip-range=10.100.0.0/16 \
--etcd_servers=http://127.0.0.1:4001 \
--etcd-servers=http://127.0.0.1:4001 \
--logtostderr=true
Restart=always
RestartSec=10
@@ -586,7 +586,7 @@ On the PXE server make and fill in the variables `vi /var/www/html/coreos/pxe-cl
ExecStartPre=/usr/bin/wget -N -P /opt/bin http://<PXE_SERVER_IP>/kube-proxy
ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-proxy
ExecStart=/opt/bin/kube-proxy \
--etcd_servers=http://<MASTER_SERVER_IP>:4001 \
--etcd-servers=http://<MASTER_SERVER_IP>:4001 \
--logtostderr=true
Restart=always
RestartSec=10
@@ -605,10 +605,10 @@ On the PXE server make and fill in the variables `vi /var/www/html/coreos/pxe-cl
ExecStart=/opt/bin/kubelet \
--address=0.0.0.0 \
--port=10250 \
--hostname_override=${DEFAULT_IPV4} \
--api_servers=<MASTER_SERVER_IP>:8080 \
--healthz_bind_address=0.0.0.0 \
--healthz_port=10248 \
--hostname-override=${DEFAULT_IPV4} \
--api-servers=<MASTER_SERVER_IP>:8080 \
--healthz-bind-address=0.0.0.0 \
--healthz-port=10248 \
--logtostderr=true
Restart=always
RestartSec=10

2
docs/getting-started-guides/docker-multinode/master.md
View File

@@ -160,7 +160,7 @@ systemctl start docker
Ok, now that your networking is set up, you can startup Kubernetes, this is the same as the single-node case, we will use the "main" instance of the Docker daemon for the Kubernetes components.
```sh
sudo docker run --net=host --privileged -d -v /sys:/sys:ro -v /var/run/docker.sock:/var/run/docker.sock gcr.io/google_containers/hyperkube:v1.0.1 /hyperkube kubelet --api-servers=http://localhost:8080 --v=2 --insecure-bind-address=0.0.0.0 --enable-server --hostname-override=127.0.0.1 --config=/etc/kubernetes/manifests-multi
sudo docker run --net=host -d -v /var/run/docker.sock:/var/run/docker.sock gcr.io/google_containers/hyperkube:v0.21.2 /hyperkube kubelet --api-servers=http://localhost:8080 --v=2 --address=0.0.0.0 --enable-server --hostname-override=127.0.0.1 --config=/etc/kubernetes/manifests-multi
```
### Also run the service proxy

4
docs/getting-started-guides/docker-multinode/worker.md
View File

@@ -143,10 +143,10 @@ systemctl start docker
#### Run the kubelet
Again this is similar to the above, but the `--api_servers` now points to the master we set up in the beginning.
Again this is similar to the above, but the `--api-servers` now points to the master we set up in the beginning.
```sh
sudo docker run --net=host --privileged -d -v /sys:/sys:ro -v /var/run/docker.sock:/var/run/docker.sock gcr.io/google_containers/hyperkube:v1.0.1 /hyperkube kubelet --api-servers=http://${MASTER_IP}:8080 --v=2 --insecure-bind-address=0.0.0.0 --enable-server --hostname-override=$(hostname -i)
sudo docker run --net=host -d -v /var/run/docker.sock:/var/run/docker.sock gcr.io/google_containers/hyperkube:v0.21.2 /hyperkube kubelet --api-servers=http://${MASTER_IP}:8080 --v=2 --address=0.0.0.0 --enable-server --hostname-override=$(hostname -i)
```
#### Run the service proxy

2
docs/getting-started-guides/docker.md
View File

@@ -65,7 +65,7 @@ docker run --net=host -d gcr.io/google_containers/etcd:2.0.12 /usr/local/bin/etc
### Step Two: Run the master
```sh
docker run --net=host --privileged -d -v /sys:/sys:ro -v /var/run/docker.sock:/var/run/docker.sock gcr.io/google_containers/hyperkube:v1.0.1 /hyperkube kubelet --api-servers=http://localhost:8080 --v=2 --insecure-bind-address=0.0.0.0 --enable-server --hostname-override=127.0.0.1 --config=/etc/kubernetes/manifests
docker run --net=host -d -v /var/run/docker.sock:/var/run/docker.sock gcr.io/google_containers/hyperkube:v0.21.2 /hyperkube kubelet --api-servers=http://localhost:8080 --v=2 --address=0.0.0.0 --enable-server --hostname-override=127.0.0.1 --config=/etc/kubernetes/manifests
```
This actually runs the kubelet, which in turn runs a [pod](../user-guide/pods.md) that contains the other master components.

8
docs/getting-started-guides/fedora/fedora_manual_config.md
View File

@@ -95,7 +95,7 @@ KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow_privileged=false"
KUBE_ALLOW_PRIV="--allow-privileged=false"
```
* Disable the firewall on both the master and node, as docker does not play well with other firewall rule managers. Please note that iptables-services does not exist on default fedora server install.
@@ -114,7 +114,7 @@ systemctl stop iptables-services firewalld
KUBE_API_ADDRESS="--address=0.0.0.0"
# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd_servers=http://127.0.0.1:4001"
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:4001"
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
@@ -195,10 +195,10 @@ a Kubernetes node (fed-node) below.
KUBELET_ADDRESS="--address=0.0.0.0"
# You may leave this blank to use the actual hostname
KUBELET_HOSTNAME="--hostname_override=fed-node"
KUBELET_HOSTNAME="--hostname-override=fed-node"
# location of the api-server
KUBELET_API_SERVER="--api_servers=http://fed-master:8080"
KUBELET_API_SERVER="--api-servers=http://fed-master:8080"
# Add your own!
#KUBELET_ARGS=""

2
docs/getting-started-guides/scratch.md
View File

@@ -420,7 +420,7 @@ for rkt networking support. You can start rkt metadata service by using command
`sudo systemd-run rkt metadata-service`
Then you need to configure your kubelet with flag:
- `--container_runtime=rkt`
- `--container-runtime=rkt`
### kubelet

4
docs/user-guide/debugging-services.md
View File

@@ -295,8 +295,8 @@ Address: 10.0.1.175
If you are able to do a fully-qualified name lookup but not a relative one, you
need to check that your `kubelet` is running with the right flags.
The `--cluster_dns` flag needs to point to your DNS `Service`'s IP and the
`--cluster_domain` flag needs to be your cluster's domain - we assumed
The `--cluster-dns` flag needs to point to your DNS `Service`'s IP and the
`--cluster-domain` flag needs to be your cluster's domain - we assumed
"cluster.local" in this document, but yours might be different, in which case
you should change that in all of the commands above.