You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
spec contains the certificate request, and is immutable after creation. Only the request, signerName, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users.
52
+
spec contains the certificate request, and is immutable after creation. Only the request, signerName, expirationSeconds, and usages fields can be set on creation. Other fields are derived by Kubernetes and cannot be modified by users.
@@ -95,6 +95,23 @@ CertificateSigningRequestSpec contains the certificate request.
95
95
5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
96
96
6. Whether or not requests for CA certificates are allowed.
97
97
98
+
-**expirationSeconds** (int32)
99
+
100
+
expirationSeconds is the requested duration of validity of the issued certificate. The certificate signer may issue a certificate with a different validity duration so a client must check the delta between the notBefore and and notAfter fields in the issued certificate to determine the actual duration.
101
+
102
+
The v1.22+ in-tree implementations of the well-known Kubernetes signers will honor this field as long as the requested duration is not greater than the maximum duration they will honor per the --cluster-signing-duration CLI flag to the Kubernetes controller manager.
103
+
104
+
Certificate signers may not honor this field for various reasons:
105
+
106
+
1. Old signer that is unaware of the field (such as the in-tree
107
+
implementations prior to v1.22)
108
+
2. Signer whose configured maximum is shorter than the requested duration
109
+
3. Signer whose configured minimum is longer than the requested duration
110
+
111
+
The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
112
+
113
+
As of v1.22, this field is beta and is controlled via the CSRDuration feature gate.
114
+
98
115
-**extra** (map[string][]string)
99
116
100
117
extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.
Copy file name to clipboardExpand all lines: content/en/docs/reference/kubernetes-api/cluster-resources/node-v1.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -62,17 +62,17 @@ NodeSpec describes the attributes that a node is created with.
62
62
63
63
-**configSource** (NodeConfigSource)
64
64
65
-
If specified, the source to get node configuration from The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field
65
+
Deprecated. If specified, the source of the node's configuration. The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field. This field is deprecated as of 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
66
66
67
67
<aname="NodeConfigSource"></a>
68
-
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
68
+
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
75
+
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
@@ -226,14 +226,14 @@ NodeStatus is information about the current status of a node.
226
226
Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error.
227
227
228
228
<aname="NodeConfigSource"></a>
229
-
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
229
+
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
236
+
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
@@ -260,14 +260,14 @@ NodeStatus is information about the current status of a node.
260
260
Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned.
261
261
262
262
<aname="NodeConfigSource"></a>
263
-
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
263
+
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
270
+
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
@@ -298,14 +298,14 @@ NodeStatus is information about the current status of a node.
298
298
LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future.
299
299
300
300
<aname="NodeConfigSource"></a>
301
-
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.*
301
+
*NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22*
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.*
308
+
*ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration*
Copy file name to clipboardExpand all lines: content/en/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1.md
-4Lines changed: 0 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -84,8 +84,6 @@ CSIDriverSpec is the specification of a CSIDriver.
84
84
RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.
85
85
86
86
Note: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.
87
-
88
-
This is a beta feature and only available when the CSIServiceAccountToken feature is enabled.
89
87
90
88
-**storageCapacity** (boolean)
91
89
@@ -112,8 +110,6 @@ CSIDriverSpec is the specification of a CSIDriver.
112
110
}
113
111
114
112
Note: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.
115
-
116
-
This is a beta feature and only available when the CSIServiceAccountToken feature is enabled.
117
113
118
114
<aname="TokenRequest"></a>
119
115
*TokenRequest contains parameters of a service account token.*
This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.
105
+
This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.
Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef
110
+
allows any non-core object, as well as PersistentVolumeClaim objects.
111
+
* While DataSource ignores disallowed values (dropping them), DataSourceRef
112
+
preserves all values, and generates an error if a disallowed value is
113
+
specified.
114
+
(Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
Copy file name to clipboardExpand all lines: content/en/docs/reference/kubernetes-api/service-resources/endpoints-v1.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -134,7 +134,7 @@ Endpoints is a collection of endpoints that implement the actual service. Exampl
134
134
135
135
-**subsets.ports.appProtocol** (string)
136
136
137
-
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. This is a beta field that is guarded by the ServiceAppProtocol feature gate and enabled by default.
137
+
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
Copy file name to clipboardExpand all lines: content/en/docs/reference/kubernetes-api/service-resources/ingress-v1.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -107,11 +107,7 @@ IngressSpec describes the Ingress the user wishes to exist.
107
107
108
108
Backend defines the referenced service endpoint to which the traffic will be forwarded to.
109
109
110
-
-**rules.http.paths.path** (string)
111
-
112
-
Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix".
113
-
114
-
-**rules.http.paths.pathType** (string)
110
+
-**rules.http.paths.pathType** (string), required
115
111
116
112
PathType determines the interpretation of the Path matching. PathType can be one of the following values: * Exact: Matches the URL path exactly. * Prefix: Matches based on a URL path prefix split by '/'. Matching is
117
113
done on a path element by element basis. A path element refers is the
@@ -125,6 +121,10 @@ IngressSpec describes the Ingress the user wishes to exist.
125
121
or treat it identically to Prefix or Exact path types.
126
122
Implementations are required to support all path types.
127
123
124
+
-**rules.http.paths.path** (string)
125
+
126
+
Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/' and must be present when using PathType with value "Exact" or "Prefix".
Copy file name to clipboardExpand all lines: content/en/docs/reference/kubernetes-api/service-resources/service-v1.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -100,7 +100,7 @@ ServiceSpec describes the attributes that a user creates on a service.
100
100
101
101
-**ports.appProtocol** (string)
102
102
103
-
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. This is a beta field that is guarded by the ServiceAppProtocol feature gate and enabled by default.
103
+
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
104
104
105
105
-**type** (string)
106
106
@@ -190,7 +190,7 @@ ServiceSpec describes the attributes that a user creates on a service.
190
190
191
191
-**allocateLoadBalancerNodePorts** (boolean)
192
192
193
-
allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. allocateLoadBalancerNodePorts may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is alpha-level and is only honored by servers that enable the ServiceLBNodePortControl feature.
193
+
allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type. This field is beta-level and is only honored by servers that enable the ServiceLBNodePortControl feature.
0 commit comments