Merge pull request #32803 from nate-double-u/merged-main-dev-1.24

Merged main into dev 1.24

Author: k8s-ci-robot

content/en/blog/_posts/2022-04-07-Kubernetes-1-24-removals-and-deprecations.md

@@ -0,0 +1,133 @@
+---
+layout: blog
+title: "Kubernetes Removals and Deprecations In 1.24"
+date: 2022-04-07
+slug: upcoming-changes-in-kubernetes-1-24
+---
+
+**Author**: Mickey Boxell (Oracle)
+
+As Kubernetes evolves, features and APIs are regularly revisited and removed. New features may offer
+an alternative or improved approach to solving existing problems, motivating the team to remove the
+old approach. 
+
+We want to make sure you are aware of the changes coming in the Kubernetes 1.24 release. The release will 
+**deprecate** several (beta) APIs in favor of stable versions of the same APIs. The major change coming 
+in the Kubernetes 1.24 release is the 
+[removal of Dockershim](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2221-remove-dockershim). 
+This is discussed below and will be explored in more depth at release time. For an early look at the 
+changes coming in Kubernetes 1.24, take a look at the in-progress 
+[CHANGELOG](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md).
+
+## A note about Dockershim
+
+It's safe to say that the removal receiving the most attention with the release of Kubernetes 1.24 
+is Dockershim. Dockershim was deprecated in v1.20. As noted in the [Kubernetes 1.20 changelog](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#deprecation): 
+"Docker support in the kubelet is now deprecated and will be removed in a future release. The kubelet 
+uses a module called "dockershim" which implements CRI support for Docker and it has seen maintenance 
+issues in the Kubernetes community." With the upcoming release of Kubernetes 1.24, the Dockershim will 
+finally be removed. 
+
+In the article [Don't Panic: Kubernetes and Docker](/blog/2020/12/02/dont-panic-kubernetes-and-docker/),
+the authors succinctly captured the change's impact and encouraged users to remain calm: 
+> Docker as an underlying runtime is being deprecated in favor of runtimes that use the
+> Container Runtime Interface (CRI) created for Kubernetes. Docker-produced images
+> will continue to work in your cluster with all runtimes, as they always have.
+
+Several guides have been created with helpful information about migrating from dockershim
+to container runtimes that are directly compatible with Kubernetes. You can find them on the
+[Migrating from dockershim](/docs/tasks/administer-cluster/migrating-from-dockershim/)
+page in the Kubernetes documentation.
+
+For more information about why Kubernetes is moving away from dockershim, check out the aptly 
+named: [Kubernetes is Moving on From Dockershim](/blog/2022/01/07/kubernetes-is-moving-on-from-dockershim/) 
+and the [updated dockershim removal FAQ](/blog/2022/02/17/dockershim-faq/).
+
+Take a look at the [Is Your Cluster Ready for v1.24?](/blog/2022/03/31/ready-for-dockershim-removal/) post to learn about how to ensure your cluster continues to work after upgrading from v1.23 to v1.24. 
+
+## The Kubernetes API removal and deprecation process
+
+Kubernetes contains a large number of components that evolve over time. In some cases, this 
+evolution results in APIs, flags, or entire features, being removed. To prevent users from facing 
+breaking changes, Kubernetes contributors adopted a feature [deprecation policy](/docs/reference/using-api/deprecation-policy/). 
+This policy ensures that stable APIs may only be deprecated when a newer stable version of that 
+same API is available and that APIs have a minimum lifetime as indicated by the following stability levels: 
+
+* Generally available (GA) or stable API versions may be marked as deprecated but must not be removed within a major version of Kubernetes. 
+* Beta or pre-release API versions must be supported for 3 releases after deprecation. 
+* Alpha or experimental API versions may be removed in any release without prior deprecation notice. 
+
+Removals follow the same deprecation policy regardless of whether an API is removed due to a beta feature 
+graduating to stable or because that API was not proven to be successful. Kubernetes will continue to make 
+sure migration options are documented whenever APIs are removed. 
+
+**Deprecated** APIs are those that have been marked for removal in a future Kubernetes release. **Removed** 
+APIs are those that are no longer available for use in current, supported Kubernetes versions after having 
+been deprecated. These removals have been superseded by newer, stable/generally available (GA) APIs. 
+
+## API removals, deprecations, and other changes for Kubernetes 1.24
+
+* [Dynamic kubelet configuration](https://github.com/kubernetes/enhancements/issues/281): `DynamicKubeletConfig` is used to enable the dynamic configuration of the kubelet. The `DynamicKubeletConfig` flag was deprecated in Kubernetes 1.22. In v1.24, this feature gate will be removed from the kubelet. See [Reconfigure kubelet](/docs/tasks/administer-cluster/reconfigure-kubelet/). Refer to the ["Dynamic kubelet config is removed" KEP](https://github.com/kubernetes/enhancements/issues/281) for more information. 
+* [Dynamic log sanitization](https://github.com/kubernetes/kubernetes/pull/107207): The experimental dynamic log sanitization feature is deprecated and will be removed in v1.24. This feature introduced a logging filter that could be applied to all Kubernetes system components logs to prevent various types of sensitive information from leaking via logs. Refer to [KEP-1753: Kubernetes system components logs sanitization](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/1753-logs-sanitization#deprecation) for more information and an [alternative approach](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/1753-logs-sanitization#alternatives=).
+* In-tree provisioner to CSI driver migration: This applies to a number of in-tree plugins, including [Portworx](https://github.com/kubernetes/enhancements/issues/2589). Refer to the [In-tree Storage Plugin to CSI Migration Design Doc](https://github.com/kubernetes/design-proposals-archive/blob/main/storage/csi-migration.md#background-and-motivations) for more information. 
+* [Removing Dockershim from kubelet](https://github.com/kubernetes/enhancements/issues/2221): the Container Runtime Interface (CRI) for Docker (i.e. Dockershim) is currently a built-in container runtime in the kubelet code base. It was deprecated in v1.20. As of v1.24, the kubelet will no longer have dockershim. Check out this blog on [what you need to do be ready for v1.24](/blog/2022/03/31/ready-for-dockershim-removal/). 
+* [Storage capacity tracking for pod scheduling](https://github.com/kubernetes/enhancements/issues/1472): The CSIStorageCapacity API supports exposing currently available storage capacity via CSIStorageCapacity objects and enhances scheduling of pods that use CSI volumes with late binding. In v1.24, the CSIStorageCapacity API will be stable. The API graduating to stable initates the deprecation of the v1beta1 CSIStorageCapacity API. Refer to the [Storage Capacity Constraints for Pod Scheduling KEP](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1472-storage-capacity-tracking) for more information. 
+* [The `master` label is no longer present on kubeadm control plane nodes](https://github.com/kubernetes/kubernetes/pull/107533). For new clusters, the label 'node-role.kubernetes.io/master' will no longer be added to control plane nodes, only the label 'node-role.kubernetes.io/control-plane' will be added. For more information, refer to [KEP-2067: Rename the kubeadm "master" label and taint](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint).
+* [VolumeSnapshot v1beta1 CRD will be removed](https://github.com/kubernetes/enhancements/issues/177). Volume snapshot and restore functionality for Kubernetes and the [Container Storage Interface](https://github.com/container-storage-interface/spec/blob/master/spec.md) (CSI), which provides standardized APIs design (CRDs) and adds PV snapshot/restore support for CSI volume drivers, entered beta in v1.20. VolumeSnapshot v1beta1 was deprecated in v1.21 and is now unsupported. Refer to [KEP-177: CSI Snapshot](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/177-volume-snapshot#kep-177-csi-snapshot) and [kubernetes-csi/external-snapshotter](https://github.com/kubernetes-csi/external-snapshotter/releases/tag/v4.1.0) for more information. 
+
+## What to do
+
+### Dockershim removal
+
+As stated earlier, there are several guides about 
+[Migrating from dockershim](/docs/tasks/administer-cluster/migrating-from-dockershim/). 
+You can start with [Finding what container runtime are on your nodes](/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use/).
+If your nodes are using dockershim, there are other possible Docker Engine dependencies such as 
+Pods or third-party tools executing Docker commands or private registries in the Docker configuration file. You can follow the 
+[Check whether Dockershim deprecation affects you](/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you/) guide to review possible 
+Docker Engine dependencies. Before upgrading to v1.24, you decide to either remain using Docker Engine and 
+[Migrate Docker Engine nodes from dockershim to cri-dockerd](/docs/tasks/administer-cluster/migrating-from-dockershim/migrate-dockershim-dockerd/) or migrate to a CRI-compatible runtime. Here's a guide to 
+[change the container runtime on a node from Docker Engine to containerd](/docs/tasks/administer-cluster/migrating-from-dockershim/change-runtime-containerd/).
+
+### `kubectl convert`
+
+The [`kubectl convert`](/docs/tasks/tools/included/kubectl-convert-overview/) plugin for `kubectl` 
+can be helpful to address migrating off deprecated APIs. The plugin facilitates the conversion of 
+manifests between different API versions, for example, from a deprecated to a non-deprecated API 
+version. More general information about the API migration process can be found in the [Deprecated API Migration Guide](/docs/reference/using-api/deprecation-guide/). 
+Follow the [install `kubectl convert` plugin](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#install-kubectl-convert-plugin) 
+documentation to download and install the `kubectl-convert` binary. 
+    
+### Looking ahead
+
+The Kubernetes 1.25 and 1.26 releases planned for later this year will stop serving beta versions 
+of several currently stable Kubernetes APIs. The v1.25 release will also remove PodSecurityPolicy, 
+which was deprecated with Kubernetes 1.21 and will not graduate to stable. See [PodSecurityPolicy 
+Deprecation: Past, Present, and Future](/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/) for more information. 
+
+The official [list of API removals planned for Kubernetes 1.25](/docs/reference/using-api/deprecation-guide/#v1-25) is:
+
+* The beta CronJob API (batch/v1beta1)
+* The beta EndpointSlice API (discovery.k8s.io/v1beta1)
+* The beta Event API (events.k8s.io/v1beta1)
+* The beta HorizontalPodAutoscaler API (autoscaling/v2beta1)
+* The beta PodDisruptionBudget API (policy/v1beta1)
+* The beta PodSecurityPolicy API (policy/v1beta1)
+* The beta RuntimeClass API (node.k8s.io/v1beta1)
+
+
+The official [list of API removals planned for Kubernetes 1.26](/docs/reference/using-api/deprecation-guide/#v1-26) is:
+
+* The beta FlowSchema and PriorityLevelConfiguration APIs (flowcontrol.apiserver.k8s.io/v1beta1)
+* The beta HorizontalPodAutoscaler API (autoscaling/v2beta2)
+
+    
+### Want to know more?
+Deprecations are announced in the Kubernetes release notes. You can see the announcements of pending deprecations in the release notes for:
+* [Kubernetes 1.21](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.21.md#deprecation)
+* [Kubernetes 1.22](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.22.md#deprecation)
+* [Kubernetes 1.23](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.23.md#deprecation)
+* We will formally announce the deprecations that come with [Kubernetes 1.24](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md#deprecation) as part of the CHANGELOG for that release.
+
+For information on the process of deprecation and removal, check out the official Kubernetes [deprecation policy](/docs/reference/using-api/deprecation-policy/#deprecating-parts-of-the-api) document.
+

content/en/docs/concepts/architecture/nodes.md

@@ -539,6 +539,9 @@ Using this feature, requires enabling the
 config's `ShutdownGracePeriodByPodPriority` to the desired configuration
 containing the pod priority class values and their respective shutdown periods.
 
+Metrics `graceful_shutdown_start_time_seconds` and `graceful_shutdown_end_time_seconds`
+are emitted under the kubelet subsystem to monitor node shutdowns.
+
 ## Swap memory management {#swap-memory}
 
 {{< feature-state state="alpha" for_k8s_version="v1.22" >}}

content/en/docs/concepts/scheduling-eviction/assign-pod-node.md

@@ -124,8 +124,8 @@ For example, consider the following Pod spec:
 
 In this example, the following rules apply:
 
-  * The node *must* have a label with the key `kubernetes.io/e2e-az-name` and
-    the value is either `e2e-az1` or `e2e-az2`.
+  * The node *must* have a label with the key `kubernetes.io/os` and
+    the value `linux`.
   * The node *preferably* has a label with the key `another-node-label-key` and
     the value `another-node-label-value`.
 

content/en/docs/concepts/services-networking/service.md

@@ -25,7 +25,7 @@ and can load-balance across them.
 ## Motivation
 
 Kubernetes {{< glossary_tooltip term_id="pod" text="Pods" >}} are created and destroyed
-to match the state of your cluster. Pods are nonpermanent resources.
+to match the desired state of your cluster. Pods are nonpermanent resources.
 If you use a {{< glossary_tooltip term_id="deployment" >}} to run your app,
 it can create and destroy Pods dynamically.
 

content/en/docs/concepts/storage/volumes.md

@@ -151,6 +151,13 @@ Storage Interface (CSI) Driver. In order to use this feature, the
 [Azure Disk CSI Driver](https://github.com/kubernetes-sigs/azuredisk-csi-driver)
 must be installed on the cluster and the `CSIMigration` feature must be enabled.
 
+#### azureDisk CSI migration complete
+
+{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+
+To disable the `azureDisk` storage plugin from being loaded by the controller manager
+and the kubelet, set the `InTreePluginAzureDiskUnregister` flag to `true`.
+
 ### azureFile {#azurefile}
 
 The `azureFile` volume type mounts a Microsoft Azure File volume (SMB 2.1 and 3.0)
@@ -172,6 +179,13 @@ must be installed on the cluster and the `CSIMigration` and `CSIMigrationAzureFi
 Azure File CSI driver does not support using same volume with different fsgroups. If
 `CSIMigrationAzureFile` is enabled, using same volume with different fsgroups won't be supported at all.
 
+#### azureFile CSI migration complete
+
+{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+
+To disable the `azureFile` storage plugin from being loaded by the controller manager
+and the kubelet, set the `InTreePluginAzureFileUnregister` flag to `true`.
+
 ### cephfs
 
 A `cephfs` volume allows an existing CephFS volume to be

content/en/docs/concepts/workloads/controllers/replicaset.md

@@ -223,8 +223,6 @@ In this manner, a ReplicaSet can own a non-homogenous set of Pods
 
 As with all other Kubernetes API objects, a ReplicaSet needs the `apiVersion`, `kind`, and `metadata` fields.
 For ReplicaSets, the `kind` is always a ReplicaSet.
-In Kubernetes 1.9 the API version `apps/v1` on the ReplicaSet kind is the current version and is enabled by default. The API version `apps/v1beta2` is deprecated.
-Refer to the first lines of the `frontend.yaml` example for guidance.
 
 The name of a ReplicaSet object must be a valid
 [DNS subdomain name](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names).

content/en/docs/concepts/workloads/controllers/statefulset.md

@@ -115,7 +115,7 @@ The name of a StatefulSet object must be a valid
 
 ### Pod Selector
 
-You must set the `.spec.selector` field of a StatefulSet to match the labels of its `.spec.template.metadata.labels`. In 1.8 and later versions, failing to specify a matching Pod Selector will result in a validation error during StatefulSet creation.
+You must set the `.spec.selector` field of a StatefulSet to match the labels of its `.spec.template.metadata.labels`. Failing to specify a matching Pod Selector will result in a validation error during StatefulSet creation.
 
 ### Volume Claim Templates
 
@@ -226,7 +226,7 @@ is completely shutdown, but prior to web-1's termination, web-1 would not be ter
 until web-0 is Running and Ready.
 
 ### Pod Management Policies
-In Kubernetes 1.7 and later, StatefulSet allows you to relax its ordering guarantees while
+StatefulSet allows you to relax its ordering guarantees while
 preserving its uniqueness and identity guarantees via its `.spec.podManagementPolicy` field.
 
 #### OrderedReady Pod Management

content/en/docs/concepts/workloads/pods/pod-topology-spread-constraints.md

@@ -300,7 +300,8 @@ apiVersion: kubescheduler.config.k8s.io/v1beta3
 kind: KubeSchedulerConfiguration
 
 profiles:
-  - pluginConfig:
+  - schedulerName: default-scheduler
+    pluginConfig:
       - name: PodTopologySpread
         args:
           defaultConstraints:
@@ -356,7 +357,8 @@ apiVersion: kubescheduler.config.k8s.io/v1beta3
 kind: KubeSchedulerConfiguration
 
 profiles:
-  - pluginConfig:
+  - schedulerName: default-scheduler
+    pluginConfig:
       - name: PodTopologySpread
         args:
           defaultConstraints: []

content/en/docs/contribute/localization.md

@@ -125,11 +125,14 @@ Add a configuration block for the new language to `config.toml`, under the exist
 [languages.de]
 title = "Kubernetes"
 description = "Produktionsreife Container-Verwaltung"
-languageName = "Deutsch"
+languageName = "Deutsch (German)"
+languageNameLatinScript = "German"
 contentDir = "content/de"
-weight = 3
+weight = 8
 ```
 
+The value for `languageName` will be listed in language selection bar. Assign "language name in native script (language name in latin script)" to `languageName`, for example, `languageName = "한국어 (Korean)"`. `languageNameLatinScript` can be used to access the language name in latin script and use it in the theme. Assign "language name in latin script" to `languageNameLatinScript`, for example, `languageNameLatinScript ="Korean"`. 
+
 When assigning a `weight` parameter for your block, find the language block with the highest weight and add 1 to that value.
 
 For more information about Hugo's multilingual support, see "[Multilingual Mode](https://gohugo.io/content-management/multilingual/)".

content/en/docs/reference/glossary/pod-security-policy.md

@@ -17,3 +17,4 @@ tags:
 
 A cluster-level resource that controls security sensitive aspects of the Pod specification. The `PodSecurityPolicy` objects define a set of conditions that a Pod must run with in order to be accepted into the system, as well as defaults for the related fields. Pod Security Policy control is implemented as an optional admission controller.
 
+PodSecurityPolicy is deprecated as of Kubernetes v1.21, and will be removed in v1.25. We recommend migrating to [Pod Security Admission](/docs/concepts/security/pod-security-admission/), or a 3rd party admission plugin.