Merge pull request #43841 from windsonsea/clusty

Clean up access-application-cluster/access-cluster

Author: k8s-ci-robot

content/en/docs/tasks/access-application-cluster/access-cluster.md

@@ -16,7 +16,7 @@ When accessing the Kubernetes API for the first time, we suggest using the
 Kubernetes CLI, `kubectl`.
 
 To access a cluster, you need to know the location of the cluster and have credentials
-to access it.  Typically, this is automatically set-up when you work through
+to access it. Typically, this is automatically set-up when you work through
 a [Getting started guide](/docs/setup/),
 or someone else set up the cluster and provided you with credentials and a location.
 
@@ -36,20 +36,20 @@ Kubectl handles locating and authenticating to the apiserver.
 If you want to directly access the REST API with an http client like
 curl or wget, or a browser, there are several ways to locate and authenticate:
 
-  - Run kubectl in proxy mode.
-    - Recommended approach.
-    - Uses stored apiserver location.
-    - Verifies identity of apiserver using self-signed cert.  No MITM possible.
-    - Authenticates to apiserver.
-    - In future, may do intelligent client-side load-balancing and failover.
-  - Provide the location and credentials directly to the http client.
-    - Alternate approach.
-    - Works with some types of client code that are confused by using a proxy.
-    - Need to import a root cert into your browser to protect against MITM.
+- Run kubectl in proxy mode.
+  - Recommended approach.
+  - Uses stored apiserver location.
+  - Verifies identity of apiserver using self-signed cert. No MITM possible.
+  - Authenticates to apiserver.
+  - In future, may do intelligent client-side load-balancing and failover.
+- Provide the location and credentials directly to the http client.
+  - Alternate approach.
+  - Works with some types of client code that are confused by using a proxy.
+  - Need to import a root cert into your browser to protect against MITM.
 
 ### Using kubectl proxy
 
-The following command runs kubectl in a mode where it acts as a reverse proxy.  It handles
+The following command runs kubectl in a mode where it acts as a reverse proxy. It handles
 locating the apiserver and authenticating.
 Run it like this:
 
@@ -83,7 +83,6 @@ The output is similar to this:
 }
 ```
 
-
 ### Without kubectl proxy
 
 Use `kubectl apply` and `kubectl describe secret...` to create a token for the default service account with grep/cut:
@@ -163,16 +162,16 @@ The output is similar to this:
 }
 ```
 
-The above examples use the `--insecure` flag.  This leaves it subject to MITM
-attacks.  When kubectl accesses the cluster it uses a stored root certificate
-and client certificates to access the server.  (These are installed in the
-`~/.kube` directory).  Since cluster certificates are typically self-signed, it
+The above examples use the `--insecure` flag. This leaves it subject to MITM
+attacks. When kubectl accesses the cluster it uses a stored root certificate
+and client certificates to access the server. (These are installed in the
+`~/.kube` directory). Since cluster certificates are typically self-signed, it
 may take special configuration to get your http client to use root
 certificate.
 
 On some clusters, the apiserver does not require authentication; it may serve
-on localhost, or be protected by a firewall.  There is not a standard
-for this.  [Controlling Access to the API](/docs/concepts/security/controlling-access)
+on localhost, or be protected by a firewall. There is not a standard
+for this. [Controlling Access to the API](/docs/concepts/security/controlling-access)
 describes how a cluster admin can configure this.
 
 ## Programmatic access to the API
@@ -182,20 +181,30 @@ client libraries.
 
 ### Go client
 
-* To get the library, run the following command: `go get k8s.io/client-go@kubernetes-<kubernetes-version-number>`, see [INSTALL.md](https://github.com/kubernetes/client-go/blob/master/INSTALL.md#for-the-casual-user) for detailed installation instructions. See [https://github.com/kubernetes/client-go](https://github.com/kubernetes/client-go#compatibility-matrix) to see which versions are supported.
-* Write an application atop of the client-go clients. Note that client-go defines its own API objects, so if needed, please import API definitions from client-go rather than from the main repository, e.g., `import "k8s.io/client-go/kubernetes"` is correct.
+* To get the library, run the following command: `go get k8s.io/client-go@kubernetes-<kubernetes-version-number>`,
+  see [INSTALL.md](https://github.com/kubernetes/client-go/blob/master/INSTALL.md#for-the-casual-user)
+  for detailed installation instructions. See
+  [https://github.com/kubernetes/client-go](https://github.com/kubernetes/client-go#compatibility-matrix)
+  to see which versions are supported.
+* Write an application atop of the client-go clients. Note that client-go defines its own API objects,
+  so if needed, please import API definitions from client-go rather than from the main repository,
+  e.g., `import "k8s.io/client-go/kubernetes"` is correct.
 
 The Go client can use the same [kubeconfig file](/docs/concepts/configuration/organize-cluster-access-kubeconfig/)
-as the kubectl CLI does to locate and authenticate to the apiserver. See this [example](https://git.k8s.io/client-go/examples/out-of-cluster-client-configuration/main.go).
+as the kubectl CLI does to locate and authenticate to the apiserver. See this
+[example](https://git.k8s.io/client-go/examples/out-of-cluster-client-configuration/main.go).
 
 If the application is deployed as a Pod in the cluster, please refer to the [next section](#accessing-the-api-from-a-pod).
 
 ### Python client
 
-To use [Python client](https://github.com/kubernetes-client/python), run the following command: `pip install kubernetes`. See [Python Client Library page](https://github.com/kubernetes-client/python) for more installation options.
+To use [Python client](https://github.com/kubernetes-client/python), run the following command:
+`pip install kubernetes`. See [Python Client Library page](https://github.com/kubernetes-client/python)
+for more installation options.
 
 The Python client can use the same [kubeconfig file](/docs/concepts/configuration/organize-cluster-access-kubeconfig/)
-as the kubectl CLI does to locate and authenticate to the apiserver. See this [example](https://github.com/kubernetes-client/python/tree/master/examples).
+as the kubectl CLI does to locate and authenticate to the apiserver. See this
+[example](https://github.com/kubernetes-client/python/tree/master/examples).
 
 ### Other languages
 
@@ -218,52 +227,51 @@ For information about connecting to other services running on a Kubernetes clust
 
 ## Requesting redirects
 
-The redirect capabilities have been deprecated and removed.  Please use a proxy (see below) instead.
+The redirect capabilities have been deprecated and removed. Please use a proxy (see below) instead.
 
-## So Many Proxies
+## So many proxies
 
 There are several different proxies you may encounter when using Kubernetes:
 
-1.  The [kubectl proxy](#directly-accessing-the-rest-api):
+1. The [kubectl proxy](#directly-accessing-the-rest-api):
 
-    - runs on a user's desktop or in a pod
-    - proxies from a localhost address to the Kubernetes apiserver
-    - client to proxy uses HTTP
-    - proxy to apiserver uses HTTPS
-    - locates apiserver
-    - adds authentication headers
+   - runs on a user's desktop or in a pod
+   - proxies from a localhost address to the Kubernetes apiserver
+   - client to proxy uses HTTP
+   - proxy to apiserver uses HTTPS
+   - locates apiserver
+   - adds authentication headers
 
-1.  The [apiserver proxy](/docs/tasks/access-application-cluster/access-cluster-services/#discovering-builtin-services):
+1. The [apiserver proxy](/docs/tasks/access-application-cluster/access-cluster-services/#discovering-builtin-services):
 
-    - is a bastion built into the apiserver
-    - connects a user outside of the cluster to cluster IPs which otherwise might not be reachable
-    - runs in the apiserver processes
-    - client to proxy uses HTTPS (or http if apiserver so configured)
-    - proxy to target may use HTTP or HTTPS as chosen by proxy using available information
-    - can be used to reach a Node, Pod, or Service
-    - does load balancing when used to reach a Service
+   - is a bastion built into the apiserver
+   - connects a user outside of the cluster to cluster IPs which otherwise might not be reachable
+   - runs in the apiserver processes
+   - client to proxy uses HTTPS (or http if apiserver so configured)
+   - proxy to target may use HTTP or HTTPS as chosen by proxy using available information
+   - can be used to reach a Node, Pod, or Service
+   - does load balancing when used to reach a Service
 
-1.  The [kube proxy](/docs/concepts/services-networking/service/#ips-and-vips):
+1. The [kube proxy](/docs/concepts/services-networking/service/#ips-and-vips):
 
-    - runs on each node
-    - proxies UDP and TCP
-    - does not understand HTTP
-    - provides load balancing
-    - is only used to reach services
+   - runs on each node
+   - proxies UDP and TCP
+   - does not understand HTTP
+   - provides load balancing
+   - is only used to reach services
 
-1.  A Proxy/Load-balancer in front of apiserver(s):
+1. A Proxy/Load-balancer in front of apiserver(s):
 
-    - existence and implementation varies from cluster to cluster (e.g. nginx)
-    - sits between all clients and one or more apiservers
-    - acts as load balancer if there are several apiservers.
+   - existence and implementation varies from cluster to cluster (e.g. nginx)
+   - sits between all clients and one or more apiservers
+   - acts as load balancer if there are several apiservers.
 
-1.  Cloud Load Balancers on external services:
+1. Cloud Load Balancers on external services:
 
-    - are provided by some cloud providers (e.g. AWS ELB, Google Cloud Load Balancer)
-    - are created automatically when the Kubernetes service has type `LoadBalancer`
-    - use UDP/TCP only
-    - implementation varies by cloud provider.
+   - are provided by some cloud providers (e.g. AWS ELB, Google Cloud Load Balancer)
+   - are created automatically when the Kubernetes service has type `LoadBalancer`
+   - use UDP/TCP only
+   - implementation varies by cloud provider.
 
-Kubernetes users will typically not need to worry about anything other than the first two types.  The cluster admin
+Kubernetes users will typically not need to worry about anything other than the first two types. The cluster admin
 will typically ensure that the latter types are set up correctly.
-