openshift
diff --git a/‎modules/containers-about.adoc‎
Lines changed: 5 additions & 27 deletions b/‎modules/containers-about.adoc‎
Lines changed: 5 additions & 27 deletions
diff --git a/‎modules/images-about.adoc‎
Lines changed: 4 additions & 19 deletions b/‎modules/images-about.adoc‎
Lines changed: 4 additions & 19 deletions
diff --git a/‎modules/images-add-tags-to-imagestreams.adoc‎
Lines changed: 11 additions & 30 deletions b/‎modules/images-add-tags-to-imagestreams.adoc‎
Lines changed: 11 additions & 30 deletions
diff --git a/‎modules/images-allow-pods-to-reference-images-across-projects.adoc‎
Lines changed: 3 additions & 7 deletions b/‎modules/images-allow-pods-to-reference-images-across-projects.adoc‎
Lines changed: 3 additions & 7 deletions
diff --git a/‎modules/images-allow-pods-to-reference-images-from-secure-registries.adoc‎
Lines changed: 5 additions & 14 deletions b/‎modules/images-allow-pods-to-reference-images-from-secure-registries.adoc‎
Lines changed: 5 additions & 14 deletions
diff --git a/‎modules/images-configuration-cas.adoc‎
Lines changed: 2 additions & 2 deletions b/‎modules/images-configuration-cas.adoc‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎modules/images-configuration-file.adoc‎
Lines changed: 6 additions & 26 deletions b/‎modules/images-configuration-file.adoc‎
Lines changed: 6 additions & 26 deletions
@@ -4,34 +4,12 @@
 [id="containers-about_{context}"]
 = Containers
 
-The basic units of {product-title} applications are called _containers_.
-link:https://access.redhat.com/articles/1353593[Linux container technologies]
-are lightweight mechanisms for isolating running processes so that they are
-limited to interacting with only their designated resources. The word
-container is defined as a specific running or paused instance of a container
-image.
+The basic units of {product-title} applications are called containers. link:https://access.redhat.com/articles/1353593[Linux container technologies] are lightweight mechanisms for isolating running processes so that they are limited to interacting with only their designated resources. The word container is defined as a specific running or paused instance of a container image.
 
-Many application instances can be running in containers on a single host without
-visibility into each others' processes, files, network, and so on. Typically,
-each container provides a single service, often called a micro-service, such
-as a web server or a database, though containers can be used for arbitrary
-workloads.
+Many application instances can be running in containers on a single host without visibility into each others' processes, files, network, and so on. Typically, each container provides a single service, often called a micro-service, such as a web server or a database, though containers can be used for arbitrary workloads.
 
-The Linux kernel has been incorporating capabilities for container technologies
-for years. The Docker project developed a convenient management interface for
-Linux containers on a host. More recently, the
-link:https://github.com/opencontainers/[Open Container Initiative] has developed
-open standards for container formats and container runtimes. {product-title} and
-Kubernetes add the ability to orchestrate OCI- and Docker-formatted containers
-across multi-host installations.
+The Linux kernel has been incorporating capabilities for container technologies for years. The Docker project developed a convenient management interface for Linux containers on a host. More recently, the link:https://github.com/opencontainers/[Open Container Initiative] has developed open standards for container formats and container runtimes. {product-title} and Kubernetes add the ability to orchestrate OCI- and Docker-formatted containers across multi-host installations.
 
-Though you do not directly interact with container runtimes when using
-{product-title}, understanding their capabilities and terminology is
-important for understanding their role in {product-title} and how your
-applications function inside of containers.
+Though you do not directly interact with container runtimes when using {product-title}, understanding their capabilities and terminology is important for understanding their role in {product-title} and how your applications function inside of containers.
 
-Tools such as
-link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html-single/managing_containers/#using_podman_to_work_with_containers[podman]
-can be used to replace `docker` command-line tools for running and managing
-containers directly. Using `podman`, you can experiment with containers
-separately from {product-title}.
+Tools such as link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html-single/managing_containers/#using_podman_to_work_with_containers[podman] can be used to replace `docker` command-line tools for running and managing containers directly. Using `podman`, you can experiment with containers separately from {product-title}.
@@ -4,25 +4,10 @@
 [id="images-about_{context}"]
 = Images
 
-Containers in {product-title} are based on OCI- or
-Docker-formatted container _images_. An image is a
-binary that includes all of the requirements for running a single
-container, as well as metadata describing its needs and capabilities.
+Containers in {product-title} are based on OCI- or Docker-formatted container _images_. An image is a binary that includes all of the requirements for running a single container, as well as metadata describing its needs and capabilities.
 
-You can think of it as a packaging technology. Containers only have access to
-resources defined in the image unless you give the container additional access
-when creating it. By deploying the same image in multiple containers across
-multiple hosts and load balancing between them, {product-title} can provide
-redundancy and horizontal scaling for a service packaged into an image.
+You can think of it as a packaging technology. Containers only have access to resources defined in the image unless you give the container additional access when creating it. By deploying the same image in multiple containers across multiple hosts and load balancing between them, {product-title} can provide redundancy and horizontal scaling for a service packaged into an image.
 
-You can use the
-link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html-single/managing_containers/#using_podman_to_work_with_containers[podman]
-or `docker` CLI directly to build images, but {product-title} also supplies
-builder images that assist with creating new images by adding your code or
-configuration to existing images.
+You can use the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html-single/managing_containers/#using_podman_to_work_with_containers[podman] or `docker` CLI directly to build images, but {product-title} also supplies builder images that assist with creating new images by adding your code or configuration to existing images.
 
-Because applications develop over time, a single image name can actually
-refer to many different versions of the same image. Each different
-image is referred to uniquely by its hash (a long hexadecimal number
-e.g., `fd44297e2ddb050ec4f...`) which is usually shortened to 12
-characters (e.g., `fd44297e2ddb`).
+Because applications develop over time, a single image name can actually refer to many different versions of the same image. Each different image is referred to uniquely by its hash, a long hexadecimal number such as `fd44297e2ddb050ec4f...`, which is usually shortened to 12 characters, such as `fd44297e2ddb`.
@@ -2,42 +2,33 @@
 // * openshift_images/tagging-images
 
 [id="images-add-tags-to-imagestreams_{context}"]
-= Adding tags to imagestreams
+= Adding tags to image streams
 
-An imagestream in {product-title} comprises zero or more container images
-identified by tags.
+An image stream in {product-title} comprises zero or more container images identified by tags.
 
-There are different types of tags available. The default behavior uses a
-_permanent_ tag, which points to a specific image in time. If the _permanent_tag
-is in use and the source changes, the tag does not change for the destination.
+There are different types of tags available. The default behavior uses a `permanent` tag, which points to a specific image in time. If the `permanent` tag is in use and the source changes, the tag does not change for the destination.
 
-A _tracking_ tag means the destination tag's metadata is updated during the import
-of the source tag.
+A `tracking` tag means the destination tag's metadata is updated during the import of the source tag.
 
 .Procedure
 
-* You can add tags to an imagestream using the `oc tag` command:
+* You can add tags to an image stream using the `oc tag` command:
 +
 [source,terminal]
 ----
 $ oc tag <source> <destination>
 ----
 +
-For example, to configure the `ruby` imagestreams `static-2.0` tag to always
-refer to the current image for the `ruby` imagestreams `2.0` tag:
+For example, to configure the `ruby` image stream `static-2.0` tag to always refer to the current image for the `ruby` image stream `2.0` tag:
 +
 [source,terminal]
 ----
 $ oc tag ruby:2.0 ruby:static-2.0
 ----
 +
-This creates a new imagestreamtag named `static-2.0` in the `ruby` imagestream.
-The new tag directly references the image id that the `ruby:2.0`
-imagestreamtag pointed to at the time `oc tag` was run, and the image it points
-to never changes.
+This creates a new image stream tag named `static-2.0` in the `ruby` image stream. The new tag directly references the image id that the `ruby:2.0` image stream tag pointed to at the time `oc tag` was run, and the image it points to never changes.
 
-* To ensure the destination tag is updated whenever the source tag changes, use
-the `--alias=true` flag:
+* To ensure the destination tag is updated when the source tag changes, use the `--alias=true` flag:
 +
 [source,terminal]
 ----
@@ -46,23 +37,13 @@ $ oc tag --alias=true <source> <destination>
 
 [NOTE]
 ====
-Use a _tracking_ tag for creating permanent aliases, for example, `latest` or
-`stable`. The tag only works correctly within a single imagestream. Trying
-to create a cross-imagestream alias produces an error.
+Use a tracking tag for creating permanent aliases, for example, `latest` or `stable`. The tag only works correctly within a single image stream. Trying to create a cross-image stream alias produces an error.
 ====
 
 * You can also add the `--scheduled=true` flag to have the destination tag be
 refreshed, or re-imported, periodically. The period is configured globally at
 the system level.
 
-* The `--reference` flag creates an imagestreamtag that is not imported. The
-tag points to the source location, permanently.
+* The `--reference` flag creates an image stream tag that is not imported. The tag points to the source location, permanently.
 +
-If you want to instruct OpenShift to always fetch the tagged image from the
-integrated registry, use `--reference-policy=local`. The registry uses the
-pull-through feature to serve the image to the client. By default, the image
-blobs are mirrored locally by the registry. As a result, they can be pulled more
-quickly the next time they are needed. The flag also allows for pulling from
-insecure registries without a need to supply `--insecure-registry` to the container
-runtime as long as the imagestream has an insecure annotation or the tag has an
-insecure import policy.
+If you want to instruct {product-title} to always fetch the tagged image from the integrated registry, use `--reference-policy=local`. The registry uses the pull-through feature to serve the image to the client. By default, the image blobs are mirrored locally by the registry. As a result, they can be pulled more quickly the next time they are needed. The flag also allows for pulling from insecure registries without a need to supply `--insecure-registry` to the container runtime as long as the image stream has an insecure annotation or the tag has an insecure import policy.
@@ -4,14 +4,11 @@
 [id="images-allow-pods-to-reference-images-across-projects_{context}"]
 = Allowing pods to reference images across projects
 
-When using the internal registry, to allow pods in `project-a` to reference
-images in `project-b`, a service account in `project-a` must be bound to the
-`system:image-puller` role in `project-b`.
+When using the internal registry, to allow pods in `project-a` to reference images in `project-b`, a service account in `project-a` must be bound to the `system:image-puller` role in `project-b`.
 
 .Procedure
 
-. To allow pods in `project-a` to reference images in `project-b`, bind a service
-account in `project-a` to the `system:image-puller` role in `project-b`:
+. To allow pods in `project-a` to reference images in `project-b`, bind a service account in `project-a` to the `system:image-puller` role in `project-b`:
 +
 [source,terminal]
 ----
@@ -20,8 +17,7 @@ $ oc policy add-role-to-user \
     --namespace=project-b
 ----
 +
-After adding that role, the pods in `project-a` that reference the default
-service account are able to pull images from `project-b`.
+After adding that role, the pods in `project-a` that reference the default service account are able to pull images from `project-b`.
 
 . To allow access for any service account in `project-a`, use the group:
 +
 
@@ -6,18 +6,13 @@
 [id="images-allow-pods-to-reference-images-from-secure-registries_{context}"]
 = Allowing pods to reference images from other secured registries
 
-The `.dockercfg` `$HOME/.docker/config.json` file for Docker clients is a
-Docker credentials file that stores your authentication information if you have
-previously logged into a secured or insecure registry.
+The `.dockercfg` `$HOME/.docker/config.json` file for Docker clients is a Docker credentials file that stores your authentication information if you have previously logged into a secured or insecure registry.
 
-To pull a secured container image that is not from {product-title}'s internal
-registry, you must create a pull secret from your Docker credentials and add
-it to your service account.
+To pull a secured container image that is not from {product-title}'s internal registry, you must create a pull secret from your Docker credentials and add it to your service account.
 
 .Procedure
 
-* If you already have a `.dockercfg` file for the secured registry, you can create
-a secret from that file by running:
+* If you already have a `.dockercfg` file for the secured registry, you can create a secret from that file by running:
 +
 [source,terminal]
 ----
@@ -35,8 +30,7 @@ $ oc create secret generic <pull_secret_name> \
     --type=kubernetes.io/dockerconfigjson
 ----
 
-* If you do not already have a Docker credentials file for the secured registry,
-you can create a secret by running:
+* If you do not already have a Docker credentials file for the secured registry, you can create a secret by running:
 +
 [source,terminal]
 ----
@@ -47,10 +41,7 @@ $ oc create secret docker-registry <pull_secret_name> \
     --docker-email=<email>
 ----
 
-* To use a secret for pulling images for pods, you must add the secret to your
-service account. The name of the service account in this example should match
-the name of the service account the pod uses. `default` is the default
-service account:
+* To use a secret for pulling images for pods, you must add the secret to your service account. The name of the service account in this example should match the name of the service account the pod uses. The default service account is `default`:
 +
 [source,terminal]
 ----
 
@@ -10,13 +10,13 @@
 The `image.config.openshift.io/cluster` custom resource can contain a reference to a config map that contains additional certificate authorities to be trusted during image registry access.
 
 .Prerequisites
-* The CAs must be PEM-encoded.
+* The certificate authorities (CA) must be PEM-encoded.
 
 .Procedure
 
 You can create a config map in the `openshift-config` namespace and use its name in `AdditionalTrustedCA` in the `image.config.openshift.io` custom resource to provide additional CAs that should be trusted when contacting external registries.
 
-The ConfigMap key is the host name of a registry with the port for which this CA is to be trusted, and the base64-encoded certificate is the value, for each additional registry CA to trust.
+The config map key is the host name of a registry with the port for which this CA is to be trusted, and the base64-encoded certificate is the value, for each additional registry CA to trust.
 
 .Image registry CA config map example
 [source,yaml]
 
@@ -6,11 +6,7 @@
 [id="images-configuration-file_{context}"]
 = Configuring image settings
 
-You can configure image registry settings by editing the
-`image.config.openshift.io/cluster`  custom resource (CR). The
-Machine Config Operator (MCO) watches the
-`image.config.openshift.io/cluster` CR for any changes 
-to the registries and reboots the nodes when it detects changes.
+You can configure image registry settings by editing the `image.config.openshift.io/cluster` custom resource (CR). The Machine Config Operator (MCO) watches the `image.config.openshift.io/cluster` CR for any changes to the registries and reboots the nodes when it detects changes.
 
 .Procedure
 
@@ -52,30 +48,14 @@ spec:
 status:
   internalRegistryHostname: image-registry.openshift-image-registry.svc:5000
 ----
-<1> `Image`: Holds cluster-wide information about how to handle images. The
-canonical, and only valid name is `cluster`.
-<2> `allowedRegistriesForImport`: Limits the container image registries from which
-normal users may import images. Set this list to the registries that you trust
-to contain valid images, and that you want applications to be able to
-import from. Users with permission to create images or `ImageStreamMappings`
-from the API are not affected by this policy. Typically only cluster
-administrators will have the appropriate permissions.
-<3> `additionalTrustedCA`: A reference to a ConfigMap containing additional CAs that
-should be trusted during `ImageStream import`, `pod image pull`,
-`openshift-image-registry pullthrough`, and builds. The namespace for this ConfigMap is
-`openshift-config`. The format of the ConfigMap is to use the registry hostname
-as the key, and the PEM certificate as the value, for each additional registry CA to
-trust.
-<4> `registrySources`: Contains configuration that determines how the container
-runtime should treat individual registries when accessing images for builds and
-pods. For instance, whether or not to allow insecure access. It does not contain
-configuration for the internal cluster registry. This example lists `allowedRegistries`, 
-which defines the registries that are allowed to be used. One of the registries listed
-is insecure.
+<1> `Image`: Holds cluster-wide information about how to handle images. The canonical, and only valid name is `cluster`.
+<2> `allowedRegistriesForImport`: Limits the container image registries from which normal users may import images. Set this list to the registries that you trust to contain valid images, and that you want applications to be able to import from. Users with permission to create images or `ImageStreamMappings` from the API are not affected by this policy. Typically only cluster administrators have the appropriate permissions.
+<3> `additionalTrustedCA`: A reference to a config map containing additional certificate authorities (CA) that are trusted during image stream import, pod image pull, `openshift-image-registry` pullthrough, and builds. The namespace for this config map is `openshift-config`. The format of the config map is to use the registry hostname as the key, and the PEM certificate as the value, for each additional registry CA to trust.
+<4> `registrySources`: Contains configuration that determines how the container runtime should treat individual registries when accessing images for builds and pods. For instance, whether or not to allow insecure access. It does not contain configuration for the internal cluster registry. This example lists `allowedRegistries`, which defines the registries that are allowed to be used. One of the registries listed is insecure.
 +
 [NOTE]
 ====
-When using the `allowedRegistries`, `blockedRegistries`, or `insecureRegistries` parameter, you can specify an individual repository within a registry. For example: `reg1.io/myrepo/myapp:latest`. 
+When using the `allowedRegistries`, `blockedRegistries`, or `insecureRegistries` parameter, you can specify an individual repository within a registry. For example: `reg1.io/myrepo/myapp:latest`.
 ====
 
 . To check that the changes are applied, list your nodes: