Add descriptions (#223)

* Add descriptions

* Update docs/modules/listener-operator/pages/security.adoc

Co-authored-by: Razvan-Daniel Mihai <[email protected]>

* Update docs/modules/listener-operator/pages/security.adoc

Co-authored-by: Razvan-Daniel Mihai <[email protected]>

---------

Co-authored-by: Razvan-Daniel Mihai <[email protected]>

Author: fhennig

docs/modules/listener-operator/pages/index.adoc

@@ -1,4 +1,5 @@
 = Stackable Listener Operator
+:description: The Stackable Listener Operator for Kubernetes provisions network listeners according to the cluster policy, and injects connection parameters into Pods.
 :github: https://github.com/stackabletech/listener-operator/
 :crd: {crd-docs-base-url}/listener-operator/{crd-docs-version}/
 

docs/modules/listener-operator/pages/installation.adoc

@@ -2,9 +2,8 @@
 
 There are two ways to run the Stackable Listener Operator:
 
-1. Helm managed Docker container deployment on Kubernetes
-
-2. Build from source
+. Helm managed Docker container deployment on Kubernetes
+. Build from source
 
 == Prerequisites
 
@@ -34,9 +33,11 @@ Then install the Stackable Listener Operator
 $ helm install listener-operator stackable/listener-operator
 ----
 
-Helm will deploy the operator in Kubernetes containers and apply the CRDs. You're now ready to expose services!
+Helm will deploy the operator in Kubernetes containers and apply the CRDs.
+You're now ready to expose services!
 
 === Microk8s
 
-Microk8s uses a non-standard Kubelet state directory. Installing listener-operator on Microk8s requires the argument
+Microk8s uses a non-standard Kubelet state directory.
+Installing listener-operator on Microk8s requires the argument
 `--set kubeletDir=/var/snap/microk8s/common/var/lib/kubelet` to be added to the `helm install` command.

docs/modules/listener-operator/pages/listener.adoc

@@ -1,32 +1,31 @@
-= `Listener`
+= Listener
+:description: The Listener exposes Pods based on ListenerClass rules, provides address info via Ingress_addresses, supports PVC mounting, and enables sticky scheduling.
 
-A `Listener` object exposes a set of ``Pod``s according to the rules of a xref:listenerclass.adoc[], but it also adds a couple of other
-features that are useful for the Stackable platform at large.
+A Listener object exposes a set of Pods according to the rules of a xref:listenerclass.adoc[], but it also adds a couple of other features that are useful for the Stackable data platform at large.
 
-== `ListenerClass`
+== ListenerClass
 
-The exact rules of pod exposure are dictated by the specified xref:listenerclass.adoc[], which allow a single `Listener` definition to be reused in different clusters, regardless of the Kubernetes distribution or cloud provider.
+The exact rules of pod exposure are dictated by the specified xref:listenerclass.adoc[], which allow a single Listener definition to be reused in different clusters, regardless of the Kubernetes distribution or cloud provider.
 
 == Address API
 
-A `Listener` writes back all addresses that it can be reached on to `Listener.status.ingress_addresses`, which can then be used to generate discovery information. Contrary to Kubernetes' `Service`, this is done regardless of the type of service, and transparently also contains information about remapped ports.
+A Listener writes back all addresses that it can be reached on to `Listener.status.ingress_addresses`, which can then be used to generate discovery information.
+Contrary to Kubernetes' Service, this is done regardless of the type of service, and transparently also contains information about remapped ports.
 
 == Address volume projection
 
-`Listener` objects can be mounted into a `Pod` as a `PersistentVolumeClaim`, which contains information about how the `Pod` should request that external clients refer to it.
+Listener objects can be mounted into a Pod as a PersistentVolumeClaim (PVC), which contains information about how the Pod should request that external clients refer to it.
 
 For example, if the volume is mounted to `/stackable/listener`, the primary address can be read from  `/stackable/listener/default-address/address`, and the public `http` port number can be read from `/stackable/listener/default-address/ports/http`.
 
 == Per-replica listeners
 
-A `Listener` PVC can also specify a xref:listenerclass.adoc[] rather than a `Listener`, in which case a `Listener` object is created
-automatically. These PVCs can automatically be created for each replica using either ``StatefulSet``'s `volumeClaimTemplates` (for long-lived listeners that will
-be kept across replica restarts and upgrades) or ``Pod``'s `volumes[].ephemeral` (for temporary listeners that are deleted when their corresponding `Pod` is deleted).
+A Listener PVC can also specify a xref:listenerclass.adoc[] rather than a Listener, in which case a Listener object is created automatically.
+These PVCs can automatically be created for each replica using either StatefulSet's `volumeClaimTemplates` (for long-lived listeners that will be kept across replica restarts and upgrades) or Pod's `volumes[].ephemeral` (for temporary listeners that are deleted when their corresponding Pod is deleted).
 
 == Sticky scheduling
 
-When mounting a `Listener` PVC, it will be made "sticky" to that node if the xref:listenerclass.adoc[] uses a strategy that depends on the node
-that the workload is running on.
+When mounting a Listener PVC, it will be made "sticky" to that node if the xref:listenerclass.adoc[] uses a strategy that depends on the node that the workload is running on.
 
-Keep in mind that this will only work correctly when using long-lived PVCs (such as via ``StatefulSet``'s `volumeClaimTemplates`). Ephemeral PVCs
-will be "reset" for every pod that is created, even if they refer to a long-lived `Listener` object.
+Keep in mind that this will only work correctly when using long-lived PVCs (such as via StatefulSet's `volumeClaimTemplates`).
+Ephemeral PVCs will be "reset" for every pod that is created, even if they refer to a long-lived Listener object.

docs/modules/listener-operator/pages/listenerclass.adoc

@@ -1,6 +1,8 @@
 = ListenerClass
+:description: The ListenerClass defines listener types and exposure rules for Kubernetes Pods, supporting various service types like ClusterIP, NodePort, and LoadBalancer.
 
-A ListenerClass defines a category of listeners. For example, this could be "VPC-internal service", "internet-accessible service", or "K8s-internal service".
+A ListenerClass defines a category of listeners.
+For example, this could be "VPC-internal service", "internet-accessible service", or "K8s-internal service".
 The ListenerClass then defines how this intent is realized in a given cluster.
 
 For example, a Google Kubernetes Engine (GKE) cluster might want to expose all internet-facing services using a managed load balancer, since GKE nodes are
@@ -11,14 +13,17 @@ relatively short-lived and don't have stable addresses:
 include::example$listenerclass-public-gke.yaml[]
 ----
 
-On the other hand, an on-premise cluster might not have dedicated load balancer infrastructure at all, but instead use "pet" Nodes which may be expected to live for years. This might lead administrators of such systems to prefer exposing node ports directly instead:
+On the other hand, an on-premise cluster might not have dedicated load balancer infrastructure at all, but instead use "pet" Nodes which may be expected to live for years.
+This might lead administrators of such systems to prefer exposing node ports directly instead:
 
 [source,yaml]
 ----
 include::example$listenerclass-public-onprem.yaml[]
 ----
 
-Finally, it can be desirable to add additional annotations to a Service. For example, a user might want to only expose some services inside a given cloud vendor VPC. How exactly this is accomplished depends on the cloud provider in question, but for GKE this requires the annotation `networking.gke.io/load-balancer-type`:
+Finally, it can be desirable to add additional annotations to a Service.
+For example, a user might want to only expose some services inside a given cloud vendor VPC.
+How exactly this is accomplished depends on the cloud provider in question, but for GKE this requires the annotation `networking.gke.io/load-balancer-type`:
 
 [source,yaml]
 ----
@@ -27,26 +32,35 @@ include::example$listenerclass-internal-gke.yaml[]
 
 == Service types
 
-The service type is defined by `ListenerClass.spec.serviceType`. The following service types are currently supported by the Stackable Listener Operator:
+The service type is defined by `ListenerClass.spec.serviceType`.
+The following service types are currently supported by the Stackable Listener Operator:
 
 [#servicetype-clusterip]
 === `ClusterIP`
 
-The Listener can be accessed from inside the Kubernetes cluster. The Listener addresses will direct clients to the cluster-internal address.
+The Listener can be accessed from inside the Kubernetes cluster.
+The Listener addresses will direct clients to the cluster-internal address.
 
 [#servicetype-nodeport]
 === `NodePort`
 
-The Listener can be accessed from outside the Kubernetes cluster. This may include the internet, if the Nodes have public IP addresses. The Listener address will direct clients to connect to a randomly assigned port on the Nodes running the Pods.
+The Listener can be accessed from outside the Kubernetes cluster.
+This may include the internet, if the Nodes have public IP addresses.
+The Listener address will direct clients to connect to a randomly assigned port on the Nodes running the Pods.
 
-Additionally, Pods bound to `NodePort` listeners will be xref:volume.adoc#pinning[pinned] to a specific Node. If this is undesirable, consider using xref:#servicetype-loadbalancer[] instead.
+Additionally, Pods bound to `NodePort` listeners will be xref:volume.adoc#pinning[pinned] to a specific Node.
+If this is undesirable, consider using xref:#servicetype-loadbalancer[] instead.
 
 [#servicetype-loadbalancer]
 === `LoadBalancer`
 
-The Listener can be accessed from outside the Kubernetes cluster. This may include the internet, depending on the configuration of the Kubernetes cloud controller manager. A dedicated address will be allocated for the Listener.
+The Listener can be accessed from outside the Kubernetes cluster.
+This may include the internet, depending on the configuration of the Kubernetes cloud controller manager.
+A dedicated address will be allocated for the Listener.
 
-Compared to xref:#servicetype-nodeport[], this service type allows Pods to be moved freely between Nodes. However, it requires https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer[a cloud controller manager that supports load balancers]. Additionally, many cloud providers charge for load-balanced traffic.
+Compared to xref:#servicetype-nodeport[], this service type allows Pods to be moved freely between Nodes.
+However, it requires https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer[a cloud controller manager that supports load balancers].
+Additionally, many cloud providers charge for load-balanced traffic.
 
 == Default ListenerClasses
 
@@ -58,13 +72,16 @@ The Stackable Data Platform assumes the existence of a few predefined ListenerCl
 
 === Presets
 
-To help users get started, the Stackable Listener Operator ships different ListenerClass _presets_ for different environments. These are configured using the `preset` Helm value.
+To help users get started, the Stackable Listener Operator ships different ListenerClass _presets_ for different environments.
+These are configured using the `preset` Helm value.
 
 [#preset-stable-nodes]
 ==== `stable-nodes`
 
-The `stable-nodes` preset installs ListenerClasses appropriate for Kubernetes clusters that use long-lived "pet nodes". This does _not_ require any particular networking setup, but makes pods that require
-stable addresses "sticky" to the Kubernetes Node that they were scheduled to. In addition, downstream operators may generate configurations that refer to particular nodes by name.
+The `stable-nodes` preset installs ListenerClasses appropriate for Kubernetes clusters that use long-lived "pet nodes".
+This does _not_ require any particular networking setup, but makes pods that require
+stable addresses "sticky" to the Kubernetes Node that they were scheduled to.
+In addition, downstream operators may generate configurations that refer to particular nodes by name.
 
 The following ListenerClasses are installed:
 
@@ -75,12 +92,15 @@ The following ListenerClasses are installed:
 [#preset-ephemeral-nodes]
 ==== `ephemeral-nodes`
 
-The `ephemeral-nodes` preset installs ListenerClasses appropriate for Kubernetes clusters that use short-lived "cattle nodes". This makes them appropriate for managed cloud environments, but requires that
+The `ephemeral-nodes` preset installs ListenerClasses appropriate for Kubernetes clusters that use short-lived "cattle nodes".
+This makes them appropriate for managed cloud environments, but requires that
 a LoadBalancer controller is present in the cluster.
 
-Managed cloud environments should generally already provide an integrated LoadBalancer controller. For on-premise environments, an external implementation such as https://docs.tigera.io/calico/latest/networking/configuring/advertise-service-ips[Calico] or https://metallb.org/[MetalLB] can be used.
+Managed cloud environments should generally already provide an integrated LoadBalancer controller.
+For on-premise environments, an external implementation such as https://docs.tigera.io/calico/latest/networking/configuring/advertise-service-ips[Calico] or https://metallb.org/[MetalLB] can be used.
 
-NOTE: K3s' built-in https://docs.k3s.io/networking#service-load-balancer[ServiceLB] (Klipper) is _not_ recommended, because it doesn't allow multiple Services to bind the same Port. If you use ServiceLB, use the xref:#preset-stable-nodes[] preset instead.
+NOTE: K3s' built-in https://docs.k3s.io/networking#service-load-balancer[ServiceLB] (Klipper) is _not_ recommended, because it doesn't allow multiple Services to bind the same Port.
+If you use ServiceLB, use the xref:#preset-stable-nodes[] preset instead.
 
 The following ListenerClasses are installed:
 

docs/modules/listener-operator/pages/security.adoc

@@ -1,12 +1,13 @@
 = Security
+:description: The Listener Operator requires root container privileges to create a Unix domain socket and write exposed address information to pod volumes.
 
 == Container privileges
 
-The Listener Operator runs as a set of root containers. This is needed for two reasons:
+The Listener Operator runs as a set of root containers.
+This is needed for two reasons:
 
-1. We need to run as root to have permission to create the Unix domain socket hosting the Container Storage interface (CSI)
-driver. The Kubelet communicates with the CSI driver over this socket.
-2. We need to run as root to have permission to write information about externally exposed addresses into the pods' volume paths, as directed
-by the CSI.
+1. The root user is needed for the permission to create the Unix domain socket hosting the Container Storage interface (CSI) driver.
+   The Kubelet communicates with the CSI driver over this socket.
+2. The root user is needed for the permission to write information about externally exposed addresses into the pods' volume paths, as directed by the CSI.
 
 Running as root is currently a hard requirement.

docs/modules/listener-operator/pages/volume.adoc

@@ -1,22 +1,21 @@
 = Volume
+:description: The Listener Operator uses CSI PersistentVolumes to stabilize network addresses, inject pod metadata, and expose individual Pods with pinning.
 
-
-The Listener Operator acts as a CSI `PersistentVolume`, which helps it to stabilize network addresses, inject pod metadata and expose individual pods.
+The Listener Operator acts as a CSI PersistentVolume, which helps it to stabilize network addresses, inject pod metadata and expose individual Pods.
 
 [#pinning]
 == Stable addresses
 
-Some xref:listenerclass.adoc[] strategies, such as `NodePort`, tie the public address to the Kubernetes node that the `Pod` is running on. When this address must be configured statically in clients
-(such as for HDFS NameNodes), then Kubernetes' default "floating" scheduling either requires all clients to be reconfigured every time something moves, or for all clients to proxy their traffic through
-a single static node, which then becomes a single point of failure (along with the node that the workload is running on).
+Some xref:listenerclass.adoc[] strategies, such as `NodePort`, tie the public address to the Kubernetes node that the Pod is running on.
+When this address must be configured statically in clients (such as for HDFS NameNodes), then Kubernetes' default "floating" scheduling either requires all clients to be reconfigured every time something moves, or for all clients to proxy their traffic through a single static node, which then becomes a single point of failure (along with the node that the workload is running on).
 
-Mounting listeners into Pods as `PersistentVolume` allows the Listener Operator to pin these workloads to one node. Note that this only happens for xref:listenerclass.adoc[]es that actually benefit
-from pinning.
+Mounting listeners into Pods as PersistentVolume allows the Listener Operator to pin these workloads to one node.
+Note that this only happens for xref:listenerclass.adoc[]es that actually benefit from pinning.
 
 == Pod metadata injection
 
-Some services (such as Kafka) need to know their external address, so that they can advertise it to their own replica discovery mechanism. xref:listener.adoc[] volumes contain a file tree that exposes
-this information:
+Some services (such as Kafka) need to know their external address, so that they can advertize it to their own replica discovery mechanism.
+xref:listener.adoc[] volumes contain a file tree that exposes this information:
 
 [square]
 * `default-address/`- A symlink to `addresses/{primary address}`
@@ -31,19 +30,25 @@ this information:
 
 == Individual pod exposure
 
-Sometimes each replica must be exposed individually, for example because clients need to access data on a specific shard. `PersistentVolumeClaim` templates can be used to provision this automatically.
+Sometimes each replica must be exposed individually, for example because clients need to access data on a specific shard.
+PersistentVolumeClaim templates can be used to provision this automatically.
 
-=== `StatefulSet` `volumeClaimTemplates`
+=== StatefulSet `volumeClaimTemplates`
 
-The `volumeClaimTemplates` allow volumes to be provisioned for each `StatefulSet` replica. These volumes are _persistent_, and will not be deleted when the `Pod` or `StatefulSet` is. This makes them useful for provisioning addresses that must be hard-coded into client configuration.
+The `volumeClaimTemplates` allow volumes to be provisioned for each StatefulSet replica.
+These volumes are _persistent_, and will not be deleted when the Pod or StatefulSet is.
+This makes them useful for provisioning addresses that must be hard-coded into client configuration.
 
 === Pod-scoped ephemeral volumes
 
-`Pod.spec.volumes[].ephemeral` allows volumes to be provisioned for each `Pod`. These volumes are tied to the lifetime of the `Pod` and will be deleted along with it. This makes them useful for provisioning temporary addresses that will be discovered out of band (such as for HDFS DataNodes).
+`Pod.spec.volumes[].ephemeral` allows volumes to be provisioned for each Pod.
+These volumes are tied to the lifetime of the Pod and will be deleted along with it.
+This makes them useful for provisioning temporary addresses that will be discovered out of band (such as for HDFS DataNodes).
 
 == Reference
 
-All configuration must be specified as `annotations` on the `PersistentVolumeClaim`. The following attributes are currently supported:
+All configuration must be specified as `annotations` on the PersistentVolumeClaim.
+The following attributes are currently supported:
 
 === `listeners.stackable.tech/listener-name`
 
@@ -55,5 +60,6 @@ Provisions metadata about an existing xref:listener.adoc[] that was created manu
 
 *Required*: If `listeners.stackable.tech/listener-name` is not specified
 
-Provisions a new xref:listener.adoc[] using the specified xref:listenerclass.adoc[]. The created xref:listener.adoc[] will expose
-all of the ``Pod``'s ports.
+Provisions a new xref:listener.adoc[] using the specified xref:listenerclass.adoc[].
+The created xref:listener.adoc[] will expose
+all of the Pod's ports.