-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
📖 Assorted docs updates #1318
📖 Assorted docs updates #1318
Conversation
@moshloop Are you able to address the comments above before tomorrow's meeting? |
@vincepri will do |
|
||
Cluster API expects certificates and keys used for bootstrapping to follow the below convention. CAPBK generates new certificates using this convention if they do not already exist. | ||
|
||
* Each certificate must be stored PEM encoded in a single secret named one of: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* Each certificate must be stored PEM encoded in a single secret named one of: | |
* Each certificate authority keypair must be stored individually in a secret with a name that reflects the cluster and it's use: |
* `<cluster name>-ca` | ||
* `<cluster name>-etcd` | ||
* `<cluster name>-proxy` | ||
* `<cluster name>-sa` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be good to call out the <cluster name>-sa
separately since it is not a CA, but rather just a public/private keypair.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'd go into more detail about the contents of these Secrets and their purpose.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One thing that just crossed my mind, is that outside of <cluster-name>-ca
and a generated <cluster-name>-kubeconfig
, the other values listed here are particular to the kubeadm bootstrapper, maybe we should not define the interoperability of those values here, but rather on the kubeadm bootstrapper?
* `<cluster name>-sa` | ||
* Each secret must have the following label: | ||
* `cluster.x-k8s.io/cluster-name=<cluster name>` | ||
* Secrets must be of type TLS with 2 values `tls.crt` and `tls.key` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* Secrets must be of type TLS with 2 values `tls.crt` and `tls.key` | |
* Secrets must be of type TLS with 2 keys `tls.crt` and `tls.key`, where the value of each is the PEM encoded public (`tls.crt`) or private ('tls.key`) key. |
cluster.x-k8s.io/cluster-name: cluster1 | ||
type: kubernetes.io/tls | ||
data: | ||
tls.crt: ICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgTUlJQ3l6Q0NBYk9nQXdJQkFnSUJBREFOQmdrcWhraUc5dzBCQVFzRkFEQVZNUk13RVFZRFZRUURFd3ByZFdKbAogICAgY201bGRHVnpNQjRYRFRFNU1EZ3lNekV3TURRek1Gb1hEVEk1TURneU1ERXdNRFF6TUZvd0ZURVRNQkVHQTFVRQogICAgQXhNS2EzVmlaWEp1WlhSbGN6Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1oZgogICAgV0lxdGUzMFRkNXlXM1hQWCs5SDV5S3I1N0NoNDJ2Y3o4cU9DdXFZazZMeWpBcG1hS3FyaTcwRTJ1ZVlYQ0U4RAogICAgMVAwaVRlOXd5L2M0VFpNcmFwUHBHNHo5UDF3bCtTdG5WcTVBZWV6aU9IY1BIcERyNVR4VGViUllnR3dmUFlLdwogICAgdm5kS0JseXYzQXhVR0NIU2hOV01hSUx0dko0RktKZ0NGNXVVUjE3SExsMnVyQ1dmNTBpNmEwK3pLcHZLejZYVwogICAgUmlGTWxZalhlUHFrKzB2QjdWcGxla05JTnFEbm9IRk1kZFBudXZjUW5NSTU1Q2NadHd5S09HMHp0OXBPYXdJYwogICAga3B5a0xSb20rWlBpQ3AzdG1BMnRBUHRsQmJTcmMvZmtVN1BUS2VacjduZ05RYnJocTFudlR3KzFYcmRwcG5qdQogICAgVTB6QVZ2N1JKOS9JSEJTdEFIY0NBd0VBQWFNbU1DUXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01CSUdBMVVkRXdFQgogICAgL3dRSU1BWUJBZjhDQVFBd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFKOUFUT01STC9hdnJGMWZ4N21xaDFFUwogICAgQ3JjcmZIQVFvWlhaTEhXV2lqVm56VGQvYmFKUTZhL0haejMvTm1TemxtK255cW1vWUNqODZmWENDUTdqLzdLbQogICAgMnk3YzhrVWwxSjFQMWtiNGpkWmhlQS9aa1ZWUHVpSHlRNU1CM3dVWEtDQTdudWtLem04blRKRUFWSXE0azEzdwogICAgL1MwYVZaM1JPVWpvSGxhcWl0L1NHdzZSVm9KQTVWb2p5Unh2VEIxdDFyL3JqajlFa0JLVkVHM3pQNGJacC8rcAogICAgdTdYWDluc0xRUWR5YVZSazU4N29vWXpDMTdOQys3OFJub1JoR2tXbUlZTmZWaUllSGVmNU9ac2UxZ0VPRXVOQQogICAgVW9WanlsRkJSbk9XL1pTVEN5bEhGU3M3Z0kvakV1cmVzbWtNdFYzTThxWG5LN2JaRG9rNzZpRGU1RDZlYUNzPQogICAgLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we want to enforce PEM encoding that we would need to include the BEGIN and END headers here.
I wasn't able to find anything in the cert-manager docs related to how it encodes the secrets it generates, is there any guarantees they make related to the Secrets they generate?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is BASE64 encoded PEM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PEM format requires the BEGIN and END markers: https://tools.ietf.org/html/rfc7468
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fwiw, I'm not saying we should require PEM format, I'm just saying that we should accurately represent the format we are expecting/using.
@moshloop Hi! Will you have some time soon to pick this back up? |
If it's possible, it'd be great to move this page under the developer guide of the new book |
I will have this done before the F2F next week. |
@moshloop Do you have time this week to get this document to the book? |
Yes, working on it as we speak, going to include it in a larger docs PR in the next day or 2 |
Thanks! |
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@moshloop Seems there are some conflicts that need to be resolved |
@moshloop I'm not sure what happened to the docs, but it seems the changes in this PR aren't based on the latest version of the book, which is published here https://cluster-api.sigs.k8s.io. The scope of this PR has grown too much imo, and I want to ask if you have time to either split the commits or preferably to open different PRs so it's easier to review. /hold |
@@ -0,0 +1,32 @@ | |||
# Managing Kubernetes Infrastructure with the Cluster API |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file seems extra
@@ -1 +1,3 @@ | |||
# Cluster | |||
<!-- TODO --> | |||
![](../../images/cluster-admission-cluster-controller.svg) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The image linked seems to be missing?
docs/book/src/user/installing.md
Outdated
@@ -0,0 +1,119 @@ | |||
# Installation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the quick start and shouldn't be renamed. There are multiple links to it in the wild
docs/book/src/SUMMARY.md
Outdated
@@ -2,13 +2,16 @@ | |||
|
|||
[Introduction](./introduction.md) | |||
|
|||
- [Quick Start](./user/quick-start.md) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- [Quick Start](./user/quick-start.md) | |
[Quick Start](./user/quick-start.md) |
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
* Copied over some concepts from glossary * Added certificate management page * Move abbreviations into glossary * Added bootstrap controller * Coped some diagrams from CAPV into controller pages * Created standalone installation page * Moved quick start up a level * Moved clusterctl to references as per docs.k8s.io
@vincepri @randomvariable @ncdc Deployed to https://book-789v67wdn.now.sh/ for easy review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for finishing this up!
/lgtm
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: moshloop, vincepri The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/assign @ncdc @chuckha