kruise 1.6.1 docs (#172)

Signed-off-by: liheng.zms <liheng.zms@alibaba-inc.com>

.github/workflows/pre_dict.json

@@ -795,5 +795,12 @@
   "zhangsean",
   "zhaomingshan",
   "zxvf",
-  "\uff1athe"
-]
+  "\uff1athe",
+  "$patch",
+  "OpenAPI",
+  "TcpSocket",
+  "openapi",
+  "patchesStrategicMerge",
+  "tcpSocket",
+  "x-kubernetes-patch"
+]

docs/best-practices/log-container-sidecarset.md

@@ -103,10 +103,10 @@ spec:
     - http.enabled=true
     env:
     - name: POD_NAMESPACE
-    valueFrom:
-      fieldRef:
-        apiVersion: v1
-          fieldPath: metadata.namespace
+      valueFrom:
+        fieldRef:
+          apiVersion: v1
+            fieldPath: metadata.namespace
     image: docker.elastic.co/beats/filebeat:7.16.2
     livenessProbe:
       exec:

docs/developer-manuals/go-client.md

@@ -15,11 +15,11 @@ which only includes schema definition and clientsets of Kruise.
 Firstly, import `kruise-api` into your `go.mod` file (the version better to be the Kruise version you installed):
 
 ```
-require github.com/openkruise/kruise-api v1.0.0
+require github.com/openkruise/kruise-api v1.6.0
 ```
 
 | Kubernetes Version in your Project | Import Kruise-api < v0.10    | Import Kruise-api >= v0.10   |
-| ---------------------------------- | ---------------------------- | ---------------------------- | 
+| ---------------------------------- | ---------------------------- | ---------------------------- |
 | < 1.18                             | v0.x.y (x <= 9)              | v0.x.y-legacy (x >= 10)      |
 | >= 1.18                            | v0.x.y-1.18 (7 <= x <= 9)    | v0.x.y (x >= 10)             |
 

docs/installation.md

@@ -2,7 +2,9 @@
 title: Installation
 ---
 
-Since v1.0.0 (alpha/beta), OpenKruise requires **Kubernetes version >= 1.16**.
+- Since v1.0.0 (alpha/beta), OpenKruise requires **Kubernetes version >= 1.16**.
+
+- Since v1.6.1 (alpha/beta), OpenKruise requires **Kubernetes version >= 1.18**. However it's still possible to use OpenKruise with Kubernetes versions 1.16 and 1.17 as long as KruiseDaemon is not enabled(install/upgrade kruise charts with featureGates="KruiseDaemon=false")
 
 ## Install with helm
 
@@ -16,7 +18,7 @@ $ helm repo add openkruise https://openkruise.github.io/charts/
 $ helm repo update
 
 # Install the latest version.
-$ helm install kruise openkruise/kruise --version 1.5.2
+$ helm install kruise openkruise/kruise --version 1.6.1
 ```
 **Note:** [Changelog](https://github.com/openkruise/kruise/blob/master/CHANGELOG.md).
 
@@ -30,7 +32,7 @@ $ helm repo add openkruise https://openkruise.github.io/charts/
 $ helm repo update
 
 # Upgrade to the latest version.
-$ helm upgrade kruise openkruise/kruise --version 1.5.2 [--force]
+$ helm upgrade kruise openkruise/kruise --version 1.6.1 [--force]
 ```
 
 Note that:
@@ -68,7 +70,7 @@ The following table lists the configurable parameters of the chart and their def
 | `manager.log.level`                       | Log level that kruise-manager printed                        | `4`                           |
 | `manager.replicas`                        | Replicas of kruise-controller-manager deployment             | `2`                           |
 | `manager.image.repository`                | Repository for kruise-manager image                          | `openkruise/kruise-manager`   |
-| `manager.image.tag`                       | Tag for kruise-manager image                                 | `v1.2.0`                      |
+| `manager.image.tag`                       | Tag for kruise-manager image                                 | `v1.6.1`                      |
 | `manager.resources.limits.cpu`            | CPU resource limit of kruise-manager container               | `200m`                        |
 | `manager.resources.limits.memory`         | Memory resource limit of kruise-manager container            | `512Mi`                       |
 | `manager.resources.requests.cpu`          | CPU resource request of kruise-manager container             | `100m`                        |

docs/user-manuals/deletionprotection.md

@@ -28,6 +28,21 @@ The resources supported and the cascading judgement relationship:
 | `StatefulSet`               | apps.kruise.io         | v1alpha1, v1beta1  | whether the replicas is 0                          |
 | `UnitedDeployment`          | apps.kruise.io         | v1alpha1           | whether the replicas is 0                          |
 
+## Deletion Protection of service and ingress
+
+**FEATURE STATE:** Kruise v1.6.0
+
+Kruise support the deletion protection of service and ingress resources, the strategy only supports `Always`, for example:
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    policy.kruise.io/delete-protection: Always
+  name: test-web
+```
+
 ## Risk
 
 Using `objectSelector` in [webhook configuration](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#webhook-configuration),

docs/user-manuals/imagepulljob.md

@@ -105,6 +105,23 @@ spec:
       io.kubernetes.image.app: "foo"
 ```
 
+### Image Pull Policy support 'Always'
+
+**FEATURE STATE:** Kruise v1.6.0
+
+- **spec.imagePullPolicy=Always** means that kruise always attempts to pull the latest image, even if with the name as previous one.
+- **spec.imagePullPolicy=IfNotPresent** means that kruise only pull the image if it isn't present on node.
+- Defaults is IfNotPresent.
+
+```yaml
+apiVersion: apps.kruise.io/v1alpha1
+kind: ImagePullJob
+spec:
+  ...
+  image: nginx:1.9.1
+  imagePullPolicy: Always | IfNotPresent
+```
+
 ## ImageListPullJob
 
 **FEATURE STATE:** Kruise v1.5.0

docs/user-manuals/jobsidecarterminator.md

@@ -55,6 +55,15 @@ spec:
 ```
 Replace `"example/quick-exit:v1.0.0"` with your prepared image.
 
+### Ignore sidecar container with non-zero exit code
+
+**FEATURE STATE:** Kruise v1.6.0
+
+In previous versions, the sidecar container was required to be able to accept the `SIGTERM` signal and to ensure that the exit code was `0`.
+If the sidecar container had non-zero exit code, it would result in Pod Phase=Failed.
+
+As of Kruise 1.6.0, Kruise will ignore sidecar container with non-zero exit code, and Pod Phase only depend on the success or failure of the main containers.
+
 ### Notes
 
 - Your sidecar container must respond the `SIGTERM` signal, and the entrypoint should `exit 0` when received this signal.
@@ -67,6 +76,6 @@ Replace `"example/quick-exit:v1.0.0"` with your prepared image.
 
   - In `Never` restart policy settings, main container will be treated as `completed` once it exit.
 
-  - In `OnFailure` restart policy settings, main container will be treated as `completed` once it exit and exit code must be `0`. 
- 
-- In Pods on real nodes mode, `KRUISE_TERMINATE_SIDECAR_WHEN_JOB_EXIT` has a higher priority than `KRUISE_TERMINATE_SIDECAR_WHEN_JOB_EXIT_WITH_IMAGE`
+  - In `OnFailure` restart policy settings, main container will be treated as `completed` once it exit and exit code must be `0`.
+
+- In Pods on real nodes mode, `KRUISE_TERMINATE_SIDECAR_WHEN_JOB_EXIT` has a higher priority than `KRUISE_TERMINATE_SIDECAR_WHEN_JOB_EXIT_WITH_IMAGE`

docs/user-manuals/podprobemarker.md

@@ -38,9 +38,9 @@ spec:
   - name: Idle
     containerName: game-server
     probe:
-      exec: 
+      exec:
         command:
-        - /home/game/idle.sh      
+        - /home/game/idle.sh
       initialDelaySeconds: 10
       timeoutSeconds: 3
       periodSeconds: 10
@@ -65,7 +65,7 @@ Once specified, selector cannot be changed for a PodProbeMarker.
 - spec.probes
   - **name**: The probe name needs to be unique within the Pod and between different containers
   - **containerName**: The container that executes the probe
-  - **probe**: The API definition related to probe is consistent with the native K8S probe (currently only Exec is supported). For details, please refer to: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
+  - **probe**: The API definition related to probe is consistent with the native K8S probe (currently only Exec and tcpSocket is supported). For details, please refer to: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
   - **markerPolicy**: According to the Probe execution result (Succeeded or Failed), patch specific Labels and Annotations to the Pod.
     - state: probe result, Succeeded or Failed
     - labels: If the result is satisfied, patch labels to the Pod
@@ -76,6 +76,33 @@ Otherwise, when the probe fails to execute, pod.status.condition.status=False. W
 **Note:** If only one Marker Policy is defined, for example: only define State=Succeeded, Patch Labels[healthy]='true'. When the probe execution success, kruise will patch labels[healthy]='true' to pod.
 And when the probe execution fails, Label[healthy] will be deleted.
 
+### Support TcpSocket Probe
+
+**FEATURE STATE:** Kruise v1.6.0
+
+With this configuration, the kruise-daemon will attempt to open a socket to your container on the specified port. If it can establish a connection,
+the probe is considered `Succeeded`, if it can't it is considered `Failed`. For example:
+
+```yaml
+apiVersion: apps.kruise.io/v1alpha1
+kind: PodProbeMarker
+metadata:
+  name: game-server-probe
+  namespace: ns
+spec:
+  selector:
+    matchLabels:
+      app: game-server
+  probes:
+  - name: Idle
+    containerName: game-server
+    probe:
+      tcpSocket:
+        port: 8080
+      initialDelaySeconds: 15
+      periodSeconds: 10
+```
+
 ## How to view Probe results?
 ### Pod Status Conditions
 If podConditionType is defined, the probe result will be saved to the pod condition, where **condition.type=podConditionType**, as follows:

i18n/zh/docusaurus-plugin-content-docs/current.json

@@ -1,6 +1,6 @@
 {
   "version.label": {
-    "message": "v1.6",
+    "message": "v1.7",
     "description": "The label for next version"
   },
   "sidebar.docs.category.Getting Started": {

i18n/zh/docusaurus-plugin-content-docs/current/best-practices/log-container-sidecarset.md

@@ -99,10 +99,10 @@ spec:
     - http.enabled=true
     env:
     - name: POD_NAMESPACE
-    valueFrom:
-      fieldRef:
-        apiVersion: v1
-          fieldPath: metadata.namespace
+      valueFrom:
+        fieldRef:
+          apiVersion: v1
+            fieldPath: metadata.namespace
     image: docker.elastic.co/beats/filebeat:7.16.2
     livenessProbe:
       exec:

i18n/zh/docusaurus-plugin-content-docs/current/developer-manuals/go-client.md

@@ -13,11 +13,11 @@ title: Golang client
 首先，在你的 `go.mod` 中引入 `kruise-api` 依赖 （版本号最好和你安装的 Kruise 版本相同）：
 
 ```
-require github.com/openkruise/kruise-api v1.0.0
+require github.com/openkruise/kruise-api v1.6.0
 ```
 
 | Kubernetes Version in your Project | Import Kruise-api < v0.10    | Import Kruise-api >= v0.10   |
-| ---------------------------------- | ---------------------------- | ---------------------------- | 
+| ---------------------------------- | ---------------------------- | ---------------------------- |
 | < 1.18                             | v0.x.y (x <= 9)              | v0.x.y-legacy (x >= 10)      |
 | >= 1.18                            | v0.x.y-1.18 (7 <= x <= 9)    | v0.x.y (x >= 10)             |
 

i18n/zh/docusaurus-plugin-content-docs/current/installation.md

@@ -2,7 +2,9 @@
 title: 安装
 ---
 
-从 v1.0.0 (alpha/beta) 开始，OpenKruise 要求在 **Kubernetes >= 1.16** 以上版本的集群中安装和使用。
+- 从 v1.0.0 (alpha/beta) 开始，OpenKruise 要求在 **Kubernetes >= 1.16** 以上版本的集群中安装和使用。
+
+- 从 v1.6.0 (alpha/beta) 开始，OpenKruise 要求在 **Kubernetes >= 1.18** 以上版本的集群中安装和使用。如果你关闭了 Kruise-Daemon 组件（featureGates="KruiseDaemon=false"），你依然可以在 K8S 1.16 和 1.17 的集群上安装和使用。
 
 ## 通过 helm 安装
 
@@ -16,7 +18,7 @@ $ helm repo add openkruise https://openkruise.github.io/charts/
 $ helm repo update
 
 # Install the latest version.
-$ helm install kruise openkruise/kruise --version 1.5.2
+$ helm install kruise openkruise/kruise --version 1.6.1
 ```
 **注意:** [Changelog](https://github.com/openkruise/kruise/blob/master/CHANGELOG.md)。
 ## 通过 helm 升级
@@ -29,7 +31,7 @@ $ helm repo add openkruise https://openkruise.github.io/charts/
 $ helm repo update
 
 # Upgrade to the latest version.
-$ helm upgrade kruise openkruise/kruise --version 1.5.2 [--force]
+$ helm upgrade kruise openkruise/kruise --version 1.6.1 [--force]
 ```
 
 注意：
@@ -62,7 +64,7 @@ $ helm install/upgrade kruise /PATH/TO/CHART
 | `manager.log.level`                       | kruise-manager 日志输出级别                                    | `4`                           |
 | `manager.replicas`                        | kruise-manager 的期望副本数                                    | `2`                           |
 | `manager.image.repository`                | kruise-manager/kruise-daemon 镜像仓库                         | `openkruise/kruise-manager`   |
-| `manager.image.tag`                       | kruise-manager/kruise-daemon 镜像版本                         | `1.2.0`                       |
+| `manager.image.tag`                       | kruise-manager/kruise-daemon 镜像版本                         | `1.6.1`                       |
 | `manager.resources.limits.cpu`            | kruise-manager 的 limit CPU 资源                              | `200m`                        |
 | `manager.resources.limits.memory`         | kruise-manager 的 limit memory 资源                           | `512Mi`                       |
 | `manager.resources.requests.cpu`          | kruise-manager 的 request CPU 资源                            | `100m`                        |
@@ -111,7 +113,7 @@ Feature-gate 控制了 Kruise 中一些有影响性的功能：
 | `WorkloadSpread`                 | 启用 WorkloadSpread 管理应用多分区弹性与拓扑部署 | `true` | 不支持 WorkloadSpread |
 | `InPlaceUpdateEnvFromMetadata`   | 启用 Kruise 原地升级容器当它存在 env from 的 labels/annotations 发生了变化 | `true` | 容器中只有 image 能够原地升级 |
 | `StatefulSetAutoDeletePVC`       | 启用 StatefulSet 自动删除它所创建的 PVC | `true` | StatefulSet 不会清理 PVC |
-| `PreDownloadImageForDaemonSetUpdate`       | 启用 DaemonSet 自动为原地升级过程中创建 ImagePullJob 来镜像预热  | `true` | 原地升级无镜像提前预热 |
+| `PreDownloadImageForDaemonSetUpdate`       | 启用 DaemonSet 自动为原地升级过程中创建 ImagePullJob 来镜像预热  | `false` | 原地升级无镜像提前预热 |
 | `PodProbeMarkerGate`   | 启用 PodProbeMarker 能力  | `true` | PodProbeMarker 关闭 |
 | `SidecarSetPatchPodMetadataDefaultsAllowed`   | 允许 SidecarSet Patch 任意 Annotations 到 Pob Object，不再进行白名单校验 | `false` | Annotations不允许随意Patch，需要通过 SidecarSet_PatchPodMetadata_WhiteList 配置 |
 | `SidecarTerminator`   | 启用 SidecarTerminator 能力，在 Job 场景中当主容器退出后，能够停止 Sidecar 容器 | `false` | SidecarTerminator 不可用 |

i18n/zh/docusaurus-plugin-content-docs/current/user-manuals/deletionprotection.md

@@ -27,6 +27,21 @@ title: Deletion Protection
 | `StatefulSet`               | apps.kruise.io         | v1alpha1, v1beta1  | replicas 是否为 0                   |
 | `UnitedDeployment`          | apps.kruise.io         | v1alpha1           | replicas 是否为 0                   |
 
+## 支持 Service、Ingress 资源
+
+**FEATURE STATE:** Kruise v1.6.0
+
+Kruise 支持 Service 和 Ingress 资源 'Always' 方式的删除保护，如下：
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    policy.kruise.io/delete-protection: Always
+  name: test-web
+```
+
 ## 风险
 
 通过 [webhook configuration](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#webhook-configuration) 的 `objectSelector` 字段，

i18n/zh/docusaurus-plugin-content-docs/current/user-manuals/imagepulljob.md

@@ -101,6 +101,23 @@ spec:
       io.kubernetes.image.app: "foo"
 ```
 
+### 镜像拉取支持 'Always' 策略
+
+**FEATURE STATE:** Kruise v1.6.0
+
+- **spec.imagePullPolicy=Always** 表示 kruise 每次都会尝试拉取最新的镜像，哪怕镜像名字没有改变
+- **spec.imagePullPolicy=IfNotPresent** 表示 kruise 只有镜像在Node机器不存在时，才会拉取镜像
+- 默认策略是 IfNotPresent
+
+```yaml
+apiVersion: apps.kruise.io/v1alpha1
+kind: ImagePullJob
+spec:
+  ...
+  image: nginx:1.9.1
+  imagePullPolicy: Always | IfNotPresent
+```
+
 ## ImageListPullJob
 
 **FEATURE STATE:** Kruise v1.5.0

i18n/zh/docusaurus-plugin-content-docs/current/user-manuals/jobsidecarterminator.md

@@ -55,6 +55,14 @@ spec:
 ```
  使用你自己准备的快速退出镜像来替换上述 `"example/quick-exit:v1.0.0"`.
 
+### 忽略 Sidecar 容器退出码非0
+
+**FEATURE STATE:** Kruise v1.6.0
+
+在之前的版本，要求 Sidecar 容器能够接受、处理 `SIGTERM` 信号，并且退出码为`0`。否则，将会导致 Pod Phase=Failed。
+
+从 Kruise 1.6.0 版本开始，将忽略 Sidecar 容器退出码 `非0` 的情况，Pod Phase 状态只依赖于 Main 容器成功与否。
+
 ### 注意事项
 
 - sidecar 容器必须能够响应 `SIGTERM` 信号。当收到此信号时，`EntryPoint` 进程必须退出(即 sidecar 容器退出)，且退出码应当为 `0`。

i18n/zh/docusaurus-plugin-content-docs/current/user-manuals/podprobemarker.md

@@ -72,6 +72,32 @@ spec:
 
 **注意：** 如果只定义了一种Marker Policy策略，例如：只定义了 State=Succeeded，Patch Labels[healthy]='true'。当Probe执行成功时，将会Patch Label[healthy]='true' 到Pod上。当Probe执行失败时，Label[healthy]将会被删除。
 
+### 支持 TcpSocket Probe
+
+**FEATURE STATE:** Kruise v1.6.0
+
+根据如下配置，kruise-daemon 会尝试与容器 Port 建立一个socket连接，如果建立成功，则 Probe 将会返回 `Succeeded`，否则 `Failed`。
+
+```yaml
+apiVersion: apps.kruise.io/v1alpha1
+kind: PodProbeMarker
+metadata:
+  name: game-server-probe
+  namespace: ns
+spec:
+  selector:
+    matchLabels:
+      app: game-server
+  probes:
+  - name: Idle
+    containerName: game-server
+    probe:
+      tcpSocket:
+        port: 8080
+      initialDelaySeconds: 15
+      periodSeconds: 10
+```
+
 ## How to view Probe results?
 ### Pod Status Conditions
 如果用户定义了podConditionType，将Probe执行结果（Succeeded或Failed）保存到pod condition上，其中**condition.type=podConditionType**，具体如下：