From 4567032b5fd3fd1ed57131023bbc2e5a46173a24 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Mon, 21 Mar 2022 16:35:21 +0800 Subject: [PATCH 1/2] Fix doc strings for kubelet config APIs --- pkg/kubelet/apis/config/types.go | 23 ++++++++++--------- .../k8s.io/kubelet/config/v1alpha1/types.go | 16 ++++++------- 2 files changed, 20 insertions(+), 19 deletions(-) diff --git a/pkg/kubelet/apis/config/types.go b/pkg/kubelet/apis/config/types.go index f2af378477f..5b90858d99f 100644 --- a/pkg/kubelet/apis/config/types.go +++ b/pkg/kubelet/apis/config/types.go @@ -340,9 +340,10 @@ type KubeletConfiguration struct { ContainerLogMaxFiles int32 // ConfigMapAndSecretChangeDetectionStrategy is a mode in which config map and secret managers are running. ConfigMapAndSecretChangeDetectionStrategy ResourceChangeDetectionStrategy - // A comma separated allowlist of unsafe sysctls or sysctl patterns (ending in *). - // Unsafe sysctl groups are kernel.shm*, kernel.msg*, kernel.sem, fs.mqueue.*, and net.*. - // These sysctls are namespaced but not allowed by default. For example: "kernel.msg*,net.ipv4.route.min_pmtu" + // A comma separated allowlist of unsafe sysctls or sysctl patterns (ending in `*`). + // Unsafe sysctl groups are `kernel.shm*`, `kernel.msg*`, `kernel.sem`, `fs.mqueue.*`, and `net.*`. + // These sysctls are namespaced but not allowed by default. + // For example: "`kernel.msg*,net.ipv4.route.min_pmtu`" // +optional AllowedUnsafeSysctls []string // kernelMemcgNotification if enabled, the kubelet will integrate with the kernel memcg @@ -554,9 +555,9 @@ type CredentialProvider struct { // // Each entry in matchImages is a pattern which can optionally contain a port and a path. // Globs can be used in the domain, but not in the port or the path. Globs are supported - // as subdomains like '*.k8s.io' or 'k8s.*.io', and top-level-domains such as 'k8s.*'. - // Matching partial subdomains like 'app*.k8s.io' is also supported. Each glob can only match - // a single subdomain segment, so *.io does not match *.k8s.io. + // as subdomains like `*.k8s.io` or `k8s.*.io`, and top-level-domains such as `k8s.*`. + // Matching partial subdomains like `app*.k8s.io` is also supported. Each glob can only match + // a single subdomain segment, so `*.io` does not match *.k8s.io. // // A match exists between an image and a matchImage when all of the below are true: // - Both contain the same number of domain parts and each part matches. @@ -564,11 +565,11 @@ type CredentialProvider struct { // - If the imageMatch contains a port, then the port must match in the image as well. // // Example values of matchImages: - // - 123456789.dkr.ecr.us-east-1.amazonaws.com - // - *.azurecr.io - // - gcr.io - // - *.*.registry.io - // - registry.io:8080/path + // - `123456789.dkr.ecr.us-east-1.amazonaws.com` + // - `*.azurecr.io` + // - `gcr.io` + // - `*.*.registry.io` + // - `registry.io:8080/path` MatchImages []string // defaultCacheDuration is the default duration the plugin will cache credentials in-memory diff --git a/staging/src/k8s.io/kubelet/config/v1alpha1/types.go b/staging/src/k8s.io/kubelet/config/v1alpha1/types.go index e869bc18244..92daa99667e 100644 --- a/staging/src/k8s.io/kubelet/config/v1alpha1/types.go +++ b/staging/src/k8s.io/kubelet/config/v1alpha1/types.go @@ -52,9 +52,9 @@ type CredentialProvider struct { // // Each entry in matchImages is a pattern which can optionally contain a port and a path. // Globs can be used in the domain, but not in the port or the path. Globs are supported - // as subdomains like '*.k8s.io' or 'k8s.*.io', and top-level-domains such as 'k8s.*'. - // Matching partial subdomains like 'app*.k8s.io' is also supported. Each glob can only match - // a single subdomain segment, so *.io does not match *.k8s.io. + // as subdomains like `*.k8s.io` or `k8s.*.io`, and top-level-domains such as `k8s.*`. + // Matching partial subdomains like `app*.k8s.io` is also supported. Each glob can only match + // a single subdomain segment, so `*.io` does not match `*.k8s.io`. // // A match exists between an image and a matchImage when all of the below are true: // - Both contain the same number of domain parts and each part matches. @@ -62,11 +62,11 @@ type CredentialProvider struct { // - If the imageMatch contains a port, then the port must match in the image as well. // // Example values of matchImages: - // - 123456789.dkr.ecr.us-east-1.amazonaws.com - // - *.azurecr.io - // - gcr.io - // - *.*.registry.io - // - registry.io:8080/path + // - `123456789.dkr.ecr.us-east-1.amazonaws.com` + // - `*.azurecr.io` + // - `gcr.io` + // - `*.*.registry.io` + // - `registry.io:8080/path` MatchImages []string `json:"matchImages"` // defaultCacheDuration is the default duration the plugin will cache credentials in-memory From 629b7aef511dfb9af689ada7616948c4f9928d73 Mon Sep 17 00:00:00 2001 From: Qiming Teng Date: Mon, 21 Mar 2022 22:12:35 +0800 Subject: [PATCH 2/2] Update generated file(s) --- pkg/generated/openapi/zz_generated.openapi.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index a4ab2c397a9..0542e95b9cf 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -51883,7 +51883,7 @@ func schema_k8sio_kubelet_config_v1alpha1_CredentialProvider(ref common.Referenc }, "matchImages": { SchemaProps: spec.SchemaProps{ - Description: "matchImages is a required list of strings used to match against images in order to determine if this provider should be invoked. If one of the strings matches the requested image from the kubelet, the plugin will be invoked and given a chance to provide credentials. Images are expected to contain the registry domain and URL path.\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Globs can be used in the domain, but not in the port or the path. Globs are supported as subdomains like '*.k8s.io' or 'k8s.*.io', and top-level-domains such as 'k8s.*'. Matching partial subdomains like 'app*.k8s.io' is also supported. Each glob can only match a single subdomain segment, so *.io does not match *.k8s.io.\n\nA match exists between an image and a matchImage when all of the below are true: - Both contain the same number of domain parts and each part matches. - The URL path of an imageMatch must be a prefix of the target image URL path. - If the imageMatch contains a port, then the port must match in the image as well.\n\nExample values of matchImages:\n - 123456789.dkr.ecr.us-east-1.amazonaws.com\n - *.azurecr.io\n - gcr.io\n - *.*.registry.io\n - registry.io:8080/path", + Description: "matchImages is a required list of strings used to match against images in order to determine if this provider should be invoked. If one of the strings matches the requested image from the kubelet, the plugin will be invoked and given a chance to provide credentials. Images are expected to contain the registry domain and URL path.\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Globs can be used in the domain, but not in the port or the path. Globs are supported as subdomains like `*.k8s.io` or `k8s.*.io`, and top-level-domains such as `k8s.*`. Matching partial subdomains like `app*.k8s.io` is also supported. Each glob can only match a single subdomain segment, so `*.io` does not match `*.k8s.io`.\n\nA match exists between an image and a matchImage when all of the below are true: - Both contain the same number of domain parts and each part matches. - The URL path of an imageMatch must be a prefix of the target image URL path. - If the imageMatch contains a port, then the port must match in the image as well.\n\nExample values of matchImages:\n - `123456789.dkr.ecr.us-east-1.amazonaws.com`\n - `*.azurecr.io`\n - `gcr.io`\n - `*.*.registry.io`\n - `registry.io:8080/path`", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{