From f8667f73e3cc1d8ef95ba79e5548c89be04cebbc Mon Sep 17 00:00:00 2001 From: David Walter Date: Wed, 29 Jul 2015 15:09:04 -0500 Subject: [PATCH] change underscores to dashes to match the command line argument --- cluster/addons/dns/README.md | 4 ++-- cmd/kubelet/app/server.go | 12 ++++++------ contrib/init/systemd/README.md | 2 +- contrib/mesos/docs/ha.md | 4 ++-- .../recipes/docs/apiserver_hipache_registration.md | 2 +- docs/admin/admission-controllers.md | 2 +- docs/admin/authentication.md | 6 +++--- docs/admin/authorization.md | 10 +++++----- docs/admin/kube-apiserver.md | 12 ++++++------ docs/admin/kube-controller-manager.md | 2 +- docs/admin/kubelet.md | 14 +++++++------- docs/admin/resource-quota.md | 2 +- .../centos/centos_manual_config.md | 8 ++++---- .../coreos/bare_metal_offline.md | 12 ++++++------ .../docker-multinode/master.md | 2 +- .../docker-multinode/worker.md | 4 ++-- docs/getting-started-guides/docker.md | 2 +- .../fedora/fedora_manual_config.md | 8 ++++---- docs/getting-started-guides/scratch.md | 2 +- docs/user-guide/debugging-services.md | 4 ++-- pkg/apiserver/authz.go | 2 +- pkg/master/master.go | 2 +- www/README.md | 4 ++-- 23 files changed, 61 insertions(+), 61 deletions(-) diff --git a/cluster/addons/dns/README.md b/cluster/addons/dns/README.md index 68d540d6e4f..5009b431f59 100644 --- a/cluster/addons/dns/README.md +++ b/cluster/addons/dns/README.md @@ -89,8 +89,8 @@ of this yourself. First, each kubelet needs to run with the following flags set: ``` ---cluster_dns= ---cluster_domain= +--cluster-dns= +--cluster-domain= ``` Second, you need to start the DNS server ReplicationController and Service. See diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index 37e55583d85..cbf7895ac8c 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -201,11 +201,11 @@ func (s *KubeletServer) AddFlags(fs *pflag.FlagSet) { fs.UintVar(&s.ReadOnlyPort, "read-only-port", s.ReadOnlyPort, "The read-only port for the Kubelet to serve on (set to 0 to disable)") fs.StringVar(&s.TLSCertFile, "tls-cert-file", s.TLSCertFile, ""+ "File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). "+ - "If --tls_cert_file and --tls_private_key_file are not provided, a self-signed certificate and key "+ - "are generated for the public address and saved to the directory passed to --cert_dir.") - fs.StringVar(&s.TLSPrivateKeyFile, "tls-private-key-file", s.TLSPrivateKeyFile, "File containing x509 private key matching --tls_cert_file.") + "If --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key "+ + "are generated for the public address and saved to the directory passed to --cert-dir.") + fs.StringVar(&s.TLSPrivateKeyFile, "tls-private-key-file", s.TLSPrivateKeyFile, "File containing x509 private key matching --tls-cert-file.") fs.StringVar(&s.CertDirectory, "cert-dir", s.CertDirectory, "The directory where the TLS certs are located (by default /var/run/kubernetes). "+ - "If --tls_cert_file and --tls_private_key_file are provided, this flag will be ignored.") + "If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.") fs.StringVar(&s.HostnameOverride, "hostname-override", s.HostnameOverride, "If non-empty, will use this string as identification instead of the actual hostname.") fs.StringVar(&s.PodInfraContainerImage, "pod-infra-container-image", s.PodInfraContainerImage, "The image whose network/ipc namespaces containers in each pod will use.") fs.StringVar(&s.DockerEndpoint, "docker-endpoint", s.DockerEndpoint, "If non-empty, use this for the docker endpoint to communicate with") @@ -213,8 +213,8 @@ func (s *KubeletServer) AddFlags(fs *pflag.FlagSet) { fs.BoolVar(&s.AllowPrivileged, "allow-privileged", s.AllowPrivileged, "If true, allow containers to request privileged mode. [default=false]") fs.StringVar(&s.HostNetworkSources, "host-network-sources", s.HostNetworkSources, "Comma-separated list of sources from which the Kubelet allows pods to use of host network. For all sources use \"*\" [default=\"file\"]") fs.Float64Var(&s.RegistryPullQPS, "registry-qps", s.RegistryPullQPS, "If > 0, limit registry pull QPS to this value. If 0, unlimited. [default=0.0]") - fs.IntVar(&s.RegistryBurst, "registry-burst", s.RegistryBurst, "Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry_qps. Only used if --registry_qps > 0") - fs.BoolVar(&s.RunOnce, "runonce", s.RunOnce, "If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api_servers, and --enable-server") + fs.IntVar(&s.RegistryBurst, "registry-burst", s.RegistryBurst, "Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry_qps. Only used if --registry-qps > 0") + fs.BoolVar(&s.RunOnce, "runonce", s.RunOnce, "If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api-servers, and --enable-server") fs.BoolVar(&s.EnableDebuggingHandlers, "enable-debugging-handlers", s.EnableDebuggingHandlers, "Enables server endpoints for log collection and local running of containers and commands") fs.DurationVar(&s.MinimumGCAge, "minimum-container-ttl-duration", s.MinimumGCAge, "Minimum age for a finished container before it is garbage collected. Examples: '300ms', '10s' or '2h45m'") fs.IntVar(&s.MaxPerPodContainerCount, "maximum-dead-containers-per-container", s.MaxPerPodContainerCount, "Maximum number of old instances of a container to retain per container. Each container takes up some disk space. Default: 2.") diff --git a/contrib/init/systemd/README.md b/contrib/init/systemd/README.md index 144cd5e5bd7..b1c466a23d6 100644 --- a/contrib/init/systemd/README.md +++ b/contrib/init/systemd/README.md @@ -29,7 +29,7 @@ Notes ----- It may seem reasonable to use --option=${OPTION} in the .service file instead of only putting the command line option in the environment file. However this results in the possibility of daemons being called with --option= if the environment file does not define a value. Whereas including the --option string inside the environment file means that nothing will be passed to the daemon. So the daemon default will be used for things unset by the environment files. -While some command line options to the daemons use the default when passed an empty option some cause the daemon to fail to launch. --allow_privileged= (without a value of true/false) will cause the kube-apiserver and kubelet to refuse to launch. +While some command line options to the daemons use the default when passed an empty option some cause the daemon to fail to launch. --allow-privileged= (without a value of true/false) will cause the kube-apiserver and kubelet to refuse to launch. It also may seem reasonable to just use $DAEMON_ARGS and string all of these into one line in the environment file. While that makes the .service file simple it makes the admin job more difficult to locate and make appropriate changes to the config. This is a tradeoff between having to update the .service file to add new options or having the config files easy for an admin to work with. I choose: "easy for admin most of the time". diff --git a/contrib/mesos/docs/ha.md b/contrib/mesos/docs/ha.md index 96197f9cd0f..055804d4d7d 100644 --- a/contrib/mesos/docs/ha.md +++ b/contrib/mesos/docs/ha.md @@ -52,8 +52,8 @@ Within the scheduler, compatibility is largely determined by comparing executor a hash is calculated from a subset of the executor-related command line parameters provided to the scheduler process. The command line parameters that affect the hash calculation are listed below. -- `--allow_privileged` -- `--api_servers` +- `--allow-privileged` +- `--api-servers` - `--auth_path` - `--cluster_*` - `--executor_*` diff --git a/contrib/recipes/docs/apiserver_hipache_registration.md b/contrib/recipes/docs/apiserver_hipache_registration.md index 301ff7a3d36..2b283e6854f 100644 --- a/contrib/recipes/docs/apiserver_hipache_registration.md +++ b/contrib/recipes/docs/apiserver_hipache_registration.md @@ -26,7 +26,7 @@ First, create your kube-apiserver.service file (change necessary variables) ExecStart=/opt/bin/kube-apiserver \ --address=0.0.0.0 \ --port=8080 \ - --etcd_servers=http://10.1.10.10:4001 + --etcd-servers=http://10.1.10.10:4001 ExecStartPost=/usr/bin/etcdctl -C 10.1.10.10:4001 set /frontend:172.20.1.20 '[ "kubernetes", "http://${DEFAULT_IPV4}:8080" ]' Restart=always RestartSec=10 diff --git a/docs/admin/admission-controllers.md b/docs/admin/admission-controllers.md index 7c74c5618a9..0af241bff61 100644 --- a/docs/admin/admission-controllers.md +++ b/docs/admin/admission-controllers.md @@ -159,7 +159,7 @@ Yes. For Kubernetes 1.0, we strongly recommend running the following set of admission control plug-ins (order matters): ``` ---admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota +--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota ``` diff --git a/docs/admin/authentication.md b/docs/admin/authentication.md index 674ffba9186..dac3ada7d9d 100644 --- a/docs/admin/authentication.md +++ b/docs/admin/authentication.md @@ -35,13 +35,13 @@ Documentation for other releases can be found at Kubernetes uses client certificates, tokens, or http basic auth to authenticate users for API calls. -**Client certificate authentication** is enabled by passing the `--client_ca_file=SOMEFILE` +**Client certificate authentication** is enabled by passing the `--client-ca-file=SOMEFILE` option to apiserver. The referenced file must contain one or more certificates authorities to use to validate client certificates presented to the apiserver. If a client certificate is presented and verified, the common name of the subject is used as the user name for the request. -**Token authentication** is enabled by passing the `--token_auth_file=SOMEFILE` option +**Token authentication** is enabled by passing the `--token-auth-file=SOMEFILE` option to apiserver. Currently, tokens last indefinitely, and the token list cannot be changed without restarting apiserver. We plan in the future for tokens to be short-lived, and to be generated as needed rather than stored in a file. @@ -52,7 +52,7 @@ and is a csv file with 3 columns: token, user name, user uid. When using token authentication from an http client the apiserver expects an `Authorization` header with a value of `Bearer SOMETOKEN`. -**Basic authentication** is enabled by passing the `--basic_auth_file=SOMEFILE` +**Basic authentication** is enabled by passing the `--basic-auth-file=SOMEFILE` option to apiserver. Currently, the basic auth credentials last indefinitely, and the password cannot be changed without restarting apiserver. Note that basic authentication is currently supported for convenience while we finish making the diff --git a/docs/admin/authorization.md b/docs/admin/authorization.md index e28e82abf8b..e0564b65441 100644 --- a/docs/admin/authorization.md +++ b/docs/admin/authorization.md @@ -45,9 +45,9 @@ the request, (such as user, resource, and namespace) with access policies. An API call must be allowed by some policy in order to proceed. The following implementations are available, and are selected by flag: - - `--authorization_mode=AlwaysDeny` - - `--authorization_mode=AlwaysAllow` - - `--authorization_mode=ABAC` + - `--authorization-mode=AlwaysDeny` + - `--authorization-mode=AlwaysAllow` + - `--authorization-mode=ABAC` `AlwaysDeny` blocks all requests (used in tests). `AlwaysAllow` allows all requests; use if you don't need authorization. @@ -72,13 +72,13 @@ to assist in policy management. ### Policy File Format -For mode `ABAC`, also specify `--authorization_policy_file=SOME_FILENAME`. +For mode `ABAC`, also specify `--authorization-policy-file=SOME_FILENAME`. The file format is [one JSON object per line](http://jsonlines.org/). There should be no enclosing list or map, just one map per line. Each line is a "policy object". A policy object is a map with the following properties: - - `user`, type string; the user-string from `--token_auth_file` + - `user`, type string; the user-string from `--token-auth-file` - `readonly`, type boolean, when true, means that the policy only applies to GET operations. - `resource`, type string; a resource from an URL, such as `pods`. diff --git a/docs/admin/kube-apiserver.md b/docs/admin/kube-apiserver.md index 4a24578d16b..4396f23e671 100644 --- a/docs/admin/kube-apiserver.md +++ b/docs/admin/kube-apiserver.md @@ -73,12 +73,12 @@ cluster's shared state through which all other components interact. -h, --help=false: help for kube-apiserver --insecure-bind-address=: The IP address on which to serve the --insecure-port (set to 0.0.0.0 for all interfaces). Defaults to localhost. --insecure-port=0: The port on which to serve unsecured, unauthenticated access. Default 8080. It is assumed that firewall rules are set up such that this port is not reachable from outside of the cluster and that port 443 on the cluster's public address is proxied to this port. This is performed by nginx in the default setup. - --kubelet_certificate_authority="": Path to a cert. file for the certificate authority. - --kubelet_client_certificate="": Path to a client key file for TLS. - --kubelet_client_key="": Path to a client key file for TLS. - --kubelet_https=false: Use https for kubelet connections - --kubelet_port=0: Kubelet port - --kubelet_timeout=0: Timeout for kubelet operations + --kubelet-certificate-authority="": Path to a cert. file for the certificate authority. + --kubelet-client-certificate="": Path to a client key file for TLS. + --kubelet-client-key="": Path to a client key file for TLS. + --kubelet-https=false: Use https for kubelet connections + --kubelet-port=0: Kubelet port + --kubelet-timeout=0: Timeout for kubelet operations --long-running-request-regexp="(/|^)((watch|proxy)(/|$)|(logs|portforward|exec)/?$)": A regular expression matching long running requests which should be excluded from maximum inflight request handling. --master-service-namespace="": The namespace from which the Kubernetes master services should be injected into pods --max-requests-inflight=400: The maximum number of requests in flight at a given time. When the server exceeds this, it rejects requests. Zero for no limit. diff --git a/docs/admin/kube-controller-manager.md b/docs/admin/kube-controller-manager.md index a88b7bae791..0bfaf38d74b 100644 --- a/docs/admin/kube-controller-manager.md +++ b/docs/admin/kube-controller-manager.md @@ -58,7 +58,7 @@ controller, and serviceaccounts controller. --cluster-cidr=: CIDR Range for Pods in cluster. --cluster-name="": The instance prefix for the cluster --concurrent-endpoint-syncs=0: The number of endpoint syncing operations that will be done concurrently. Larger number = faster endpoint updating, but more CPU (and network) load - --concurrent_rc_syncs=0: The number of replication controllers that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load + --concurrent-rc-syncs=0: The number of replication controllers that are allowed to sync concurrently. Larger number = more responsive replica management, but more CPU (and network) load --deleting-pods-burst=10: Number of nodes on which pods are bursty deleted in case of node failure. For more details look into RateLimiter. --deleting-pods-qps=0.1: Number of nodes per second on which pods are deleted in case of node failure. -h, --help=false: help for kube-controller-manager diff --git a/docs/admin/kubelet.md b/docs/admin/kubelet.md index d37738ec5e0..17a464a838a 100644 --- a/docs/admin/kubelet.md +++ b/docs/admin/kubelet.md @@ -64,8 +64,8 @@ HTTP server: The kubelet can also listen for HTTP and respond to a simple API --allow-privileged=false: If true, allow containers to request privileged mode. [default=false] --api-servers=[]: List of Kubernetes API servers for publishing events, and reading pods and services. (ip:port), comma separated. --cadvisor-port=0: The port of the localhost cAdvisor endpoint - --cert-dir="": The directory where the TLS certs are located (by default /var/run/kubernetes). If --tls_cert_file and --tls_private_key_file are provided, this flag will be ignored. - --cgroup_root="": Optional root cgroup to use for pods. This is handled by the container runtime on a best effort basis. Default: '', which means use the container runtime default. + --cert-dir="": The directory where the TLS certs are located (by default /var/run/kubernetes). If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored. + --cgroup-root="": Optional root cgroup to use for pods. This is handled by the container runtime on a best effort basis. Default: '', which means use the container runtime default. --chaos-chance=0: If > 0.0, introduce random client errors and latency. Intended for testing. [default=0.0] --cloud-config="": The path to the cloud provider configuration file. Empty string for no configuration file. --cloud-provider="": The provider for cloud services. Empty string for no provider. @@ -73,7 +73,7 @@ HTTP server: The kubelet can also listen for HTTP and respond to a simple API --cluster-domain="": Domain for this cluster. If set, kubelet will configure all containers to search this domain in addition to the host's search domains --config="": Path to the config file or directory of files --configure-cbr0=false: If true, kubelet will configure cbr0 based on Node.Spec.PodCIDR. - --container_runtime="": The container runtime to use. Possible values: 'docker', 'rkt'. Default: 'docker'. + --container-runtime="": The container runtime to use. Possible values: 'docker', 'rkt'. Default: 'docker'. --containerized=false: Experimental support for running kubelet in a container. Intended for testing. [default=false] --docker-endpoint="": If non-empty, use this for the docker endpoint to communicate with --docker-exec-handler="": Handler to use when executing a command in a container. Valid values are 'native' and 'nsenter'. Defaults to 'native'. @@ -105,16 +105,16 @@ HTTP server: The kubelet can also listen for HTTP and respond to a simple API --read-only-port=0: The read-only port for the Kubelet to serve on (set to 0 to disable) --really-crash-for-testing=false: If true, when panics occur crash. Intended for testing. --register-node=false: Register the node with the apiserver (defaults to true if --api-server is set) - --registry-burst=0: Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry_qps. Only used if --registry_qps > 0 + --registry-burst=0: Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry_qps. Only used if --registry-qps > 0 --registry-qps=0: If > 0, limit registry pull QPS to this value. If 0, unlimited. [default=0.0] --resource-container="": Absolute name of the resource-only container to create and run the Kubelet in (Default: /kubelet). --root-dir="": Directory path for managing kubelet files (volume mounts,etc). - --runonce=false: If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api_servers, and --enable-server + --runonce=false: If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api-servers, and --enable-server --streaming-connection-idle-timeout=0: Maximum time a streaming connection can be idle before the connection is automatically closed. Example: '5m' --sync-frequency=0: Max period between synchronizing running containers and config --system-container="": Optional resource-only container in which to place all non-kernel processes that are not already in a container. Empty for no container. Rolling back the flag requires a reboot. (Default: ""). - --tls-cert-file="": File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If --tls_cert_file and --tls_private_key_file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory passed to --cert_dir. - --tls-private-key-file="": File containing x509 private key matching --tls_cert_file. + --tls-cert-file="": File containing x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). If --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory passed to --cert-dir. + --tls-private-key-file="": File containing x509 private key matching --tls-cert-file. ``` ###### Auto generated by spf13/cobra at 2015-07-06 18:03:36.451093085 +0000 UTC diff --git a/docs/admin/resource-quota.md b/docs/admin/resource-quota.md index 669a97fa13b..22d9b0eca27 100644 --- a/docs/admin/resource-quota.md +++ b/docs/admin/resource-quota.md @@ -64,7 +64,7 @@ Neither contention nor changes to quota will affect already-running pods. ## Enabling Resource Quota Resource Quota support is enabled by default for many Kubernetes distributions. It is -enabled when the apiserver `--admission_control=` flag has `ResourceQuota` as +enabled when the apiserver `--admission-control=` flag has `ResourceQuota` as one of its arguments. Resource Quota is enforced in a particular namespace when there is a diff --git a/docs/getting-started-guides/centos/centos_manual_config.md b/docs/getting-started-guides/centos/centos_manual_config.md index af6d02c1808..f864bf18403 100644 --- a/docs/getting-started-guides/centos/centos_manual_config.md +++ b/docs/getting-started-guides/centos/centos_manual_config.md @@ -104,7 +104,7 @@ echo "192.168.121.9 centos-master ```sh # Comma separated list of nodes in the etcd cluster -KUBE_ETCD_SERVERS="--etcd_servers=http://centos-master:4001" +KUBE_ETCD_SERVERS="--etcd-servers=http://centos-master:4001" # logging to stderr means we get it in the systemd journal KUBE_LOGTOSTDERR="--logtostderr=true" @@ -113,7 +113,7 @@ KUBE_LOGTOSTDERR="--logtostderr=true" KUBE_LOG_LEVEL="--v=0" # Should this cluster be allowed to run privileged docker containers -KUBE_ALLOW_PRIV="--allow_privileged=false" +KUBE_ALLOW_PRIV="--allow-privileged=false" ``` * Disable the firewall on both the master and node, as docker does not play well with other firewall rule managers @@ -138,7 +138,7 @@ KUBE_API_PORT="--port=8080" KUBE_MASTER="--master=http://centos-master:8080" # Port kubelets listen on -KUBELET_PORT="--kubelet_port=10250" +KUBELET_PORT="--kubelet-port=10250" # Address range to use for services KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16" @@ -171,7 +171,7 @@ KUBELET_ADDRESS="--address=0.0.0.0" KUBELET_PORT="--port=10250" # You may leave this blank to use the actual hostname -KUBELET_HOSTNAME="--hostname_override=centos-minion" +KUBELET_HOSTNAME="--hostname-override=centos-minion" # Add your own! KUBELET_ARGS="" diff --git a/docs/getting-started-guides/coreos/bare_metal_offline.md b/docs/getting-started-guides/coreos/bare_metal_offline.md index fa537b393b4..1083c91e128 100644 --- a/docs/getting-started-guides/coreos/bare_metal_offline.md +++ b/docs/getting-started-guides/coreos/bare_metal_offline.md @@ -423,7 +423,7 @@ On the PXE server make and fill in the variables `vi /var/www/html/coreos/pxe-cl --address=0.0.0.0 \ --port=8080 \ --service-cluster-ip-range=10.100.0.0/16 \ - --etcd_servers=http://127.0.0.1:4001 \ + --etcd-servers=http://127.0.0.1:4001 \ --logtostderr=true Restart=always RestartSec=10 @@ -586,7 +586,7 @@ On the PXE server make and fill in the variables `vi /var/www/html/coreos/pxe-cl ExecStartPre=/usr/bin/wget -N -P /opt/bin http:///kube-proxy ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-proxy ExecStart=/opt/bin/kube-proxy \ - --etcd_servers=http://:4001 \ + --etcd-servers=http://:4001 \ --logtostderr=true Restart=always RestartSec=10 @@ -605,10 +605,10 @@ On the PXE server make and fill in the variables `vi /var/www/html/coreos/pxe-cl ExecStart=/opt/bin/kubelet \ --address=0.0.0.0 \ --port=10250 \ - --hostname_override=${DEFAULT_IPV4} \ - --api_servers=:8080 \ - --healthz_bind_address=0.0.0.0 \ - --healthz_port=10248 \ + --hostname-override=${DEFAULT_IPV4} \ + --api-servers=:8080 \ + --healthz-bind-address=0.0.0.0 \ + --healthz-port=10248 \ --logtostderr=true Restart=always RestartSec=10 diff --git a/docs/getting-started-guides/docker-multinode/master.md b/docs/getting-started-guides/docker-multinode/master.md index 02d1a30e111..2f61adba241 100644 --- a/docs/getting-started-guides/docker-multinode/master.md +++ b/docs/getting-started-guides/docker-multinode/master.md @@ -160,7 +160,7 @@ systemctl start docker Ok, now that your networking is set up, you can startup Kubernetes, this is the same as the single-node case, we will use the "main" instance of the Docker daemon for the Kubernetes components. ```sh -sudo docker run --net=host --privileged -d -v /sys:/sys:ro -v /var/run/docker.sock:/var/run/docker.sock gcr.io/google_containers/hyperkube:v1.0.1 /hyperkube kubelet --api-servers=http://localhost:8080 --v=2 --insecure-bind-address=0.0.0.0 --enable-server --hostname-override=127.0.0.1 --config=/etc/kubernetes/manifests-multi +sudo docker run --net=host -d -v /var/run/docker.sock:/var/run/docker.sock gcr.io/google_containers/hyperkube:v0.21.2 /hyperkube kubelet --api-servers=http://localhost:8080 --v=2 --address=0.0.0.0 --enable-server --hostname-override=127.0.0.1 --config=/etc/kubernetes/manifests-multi ``` ### Also run the service proxy diff --git a/docs/getting-started-guides/docker-multinode/worker.md b/docs/getting-started-guides/docker-multinode/worker.md index 20eb17f4d49..8b79b8c2183 100644 --- a/docs/getting-started-guides/docker-multinode/worker.md +++ b/docs/getting-started-guides/docker-multinode/worker.md @@ -143,10 +143,10 @@ systemctl start docker #### Run the kubelet -Again this is similar to the above, but the `--api_servers` now points to the master we set up in the beginning. +Again this is similar to the above, but the `--api-servers` now points to the master we set up in the beginning. ```sh -sudo docker run --net=host --privileged -d -v /sys:/sys:ro -v /var/run/docker.sock:/var/run/docker.sock gcr.io/google_containers/hyperkube:v1.0.1 /hyperkube kubelet --api-servers=http://${MASTER_IP}:8080 --v=2 --insecure-bind-address=0.0.0.0 --enable-server --hostname-override=$(hostname -i) +sudo docker run --net=host -d -v /var/run/docker.sock:/var/run/docker.sock gcr.io/google_containers/hyperkube:v0.21.2 /hyperkube kubelet --api-servers=http://${MASTER_IP}:8080 --v=2 --address=0.0.0.0 --enable-server --hostname-override=$(hostname -i) ``` #### Run the service proxy diff --git a/docs/getting-started-guides/docker.md b/docs/getting-started-guides/docker.md index 15828612c03..26d5ef062d4 100644 --- a/docs/getting-started-guides/docker.md +++ b/docs/getting-started-guides/docker.md @@ -65,7 +65,7 @@ docker run --net=host -d gcr.io/google_containers/etcd:2.0.12 /usr/local/bin/etc ### Step Two: Run the master ```sh -docker run --net=host --privileged -d -v /sys:/sys:ro -v /var/run/docker.sock:/var/run/docker.sock gcr.io/google_containers/hyperkube:v1.0.1 /hyperkube kubelet --api-servers=http://localhost:8080 --v=2 --insecure-bind-address=0.0.0.0 --enable-server --hostname-override=127.0.0.1 --config=/etc/kubernetes/manifests +docker run --net=host -d -v /var/run/docker.sock:/var/run/docker.sock gcr.io/google_containers/hyperkube:v0.21.2 /hyperkube kubelet --api-servers=http://localhost:8080 --v=2 --address=0.0.0.0 --enable-server --hostname-override=127.0.0.1 --config=/etc/kubernetes/manifests ``` This actually runs the kubelet, which in turn runs a [pod](../user-guide/pods.md) that contains the other master components. diff --git a/docs/getting-started-guides/fedora/fedora_manual_config.md b/docs/getting-started-guides/fedora/fedora_manual_config.md index 3b1e521566b..bd075c2c062 100644 --- a/docs/getting-started-guides/fedora/fedora_manual_config.md +++ b/docs/getting-started-guides/fedora/fedora_manual_config.md @@ -95,7 +95,7 @@ KUBE_LOGTOSTDERR="--logtostderr=true" KUBE_LOG_LEVEL="--v=0" # Should this cluster be allowed to run privileged docker containers -KUBE_ALLOW_PRIV="--allow_privileged=false" +KUBE_ALLOW_PRIV="--allow-privileged=false" ``` * Disable the firewall on both the master and node, as docker does not play well with other firewall rule managers. Please note that iptables-services does not exist on default fedora server install. @@ -114,7 +114,7 @@ systemctl stop iptables-services firewalld KUBE_API_ADDRESS="--address=0.0.0.0" # Comma separated list of nodes in the etcd cluster -KUBE_ETCD_SERVERS="--etcd_servers=http://127.0.0.1:4001" +KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:4001" # Address range to use for services KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16" @@ -195,10 +195,10 @@ a Kubernetes node (fed-node) below. KUBELET_ADDRESS="--address=0.0.0.0" # You may leave this blank to use the actual hostname -KUBELET_HOSTNAME="--hostname_override=fed-node" +KUBELET_HOSTNAME="--hostname-override=fed-node" # location of the api-server -KUBELET_API_SERVER="--api_servers=http://fed-master:8080" +KUBELET_API_SERVER="--api-servers=http://fed-master:8080" # Add your own! #KUBELET_ARGS="" diff --git a/docs/getting-started-guides/scratch.md b/docs/getting-started-guides/scratch.md index 5e58b9a485b..e31b6838805 100644 --- a/docs/getting-started-guides/scratch.md +++ b/docs/getting-started-guides/scratch.md @@ -420,7 +420,7 @@ for rkt networking support. You can start rkt metadata service by using command `sudo systemd-run rkt metadata-service` Then you need to configure your kubelet with flag: - - `--container_runtime=rkt` + - `--container-runtime=rkt` ### kubelet diff --git a/docs/user-guide/debugging-services.md b/docs/user-guide/debugging-services.md index 512f4a927d1..41241138ed2 100644 --- a/docs/user-guide/debugging-services.md +++ b/docs/user-guide/debugging-services.md @@ -295,8 +295,8 @@ Address: 10.0.1.175 If you are able to do a fully-qualified name lookup but not a relative one, you need to check that your `kubelet` is running with the right flags. -The `--cluster_dns` flag needs to point to your DNS `Service`'s IP and the -`--cluster_domain` flag needs to be your cluster's domain - we assumed +The `--cluster-dns` flag needs to point to your DNS `Service`'s IP and the +`--cluster-domain` flag needs to be your cluster's domain - we assumed "cluster.local" in this document, but yours might be different, in which case you should change that in all of the commands above. diff --git a/pkg/apiserver/authz.go b/pkg/apiserver/authz.go index 7fc593140bc..41ccf745943 100644 --- a/pkg/apiserver/authz.go +++ b/pkg/apiserver/authz.go @@ -67,7 +67,7 @@ var AuthorizationModeChoices = []string{ModeAlwaysAllow, ModeAlwaysDeny, ModeABA // based on the authorizationMode xor an error. authorizationMode should be one of AuthorizationModeChoices. func NewAuthorizerFromAuthorizationConfig(authorizationMode string, authorizationPolicyFile string) (authorizer.Authorizer, error) { if authorizationPolicyFile != "" && authorizationMode != "ABAC" { - return nil, errors.New("Cannot specify --authorization_policy_file without mode ABAC") + return nil, errors.New("Cannot specify --authorization-policy-file without mode ABAC") } // Keep cases in sync with constant list above. switch authorizationMode { diff --git a/pkg/master/master.go b/pkg/master/master.go index a66e7dd5adf..d3470e89f96 100644 --- a/pkg/master/master.go +++ b/pkg/master/master.go @@ -612,7 +612,7 @@ func (m *Master) init(c *Config) { if len(c.CorsAllowedOriginList) > 0 { allowedOriginRegexps, err := util.CompileRegexps(c.CorsAllowedOriginList) if err != nil { - glog.Fatalf("Invalid CORS allowed origin, --cors_allowed_origins flag was set to %v - %v", strings.Join(c.CorsAllowedOriginList, ","), err) + glog.Fatalf("Invalid CORS allowed origin, --cors-allowed-origins flag was set to %v - %v", strings.Join(c.CorsAllowedOriginList, ","), err) } handler = apiserver.CORS(handler, allowedOriginRegexps, nil, nil, "true") } diff --git a/www/README.md b/www/README.md index 23407f0b790..f30296589f4 100644 --- a/www/README.md +++ b/www/README.md @@ -125,8 +125,8 @@ angular.module('kubernetesApp.config', []) ``` ### Kubernetes server configuration -**RECOMMENDED**: The Kubernetes api server does not enable CORS by default, so `kube-apiserver` must be started with `--cors_allowed_origins=http://` or `--cors_allowed_origins=.*`. +**RECOMMENDED**: The Kubernetes api server does not enable CORS by default, so `kube-apiserver` must be started with `--cors-allowed-origins=http://` or `--cors-allowed-origins=.*`. **NOT RECOMMENDED**: If you don't want to/cannot restart the Kubernetes api server, you can start your browser with web security disabled. For example, you can [launch Chrome](http://www.chromium.org/developers/how-tos/run-chromium-with-flags) with flag `--disable-web-security`. Be careful not to visit untrusted web sites when running your browser in this mode.