Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix typos #44506

Merged
merged 3 commits into from
Jan 2, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ allow-list:

Additionally, the `cardinality_enforcement_unexpected_categorizations_total` meta-metric records the
count of unexpected categorizations during cardinality enforcement, that is, whenever a label value
is encountered that is not allowed with respect to the allow-list contraints.
is encountered that is not allowed with respect to the allow-list constraints.

## {{% heading "whatsnext" %}}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ The general workflow of a device plugin includes the following steps:
// informed allocation decision when possible.
rpc GetPreferredAllocation(PreferredAllocationRequest) returns (PreferredAllocationResponse) {}

// PreStartContainer is called, if indicated by Device Plugin during registeration phase,
// PreStartContainer is called, if indicated by Device Plugin during registration phase,
// before each container start. Device plugin can run device specific operations
// such as resetting the device before making devices available to the container.
rpc PreStartContainer(PreStartContainerRequest) returns (PreStartContainerResponse) {}
Expand Down Expand Up @@ -346,7 +346,7 @@ update and Kubelet needs to be restarted to reflect the correct resource capacit
{{< /note >}}

```gRPC
// AllocatableResourcesResponses contains informations about all the devices known by the kubelet
// AllocatableResourcesResponses contains information about all the devices known by the kubelet
message AllocatableResourcesResponse {
repeated ContainerDevices devices = 1;
repeated int64 cpu_ids = 2;
Expand Down
2 changes: 1 addition & 1 deletion content/en/docs/concepts/policy/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,5 +64,5 @@ Dynamic Admission Controllers that act as flexible policy engines are being deve
## Apply policies using Kubelet configurations

Kubernetes allows configuring the Kubelet on each worker node. Some Kubelet configurations act as policies:
* [Process ID limts and reservations](/docs/concepts/policy/pid-limiting/) are used to limit and reserve allocatable PIDs.
* [Process ID limits and reservations](/docs/concepts/policy/pid-limiting/) are used to limit and reserve allocatable PIDs.
* [Node Resource Managers](/docs/concepts/policy/node-resource-managers/) can manage compute, memory, and device resources for latency-critical and high-throughput workloads.
2 changes: 1 addition & 1 deletion content/en/docs/concepts/security/security-checklist.md
Original file line number Diff line number Diff line change
Expand Up @@ -390,7 +390,7 @@ availability state and recommended to improve your security posture:

[`NodeRestriction`](/docs/reference/access-authn-authz/admission-controllers/#noderestriction)
: Restricts kubelet's permissions to only modify the pods API resources they own
or the node API ressource that represent themselves. It also prevents kubelet
or the node API resource that represent themselves. It also prevents kubelet
from using the `node-restriction.kubernetes.io/` annotation, which can be used
by an attacker with access to the kubelet's credentials to influence pod
placement to the controlled node.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,7 @@ perfectly full distribution of EndpointSlices. As an example, if there are 10
new endpoints to add and 2 EndpointSlices with room for 5 more endpoints each,
this approach will create a new EndpointSlice instead of filling up the 2
existing EndpointSlices. In other words, a single EndpointSlice creation is
preferrable to multiple EndpointSlice updates.
preferable to multiple EndpointSlice updates.

With kube-proxy running on each Node and watching EndpointSlices, every change
to an EndpointSlice becomes relatively expensive since it will be transmitted to
Expand Down
4 changes: 2 additions & 2 deletions content/en/docs/concepts/workloads/controllers/job.md
Original file line number Diff line number Diff line change
Expand Up @@ -395,7 +395,7 @@ for pod failures independently for each index. To do so, set the
`.spec.backoffLimitPerIndex` to specify the maximal number of pod failures
per index.

When the per-index backoff limit is exceeded for an index, Kuberentes considers the index as failed and adds it to the
When the per-index backoff limit is exceeded for an index, Kubernetes considers the index as failed and adds it to the
`.status.failedIndexes` field. The succeeded indexes, those with a successfully
executed pods, are recorded in the `.status.completedIndexes` field, regardless of whether you set
the `backoffLimitPerIndex` field.
Expand Down Expand Up @@ -940,7 +940,7 @@ the Job status, allowing the Pod to be removed by other controllers or users.

{{< note >}}
See [My pod stays terminating](/docs/tasks/debug/debug-application/debug-pods/) if you
observe that pods from a Job are stucked with the tracking finalizer.
observe that pods from a Job are stuck with the tracking finalizer.
{{< /note >}}

### Elastic Indexed Jobs
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ pod1 1/1 Running 0 36s
pod2 1/1 Running 0 36s
```

In this manner, a ReplicaSet can own a non-homogenous set of Pods
In this manner, a ReplicaSet can own a non-homogeneous set of Pods

## Writing a ReplicaSet manifest

Expand Down
2 changes: 1 addition & 1 deletion content/en/docs/contribute/style/diagram-guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -624,7 +624,7 @@ caption and the diagram referral.
flowchart
A[Diagram<br><br>Inline Mermaid or<br>SVG image files]
B[Diagram Caption<br><br>Add Figure Number. and<br>Caption Text]
C[Diagram Referral<br><br>Referenence Figure Number<br>in text]
C[Diagram Referral<br><br>Reference Figure Number<br>in text]

classDef box fill:#fff,stroke:#000,stroke-width:1px,color:#000;
class A,B,C box
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -438,7 +438,7 @@ controller in the cluster, so they have several security features:
`<signerNameDomain>/*`.
* Signer-linked ClusterTrustBundles **must** be named with a prefix derived from
their `spec.signerName` field. Slashes (`/`) are replaced with colons (`:`),
and a final colon is appended. This is followed by an arbitary name. For
and a final colon is appended. This is followed by an arbitrary name. For
example, the signer `example.com/mysigner` can be linked to a
ClusterTrustBundle `example.com:mysigner:<arbitrary-name>`.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ purged by the control plane.
If users use an invalidated auto-generated token, the token validator will

1. add an audit annotation for the key-value pair
`authentication.k8s.io/legacy-token-invalidated: <secret name>/<namepace>`,
`authentication.k8s.io/legacy-token-invalidated: <secret name>/<namespace>`,
1. increment the `invalid_legacy_auto_token_uses_total` metric count,
1. update the Secret label `kubernetes.io/legacy-token-last-used` with the new
date,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -375,7 +375,7 @@ When an API request is validated with this admission policy, the resulting audit
```

In this example the annotation will only be included if the `spec.replicas` of the Deployment is more than
50, otherwise the CEL expression evalutes to null and the annotation will not be included.
50, otherwise the CEL expression evaluates to null and the annotation will not be included.

Note that audit annotation keys are prefixed by the name of the `ValidatingAdmissionWebhook` and a `/`. If
another admission controller, such as an admission webhook, uses the exact same audit annotation key, the
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ _build:
Extend the kubelet's pod resources gRPC endpoint to
to include resources allocated in `ResourceClaims` via `DynamicResourceAllocation` API.
See [resource allocation reporting](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources) for more details.
with informations about the allocatable resources, enabling clients to properly
with information about the allocatable resources, enabling clients to properly
track the free compute resources on a node.
Original file line number Diff line number Diff line change
Expand Up @@ -609,7 +609,7 @@ ZeroLimitedNominalConcurrencyShares=true|false (BETA - default=false)<br/>
<td colspan="2">--kube-reserved strings&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Default: &lt;None&gt;</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;">A set of <code>&lt;resource name&gt;=&lt;resource quantity&gt;</code> (e.g. &quot;<code>cpu=200m,memory=500Mi,ephemeral-storage=1Gi,pid='100'</code>&auot;) pairs that describe resources reserved for kubernetes system components. Currently <code>cpu</code>, <code>memory</code> and local <code>ephemeral-storage</code> for root file system are supported. See <a href="https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#kube-reserved">here</a> for more detail. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's <code>--config</code> flag. See <a href="https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/">kubelet-config-file</a> for more information.)</td>
<td></td><td style="line-height: 130%; word-wrap: break-word;">A set of <code>&lt;resource name&gt;=&lt;resource quantity&gt;</code> (e.g. &quot;<code>cpu=200m,memory=500Mi,ephemeral-storage=1Gi,pid='100'</code>&quot;) pairs that describe resources reserved for kubernetes system components. Currently <code>cpu</code>, <code>memory</code> and local <code>ephemeral-storage</code> for root file system are supported. See <a href="https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#kube-reserved">here</a> for more detail. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's <code>--config</code> flag. See <a href="https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/">kubelet-config-file</a> for more information.)</td>
</tr>

<tr>
Expand Down Expand Up @@ -1087,5 +1087,4 @@ Insecure values:
<td></td><td style="line-height: 130%; word-wrap: break-word;">Specifies interval for kubelet to calculate and cache the volume disk usage for all pods and volumes. To disable volume calculations, set to a negative number. (DEPRECATED: This parameter should be set via the config file specified by the kubelet's <code>--config</code> flag. See <a href="https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/">kubelet-config-file</a> for more information.)</td>
</tr>
</tbody>
</table>

</table>
6 changes: 3 additions & 3 deletions content/en/docs/reference/labels-annotations-taints/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -898,7 +898,7 @@ This is achieved via _SelectorSpreadPriority_.
_SelectorSpreadPriority_ is a best effort placement. If the zones in your cluster are
heterogeneous (for example: different numbers of nodes, different types of nodes, or different pod
resource requirements), this placement might prevent equal spreading of your Pods across zones.
If desired, you can use homogenous zones (same number and types of nodes) to reduce the probability
If desired, you can use homogeneous zones (same number and types of nodes) to reduce the probability
of unequal spreading.

The scheduler (through the _VolumeZonePredicate_ predicate) also will ensure that Pods,
Expand Down Expand Up @@ -1375,7 +1375,7 @@ Example: `batch.kubernetes.io/controller-uid: "$UID"`
Used on: Jobs and Pods controlled by Jobs

This label is used as a programmatic way to get all Pods corresponding to a Job.
The `controller-uid` is a unique identifer that gets set in the `selector` field so the Job
The `controller-uid` is a unique identifier that gets set in the `selector` field so the Job
controller can get all the corresponding Pods.

### scheduler.alpha.kubernetes.io/defaultTolerations {#scheduleralphakubernetesio-defaulttolerations}
Expand Down Expand Up @@ -1948,7 +1948,7 @@ Example: `service.beta.kubernetes.io/aws-load-balancer-security-groups: "sg-53fa

Used on: Service

The AWS load balancer controller uses this annotation to specify a comma seperated list
The AWS load balancer controller uses this annotation to specify a comma separated list
of security groups you want to attach to an AWS load balancer. Both name and ID of security
are supported where name matches a `Name` tag, not the `groupName` attribute.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ Example: `validation.policy.admission.k8s.io/validation_failure: '[{"message": "

Used by Kubernetes version v1.27 and later.

This annotation indicates that a admission policy validation evaluted to false
This annotation indicates that a admission policy validation evaluated to false
for an API request, or that the validation resulted in an error while the policy
was configured with `failurePolicy: Fail`.

Expand Down
2 changes: 1 addition & 1 deletion content/en/docs/reference/node/kubelet-checkpoint-api.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ POST /checkpoint/{namespace}/{pod}/{container}
- **timeout** (*in query*): integer

Timeout in seconds to wait until the checkpoint creation is finished.
If zero or no timeout is specfied the default {{<glossary_tooltip
If zero or no timeout is specified the default {{<glossary_tooltip
term_id="cri" text="CRI">}} timeout value will be used. Checkpoint
creation time depends directly on the used memory of the container.
The more memory a container uses the more time is required to create
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ Read a file containing the kubeadm configuration API and report any validation p

This command lets you validate a kubeadm configuration API file and report any warnings and errors.
If there are no errors the exit status will be zero, otherwise it will be non-zero.
Any unmarshaling problems such as unknown API fields will trigger errors. Unknown API versions and
Any unmarshalling problems such as unknown API fields will trigger errors. Unknown API versions and
fields with invalid values will also trigger errors. Any other errors or warnings may be reported
depending on contents of the input file.

Expand Down
2 changes: 1 addition & 1 deletion content/en/docs/reference/tools/map-crictl-dockercli.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,4 +70,4 @@ crictl | Description
`runp` | Run a new pod
`rmp` | Remove one or more pods
`stopp` | Stop one or more running pods
{{< /table >}}
{{< /table >}}
2 changes: 1 addition & 1 deletion content/en/docs/reference/using-api/cel.md
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ Rules](/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition
are fully type checked.

Some Kubernetes API fields contain partially type checked CEL expressions. A
partially type checked expression is an experessions where some of the variables
partially type checked expression is an expressions where some of the variables
are statically typed but others are dynamically typed. For example, in the CEL
expressions of
[ValidatingAdmissionPolicies](/docs/reference/access-authn-authz/validating-admission-policy/)
Expand Down
2 changes: 1 addition & 1 deletion content/en/docs/reference/using-api/server-side-apply.md
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ request fails.
It is however possible to change `.metadata.managedFields` through an
**update**, or through a **patch** operation that does not use Server-Side Apply.
Doing so is highly discouraged, but might be a reasonable option to try if,
for example, the `.metatadata.managedFields` get into an inconsistent state
for example, the `.metadata.managedFields` get into an inconsistent state
(which should not happen in normal operations).

The format of `managedFields` is [described](/docs/reference/kubernetes-api/common-definitions/object-meta/#System)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -445,7 +445,7 @@ a new `kubelet.conf.csr`, sign the certificate, embed it in `kubelet.conf`
and restart the kubelet.

If this does not apply to your setup, you can skip processing the `kubelet.conf.csr`
on secondary control plane and on workers nodes (all nodes tha call `kubeadm join ...`).
on secondary control plane and on workers nodes (all nodes that call `kubeadm join ...`).
That is because the active kube-controller-manager will be responsible
for signing new kubelet client certificates.

Expand Down Expand Up @@ -598,4 +598,4 @@ Once CSR files have been signed and required certificates are in place on the ho
you want to use as nodes, you can use the commands `kubeadm init` and `kubeadm join`
to create a Kubernetes cluster from these nodes. During `init` and `join`, kubeadm
uses existing certificates, encryption keys and kubeconfig files that it finds in the
`/etc/kubernetes` tree on the host's local filesystem.
`/etc/kubernetes` tree on the host's local filesystem.
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ If the version of the plugin is missing in the CNI plugin config, the pod may
run. However, stopping the pod generates an error similar to:

```
ERRO[2022-04-26T00:43:24.518165483Z] StopPodSandbox for "b" failed
ERROR[2022-04-26T00:43:24.518165483Z] StopPodSandbox for "b" failed
error="failed to destroy network for sandbox \"bbc85f891eaf060c5a879e27bba9b6b06450210161dfdecfbb2732959fb6500a\": invalid version \"\": the version is empty"
```

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ To learn more about keyless signing, please refer to [Keyless Signatures](https:

Previous versions of Cosign required that you set `COSIGN_EXPERIMENTAL=1`.

For additional information, plase refer to the [sigstore Blog](https://blog.sigstore.dev/cosign-2-0-released/)
For additional information, please refer to the [sigstore Blog](https://blog.sigstore.dev/cosign-2-0-released/)
{{< /note >}}

## Verifying image signatures
Expand Down Expand Up @@ -144,4 +144,4 @@ cosign verify-blob \
--certificate-identity [email protected] \
--certificate-oidc-issuer https://accounts.google.com \
"$VERSION.spdx"
```
```
Original file line number Diff line number Diff line change
Expand Up @@ -185,14 +185,14 @@ command line argument to `kubectl create token` (the actual duration of the issu
token might be shorter, or could even be longer).

When the `ServiceAccountTokenNodeBinding` and `ServiceAccountTokenNodeBindingValidation`
features are enabled and the `KUBECTL_NODE_BOUND_TOKENS` enviroment variable is set to `true`,
features are enabled and the `KUBECTL_NODE_BOUND_TOKENS` environment variable is set to `true`,
it is possible to create a service account token that is directly bound to a `Node`:

```shell
KUBECTL_NODE_BOUND_TOKENS=true kubectl create token build-robot --bound-object-kind Node --bound-object-name node-001 --bound-object-uid 123...456
```

The token will be valid until it expires or either the assocaited `Node` or service account are deleted.
The token will be valid until it expires or either the associated `Node` or service account are deleted.

{{< note >}}
Versions of Kubernetes before v1.22 automatically created long term credentials for
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ weight: 130
<!-- overview -->

This page shows how to create a Pod that uses a
{{< glossary_tooltip text="Secret" term_id="secret" >}} to pull an image
from a private container image registry or repository. There are many private
{{< glossary_tooltip text="Secret" term_id="secret" >}} to pull an image
from a private container image registry or repository. There are many private
registries in use. This task uses [Docker Hub](https://www.docker.com/products/docker-hub)
as an example registry.

Expand All @@ -19,8 +19,8 @@ as an example registry.

* To do this exercise, you need the `docker` command line tool, and a
[Docker ID](https://docs.docker.com/docker-id/) for which you know the password.
* If you are using a different private container registry, you need the command
line tool for that registry and any login information for the registry.
* If you are using a different private container registry, you need the command
line tool for that registry and any login information for the registry.

<!-- steps -->

Expand All @@ -39,7 +39,7 @@ When prompted, enter your Docker ID, and then the credential you want to use (ac
or the password for your Docker ID).

The login process creates or updates a `config.json` file that holds an authorization token.
Review [how Kubernetes interprets this file](/docs/concepts/containers/images#config-json).
Review [how Kubernetes interprets this file](/docs/concepts/containers/images#config-json).

View the `config.json` file:

Expand Down Expand Up @@ -245,4 +245,4 @@ Events:
* Learn more about [using a private registry](/docs/concepts/containers/images/#using-a-private-registry).
* Learn more about [adding image pull secrets to a service account](/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account).
* See [kubectl create secret docker-registry](/docs/reference/generated/kubectl/kubectl-commands/#-em-secret-docker-registry-em-).
* See the `imagePullSecrets` field within the [container definitions](/docs/reference/kubernetes-api/workload-resources/pod-v1/#containers) of a Pod
* See the `imagePullSecrets` field within the [container definitions](/docs/reference/kubernetes-api/workload-resources/pod-v1/#containers) of a Pod
Loading