feat: Create Advanced Pod Configuration page and restructure main Pod documentation #51519
Conversation
… Configuration Updated the Pods documentation to provide clearer examples of basic and advanced security context configurations. Added a new page for Advanced Pod Configuration covering priority classes, runtime classes, and node selection strategies, along with detailed YAML examples for each topic. This improves the clarity and usability of security settings in Kubernetes Pods.
…ate-pod-advance-config-page
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
the
size/L
|
Hello @lmktfy Kindly check this out on the pod restructuring issue |
✅ Pull request preview available for checkingBuilt without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify project configuration. |
lmktfy
left a comment
lmktfy
left a comment
There was a problem hiding this comment.
@Caesarsage thank you for working on this.
What you've done is a great first step, but it's not aligned enoug to our style guide for me to accept it as is.
Now, I've added a lot of suggestions. You don't have to accept any of them, but we do need the page we merge to mostly align with the style guide. All new pages should follow that style guide reasonably closely.
Would you be willing to revise this based on feedback?
| {{< /caution >}} | ||
| granular control over what a Pod or individual containers can do. | ||
|
|
||
| For basic security configuration, you can set simple security contexts: |
There was a problem hiding this comment.
I would specifically recommend meeting the Baseline Pod security standard + running as non-root.
| command: ["sh", "-c", "sleep 1h"] | ||
| ``` | ||
| For advanced security context configuration including capabilities, seccomp profiles, and detailed security options, see [Advanced Pod Configuration](/docs/concepts/workloads/pods/advanced-pod-config/#advanced-security-context-configuration). |
There was a problem hiding this comment.
Let's link to the security concepts section instead.
| object definition describes the object in detail. | ||
| * [The Distributed System Toolkit: Patterns for Composite Containers](/blog/2015/06/the-distributed-system-toolkit-patterns/) explains common layouts for Pods with more than one container. | ||
| * Read about [Pod topology spread constraints](/docs/concepts/scheduling-eviction/topology-spread-constraints/) | ||
| * Explore [Advanced Pod Configuration](/docs/concepts/workloads/pods/advanced-pod-config/) for priority classes, runtime classes, and detailed node selection strategies. |
There was a problem hiding this comment.
| * Explore [Advanced Pod Configuration](/docs/concepts/workloads/pods/advanced-pod-config/) for priority classes, runtime classes, and detailed node selection strategies. | |
| * Read [Advanced Pod Configuration](/docs/concepts/workloads/pods/advanced-pod-config/) to learn the topic in detail. | |
| That page covers aspects of Pod configuration beyond the essentials, including: | |
| * PriorityClasses | |
| * RuntimeClasses | |
| * advanced ways to configure _scheduling_: the way that Kubernetes decides which node a Pod should run on. |
Thanks for the feedback. Yeah, i will revise base on the feedback and also take another look at the style guide @lmktfy |
…ng clarity on priority classes, runtime classes, and security contexts.
|
@lmktfy Thank you for your thorough reviews and detailed feedback. I have refined the pages based on your suggestions and aligned them with the Kubernetes style guide. |
lmktfy
left a comment
lmktfy
left a comment
There was a problem hiding this comment.
/lgtm
I have a few suggestions, but they are not so important that we need to wait for them to get fixed.
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 26693177d96a623b7f35abcccaa36e3946c12ed7
|
|
/assign tengqm per #51519 (comment) |
| security context of the Pod spec. For details and instructions, see | ||
| [Create a Windows HostProcess Pod](/docs/tasks/configure-pod-container/create-hostprocess-pod/). | ||
| {{< /caution >}} | ||
| granular control over what a Pod or individual containers can do. |
There was a problem hiding this comment.
Since the PR removes the general overview of what general control can be done. Perhaps it's good to link to the new "advanced-pod-config" page. Something like the below suggestion
| granular control over what a Pod or individual containers can do. | |
| granular control over what a Pod or individual containers can do. See [Advanced Pod Configuration](/docs/concepts/workloads/pods/advanced-pod-config/) for more details. |
There was a problem hiding this comment.
Yeah, this is a Good suggestion @reylejano . Thanks.
k8s-ci-robot
removed
the
lgtm
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
|
||
| ## Pod and container level security context configuration {#security-context} | ||
|
|
||
| The `Security context` field in the Pod specification provides granular control over security settings for Pods and containers. |
There was a problem hiding this comment.
Hmm, there isn't a space in the actual field name. Check this.
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 09ca53121fec2aca2ef6a773339cd97da226a7c7
|
5 participants
This PR implements the feature request from issue #51423 to create a dedicated Advanced Pod Configuration page and restructure the main Pod documentation for better user experience.
Changes:
Creates /docs/concepts/workloads/pods/advanced-pod-config/ with comprehensive coverage of:
Simplifies main Pod page to focus on basic concepts
Adds cross-references between basic and advanced topics
Positions advanced page last in navigation (weight: 180)
Related Issues:
Addresses #51423: "Pod Restructuring: Create Advanced Pod Configuration page"
Supports broader Pod documentation restructuring effort (#38867)
Closes: #51423