Merge branch 'master' into release-1.9

_includes/partner-script.js

@@ -104,35 +104,56 @@
 			logo: 'diamanti',
 			link: 'https://www.diamanti.com/products/',
 			blurb: 'Diamanti deploys containers with guaranteed performance using Kubernetes in the first hyperconverged appliance purpose built for containerized applications.'
-		},
+				},
 		{
 			type: 0,
 			name: 'Aporeto',
 			logo: 'aporeto',
 			link: 'https://aporeto.com/trireme',
 			blurb: 'Aporeto makes cloud-native applications secure by default without impacting developer velocity and works at any scale, on any cloud.'
-		},
+				},
 		{
   		type: 2,
  			name: 'Giant Swarm',
  			logo: 'giant_swarm',
  			link: 'https://giantswarm.io',
  			blurb: 'Giant Swarm provides fully-managed Kubernetes Clusters in your location of choice, so you can focus on your product.'
- 		},
+ 				},
+		{
+		 	type: 3,
+		 	name: 'Giant Swarm',
+		 	logo: 'giant_swarm',
+		 	link: 'https://giantswarm.io/product/',
+		 	blurb: 'Giant Swarm - Managed Kubernetes on AWS'
+		 		},
+		{
+		 	type: 3,
+			name: 'Hasura',
+			logo: 'hasura',
+			link: 'https://hasura.io',
+			blurb: 'Hasura - Hasura'
+				},
 		{
  			type: 3,
  			name: 'Mirantis',
  			logo: 'mirantis',
  			link: 'https://www.mirantis.com/software/kubernetes/',
  			blurb: 'Mirantis - Mirantis Cloud Platform'
- 		},
+ 				},
+		{
+		 	type: 2,
+		 	name: 'Mirantis',
+		 	logo: 'mirantis',
+		 	link: 'https://content.mirantis.com/Containerizing-OpenStack-on-Kubernetes-Video-Landing-Page.html',
+		 	blurb: 'Mirantis builds and manages private clouds with open source software such as OpenStack, deployed as containers orchestrated by Kubernetes.'
+		 		},
 		{
  			type: 0,
  			name: 'Kubernetic',
  			logo: 'kubernetic',
  			link: 'https://kubernetic.com/',
  			blurb: 'Kubernetic is a Kubernetes Desktop client that simplifies and democratizes cluster management for DevOps.'
- 		},
+ 				},
 		{
 			type: 1,
 			name: 'Reactive Ops',
@@ -196,6 +217,13 @@
  			link: 'http://www.inwinstack.com/index.php/en/solutions-en/',
  			blurb: 'Our container service leverages OpenStack-based infrastructure and its container orchestration engine Magnum to manage Kubernetes clusters.'
   		},
+	{
+	 	type: 3,
+	 	name: 'InwinSTACK',
+	 	logo: 'inwinstack',
+	 	link: 'https://github.com/inwinstack/kube-ansible',
+	 	blurb: 'inwinSTACK - kube-ansible'
+	  	},
 		{
  			type: 1,
  			name: 'Semantix',
@@ -428,12 +456,33 @@
 			blurb: 'Kenzan is a software engineering and full-service consulting firm that provides customized, end-to-end solutions that drive change through digital transformation.'
 			},
 		{
-			type: 0,
+			type: 3,
 			name: 'Kublr',
 			logo: 'kublr',
 			link: 'http://kublr.com',
-			blurb: 'Simplify and speed up the management of your containerized applications at scale.'
+			blurb: 'Kublr - Accelerate and control the deployment, scaling, monitoring and management of your containerized applications.'
 			},
+		{
+			type: 3,
+			name: 'Nirmata',
+			logo: 'nirmata',
+			link: 'https://www.nirmata.com/',
+			blurb: 'Nirmata - Nirmata Managed Kubernetes'
+				},
+		{
+			type: 3,
+			name: 'TenxCloud',
+			logo: 'tenxcloud',
+			link: 'https://tenxcloud.com',
+			blurb: 'TenxCloud - TenxCloud Container Engine (TCE)'
+				},
+		{
+			type: 3,
+			name: 'Twistlock',
+			logo: 'twistlock',
+			link: 'https://www.twistlock.com/',
+			blurb: 'Twistlock - Twistlock'
+				},
 		{
 			type: 0,
 			name: 'Endocode AG',
@@ -684,6 +733,13 @@
 			name: 'Canonical',
 			logo: 'canonical',
 			link: 'https://www.ubuntu.com/kubernetes',
+			blurb: 'The Canonical Distribution of Kubernetes enables you to operate Kubernetes clusters on demand on any major public cloud and private infrastructure.'
+				},
+		{
+			type: 2,
+			name: 'Canonical',
+			logo: 'canonical',
+			link: 'https://www.ubuntu.com/kubernetes',
 			blurb: 'Canonical Ltd. - Canonical Distribution of Kubernetes'
 				},
 		{
@@ -707,6 +763,13 @@
 			link: 'https://www.ibm.com/cloud/container-service',
 			blurb: 'IBM - IBM Cloud Container Service'
 				},
+		{
+			type: 2,
+			name: 'IBM',
+			logo: 'ibm',
+			link: 'https://www.ibm.com/cloud-computing/bluemix/containers',
+			blurb: 'The IBM Bluemix Container Service combines Docker and Kubernetes to deliver powerful tools, an intuitive user experiences, and built-in security and isolation to enable rapid delivery of applications all while leveraging Cloud Services including cognitive capabilities from Watson.'
+				},
 		{
 			type: 3,
 			name: 'Samsung',
@@ -721,20 +784,41 @@
 			link: 'https://www.ibm.com/cloud-computing/products/ibm-cloud-private/',
 			blurb: 'IBM - IBM Cloud Private'
 				},
+		{
+			type: 3,
+			name: 'Kinvolk',
+			logo: 'kinvolk',
+			link: 'https://github.com/kinvolk/kube-spawn',
+			blurb: 'Kinvolk - kube-spawn'
+				},
 		{
 			type: 3,
 			name: 'Heptio',
 			logo: 'heptio',
 			link: 'https://aws.amazon.com/quickstart/architecture/heptio-kubernetes',
 			blurb: 'Heptio - AWS-Quickstart'
 				},
+		{
+			type: 2,
+			name: 'Heptio',
+			logo: 'heptio',
+			link: 'http://heptio.com',
+			blurb: 'Heptio helps businesses of all sizes get closer to the vibrant Kubernetes community.'
+				},
 		{
 			type: 3,
 			name: 'StackPointCloud',
 			logo: 'stackpoint',
 			link: 'https://stackpoint.io',
 			blurb: 'StackPointCloud - StackPointCloud'
 				},
+		{
+			type: 2,
+			name: 'StackPointCloud',
+			logo: 'stackpoint',
+			link: 'https://stackpoint.io',
+			blurb: 'StackPointCloud offers a wide range of support plans for managed Kubernetes clusters built through its universal control plane for Kubernetes Anywhere.'
+				},
 		{
 			type: 3,
 			name: 'Caicloud',
@@ -770,6 +854,13 @@
 			link: 'http://www.huaweicloud.com/product/cce.html',
 			blurb: 'Huawei - Huawei Cloud Container Engine'
 				},
+		{
+			type: 2,
+			name: 'Huawei',
+			logo: 'huawei',
+			link: 'http://developer.huawei.com/ict/en/site-paas',
+			blurb: 'FusionStage is an enterprise-grade Platform as a Service product, the core of which is based on mainstream open source container technology including Kubernetes and Docker.'
+				},
 		{
 			type: 3,
 			name: 'Google',
@@ -861,6 +952,13 @@
 			link: 'https://github.com/kubernetes-incubator/bootkube',
 			blurb: 'CoreOS - bootkube'
 				},
+		{
+			type: 2,
+			name: 'CoreOS',
+			logo: 'coreos',
+			link: 'https://coreos.com/',
+			blurb: 'Tectonic is the enterprise-ready Kubernetes product, by CoreOS. It adds key features to allow you to manage, update, and control clusters in production.'
+				},
 		{
 			type: 3,
 			name: 'Weaveworks',
@@ -875,6 +973,13 @@
 			link: 'http://www.wise2c.com/solution',
 			blurb: 'Wise2C Technology - WiseCloud'
 				},
+		{
+			type: 2,
+			name: 'Wise2c',
+			logo: 'wise2c',
+			link: 'http://www.wise2c.com',
+			blurb: 'Using Kubernetes to providing IT continuous delivery and Enterprise grade container management solution to Financial Industry.'
+				},
 		{
 			type: 3,
 			name: 'Docker',
@@ -910,6 +1015,20 @@
 			link: 'https://cloud.vmware.com/pivotal-container-service',
 			blurb: 'Pivotal/VMware - Pivotal Container Service (PKS)'
 				},
+		{
+			type: 3,
+			name: 'Alauda',
+			logo: 'alauda',
+			link: 'http://www.alauda.cn/product/detail/id/68.html',
+			blurb: 'Alauda - Alauda EE'
+				},
+		{
+			type: 3,
+			name: 'EasyStack',
+			logo: 'easystack',
+			link: 'https://easystack.cn/eks/',
+			blurb: 'EasyStack - EasyStack Kubernetes Service (EKS)'
+				},
 		{
 			type: 3,
 			name: 'CoreOS',

cn/docs/concepts/architecture/nodes.md

@@ -39,7 +39,7 @@ redirect_from:
 ### 地址
 
 
-这些字段组合的用法取决于你的云服务商或者裸金属配置。
+这些字段组合的用法取决于你的云服务商或者裸机配置。
 
 * HostName：HostName 和 node 内核报告的相同。可以通过 kubelet 的 `--hostname-override` 参数覆盖。
 * ExternalIP：通常是可以外部路由的 node IP 地址（从集群外可访问）。
@@ -115,7 +115,7 @@ Node 条件使用一个 JSON 对象表示。例如，下面的响应描述了一
 ```
 
 
-Kubernetes 会在内部创一个 node 对象（象征 node），并基于  `metadata.name` 字段（我们假设 `metadata.name` 能够被解析）通过健康检查来验证 node。如果 node 可用，意即所有必要服务都已运行，它就符合了运行一个 pod 的条件；否则它将被所有的集群动作忽略指导变为可用。请注意，Kubernetes 将保存不可用 node 的对象，除非它被客户端显式的删除。Kubernetes 将持续检查 node 是否变的可用。
+Kubernetes 会在内部创一个 node 对象（象征 node），并基于  `metadata.name` 字段（我们假设 `metadata.name` 能够被解析）通过健康检查来验证 node。如果 node 可用，意即所有必要服务都已运行，它就符合了运行一个 pod 的条件；否则它将被所有的集群动作忽略直到变为可用。请注意，Kubernetes 将保存不可用 node 的对象，除非它被客户端显式的删除。Kubernetes 将持续检查 node 是否变的可用。
 
 
 当前，有3个组件同 Kubernetes node 接口交互：node 控制器、kubelet 和 kubectl。

cn/docs/concepts/configuration/manage-compute-resources-container.md

@@ -15,7 +15,7 @@ title: Managing Compute Resources for Containers
 
 *CPU* 和 *内存* 都是 *资源类型*。资源类型具有基本单位。CPU 的单位是 core，内存的单位是 byte。
 
-CPU和内存统称为*计算资源*，也可以称为*资源*。计算资源的数量是可以被请求、分配和消耗的可测量的。它们与 [API 资源](/docs/api/) 不同。 API 资源（如 Pod 和 [Service](/docs/user-guide/services)）是可通过 Kubernetes API server 读取和修改的对象。
+CPU和内存统称为*计算资源*，也可以称为*资源*。计算资源的数量是可以被请求、分配、消耗和可测量的。它们与 [API 资源](/docs/api/) 不同。 API 资源（如 Pod 和 [Service](/docs/user-guide/services)）是可通过 Kubernetes API server 读取和修改的对象。
 
 ## Pod 和 容器的资源请求和限制
 

cn/docs/tutorials/stateful-application/web.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: v1
 kind: Service
 metadata:

cn/docs/tutorials/stateful-application/webp.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: v1
 kind: Service
 metadata:
@@ -42,4 +41,4 @@ spec:
       accessModes: [ "ReadWriteOnce" ]
       resources:
         requests:
-          storage: 1Gi
+          storage: 1Gi

cn/docs/user-guide/multi-pod.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: v1
 kind: Pod
 metadata:

docs/concepts/api-extension/custom-resources.md

@@ -48,24 +48,24 @@ When creating a new API, consider whether to [aggregate your API with the Kubern
 #### Declarative APIs
 
 In a Declarative API, typically:
- - your API consists of a relatively small number of relatively small objects (resources).
- - the objects define configuration of applications or infrastructure
- - the objects are updated relatively infrequently
- - humans often need to read and write the objects
- - the main operations on the objects are CRUD-y (creating, reading, updating and deleting)
- - transactions across objects are not required: the API represents a desired state, not an exact state.
+ - Your API consists of a relatively small number of relatively small objects (resources).
+ - The objects define configuration of applications or infrastructure.
+ - The objects are updated relatively infrequently.
+ - Humans often need to read and write the objects.
+ - The main operations on the objects are CRUD-y (creating, reading, updating and deleting).
+ - Transactions across objects are not required: the API represents a desired state, not an exact state.
 
 Imperative APIs are not declarative. 
 Signs that your API might not be declarative include:
- - the client says "do this", and then gets a synchornous response back when it is done.
- - the client says "do this", and then gets an operation ID back, and has to check a separate Operation objects to determine completion of the request.
- - you talk about Remote Procedure Calls (RPCs)
- - directly stoing large amounts of data (e.g. > a few kB per object, or >1000s of objects)
- - high bandwidth access (10s of requests per second sustained) needed
- - store end-user data (such as images, PII, etc) or other large-scale data processed by applications
- - the natural operations on the objects are not CRUD-y.
- - the API is not easily modeled as objects.
- - you chose to represent pending operations with an operation ID or operation object.
+ - The client says "do this", and then gets a synchornous response back when it is done.
+ - The client says "do this", and then gets an operation ID back, and has to check a separate Operation objects to determine completion of the request.
+ - You talk about Remote Procedure Calls (RPCs).
+ - Directly storing large amounts of data (e.g. > a few kB per object, or >1000s of objects).
+ - High bandwidth access (10s of requests per second sustained) needed.
+ - Store end-user data (such as images, PII, etc) or other large-scale data processed by applications.
+ - The natural operations on the objects are not CRUD-y.
+ - The API is not easily modeled as objects.
+ - You chose to represent pending operations with an operation ID or operation object.
 
 ### Should I use a configMap or a custom resource?
 
@@ -102,7 +102,7 @@ Aggregated APIs are subordinate APIServers that sit behind the primary API serve
 
 Custom Resource Definitions (CRDS) allow users to create new types of resources without adding another APIserver. You do not need to understand API Aggregation to use CRDs.
 
-Regardless of whether they are installed via CRDs or AA, the new resources are called Custom Resources to distinguish them from built-in Kubernetes resources (like pods)
+Regardless of whether they are installed via CRDs or AA, the new resources are called Custom Resources to distinguish them from built-in Kubernetes resources (like pods).
 
 ## CustomResourceDefinitions
 
@@ -215,9 +215,9 @@ Kubernetes [client libraries](/docs/reference/client-libraries/) can be used to
 
 When you add a custom resource, you can access it using:
   - kubectl
-  - the kubernetes dynamic client
-  - a REST client that you write
-  - a client generated using Kubernetes client generation tools (generating one is an advanced undertaking, but some projects may provide a client along with the CRD or AA).
+  - The kubernetes dynamic client.
+  - A REST client that you write.
+  - A client generated using Kubernetes client generation tools (generating one is an advanced undertaking, but some projects may provide a client along with the CRD or AA).
 
 {% endcapture %}
 

docs/concepts/policy/psp.yaml → docs/concepts/policy/example-psp.yaml

@@ -1,8 +1,10 @@
 apiVersion: extensions/v1beta1
 kind: PodSecurityPolicy
 metadata:
-  name: permissive
+  name: example
 spec:
+  privileged: false  # Don't allow privileged pods!
+  # The rest fills in some required fields.
   seLinux:
     rule: RunAsAny
   supplementalGroups:
@@ -11,10 +13,5 @@ spec:
     rule: RunAsAny
   fsGroup:
     rule: RunAsAny
-  hostPorts:
-  - min: 8000
-    max: 8080
   volumes:
   - '*'
-  allowedCapabilities:
-  - '*'