Add overview for Configuration concept #51899
Conversation
👷 Deploy Preview for kubernetes-io-vnext-staging processing.
|
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
the
size/L
✅ Pull request preview available for checkingBuilt without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify project configuration. |
lmktfy
force-pushed
the
20250812_add_configuration_overview
branch
from
7110784 to
08a3c33
Compare
| weight: 80 | ||
| description: > | ||
| Resources that Kubernetes provides for configuring Pods. | ||
| Configuration mechanisms within Kubernetes. |
There was a problem hiding this comment.
The original text is much clearer than the revised version.
There was a problem hiding this comment.
See #51899 (comment) and also #51899 (comment) (feedback on the feedback).
This is still the description I recommend using.
There was a problem hiding this comment.
As workload configuration in Kubernetes matures, end users have gone beyond using Kubernetes objects / resources to configure Pods. Including init and sidecar containers, I've also seen external storage mounted via CSI driver/mounted PVs used to configure Pods.
The original description scoped the configuration to Pods but the page includes cluster configuration aspects. Imo, generalizing the description for configuration is more accurate to the page
There was a problem hiding this comment.
The intent of this page, as I see it, is to provide end users an overview for configuring their workloads. In many scenarios, for stability or security reasons, an end user is not permitted to configure the cluster. In other words, the cluster configuration topic is for cluster admins. We are not supposed to compile everything into this page simply because a topic is about "configuration".
It is perfectly okay to add a note at the beginning of the page, pointing users to admin-specific topics if that is what they are looking for.
| If you wanted to learn about configuring the `kubectl` command line tool, | ||
| read [configure access to multiple clusters](/docs/tasks/access-application-cluster/configure-access-multiple-clusters/). |
There was a problem hiding this comment.
This sentence is irrelevant.
There was a problem hiding this comment.
@tengqm, here's the problem:
- people search the web, eg https://duckduckgo.com/?q=configure+Kubernetes
- however, that tells them how to set up a cluster
- they don't want a cluster
- they have a cluster
- they want to configure cluster access
- we don't yet have a guide to that; see Add a task page for setting up kubeconfig #38681 for my rationale
- they click around and find the Configuration section
We can signpost them to where they want to be. Signposts aren't for people who know where they are going; they are for the otherwise lost.
|
|
||
| Secrets are similar to {{< glossary_tooltip text="ConfigMaps" term_id="configmap" >}} | ||
| but are specifically intended to hold confidential data. Read the page about Secrets | ||
| to learn about the benefits (and limitations) around information security and Secrets. |
There was a problem hiding this comment.
Either remove the last sentence, or provide a link.
| configuration or security keys or other information that your containers must | ||
| use, and that shouldn't be stored in container images. | ||
|
|
||
| ### Sidecar container helper {#config-helper-sidecar} |
There was a problem hiding this comment.
This is a misunderstanding of sidecar.
What you want to explain here is the ImageVolume feature.
There was a problem hiding this comment.
I think I understand sidecars. In fact, given I'm employed to be a Kubernetes expert, I am confident I understand sidecars.
We could add a mention of ImageVolume, but a sidecar configuration helper is absolutely a thing, and it provides benefits that image volume does not (notable: real time updating).
There was a problem hiding this comment.
Sidecar's are meant to better the main application container and providing configuration is one way to better app containers.
The 2015 blog from Brendan Burns that talked about sidecars describes a sidecar that synchronizes the filesystem with git and git is often used to store app configuration
| #### Configuration via the filesystem {#init-container-shared-volume} | ||
|
|
||
| With this option, the init container fetches configuration and writes the configuration to | ||
| a file, or several files, within a Pod-local volume. |
There was a problem hiding this comment.
This doesn't have to be Pod-local.
| * [Cluster Administration](/docs/concepts/cluster-administration/) | ||
| * [API server authentication configuration](/docs/reference/access-authn-authz/authentication/#using-authentication-configuration) | ||
| * [API server authorization configuration](/docs/reference/access-authn-authz/authorization/#using-configuration-file-for-authorization) | ||
| * [Configure Certificate Rotation for the Kubelet](/docs/tasks/tls/certificate-rotation/) | ||
| * [Reconfiguring a `kubeadm` Cluster](/docs/tasks/administer-cluster/kubeadm/kubeadm-reconfigure/) | ||
| * [Configuring a CGroup Driver](/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/) | ||
| * [Create Static Pods](/docs/tasks/configure-pod-container/static-pod/), relevant to | ||
| control plane configuration | ||
| * [Configure the Aggregation Layer](/docs/tasks/extend-kubernetes/configure-aggregation-layer/) |
There was a problem hiding this comment.
These have nothing to do with the so said "configuration".
There was a problem hiding this comment.
I can't find a good way to resolve our difference on this one. For me, the link between "configuration" and "API server authorization configuration" is straightforward to make.
|
@tengqm Thank you for taking time out time to provide your feedback on the PR. Gentle reminder to please consider providing actionable items in a neutral voice since asynchronous & text-based feedback can be misconstrued even if you don't intend for them to be that way. |
Which comments are you referring to, @divya-mohan0209 ? I just rechecked all feedbacks I provided and I failed to see anything inappropriate. |
|
@tengqm The feedback wasn't inappropriate, some of it wasn't actionable/constructive for the submitter. As aforementioned, that mustn't have been your intention and we fully understand that. However, it'd be valuable to state what is expected of the submitter while reviewing their PR instead of being dismissive and/or providing commentary like you've done here, here, and here. Trust that clarifies what you're looking for? |
For new text added in a PR, when we say they are irrelevant, it is pretty clear that my suggestion is to remove them or add them somewhere else. Right? For text that are technically inaccurate, for example, "This doesn't have to be Pod-local.". As for these have nothing to do with the so said "configuration". It is clear that this page is about ways to provide configuration data for a cloud native application. Most people working in this domain are aware of the 12-factors principle. The submitter is making the page confusing to readers. Configurations related to applications (designed for application owners) are mixed to configurations related to the cluster (designed for cluster admins). Am I making it clear now? |
|
I had a look at https://kubernetes.io/docs/concepts/configuration/ Here are the topics:
Although three of the pages are definitely about app configuration, they're actually in the minority. We should fix that, though not in this PR. Until we do, the way I've written it is better (I assert) than to say that the content in this section is purely about how to configure your app. |
|
I'm confident that making this change makes the docs better. Here's a thought experiment: if this were merged, would we accept a PR to delete that content, leaving this (the content at time of writing)? 
|
For this specific aspect, I can push an update (and have done). |
lmktfy
force-pushed
the
20250812_add_configuration_overview
branch
from
08a3c33 to
d775ae7
Compare
|
@lmktfy , with |
lmktfy
force-pushed
the
20250812_add_configuration_overview
branch
from
d775ae7 to
ea75080
Compare
k8s-ci-robot
added
area/blog
|
/remove-area blog |
k8s-ci-robot
removed
area/blog
done |
lmktfy
force-pushed
the
20250812_add_configuration_overview
branch
from
ea75080 to
bb0d273
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
lmktfy
force-pushed
the
20250812_add_configuration_overview
branch
from
bb0d273 to
646df8f
Compare
|
/remove-language hi |
|
/remove-label language/bn |
k8s-ci-robot
removed
the
area/localization
|
@lmktfy: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/remove-language bn |
k8s-ci-robot
removed
language/bn
|
/remove-sig release |
k8s-ci-robot
removed
the
sig/release
lmktfy
force-pushed
the
20250812_add_configuration_overview
branch
from
646df8f to
ca951d7
Compare
Co-authored-by: Rey Lejano <[email protected]>
The motivation for this PR was to be able to explain KEP-3721: Support for env files. After PR #51415 merged I wanted to also help readers discover that the new support exists.
However, to add that section, I needed a page to have around it. Hence:
my (intentional) choice of base branch: dev-1.34Current page, vs preview