Skip to content

Commit

Permalink
Add codespell action
Browse files Browse the repository at this point in the history
Signed-off-by: manuelbuil <[email protected]>
  • Loading branch information
manuelbuil committed Dec 20, 2024
1 parent c687bb5 commit 0d46eea
Show file tree
Hide file tree
Showing 9 changed files with 56 additions and 27 deletions.
5 changes: 5 additions & 0 deletions .codespellrc
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
[codespell]
skip = ./docs/release-notes
check-filenames = true
ignore-words-list = aks,ec2,eks,gce,gcp,ro,shouldnot,pullrequest,readd,reenable,te,NotIn

24 changes: 24 additions & 0 deletions .github/workflows/codespell.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Codespell
on:
push:
pull_request:
branches:
- main
workflow_dispatch: {}
jobs:
spellcheck:
name: Spell Check
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Set up Python 🐍
uses: actions/setup-python@v5
- name: Install codespell
run: |
python -m pip install --upgrade pip
pip install codespell
- name: Check spelling
run: codespell ./docs
2 changes: 1 addition & 1 deletion docs/install/windows_airgap.md
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ This will require a reboot for the `Containers` feature to properly function.
``` powershell
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest hhttps://github.com/rancher/rke2/releases/download/v1.26.10%2Brke2r2/rke2-windows-20H2-amd64-images.tar.zst -OutFile c:/var/lib/rancher/rke2/agent/images/rke2-windows-20H2-amd64-images.tar.zst
Invoke-WebRequest https://github.com/rancher/rke2/releases/download/v1.26.10%2Brke2r2/rke2-windows-20H2-amd64-images.tar.zst -OutFile c:/var/lib/rancher/rke2/agent/images/rke2-windows-20H2-amd64-images.tar.zst
```
- Use `rke2-windows-<BUILD_VERSION>-amd64.tar.gz` or `rke2-windows-<BUILD_VERSION>-amd64.tar.zst`. Zstandard offers better compression ratios and faster decompression speeds compared to pigz.
Expand Down
18 changes: 9 additions & 9 deletions docs/reference/linux_agent_config.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,19 +5,19 @@ title: Agent Configuration Reference
This is a reference to all parameters that can be used to configure the rke2 agent. Note that while this is a reference to the command line arguments, the best way to configure RKE2 is using the [configuration file](../install/configuration.md#configuration-file).

### Common
| Flag | Description | Default | Enviroment Variable |
| Flag | Description | Default | Environment Variable |
| --- | --- | --- | --- |
| config | Path to config file | /etc/rancher/rke2/config.yaml | RKE2_CONFIG_FILE |
| debug | Turn on debug logs | | RKE2_DEBUG |
| data-dir | Folder to hold state | "/var/lib/rancher/rke2" | |
### Cluster
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| token | Token to use for authentication | RKE2_TOKEN |
| token-file | Token file to use for authentication | RKE2_TOKEN_FILE |
| server | Server to connect to | RKE2_URL |
### Node
| Flag | Description | Default | Enviroment Variable |
| Flag | Description | Default | Environment Variable |
| --- | --- | --- | --- |
| node-name | Node name | | RKE2_NODE_NAME |
| with-node-id | Append id to node name | | |
Expand All @@ -40,13 +40,13 @@ This is a reference to all parameters that can be used to configure the rke2 age
| --- | --- |
| disable-default-registry-endpoint | Disables containerd's fallback default registry endpoint when a mirror is configured for that registry |
### Networking
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| node-ip | IPv4/IPv6 addresses to advertise for node | |
| node-external-ip | IPv4/IPv6 external IP addresses to advertise for node | |
| resolv-conf | Kubelet resolv.conf file | RKE2_RESOLV_CONF |
### Components
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| kubelet-arg | Customized flag for kubelet process | |
| kube-proxy-arg | Customized flag for kube-proxy process | |
Expand All @@ -66,7 +66,7 @@ This is a reference to all parameters that can be used to configure the rke2 age
| etcd-extra-env | etcd extra environment variables | RKE2_ETCD_EXTRA_ENV |
| cloud-controller-manager-extra-env | cloud-controller-manager extra environment variables | RKE2_CLOUD_CONTROLLER_MANAGER_EXTRA_ENV |
### Image
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| kube-apiserver-image | Override image to use for kube-apiserver | RKE2_KUBE_APISERVER_IMAGE |
| kube-controller-manager-image | Override image to use for kube-controller-manager | RKE2_KUBE_CONTROLLER_MANAGER_IMAGE |
Expand All @@ -77,17 +77,17 @@ This is a reference to all parameters that can be used to configure the rke2 age
| runtime-image | Override image to use for runtime binaries (containerd, kubectl, crictl, etc) | RKE2_RUNTIME_IMAGE |
| etcd-image | Override image to use for etcd | RKE2_ETCD_IMAGE |
### Cloud Provider
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| cloud-provider-name | Cloud provider name | RKE2_CLOUD_PROVIDER_NAME |
| cloud-provider-config | Cloud provider configuration file path | RKE2_CLOUD_PROVIDER_CONFIG |
### Security
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| profile | Validate system configuration against the selected benchmark (valid items: cis, cis-1.23 (deprecated)) | RKE2_CIS_PROFILE |
| audit-policy-file | Path to the file that defines the audit policy configuration | RKE2_AUDIT_POLICY_FILE |
| pod-security-admission-config-file | Path to the file that defines Pod Security Admission configuration | RKE2_POD_SECURITY_ADMISSION_CONFIG_FILE |
### Experimental
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| kubelet-path | Override kubelet binary path | RKE2_KUBELET_PATH |
26 changes: 13 additions & 13 deletions docs/reference/server_config.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ The following options must be set to the same value on all servers in the cluste


### Common
| Flag | Description | Default | Enviroment Variable |
| Flag | Description | Default | Environment Variable |
| --- | --- | --- | --- |
| config | Path to config file | /etc/rancher/rke2/config.yaml | RKE2_CONFIG_FILE |
| debug | Turn on debug logs | | RKE2_DEBUG |
Expand All @@ -32,7 +32,7 @@ The following options must be set to the same value on all servers in the cluste
| tls-san | Add additional hostnames or IPv4/IPv6 addresses as Subject Alternative Names on the server TLS cert | |
| tls-san-security | Protect the server TLS cert by refusing to add Subject Alternative Names not associated with the kubernetes apiserver service, server nodes, or values of the tls-san option | true |
### Networking
| Flag | Description | Default | Enviroment Variable |
| Flag | Description | Default | Environment Variable |
| --- | --- | --- | --- |
| cluster-cidr | IPv4/IPv6 network CIDRs to use for pod IPs | 10.42.0.0/16 | |
| service-cidr | IPv4/IPv6 network CIDRs to use for service IPs | 10.43.0.0/16 | |
Expand All @@ -43,7 +43,7 @@ The following options must be set to the same value on all servers in the cluste
| servicelb-namespace | Namespace of the pods for the servicelb component | "kube-system" | |
| cni | CNI Plugins to deploy, one of none, calico, canal, cilium; optionally with multus as the first value to enable the multus meta-plugin | canal | RKE2_CNI |
### Client
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| write-kubeconfig | Write kubeconfig for admin client to this file | RKE2_KUBECONFIG_OUTPUT |
| write-kubeconfig-mode | Write kubeconfig with this mode | RKE2_KUBECONFIG_MODE |
Expand All @@ -52,7 +52,7 @@ The following options must be set to the same value on all servers in the cluste
| --- | --- |
| helm-job-image | Default image to use for helm jobs |
### Cluster
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| token | Shared secret used to join a server or agent to a cluster | RKE2_TOKEN |
| token-file | File containing the token | RKE2_TOKEN_FILE |
Expand All @@ -61,7 +61,7 @@ The following options must be set to the same value on all servers in the cluste
| server | Server to connect to, used to join a cluster | RKE2_URL |
| cluster-reset | Forget all peers and become sole member of a new cluster | RKE2_CLUSTER_RESET |
### Database
| Flag | Description | Default | Enviroment Variable |
| Flag | Description | Default | Environment Variable |
| --- | --- | --- | --- |
| cluster-reset-restore-path | Path to snapshot file to be restored | | |
| etcd-expose-metrics | Expose etcd metrics to client interface. | false | |
Expand Down Expand Up @@ -91,7 +91,7 @@ The following options must be set to the same value on all servers in the cluste
| kube-scheduler-arg | Customized flag for kube-scheduler process |
| kube-cloud-controller-manager-arg | Customized flag for kube-cloud-controller-manager process |
### Components
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| disable | Do not deploy packaged components and delete any deployed components (valid items: rke2-coredns, rke2-ingress-nginx, rke2-metrics-server) | |
| disable-scheduler | Disable Kubernetes default scheduler | |
Expand All @@ -114,7 +114,7 @@ The following options must be set to the same value on all servers in the cluste
| etcd-extra-env | etcd extra environment variables | RKE2_ETCD_EXTRA_ENV |
| cloud-controller-manager-extra-env | cloud-controller-manager extra environment variables | RKE2_CLOUD_CONTROLLER_MANAGER_EXTRA_ENV |
### Image
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| kube-apiserver-image | Override image to use for kube-apiserver | RKE2_KUBE_APISERVER_IMAGE |
| kube-controller-manager-image | Override image to use for kube-controller-manager | RKE2_KUBE_CONTROLLER_MANAGER_IMAGE |
Expand All @@ -125,24 +125,24 @@ The following options must be set to the same value on all servers in the cluste
| runtime-image | Override image to use for runtime binaries (containerd, kubectl, crictl, etc) | RKE2_RUNTIME_IMAGE |
| etcd-image | Override image to use for etcd | RKE2_ETCD_IMAGE |
### Cloud Provider
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| cloud-provider-name | Cloud provider name | RKE2_CLOUD_PROVIDER_NAME |
| cloud-provider-config | Cloud provider configuration file path | RKE2_CLOUD_PROVIDER_CONFIG |
### Security
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| profile | Validate system configuration against the selected benchmark (valid items: cis, cis-1.23 (deprecated)) | RKE2_CIS_PROFILE |
| audit-policy-file | Path to the file that defines the audit policy configuration | RKE2_AUDIT_POLICY_FILE |
| pod-security-admission-config-file | Path to the file that defines Pod Security Admission configuration | RKE2_POD_SECURITY_ADMISSION_CONFIG_FILE |
### Experimental
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| embedded-registry | Enable embedded distributed container registry; requires use of embedded containerd | |
| enable-pprof | Enable pprof endpoint on supervisor port | |
| kubelet-path | Override kubelet binary path | RKE2_KUBELET_PATH |
### Agent/Node
| Flag | Description | Default | Enviroment Variable |
| Flag | Description | Default | Environment Variable |
| --- | --- | --- | --- |
| node-name | Node name | | RKE2_NODE_NAME |
| with-node-id | Append id to node name | | |
Expand All @@ -154,7 +154,7 @@ The following options must be set to the same value on all servers in the cluste
| selinux | Enable SELinux in containerd | | RKE2_SELINUX |
| lb-server-port | Local port for supervisor client load-balancer. If the supervisor and apiserver are not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer. | 6444 | RKE2_LB_SERVER_PORT |
### Agent/Runtime
| Flag | Description | Default | Enviroment Variable |
| Flag | Description | Default | Environment Variable |
| --- | --- | --- | --- |
| container-runtime-endpoint | Disable embedded containerd and use the CRI socket at the given path; when used with --docker this sets the docker socket path | | |
| default-runtime | Set the default runtime in containerd | | |
Expand All @@ -166,7 +166,7 @@ The following options must be set to the same value on all servers in the cluste
| --- | --- |
| disable-default-registry-endpoint | Disables containerd's fallback default registry endpoint when a mirror is configured for that registry |
### Agent/Networking
| Flag | Description | Enviroment Variable |
| Flag | Description | Environment Variable |
| --- | --- | --- |
| node-ip | IPv4/IPv6 addresses to advertise for node | |
| node-external-ip | IPv4/IPv6 external IP addresses to advertise for node | |
Expand Down
2 changes: 1 addition & 1 deletion docs/security/fips_support.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ title: FIPS 140-2 Enablement

FIPS 140-2 is a U.S. Federal Government security standard used to approve cryptographic modules. This document explains how RKE2 is built with FIPS validated cryptographic libraries.

Verification of compliance is avaliable in: [FIPS 140-2 Verifed pdf](/RKE2_FIPS_Verified.pdf).
Verification of compliance is available in: [FIPS 140-2 Verified pdf](/RKE2_FIPS_Verified.pdf).

## Use of FIPS Compatible Go compiler.

Expand Down
2 changes: 1 addition & 1 deletion docs/security/hardening_guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ title: CIS Hardening Guide

This document provides prescriptive guidance for hardening a production installation of RKE2. It outlines the configurations and controls required to address Kubernetes benchmark controls from the Center for Internet Security (CIS).

For more details about evaluating a hardened cluster against the official CIS benchmark, refer to the appropiate CIS Self-Assessment Guide:
For more details about evaluating a hardened cluster against the official CIS benchmark, refer to the appropriate CIS Self-Assessment Guide:
- [CIS Self-Assessment Guide v1.8](cis_self_assessment18.md) for RKE2 v1.26 and newer
- [CIS Self-Assessment Guide v1.7](cis_self_assessment17.md) for RKE2 v1.25
- [CIS Self-Assessment Guide v1.24](cis_self_assessment124.md) for RKE2 v1.24 and older
Expand Down
2 changes: 1 addition & 1 deletion docs/security/secrets_encryption.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ Failure to follow proper procedure when rotating secrets encryption keys can cau

<!-- ### New Encryption Key Rotation
:::warning Expiremental Version Gate
:::warning Experimental Version Gate
Available as of [v1.28.1+rke2r1](https://github.com/rancher/rke2/releases/tag/v1.28.1%2Brke2r1). This new version of the tool utilizes K8s [automatic config reloading](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/#configure-automatic-reloading) which is currently in beta. GA is expected in v1.29.0
For older releases, see [Encryption Key Rotation Classic](#encryption-key-rotation-classic)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ Enable-WindowsOptionalFeature -Online -FeatureName containers –All

```powershell
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest hhttps://github.com/rancher/rke2/releases/download/v1.21.4%2Brke2r2/rke2-windows-20H2-amd64-images.tar.zst -OutFile c:/var/lib/rancher/rke2/agent/images/rke2-windows-20H2-amd64-images.tar.zst
Invoke-WebRequest https://github.com/rancher/rke2/releases/download/v1.21.4%2Brke2r2/rke2-windows-20H2-amd64-images.tar.zst -OutFile c:/var/lib/rancher/rke2/agent/images/rke2-windows-20H2-amd64-images.tar.zst
```

- 使用 `rke2-windows-<BUILD_VERSION>-amd64.tar.gz``rke2-windows-<BUILD_VERSION>-amd64.tar.zst`。与 pigz 相比,Zstandard 支持更好的压缩比和更快的解压缩速度。
Expand Down

0 comments on commit 0d46eea

Please sign in to comment.