This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/mesos-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 62e63be Updated the website built from mesos SHA: 1bed4dc.
62e63be is described below
commit 62e63be5c630b9b575d38fc7b8d47041f2e3fa56
Author: jenkins <[email protected]>
AuthorDate: Wed Aug 22 01:20:42 2018 +0000
Updated the website built from mesos SHA: 1bed4dc.
---
content/documentation/latest/upgrades/index.html | 48 +++++++++++++-----------
content/documentation/upgrades/index.html | 48 +++++++++++++-----------
2 files changed, 54 insertions(+), 42 deletions(-)
diff --git a/content/documentation/latest/upgrades/index.html
b/content/documentation/latest/upgrades/index.html
index 71a17e9..c8f2475 100644
--- a/content/documentation/latest/upgrades/index.html
+++ b/content/documentation/latest/upgrades/index.html
@@ -155,7 +155,8 @@ R Removed feature/behavior
<li>A <a href="#1-7-x-auto-load-subsystems">Automatically load local
enabled cgroups subsystems</a></li>
<li>A <a
href="#1-7-x-container-specific-cgroups-mounts">Container-specific cgroups
mounts</a></li>
<li>A <a href="#1-7-x-volume-mode-support">Volume mode support</a></li>
- <li>C <a href="#1-7-x-create-disk">`CREATE_DISK` and `DESTROY_DISK`
operations</a></li>
+ <li>C <a href="#1-7-x-create-disk">`CREATE_DISK` and `DESTROY_DISK`
operations and ACLs</a></li>
+ <li>A <a href="#1-7-x-resource-provider-acls">Resource Provider
ACLs</a></li>
</ul>
</td>
@@ -551,15 +552,6 @@ that have been whitelisted with the
<code>--allowed_devices</code> agent flag.</
</ul>
-<p><a name="1-7-x-enforce-container-ports"></a></p>
-
-<ul>
-<li>A new <a
href="/documentation/latest/./configuration/agent/#enforce_container_ports"><code>--enforce_container_ports</code></a>
-has been added to toggle whether the <a
href="/documentation/latest/./isolators/network-ports/"><code>network/ports</code></a>
-isolator should enforce TCP ports usage limits.</li>
-</ul>
-
-
<p><a name="1-7-x-auto-load-subsystems"></a></p>
<ul>
@@ -574,37 +566,51 @@ isolator should enforce TCP ports usage limits.</li>
</ul>
-<p><a name="1-7-x-container-logger"></a></p>
+<p><a name="1-7-x-volume-mode-support"></a></p>
<ul>
-<li><code>ContainerLogger</code> module interface has been changed. The
<code>prepare()</code> method now takes <code>ContainerID</code> and
<code>ContainerConfig</code> instead.</li>
+<li>Previously the <code>HOST_PATH</code>, <code>SANDBOX_PATH</code>,
<code>IMAGE</code>, <code>SECRET</code>, and <code>DOCKER_VOLUME</code> volumes
were always mounted for container in read-write mode, i.e., the
<code>Volume.mode</code> field was not honored. Now we will mount these volumes
based on the <code>Volume.mode</code> field so framework can choose to mount
the volume for the container in either read-write mode or read-only mode.</li>
</ul>
-<p><a name="1-7-x-isolator-recover"></a></p>
+<p><a name="1-7-x-create-disk"></a></p>
<ul>
-<li><code>Isolator::recover()</code> has been updated to take an
<code>std::vector</code> instead of <code>std::list</code> of container
states.</li>
+<li>To simplify the API for CSI-backed disk resources, the following
operations and corresponding ACLs have been introduced to replace the
experimental <code>CREATE_VOLUME</code>, <code>CREATE_BLOCK</code>,
<code>DESTROY_VOLUME</code> and <code>DESTROY_BLOCK</code> operations:
+
+<ul>
+<li><code>CREATE_DISK</code> to create a <code>MOUNT</code> or
<code>BLOCK</code> disk resource from a <code>RAW</code> disk resource. The
<code>CreateMountDisk</code> and <code>CreateBlockDisk</code> ACLs control
which principals are allowed to create <code>MOUNT</code> or <code>BLOCK</code>
disks for which roles.</li>
+<li><code>DESTROY_DISK</code> to reclaim a <code>MOUNT</code> or
<code>BLOCK</code> disk resource back to a <code>RAW</code> disk resource. The
<code>DestroyMountDisk</code> and <code>DestroyBlockDisk</code> ACLs control
which principals are allowed to reclaim <code>MOUNT</code> or
<code>BLOCK</code> disks for which roles.</li>
+</ul>
+</li>
</ul>
-<p><a name="1-7-x-volume-mode-support"></a></p>
+<p><a name="1-7-x-resource-provider-acls"></a></p>
<ul>
-<li>Previously the HOST_PATH/SANDBOX_PATH/IMAGE/SECRET/DOCKER_VOLUME volumes
were always mounted for container in read-write mode, i.e., the
<code>Volume.mode</code> field was not honored. Now we will mount these volumes
based on the <code>Volume.mode</code> field so framework can choose to mount
the volume for the container in either read-write mode or read-only mode.</li>
+<li>A new <code>ViewResourceProvider</code> ACL has been introduced to control
which principals are allowed to call the <code>GET_RESOURCE_PROVIDERS</code>
agent API.</li>
</ul>
-<p><a name="1-7-x-create-disk"></a></p>
+<p><a name="1-7-x-enforce-container-ports"></a></p>
<ul>
-<li>To simplify the API for CSI-backed disk resources, the following
operations are introduced to replace the experimental
<code>CREATE_VOLUME</code>, <code>CREATE_BLOCK</code>,
<code>DESTROY_VOLUME</code> and <code>DESTROY_BLOCK</code> operations:
+<li>A new <a
href="/documentation/latest/./configuration/agent/#enforce_container_ports"><code>--enforce_container_ports</code></a>
flag has been added to toggle whether the <a
href="/documentation/latest/./isolators/network-ports/"><code>network/ports</code></a>
isolator should enforce TCP ports usage limits.</li>
+</ul>
+
+
+<p><a name="1-7-x-container-logger"></a></p>
<ul>
-<li><code>CREATE_DISK</code> to create a <code>MOUNT</code> or
<code>BLOCK</code> disk resource from a <code>RAW</code> disk resource.</li>
-<li><code>DESTROY_DISK</code> to reclaim a <code>MOUNT</code> or
<code>BLOCK</code> disk resource back to a <code>RAW</code> disk resource.</li>
+<li><code>ContainerLogger</code> module interface has been changed. The
<code>prepare()</code> method now takes <code>ContainerID</code> and
<code>ContainerConfig</code> instead.</li>
</ul>
-</li>
+
+
+<p><a name="1-7-x-isolator-recover"></a></p>
+
+<ul>
+<li><code>Isolator::recover()</code> has been updated to take an
<code>std::vector</code> instead of <code>std::list</code> of container
states.</li>
</ul>
diff --git a/content/documentation/upgrades/index.html
b/content/documentation/upgrades/index.html
index 0032bc5..9b25cb9 100644
--- a/content/documentation/upgrades/index.html
+++ b/content/documentation/upgrades/index.html
@@ -155,7 +155,8 @@ R Removed feature/behavior
<li>A <a href="#1-7-x-auto-load-subsystems">Automatically load local
enabled cgroups subsystems</a></li>
<li>A <a
href="#1-7-x-container-specific-cgroups-mounts">Container-specific cgroups
mounts</a></li>
<li>A <a href="#1-7-x-volume-mode-support">Volume mode support</a></li>
- <li>C <a href="#1-7-x-create-disk">`CREATE_DISK` and `DESTROY_DISK`
operations</a></li>
+ <li>C <a href="#1-7-x-create-disk">`CREATE_DISK` and `DESTROY_DISK`
operations and ACLs</a></li>
+ <li>A <a href="#1-7-x-resource-provider-acls">Resource Provider
ACLs</a></li>
</ul>
</td>
@@ -551,15 +552,6 @@ that have been whitelisted with the
<code>--allowed_devices</code> agent flag.</
</ul>
-<p><a name="1-7-x-enforce-container-ports"></a></p>
-
-<ul>
-<li>A new <a
href="/documentation/latest/./configuration/agent/#enforce_container_ports"><code>--enforce_container_ports</code></a>
-has been added to toggle whether the <a
href="/documentation/latest/./isolators/network-ports/"><code>network/ports</code></a>
-isolator should enforce TCP ports usage limits.</li>
-</ul>
-
-
<p><a name="1-7-x-auto-load-subsystems"></a></p>
<ul>
@@ -574,37 +566,51 @@ isolator should enforce TCP ports usage limits.</li>
</ul>
-<p><a name="1-7-x-container-logger"></a></p>
+<p><a name="1-7-x-volume-mode-support"></a></p>
<ul>
-<li><code>ContainerLogger</code> module interface has been changed. The
<code>prepare()</code> method now takes <code>ContainerID</code> and
<code>ContainerConfig</code> instead.</li>
+<li>Previously the <code>HOST_PATH</code>, <code>SANDBOX_PATH</code>,
<code>IMAGE</code>, <code>SECRET</code>, and <code>DOCKER_VOLUME</code> volumes
were always mounted for container in read-write mode, i.e., the
<code>Volume.mode</code> field was not honored. Now we will mount these volumes
based on the <code>Volume.mode</code> field so framework can choose to mount
the volume for the container in either read-write mode or read-only mode.</li>
</ul>
-<p><a name="1-7-x-isolator-recover"></a></p>
+<p><a name="1-7-x-create-disk"></a></p>
<ul>
-<li><code>Isolator::recover()</code> has been updated to take an
<code>std::vector</code> instead of <code>std::list</code> of container
states.</li>
+<li>To simplify the API for CSI-backed disk resources, the following
operations and corresponding ACLs have been introduced to replace the
experimental <code>CREATE_VOLUME</code>, <code>CREATE_BLOCK</code>,
<code>DESTROY_VOLUME</code> and <code>DESTROY_BLOCK</code> operations:
+
+<ul>
+<li><code>CREATE_DISK</code> to create a <code>MOUNT</code> or
<code>BLOCK</code> disk resource from a <code>RAW</code> disk resource. The
<code>CreateMountDisk</code> and <code>CreateBlockDisk</code> ACLs control
which principals are allowed to create <code>MOUNT</code> or <code>BLOCK</code>
disks for which roles.</li>
+<li><code>DESTROY_DISK</code> to reclaim a <code>MOUNT</code> or
<code>BLOCK</code> disk resource back to a <code>RAW</code> disk resource. The
<code>DestroyMountDisk</code> and <code>DestroyBlockDisk</code> ACLs control
which principals are allowed to reclaim <code>MOUNT</code> or
<code>BLOCK</code> disks for which roles.</li>
+</ul>
+</li>
</ul>
-<p><a name="1-7-x-volume-mode-support"></a></p>
+<p><a name="1-7-x-resource-provider-acls"></a></p>
<ul>
-<li>Previously the HOST_PATH/SANDBOX_PATH/IMAGE/SECRET/DOCKER_VOLUME volumes
were always mounted for container in read-write mode, i.e., the
<code>Volume.mode</code> field was not honored. Now we will mount these volumes
based on the <code>Volume.mode</code> field so framework can choose to mount
the volume for the container in either read-write mode or read-only mode.</li>
+<li>A new <code>ViewResourceProvider</code> ACL has been introduced to control
which principals are allowed to call the <code>GET_RESOURCE_PROVIDERS</code>
agent API.</li>
</ul>
-<p><a name="1-7-x-create-disk"></a></p>
+<p><a name="1-7-x-enforce-container-ports"></a></p>
<ul>
-<li>To simplify the API for CSI-backed disk resources, the following
operations are introduced to replace the experimental
<code>CREATE_VOLUME</code>, <code>CREATE_BLOCK</code>,
<code>DESTROY_VOLUME</code> and <code>DESTROY_BLOCK</code> operations:
+<li>A new <a
href="/documentation/latest/./configuration/agent/#enforce_container_ports"><code>--enforce_container_ports</code></a>
flag has been added to toggle whether the <a
href="/documentation/latest/./isolators/network-ports/"><code>network/ports</code></a>
isolator should enforce TCP ports usage limits.</li>
+</ul>
+
+
+<p><a name="1-7-x-container-logger"></a></p>
<ul>
-<li><code>CREATE_DISK</code> to create a <code>MOUNT</code> or
<code>BLOCK</code> disk resource from a <code>RAW</code> disk resource.</li>
-<li><code>DESTROY_DISK</code> to reclaim a <code>MOUNT</code> or
<code>BLOCK</code> disk resource back to a <code>RAW</code> disk resource.</li>
+<li><code>ContainerLogger</code> module interface has been changed. The
<code>prepare()</code> method now takes <code>ContainerID</code> and
<code>ContainerConfig</code> instead.</li>
</ul>
-</li>
+
+
+<p><a name="1-7-x-isolator-recover"></a></p>
+
+<ul>
+<li><code>Isolator::recover()</code> has been updated to take an
<code>std::vector</code> instead of <code>std::list</code> of container
states.</li>
</ul>
