more tweaks to content per review comments

Signed-off-by: JENNIFER RONDEAU <[email protected]>

Author: JENNIFER RONDEAU

docs/get-started.md

@@ -4,7 +4,7 @@ The following example sets up the Ark server and client, then backs up and resto
 
 For simplicity, the example uses Minio, an S3-compatible storage service that runs locally on your cluster.
 
-**NOTE** The example lets you explore basic Ark functionality. In the real world, however, you would back your cluster up to external storage.
+**NOTE** The example lets you explore basic Ark functionality. Configuring Minio for production is out of scope.
 
 See [Set up Ark on your platform][3] for how to configure Ark for a production environment.
 
@@ -26,7 +26,7 @@ NOTE: Make sure to check out the appropriate version. We recommend that you chec
 
 ### Set up server
 
-These instructions assume that you are running Minio inside your cluster. They should be used for a test environment or to explore Ark only. Service of type `NodePort` is not recommended for production.
+These instructions assume that you are running Minio inside your cluster. They should be used for a test environment or to explore Ark only.
 
 1. In `examples/minio/00-minio-deployment.yaml`, change the value of Service `spec.type` from `ClusterIP` to `NodePort`.
 
@@ -55,14 +55,18 @@ These instructions assume that you are running Minio inside your cluster. They s
         kubectl -n heptio-ark get svc/minio -o jsonpath='{.spec.ports[0].nodePort}'
       ```
 
-1. **For Service type `NodePort` only** In `examples/minio/05-ark-backupstoragelocation.yaml`, replace NODE_URL_OR_IP:NODE_PORT with the value of the Minio URL.
+1.  Do one of the following:
 
-1. If you have set up Ingress or a load balancer, SOMETHINGSOMETHING PR 1006
+    - **For Service type `NodePort` only** In `examples/minio/05-ark-backupstoragelocation.yaml`, replace NODE_URL_OR_IP:NODE_PORT with the value of the Minio URL.
+
+    - If you have set up Ingress or a load balancer, leave the Service `spec.type` as `ClusterIP` and leave the default value of `s3Url` in `examples/minio/05-ark-backupstoragelocation.yaml`.
+
+    - If you set up a download URL, for example for logs, instead of a value for `s3Url` you can provide a value for `publicUrl` in `examples/minio/05-ark-backupstoragelocation.yaml`.
 
 1. Start the server:
 
    ```shell
-   kubectl apply -f examples/minio/20-ark-deployment.yaml examples/minio/30-restic-daemonset.yaml
+   kubectl apply -f examples/minio/20-ark-deployment.yaml -f examples/minio/30-restic-daemonset.yaml
    ```
 
 1. Deploy the example nginx application:

docs/rbac.md

@@ -1,6 +1,6 @@
 # Run Ark more securely with restrictive RBAC settings
 
-By default Ark runs with an RBAC policy of ClusterRole `cluster-admin`. This is to make sure that Ark can back up or restore anything in your cluster. But `cluster-admin` access is wide open -- it gives Ark components access to everything in your cluster. Depending on your environment and your security needs, you should consider whether to configure more restrictive access. 
+By default Ark runs with an RBAC policy of ClusterRole `cluster-admin`. This is to make sure that Ark can back up or restore anything in your cluster. But `cluster-admin` access is wide open -- it gives Ark components access to everything in your cluster. Depending on your environment and your security needs, you should consider whether to configure additional RBAC policies with more restrictive access. 
 
 **Note:** Roles and RoleBindings are associated with a single namespaces, not with an entire cluster. PersistentVolume backups are associated only with an entire cluster. This means that any backups or restores that use a restrictive Role and RoleBinding pair can manage only the resources that belong to the namespace. You do not need a wide open RBAC policy to manage PersistentVolumes, however. You can configure a ClusterRole and ClusterRoleBinding that allow backups and restores only of PersistentVolumes, not of all objects in the cluster.
 
@@ -11,7 +11,7 @@ For more information about RBAC and access control generally in Kubernetes, see
 Here's a sample Role and RoleBinding pair.
 
 ```yaml
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   namespace: YOUR_NAMESPACE_HERE
@@ -28,13 +28,13 @@ rules:
 ```
 
 ```yaml
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: ROLEBINDING_NAME_HERE
 subjects:
-  - kind: User
-    name: YOUR_USER_HERE
+  - kind: ServiceAccount
+    name: YOUR_SERVICEACCOUNT_HERE
 roleRef:
   kind: Role
   name: ROLE_NAME_HERE

docs/versions.md

@@ -19,6 +19,8 @@ Breaking changes are documented in the release notes and in the documentation.
 Not all Ark versions support all versions of Kubernetes. You should be aware of the following known limitations:
 
 - Ark version 0.9.0 requires Kubernetes version 1.8 or later. In version 0.9.1, Ark was updated to support earlier versions.
+- Restic support requires Kubernetes version 1.10 or later, or an earlier version with the mount propagation feature enabled. See [Restic Integration][3].
 
 [1]: https://github.com/heptio/ark/releases
 [2]: upgrading-to-v0.10.md
+[3]: restic.md

examples/minio/00-minio-deployment.yaml

@@ -63,9 +63,9 @@ metadata:
   labels:
     component: minio
 spec:
-  # ClusterIP is recommended for production environments
-  # change to NodePort if needed per documentation,
-  # but only you run Minio in a test/trial environment, for example with minikube
+  # ClusterIP is recommended for production environments.
+  # Change to NodePort if needed per documentation,
+  # but only if you run Minio in a test/trial environment, for example with Minikube.
   type: ClusterIP
   ports:
     - port: 9000

examples/minio/05-ark-backupstoragelocation.yaml

@@ -26,7 +26,7 @@ spec:
     region: minio
     s3ForcePathStyle: "true"
     s3Url: http://minio.heptio-ark.svc:9000
-    # OR get minio URL per documentation (comment out previous line)
+    # OR get minio URL (including http/s) per documentation (comment out previous line)
     # s3Url: NODE_URL_OR_IP:NODE_PORT