kubernetes
/
community
mirror of https://github.com/kubernetes/community.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename security-context-constraints.md to pod-security-policy.md 

Aso removes Google Analytics link.
This commit is contained in:
Slava Semushin 2017-09-21 14:39:33 +02:00
parent 43ce57ac47
commit f521a9e39d
5 changed files with 4 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
contributors/design-proposals/auth/apparmor.md
View File

@ -85,7 +85,7 @@ annotation. If a profile is specified, the Kubelet will verify that the node mee
the container, and will not run the container if the profile cannot be applied. If the requirements
are met, the container runtime will configure the appropriate options to apply the profile. Profile
requirements and defaults can be specified on the
[PodSecurityPolicy](security-context-constraints.md).
[PodSecurityPolicy](pod-security-policy.md).
## Prerequisites
@ -136,7 +136,7 @@ The profiles can be specified in the following formats (following the convention
### Pod Security Policy
The [PodSecurityPolicy](security-context-constraints.md) allows cluster administrators to control
The [PodSecurityPolicy](pod-security-policy.md) allows cluster administrators to control
the security context for a pod and its containers. An annotation can be specified on the
PodSecurityPolicy to restrict which AppArmor profiles can be used, and specify a default if no
profile is specified.

6
contributors/design-proposals/auth/security-context-constraints.md → contributors/design-proposals/auth/pod-security-policy.md
View File

@ -343,9 +343,3 @@ for a specific UID and fail early if possible. However, if the `RunAsUser` is n
it should still admit the pod and allow the Kubelet to ensure that the image does not run as
`root` with the existing non-root checks.
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->
[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/docs/proposals/security-context-constraints.md?pixel)]()
<!-- END MUNGE: GENERATED_ANALYTICS -->

3
contributors/design-proposals/auth/runas-groupid.md
View File

@ -230,6 +230,3 @@ At a high level, the changes classify into:
- api/swagger-spec/
- api/openapi-spec/swagger.json
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->
[![AnalytIcs](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/docs/proposals/security-context-constraints.md?pixel)]()
<!-- END MUNGE: GENERATED_ANALYTICS -->

2
contributors/design-proposals/dir_struct.txt
View File

@ -129,8 +129,8 @@ Uncategorized
image-provenance.md
no-new-privs.md
pod-security-context.md
pod-security-policy.md
secrets.md
security-context-constraints.md
security.md
security_context.md
service_accounts.md

2
contributors/design-proposals/node/sysctl.md
View File

@ -561,7 +561,7 @@ During kubelet launch the given value is checked against the list of known names
#### Alternative 1: by name
A list of permissible sysctls is to be added to `pkg/apis/extensions/types.go` (compare [security-context-constraints](security-context-constraints.md)):
A list of permissible sysctls is to be added to `pkg/apis/extensions/types.go` (compare [pod-security-policy](pod-security-policy.md)):
```go
// PodSecurityPolicySpec defines the policy enforced.