56d3c640f8
Merge pull request #46809 from hacktivist123/merged-main-dev-1.31
...
Merged main dev 1.31
2024-06-13 22:43:26 -07:00
c05e239c86
Merge pull request #44643 from T-Lakshmi/rbac
...
Reworded 'beyond discovery permissions' wording in "Using RBAC Authorization" page
2024-06-11 09:48:44 -07:00
d989445929
resolved conflict as discussed, accepted current change with CRICTL_VERSION=v1.31.0
2024-06-03 18:26:28 -04:00
ea91c4b588
clean up access-authn-authz/authentication.md
2024-05-26 21:05:31 +08:00
e941a6ab1d
Merge main into dev-1.31 to keep in sync
2024-05-22 16:16:00 +01:00
8201801a97
Fixing heading in authorization.md
...
Signed-off-by: vijaynag-bs <vijaynag.bs@gmail.com>
2024-05-12 14:28:59 +05:30
8c773b2e31
update PersistentVolumeLabel admission plugin
2024-05-10 11:40:49 +08:00
8a122ff9ca
Fix page title
...
Omit “Overview” to match the authentication topic.
2024-04-23 01:42:43 +01:00
5fdccf9f2f
Revise advice about authz modes
2024-04-23 01:42:42 +01:00
f833f4f671
Revise authz page
...
Improve how we explain authz, and remove some existing duplication.
Co-Authored-By: Rita Zhang <rita.z.zhang@gmail.com>
2024-04-23 01:42:20 +01:00
9f327512c6
Reorder authn/authz pages
...
Group topics together, in order of how these happen within Kubernetes'
API server's processing chain (authn, then authz, then admission
control).
2024-04-23 01:42:18 +01:00
37b0b3ed72
Merge remote-tracking branch 'upstream/main' into dev-1.30
2024-04-10 23:04:57 +05:30
ba458ace13
Add certificateAuthority in structured authn docs
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2024-04-09 14:31:37 -07:00
cdf1ed1236
Merge remote-tracking branch 'upstream/main' into dev-1.30
...
Merge main into dev-1.30 to keep in sync
2024-04-02 10:05:03 -04:00
00d526659e
Make KEP-4193 documentation updates ( #45292 )
...
* KEP-4193: beta documentation updates
* Apply suggestions from code review
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
* Apply suggestions from code review
Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>
* include example JTI and node-name/uid output
* Update service-accounts-admin.md
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
---------
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>
2024-03-26 13:45:05 -07:00
3ef1d0bb84
Fix docs for authentication: s/errors/error
2024-03-24 09:56:05 -07:00
864ac8bec6
Merge pull request #45108 from aramase/aramase/d/kep_3331_beta_docs
...
Add docs for Structured Authn beta
2024-03-24 03:08:39 -07:00
c4e3177ff3
Add feature gate metadata for structured authz config
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2024-03-19 14:02:50 -07:00
b35e434193
Add docs for Structured Authn beta
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2024-03-19 13:51:32 -07:00
c889d9b251
Add metadata to use mechanism for API reference links
2024-03-14 14:50:24 +00:00
0f8e1fadea
Merge pull request #45249 from cici37/3488
...
[KEP-3488]Promoting ValidatingAdmissionPolicy to GA
2024-03-12 17:05:49 -07:00
b8514fcb5e
Merge pull request #45138 from ritazh/kep_3221_beta_docs
...
Add docs for Structured Authz beta
2024-03-12 10:59:04 -07:00
4bffa3c7fa
Mark feature AdmissionWebhookMatchConditions to stable in 1.30
2024-03-12 10:14:31 -07:00
0fc8d236e0
Promote ValidatingAdmissionPolicy to GA
2024-03-11 22:48:54 +00:00
a556984b94
Add docs for Structured Authz beta
...
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-03-11 08:27:41 -07:00
a66d974f1a
Improve
2024-03-08 00:49:02 +05:45
e1465e035a
Merge remote-tracking branch 'upstream/main' into dev-1.30
2024-02-20 11:46:04 +01:00
e4731338d3
Switch some feature-state shortcodes to be data driven
...
When the feature gates graduate (or get deprecated), the associated
shortcode will update automatically.
Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>
2024-02-16 12:49:31 +00:00
ca4dc02375
Remove the SecurityContextDeny admission plugin documentation
2024-02-14 16:39:37 +01:00
121d47db90
Update authentication.md
...
Azure Active Directory is now Microsoft Entra ID.
Changing for the sake of correctness.
2024-01-19 01:06:19 +05:30
2167f9075c
rephrase the content
2024-01-05 15:35:55 +05:30
bcc55ae7c9
fix outdated link/anchor
...
Signed-off-by: hunshcn <hunsh.cn@gmail.com>
2024-01-03 15:00:11 +08:00
d536e46dbd
fix typos
2023-12-24 21:00:53 -05:00
fcfeeac989
fix value in structured authn config example
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-12-13 21:43:11 +00:00
deaf1b920a
Merge remote-tracking branch 'upstream/main' into dev-1.29
2023-11-29 15:33:49 -06:00
c0a72d25d8
added doc for setting up cloud provider kubectl auth via plugin
...
Signed-off-by: GitHub <noreply@github.com>
2023-11-29 13:26:04 +00:00
7c2f5c4583
Merge pull request #43397 from aramase/aramase/d/kep_3331_v1alpha1_docs_v1.29
...
add docs for StructuredAuthenticationConfig v1alpha1
2023-11-28 09:47:41 +01:00
74caa0daaa
review feedback
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-11-27 20:03:23 +00:00
123973c2e8
Merge pull request #41892 from palnabarun/authz-config-docs
...
Add docs for Authorization Configuration
2023-11-27 13:59:40 +01:00
21ac70ee24
Wrap markdown text
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
2023-11-27 16:16:40 +05:30
03e2976d90
Add more context to downgrade example
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
2023-11-24 12:03:35 +05:30
2d9fbc1c7e
Merge remote-tracking branch 'upstream/main' into dev-1.29
2023-11-22 22:07:26 +00:00
421821d5fa
Merge pull request #43563 from yt2985/dev-1.29
...
Add LegacyServiceAccountTokenCleanUp feature in beta
2023-11-22 18:47:18 +01:00
10568634b5
Update from code review
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
2023-11-22 10:22:33 +05:30
01e6f317e3
add docs for StructuredAuthenticationConfig v1alpha1
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-11-21 19:28:05 +00:00
6dd3091e55
ClusterTrustBundles: Document projected volumes
2023-11-21 09:22:39 -08:00
244c6353bd
Improve documentation for `kubernetes.io/enforce-mountable-secrets` annotation on `ServiceAccount`
2023-11-22 00:46:34 +09:00
5627db2720
add documentation for AuthorizationConfiguration
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
2023-11-20 08:58:49 +05:30
f893a19ee6
Resolved merge conflict when merging main into dev-1.29 branch
2023-11-19 16:02:40 +01:00
676f862137
Clean up /access-authn-authz/authentication.md
2023-11-17 21:32:04 +08:00
bcb527b5be
Add LegacyServiceAccountTokenCleanUp feature to beta
2023-11-16 17:21:26 +00:00
42c9e4e20f
KEP-4193: bound service account token improvements
...
Signed-off-by: Monis Khan <mok@microsoft.com>
2023-11-16 08:48:59 -05:00
20e6cba5fe
Fix broken link in "Validating Admission Policy" page ( #43893 )
...
* Fix typo
* Fix typo
Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>
---------
Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>
2023-11-14 08:02:32 +01:00
fc92afd819
Remove the escape.
2023-10-30 16:38:15 +00:00
fba4f6cb2f
Removed outdated information for SA and Added the Note for Manually created Secret API objects. ( #43451 )
...
* Removed outdated information for SA and Added the Note for Manually created Secret API objects.
* Modified the Note.
* Simplified the Note.
2023-10-26 02:50:01 +02:00
01d9e07e27
Update admission-controllers.md
...
Sentence seems grammatically incorrect
2023-10-17 17:32:46 +01:00
84fd32d13c
Merge pull request #41682 from Shubham82/Add_subj_command_option
...
Add -subj Command Option.
2023-10-10 09:45:22 +02:00
318ff2e797
Clean up kubelet-tls-bootstrapping.md
2023-10-07 09:02:41 +08:00
29b1f8f482
Tweak line wrappings for the node authorization page
2023-10-02 17:11:14 +08:00
eaf599bd20
Remove oudated information about Node authorization
...
The content about v1.6-1.8 should be removed to avoid confusion.
2023-10-02 17:11:07 +08:00
f932a74483
fix description --oidc-issuer-url.md ( #42941 )
...
* fix description --oidc-issuer-url.md
https://accounts.google.com/ <= above
└─ .well-known/openid-configuration <= below
* Update authentication.md
Fixed the description of `--oidc-issuer-url`.
2023-09-27 16:22:38 -07:00
c64c7837c8
add CEL Playground link
2023-09-08 16:42:43 -03:00
e8b136c3b3
Use code_sample shortcode instead of code shortcode
2023-09-05 17:10:14 +08:00
60bf42a527
Update test cases for v1.28
...
This PR makes sure the manifests under `content/en/examples`
are valid in v1.28. The primary fixes are:
- Updated the go.mod/go.sum file for testing against v1.28.0 release.
- Revise test case code to ensure newly added manifests are tested;
- Adapt Pod validation options to upstream validation code change;
- Move a ValidatingWebhookConfiguration YAML back to inline because
the manifest cannot validate against the validator. The CA bundle
referenced is not a valid string (base64 encoded). That means the
YAML cannot be used/tested as is by users.
2023-08-18 09:03:30 +08:00
5755e4362a
Merge pull request #42060 from a-hilaly/beta-match-conditions
...
Graduate AdmissionWebhookMatchConditions to beta
2023-08-09 08:49:51 -07:00
20b43d6095
Merge branch 'main' into 'dev-1.28'
2023-08-09 11:13:31 +01:00
42078a08fb
Fix typos and add comments to the match conditions example
2023-08-09 09:38:48 +02:00
fe7759b734
ValidatingAdmissionPolicy: add docs for new per namespace policy params feature ( #42219 )
...
* document per namespace params
* switch examples to codenew, fixup some typos
* more formatting and codenew
* use codenew instead of code
* fixup headings
2023-08-08 13:35:52 -07:00
2218f3d573
Remove note stating that we need AdmissionWebhookMatchConditions to be enabled explicitely
2023-08-08 20:02:35 +02:00
4dfef3e53f
Document ValidatingAdmissionPolicy variable composition and namespaceObject ( #42220 )
...
* variable composition.
* mention namespaceObject.
* Apply suggestions from code review
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* separate commands from output.
* YAML comment.
* Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* no shell prompt.
* Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md
Co-authored-by: Joe Betz <jpbetz@google.com>
* Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md
Co-authored-by: Joe Betz <jpbetz@google.com>
---------
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Joe Betz <jpbetz@google.com>
2023-08-08 07:52:16 -07:00
e168005b37
Merge pull request #42270 from skrobul/validating-and-mutation-controllers
...
admission controllers: document types
2023-08-03 15:46:20 -07:00
68ba9633a2
Switch English to use code not codenew shortcode
2023-08-01 16:57:17 +08:00
f900debc63
admission controllers: put type information at top of section
...
Signed-off-by: Marek Skrobacki <skrobul@skrobul.com>
2023-07-28 18:02:02 +01:00
fce6bfc32f
admission controllers: document types
...
Signed-off-by: Marek Skrobacki <skrobul@skrobul.com>
2023-07-28 11:08:32 +01:00
9bac8cfc1a
Add note on max number of match condition elements a user can define per webhook
2023-07-25 19:54:51 +01:00
eb522c126f
Replace {{< codenew ... >}} with {{% codenew ... %}} in all English docs ( #42180 )
...
* Replaced {{< codenew ... >}} with {{% codenew ... %}} in all files
* Reverted changes in non-english localizations
2023-07-25 05:54:06 -07:00
f9c824917f
convert the `ValidatingWebhookConfiguration` example into a manifest using a codenew shortcode
2023-07-24 23:10:55 +01:00
5fa005a106
fix bullets in validating-admission-policy
2023-07-10 13:00:43 +08:00
e7cf1ca19b
Merge dev-1.28 into main
2023-07-04 19:21:49 -04:00
83bb609c1e
add authorization config documentation
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
2023-06-30 23:25:34 +05:30
0e7302f383
Merge pull request #41556 from Zhuzhenghao/cleanup/abac
...
cleanup page abac
2023-06-30 06:18:42 -07:00
4cb9a82b2a
Merge pull request #40166 from mtardy/scdeny-deprecation
...
Update scdeny plugin documentation for deprecation
2023-06-30 02:49:45 -07:00
c32b30f457
Update scdeny plugin documentation for deprecation
2023-06-30 10:52:50 +02:00
b47948af36
Merge pull request #41156 from dprotaso/patch-1
...
Update service-accounts-admin.md
2023-06-28 15:06:45 -07:00
1cb1390388
Merge pull request #41000 from zlabjp/fix-key-usage
...
Fix permitted key usages
2023-06-26 17:32:29 -07:00
d873f03e78
Add -subj Command Option.
2023-06-19 15:38:54 +05:30
b1e9fbe945
[zh] cleanup page abac
2023-06-18 11:46:28 +08:00
610b895266
Merge pull request #41308 from kubernetes/main
...
Sync `dev-1.28` branch with `main`
2023-05-29 23:01:44 -07:00
f023295351
Update content/en/docs/reference/access-authn-authz/service-accounts-admin.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-05-23 13:16:26 -04:00
5d6e0ca1bb
remove ericchiang from reviewers
2023-05-16 18:13:33 +00:00
7323fddca9
Merge branch 'merged-main-dev1.28' into dev-1.28
2023-05-16 02:39:25 -04:00
eb21c7af96
Update service-accounts-admin.md
2023-05-15 11:28:47 -04:00
edc769baa4
Merge pull request #39576 from sftim/20220108_improve_api_documentation_objects_part_1
...
Reorganize Working with Kubernetes Objects section
2023-05-10 18:39:09 -07:00
d384f118b2
Fix permitted key usages
2023-05-08 13:54:52 +09:00
7bdcd3da4c
Merge pull request #40968 from nnmin-aws/nnmin-dev
...
update certificate-signing-requests.md to reflect https://github.com/ …
2023-05-07 02:51:15 -07:00
35771026a1
update certificate-signing-requests.md to reflect https://github.com/kubernetes/kubernetes/pull/111660 introduced in 1.27
2023-05-05 13:15:39 -07:00
a413d89528
Merge pull request #40051 from EricFortin/patch-1
...
Small wording change
2023-05-05 02:51:12 -07:00
30841950a6
Apply suggestions from code review
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-05-04 22:25:45 +02:00
d2d1242815
KEP-3325: Promote SelfSubjectReview to GA
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2023-05-04 11:37:01 +02:00
6bf15f514b
Merge pull request #40692 from sftim/20230414_automatically_use_latest_patch_for_minor_version
...
Use release data to calculate latest patch version
2023-05-03 00:38:12 -07:00
Kubernetes Prow Robot
Daniel Chan
Michael
Oluebube Princes Egbuna
vijaynag-bs
carlory
Tim Bannister
Rita Zhang
Vyom-Yadav
Anish Ramasekar
James Munnelly
Dipesh Rawat
Igor Velichkovich
cici37
Puru
mtardy
Saketh Kalaga
lakshmi
hunshcn
Takashiidobe
drewhagen
Suruchi Kumari
Kubernetes Prow Robot
Nabarun Pal
Kat Cosgrove
Taahir Ahmed
chansuke
tinatingyu
Monis Khan
steve-hardman
Shubham
Tony Gorman
Qiming Teng
nnlkcncff
Matheus Moraes
Mengjiao Liu
Amine
Alex Zielenski
Jiahui Feng
Marek Skrobacki
Andrey Goran
Rishit Dagli
zhenghao.zhu
Dave Protasowski
Eric Chiang
Tomoya Usami
Min Ni
Maksim Nabokikh
m.nabokikh