bcb527b5be
Add LegacyServiceAccountTokenCleanUp feature to beta
2023-11-16 17:21:26 +00:00
42c9e4e20f
KEP-4193: bound service account token improvements
...
Signed-off-by: Monis Khan <mok@microsoft.com>
2023-11-16 08:48:59 -05:00
20e6cba5fe
Fix broken link in "Validating Admission Policy" page ( #43893 )
...
* Fix typo
* Fix typo
Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>
---------
Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>
2023-11-14 08:02:32 +01:00
fc92afd819
Remove the escape.
2023-10-30 16:38:15 +00:00
fba4f6cb2f
Removed outdated information for SA and Added the Note for Manually created Secret API objects. ( #43451 )
...
* Removed outdated information for SA and Added the Note for Manually created Secret API objects.
* Modified the Note.
* Simplified the Note.
2023-10-26 02:50:01 +02:00
01d9e07e27
Update admission-controllers.md
...
Sentence seems grammatically incorrect
2023-10-17 17:32:46 +01:00
84fd32d13c
Merge pull request #41682 from Shubham82/Add_subj_command_option
...
Add -subj Command Option.
2023-10-10 09:45:22 +02:00
318ff2e797
Clean up kubelet-tls-bootstrapping.md
2023-10-07 09:02:41 +08:00
29b1f8f482
Tweak line wrappings for the node authorization page
2023-10-02 17:11:14 +08:00
eaf599bd20
Remove oudated information about Node authorization
...
The content about v1.6-1.8 should be removed to avoid confusion.
2023-10-02 17:11:07 +08:00
f932a74483
fix description --oidc-issuer-url.md ( #42941 )
...
* fix description --oidc-issuer-url.md
https://accounts.google.com/ <= above
└─ .well-known/openid-configuration <= below
* Update authentication.md
Fixed the description of `--oidc-issuer-url`.
2023-09-27 16:22:38 -07:00
c64c7837c8
add CEL Playground link
2023-09-08 16:42:43 -03:00
e8b136c3b3
Use code_sample shortcode instead of code shortcode
2023-09-05 17:10:14 +08:00
60bf42a527
Update test cases for v1.28
...
This PR makes sure the manifests under `content/en/examples`
are valid in v1.28. The primary fixes are:
- Updated the go.mod/go.sum file for testing against v1.28.0 release.
- Revise test case code to ensure newly added manifests are tested;
- Adapt Pod validation options to upstream validation code change;
- Move a ValidatingWebhookConfiguration YAML back to inline because
the manifest cannot validate against the validator. The CA bundle
referenced is not a valid string (base64 encoded). That means the
YAML cannot be used/tested as is by users.
2023-08-18 09:03:30 +08:00
5755e4362a
Merge pull request #42060 from a-hilaly/beta-match-conditions
...
Graduate AdmissionWebhookMatchConditions to beta
2023-08-09 08:49:51 -07:00
20b43d6095
Merge branch 'main' into 'dev-1.28'
2023-08-09 11:13:31 +01:00
42078a08fb
Fix typos and add comments to the match conditions example
2023-08-09 09:38:48 +02:00
fe7759b734
ValidatingAdmissionPolicy: add docs for new per namespace policy params feature ( #42219 )
...
* document per namespace params
* switch examples to codenew, fixup some typos
* more formatting and codenew
* use codenew instead of code
* fixup headings
2023-08-08 13:35:52 -07:00
2218f3d573
Remove note stating that we need AdmissionWebhookMatchConditions to be enabled explicitely
2023-08-08 20:02:35 +02:00
4dfef3e53f
Document ValidatingAdmissionPolicy variable composition and namespaceObject ( #42220 )
...
* variable composition.
* mention namespaceObject.
* Apply suggestions from code review
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* separate commands from output.
* YAML comment.
* Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* no shell prompt.
* Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md
Co-authored-by: Joe Betz <jpbetz@google.com>
* Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md
Co-authored-by: Joe Betz <jpbetz@google.com>
---------
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Joe Betz <jpbetz@google.com>
2023-08-08 07:52:16 -07:00
e168005b37
Merge pull request #42270 from skrobul/validating-and-mutation-controllers
...
admission controllers: document types
2023-08-03 15:46:20 -07:00
68ba9633a2
Switch English to use code not codenew shortcode
2023-08-01 16:57:17 +08:00
f900debc63
admission controllers: put type information at top of section
...
Signed-off-by: Marek Skrobacki <skrobul@skrobul.com>
2023-07-28 18:02:02 +01:00
fce6bfc32f
admission controllers: document types
...
Signed-off-by: Marek Skrobacki <skrobul@skrobul.com>
2023-07-28 11:08:32 +01:00
9bac8cfc1a
Add note on max number of match condition elements a user can define per webhook
2023-07-25 19:54:51 +01:00
eb522c126f
Replace {{< codenew ... >}} with {{% codenew ... %}} in all English docs ( #42180 )
...
* Replaced {{< codenew ... >}} with {{% codenew ... %}} in all files
* Reverted changes in non-english localizations
2023-07-25 05:54:06 -07:00
f9c824917f
convert the `ValidatingWebhookConfiguration` example into a manifest using a codenew shortcode
2023-07-24 23:10:55 +01:00
5fa005a106
fix bullets in validating-admission-policy
2023-07-10 13:00:43 +08:00
e7cf1ca19b
Merge dev-1.28 into main
2023-07-04 19:21:49 -04:00
83bb609c1e
add authorization config documentation
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
2023-06-30 23:25:34 +05:30
0e7302f383
Merge pull request #41556 from Zhuzhenghao/cleanup/abac
...
cleanup page abac
2023-06-30 06:18:42 -07:00
4cb9a82b2a
Merge pull request #40166 from mtardy/scdeny-deprecation
...
Update scdeny plugin documentation for deprecation
2023-06-30 02:49:45 -07:00
c32b30f457
Update scdeny plugin documentation for deprecation
2023-06-30 10:52:50 +02:00
b47948af36
Merge pull request #41156 from dprotaso/patch-1
...
Update service-accounts-admin.md
2023-06-28 15:06:45 -07:00
1cb1390388
Merge pull request #41000 from zlabjp/fix-key-usage
...
Fix permitted key usages
2023-06-26 17:32:29 -07:00
d873f03e78
Add -subj Command Option.
2023-06-19 15:38:54 +05:30
b1e9fbe945
[zh] cleanup page abac
2023-06-18 11:46:28 +08:00
610b895266
Merge pull request #41308 from kubernetes/main
...
Sync `dev-1.28` branch with `main`
2023-05-29 23:01:44 -07:00
f023295351
Update content/en/docs/reference/access-authn-authz/service-accounts-admin.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-05-23 13:16:26 -04:00
5d6e0ca1bb
remove ericchiang from reviewers
2023-05-16 18:13:33 +00:00
7323fddca9
Merge branch 'merged-main-dev1.28' into dev-1.28
2023-05-16 02:39:25 -04:00
eb21c7af96
Update service-accounts-admin.md
2023-05-15 11:28:47 -04:00
edc769baa4
Merge pull request #39576 from sftim/20220108_improve_api_documentation_objects_part_1
...
Reorganize Working with Kubernetes Objects section
2023-05-10 18:39:09 -07:00
d384f118b2
Fix permitted key usages
2023-05-08 13:54:52 +09:00
7bdcd3da4c
Merge pull request #40968 from nnmin-aws/nnmin-dev
...
update certificate-signing-requests.md to reflect https://github.com/ …
2023-05-07 02:51:15 -07:00
35771026a1
update certificate-signing-requests.md to reflect https://github.com/kubernetes/kubernetes/pull/111660 introduced in 1.27
2023-05-05 13:15:39 -07:00
a413d89528
Merge pull request #40051 from EricFortin/patch-1
...
Small wording change
2023-05-05 02:51:12 -07:00
30841950a6
Apply suggestions from code review
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-05-04 22:25:45 +02:00
d2d1242815
KEP-3325: Promote SelfSubjectReview to GA
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2023-05-04 11:37:01 +02:00
6bf15f514b
Merge pull request #40692 from sftim/20230414_automatically_use_latest_patch_for_minor_version
...
Use release data to calculate latest patch version
2023-05-03 00:38:12 -07:00
f787489ec5
Merge pull request #40535 from aitorpazos/patch-1
...
Note on caBundle encoding in extensible-admission-controllers.md
2023-05-02 15:38:14 -07:00
50d7e85643
Migrate from fullVersion param to skew shortcode
...
Use {{< skew currentPatchVersion >}} to render the latest patch version
for the minor release being documented.
2023-05-02 23:25:30 +01:00
634c17f61c
Reorganize Working with Kubernetes Objects section
...
- move Understanding Kubernetes Objects to be section overview
- within the section, consistently link to the new (moved) page from the
first mention of “object”
- add a redirect
Co-authored-by: Divya Mohan <divya.mohan0209@gmail.com>
2023-04-29 21:39:42 +01:00
eb3e564a17
Fix the comma symbol
...
Some unknown symbol is being used currently.
2023-04-24 10:45:46 +03:00
ad7c0712c6
Fix examples test for 1.27
...
- Some examples are actually not good "examples", i.e. they are not
not ready for the users to try out.
- Some examples are failing the validation in their current format.
- Some examples skipped the test case.
These issues are fixed.
2023-04-16 17:26:12 +08:00
4a5436f42e
ClusterTrustBundles: Document service account impersonation
...
(Change message to retrigger tests)
2023-04-14 11:05:15 -07:00
2e403eba90
Merge pull request #40578 from sftim/20230409_cluster_trust_bundles
...
Document ClusterTrustBundles
2023-04-10 16:44:03 -05:00
9252eb08f5
Merge remote-tracking branch 'upstream/main' into dev-1.27
2023-04-10 12:20:33 -07:00
e95deae997
Update CSR page to encompass CSRs and trust bundles
...
Rather than mention trust bundles as a subtopic of certificate signing
requests, reshape the page so that:
- it's clear that CSRs are stable but ClusterTrustBundles are alpha
- the task for issuing a certificate to a user stands separately from
the concepts explained elsewhere in the page
- it's clear that signers are relevant to both CSRs and
ClusterTrustBundles
2023-04-09 18:51:27 +01:00
8377a675cd
ClusterTrustBundles: Add section to certificates page
...
Document the API types as they exist today, plus a hint of the future
integrations that will be available.
Co-Authored-By: Taahir Ahmed <taahm@google.com>
2023-04-09 17:27:18 +01:00
c1f4c5c4a2
Cleanup page rbac
2023-04-07 22:34:42 +08:00
cf20f82dbd
Note on caBundle encoding in extensible-admission-controllers.md
...
The note on caBundle field description mentions it is PEM encoded, but the actual field value is then encoded into Base64, which is worth mentioning.
2023-04-06 09:10:12 +00:00
31439e3d56
Merge branch 'upstream/main' into dev-1.27
2023-04-05 14:20:36 -05:00
3a3ae711d5
Cleanup page rbac
2023-04-05 22:36:28 +08:00
b1bd85a421
about apiGroups ( #40315 )
...
* about apiGroups
Look at the source code, apiGroups is an empty set and not all are allowed, you need to use * to be able to, if it is an empty set if the resource does not have apiGroups then it will not be accessible
Refer to:
https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/rbac/v1/evaluation_helpers.go#L85
https://github.com/kubernetes/api/blob/master/rbac/v1/types.go#L29
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
* Update rbac.md
* Update rbac.md
* Update content/en/docs/reference/access-authn-authz/rbac.md
the comma
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
* Update rbac.md
All changed
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
---------
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-04-04 22:01:38 -07:00
0d862b9afe
message expression and type checking.
2023-04-03 09:38:13 -07:00
cf37b594f2
KEP-3488 ValidatingAdmissionPolicy: Enforcement actions, audit annotations, and secondary authz ( #40098 )
...
* Document auditAnnotations, validationActions and authorizer
* Apply suggestions from code review
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Apply suggestions from code review
Co-authored-by: Tim Allclair <timallclair@gmail.com>
* Apply feedback
---------
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2023-04-03 08:55:52 -07:00
27460b23fa
AdmissionWebhookMatchConditions feature documentation ( #40058 )
...
* AdmissionWebhookMatchConditions feature documentation
* #squash ivelichkovich feedback
* #squash sftim feedback
* Correct statement about request.object
* #squash: sftim feedback
* #squash jpbetz feedback
* #squash: denied function removed
* #squash fix match conditions example
* #squash fix expression quoting
* #squash scope authorizatoin check example
* #squash separate RBAC webhook example
* #squash sftim feedback
* #squash add shared client config for example
* Don't use yaml anchors in example
2023-04-03 08:23:51 -07:00
4d58ea4165
Update service-accounts-admin.md
...
Fix internal links in service-accounts-admin docs
2023-04-01 13:23:50 +05:30
2da2c6c277
Merge pull request #40407 from mickeyboxell/merged-main-dev-1.27
...
Merged main dev 1.27
2023-03-31 21:49:49 -07:00
b0978a248e
Fix ServiceAccount admission controller link
...
Fix ServiceAccount admission controller link
2023-03-31 05:55:01 +05:30
b842957cf3
Merge pull request #39794 from nabokihms/ssr-beta
...
KEP-3325: Promote SelfSubjectReview to Beta
2023-03-30 11:39:49 -07:00
a15fa4ae31
Merge remote-tracking branch 'upstream/main' into dev-1.27
2023-03-29 15:54:33 -05:00
669f695ccb
Remove some duplicates in content/en/docs/reference/access-authn-authz/service-accounts-admin.md
...
Signed-off-by: liulijin <253954033@qq.com>
2023-03-23 09:25:21 +08:00
350ce035a5
Fix previous virables in exampes
2023-03-22 20:23:48 +00:00
457c26b997
Adding MatchConditions into ValidatingAdmissionPolicy
2023-03-22 20:23:48 +00:00
9e75d92cd9
Small wording change
2023-03-16 11:54:39 -04:00
bb14c6db8d
Promote SelfSubjectReview to Beta
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2023-03-12 15:09:39 +01:00
58455c59e9
Remove duplicate "the" in admission-controllers.md
...
Signed-off-by: Guangwen Feng <fenggw-fnst@fujitsu.com>
2023-03-03 16:27:25 +08:00
3fc2fa9853
Merge pull request #39142 from tengqm/cleanup-redirects-1
...
Remove redirect entries for docs/admin/... pages
2023-02-22 08:43:57 -08:00
ee4b88ed37
Merge pull request #37733 from sftim/20221105_update_docs_podsecuritypolicy_removal
...
Update documentation for PodSecurityPolicy removal
2023-02-14 12:55:51 -08:00
68b19b6f00
Specify that subresources excluded from mutating webhook example
2023-02-06 22:33:00 +00:00
c809bcc796
Merge pull request #39180 from Zhuzhenghao/certificate-signing-requests
...
Make layout prettier in certificate-signing-requests.md
2023-01-30 22:14:48 -08:00
80561f67b1
Make layout prettier in certificate-signing-requests.md
2023-01-31 13:45:44 +08:00
4164430555
Add spaces in code snippets for consistency
2023-01-30 18:15:06 +08:00
6c701a7d96
Update doc of admission plugin SecurityContextDeny
...
Note the shortcomings of the implementation of this admission plugin
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-01-29 17:27:12 +01:00
9a727efab8
Remove redirect entries for docs/admin/... pages
2023-01-29 19:56:56 +08:00
bb85d62752
Update docs for PodSecurityPolicy removal
2023-01-24 22:24:09 +00:00
4ec6fbac55
Fix errors on `ValidatingAdmissionPolicyBindings` for the CEL for Admission Control blog & doc ( #38893 )
...
* Fix errors on ValidatingAdmissionPolicyBindings for the CEL for Admission Control blog
* Fix namespaceSelector error
* Fix namespaceSelector errors
2023-01-12 08:38:54 -08:00
e97c98b27f
Merge pull request #38428 from AverageMarcus/patch-1
...
Fix typo in SA admission controller steps
2023-01-03 17:19:58 -08:00
37955a816b
Reformat the validating-admission-policy reference page
...
This commit wraps the long lines found in the
validating-admission-policy reference page.
2022-12-31 07:44:49 +08:00
3362aa9701
Add admission.k8s.io/v1 API and fix references to it
...
The `admission.k8s.io/v1` API group is not generated into the v2/v3 OpenAPI
specification as part of Kubernetes API because it is not officially "served".
However, the structs in the API group are used in other APIs that are user-facing.
This PR addes the reference API and fixes references to it.
2022-12-31 07:44:41 +08:00
912c306be4
Fixing Spec -> spec and paramsRef -> paramRef
...
Fixing Spec -> spec and paramsRef -> paramRef
2022-12-23 18:25:22 +05:30
b590431f4e
Updated the wrong format
2022-12-20 01:24:49 +05:30
f1405f274a
Merge pull request #38497 from samos123/fix-38495-validation-admission-policy
...
Fix 38495 incorrect ValidationAdmissionPolicyBindings
2022-12-16 20:51:41 -08:00
f9e113fb86
Merge pull request #38353 from SergeyKanzhelev/RotateKubeletClientCertificateIsGA
...
fix documentation for RotateKubeletClientCertificate
2022-12-16 07:18:17 -08:00
088649ec4f
Fix incorrect ValidationAdmissionPolicyBindings
2022-12-15 10:00:55 -08:00
2b5dab08f1
Fix typo in SA admission controller steps
2022-12-12 15:11:43 +00:00
ab4812140f
fix documentation for RotateKubeletClientCertificate
2022-12-09 18:24:04 +00:00
8f9446f87d
Merge branch 'main' into dev-1.26
2022-12-03 21:36:34 +00:00
50246c291b
Merge pull request #37770 from cici37/celDoc
...
Documentation for CEL in Admission Control
2022-12-01 16:33:53 -08:00
98d41f24ef
Address comments
2022-11-30 16:47:27 +00:00
4dc90ef731
Add doc for ValidatingAdmissionPolicy
2022-11-30 06:35:18 +00:00
cec61c1754
Merge pull request #38052 from krol3/merged-main-dev-1.26
...
Merge main branch into dev-1.26
2022-11-29 11:59:09 -08:00
9b4b8831ca
Merge pull request #38010 from Shubham82/Add_shell
...
Append triple backticks with shell for code snippet
2022-11-28 19:37:22 -08:00
f306471950
Merge pull request #35385 from nabokihms/patch-2
...
Add doc about how to get self subject attributes
2022-11-28 00:58:07 -08:00
cb9dc5a4ac
Update content/en/docs/reference/access-authn-authz/authentication.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2022-11-27 22:31:16 +01:00
35c3321b02
feat: Add caution note about rules field override in aggregated clusterroles
2022-11-25 16:24:13 +02:00
e100cf80c4
Added shell for code snippet.
2022-11-25 16:56:50 +05:30
707d3699ad
Append triple backticks with shell for code snippet
2022-11-22 13:37:49 +05:30
63008ca41a
Fix indentation and typos in kubelet-tls-bootstrapping.md
2022-11-21 07:40:54 +08:00
ed983897ff
Fix typos in /service-accounts-admin.md
2022-11-11 20:38:13 +08:00
5d61921a11
Apply suggestions from code review
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2022-11-10 12:53:21 +01:00
0a5e274a42
Add doc about how to get self subject attributes
...
Documentation for https://github.com/kubernetes/enhancements/issues/3325
2022-11-10 12:52:53 +01:00
f3248058fd
Merge pull request #33654 from sftim/20190601_task_configure_service_account_reword
...
Reword tasks relating to ServiceAccounts
2022-11-09 13:50:56 -08:00
6a3598661d
Merge pull request #37734 from sftim/20221105_tweak_admission_controllers_reference
...
Tweak reference for admission controllers
2022-11-06 02:02:15 -08:00
f348002c26
Tweak reference for admission controllers
...
- Improve page title
- Update page to match style guide
- Wording and correctness tweaks
2022-11-06 08:14:58 +00:00
98f310ab58
Updates page weights in reference docs section
...
Some of these pages are autogenerated, but not all. This PR updates the pages that are not autogenerated within the docs/en/reference section
2022-11-04 11:37:59 -04:00
f24c201017
Update content/en/docs/reference/access-authn-authz
2022-10-24 13:47:22 -04:00
a4629cd19b
Update ServiceAccount tasks in light of TokenRequest
...
Now that TokenRequest is the default way to get a service account token
for a Pod, update the task pages that relate to this.
2022-10-22 02:56:43 +01:00
f9db6ae934
Reword “Managing Service Accounts” task
2022-10-22 02:56:42 +01:00
bed6565a22
Merge pull request #37363 from T-Lakshmi/add-link-RFC7468
...
Added Hyperlink to RFC7468
2022-10-20 08:15:02 -07:00
4e6140bf04
Added Hyperlink to RFC7468
2022-10-18 17:06:55 +05:30
1eef742465
Favor EndpointSlice over Endpoints
...
Document EndpointSlice as the preferred and most appropriate mechanism
to record the backing endpoints of a Service.
Co-authored-by: Rob Scott <rob.scott87@gmail.com>
Co-authored-by: Shannon Kularathna <ax3shannonkularathna@gmail.com>
2022-10-11 12:38:39 +01:00
d772e76af9
Merge pull request #36709 from gaeljw/patch-1
...
docs: update OIDC documentation to mention the signing algorithms configuration
2022-09-30 06:58:29 -07:00
523b0f89b4
Fix the feature state of PodSecurity
2022-09-19 09:00:29 +08:00
ce1dbcbdfa
Merge pull request #36538 from gengwg/main
...
kube-proxy is part of the Kubernetes node components
2022-09-14 09:41:00 -07:00
d057687f6f
Merge pull request #36660 from liggitt/scrape-secrets
...
Update service account token documentation
2022-09-10 16:31:23 -07:00
699ed970ae
docs: update OIDC documentation to mention the signing algorithms configuration
2022-09-09 17:34:17 +02:00
79f26d5922
Update service account token documentation
...
* Make example service account output match 1.24+ output with auto-generated tokens omitted
* Prefer `kubectl create token` as token creation mechanism
2022-09-07 16:00:27 -04:00
e8b9538785
Merge pull request #36043 from tomkivlin/tomkivlin/issue28580
...
Mention wildcard for RBAC resources and names
2022-09-07 09:24:37 -07:00
3de5a3768b
kube-proxy is part of the Kubernetes node components
...
kube-proxy is part of the Kubernetes node components not control plane. I think it's a typo.
ref: https://kubernetes.io/docs/concepts/overview/components/#node-components
2022-09-02 11:53:57 -07:00
9acf28fce9
fix note typo
2022-08-31 17:58:31 +08:00
468442d294
Wrap long lines where appropriate
2022-08-25 16:10:39 +08:00
93abc44b8b
Fix service accounts admin page
...
This PR removes some outdated texts that are confusing today.
2022-08-25 16:04:29 +08:00
9401ab7fb3
Merge pull request #36160 from windsonsea/gracheck
...
Fix typos on /access-authn-authz
2022-08-24 11:55:49 -07:00
61a5b7b69d
Fix typos on /access-authn-authz
2022-08-22 20:10:58 +08:00
9ec115bbdb
Mention wildcard for RBAC resources and names
...
Signed-off-by: Tom Kivlin <tom.kivlin@vodafone.com>
added link to best practice doc
update from sftim comments
update from liggitt comments
Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
update from liggitt comment
2022-08-19 08:06:42 +00:00
6810fa976d
Merge remote-tracking branch 'upstream/main' into dev-1.25
2022-08-18 15:58:41 -03:00
0bd89d2c24
Merge pull request #36018 from tengqm/improve-admission-controllers
...
Update admission controllers page
2022-08-17 16:14:47 -07:00
96dd915152
Update admission controllers page
...
This PR updates the admission controllers page by:
- removing two plugins which have been removed since 1.18
- removing text about ancient history
- removing shortcode about plugins that graduated into GA a long time ago;
2022-08-16 22:33:37 +08:00
b167938367
Scrub PSP docs for 1.25
2022-08-15 21:09:41 -04:00
a472b72c33
remove insecure port option
2022-08-13 09:52:02 +05:30
4747731407
Fix --service-account-key-file description
...
--service-account-key-file flag to the kube-api-server is used to verify ServiceAccount tokens (and not to sign them).
--service-account-signing-key-file is the kube-api-server flag that's used to sign ServiceAccount tokens (short-lived ones).
--service-account-private-key-file is the kube-controller-manager flag that's used to sign ServiceAccount tokens (long-lived ones).
2022-08-02 00:37:09 -07:00
e2cda2eec3
Merge pull request #34716 from dmarinere/patch-1
...
added access to the statements explaining cluster role
2022-07-16 07:56:53 -07:00
7b4293b4fa
Batch fix links (5)
2022-07-11 13:54:18 +08:00
38ccc3383d
Merge pull request #34740 from tengqm/improve-admission-controllers
...
Tweak extensible admission controllers page
2022-07-10 18:11:47 -07:00
2f0d4a5d88
Clarify that list, get and watch can return data
...
The `get`, `list` and `watch` verbs can all be used to retrieve the full details of a resource. It is not an uncommon assumption amongst users that they return different data (e.g. that `list` only returns the names of resources; when it can return the full object).
This adds a caution block to highlight this potential gotcha.
2022-07-08 11:13:23 +01:00
a6ec7d8017
Tweak extensible admission controllers page
...
This PR removes outdated information about `admissionregistration.v1beta1` API groups
which are no longer supported in 1.24. Additional notes are added to
avoid confusion when parsing the examples.
2022-07-01 00:33:57 +08:00
c14bcdde98
added access to the statements
...
I added access to the statement explaining cluster role permissions in this document to make it clearer.
2022-06-30 03:50:31 +01:00
tinatingyu
Monis Khan
steve-hardman
Cici Huang
Shubham
Tony Gorman
Kubernetes Prow Robot
Michael
Qiming Teng
nnlkcncff
Matheus Moraes
Mengjiao Liu
Tim Bannister
Amine
Alex Zielenski
Jiahui Feng
Marek Skrobacki
Andrey Goran
Rishit Dagli
Nabarun Pal
mtardy
zhenghao.zhu
Dave Protasowski
Eric Chiang
Tomoya Usami
Min Ni
Maksim Nabokikh
m.nabokikh
Ismail Alidzhikov
Taahir Ahmed
Mickey Boxell
Aitor
zmquan
Joe Betz
Tim Allclair
samitks
liulijin
Eric Fortin
Guangwen Feng
Richard Tweed
Mathieu Benoit
Saloni1814
Yash Pimple
Sam Stoelinga
Marcus Noble
Sergey Kanzhelev
Sergey Shevchenko
Michael
Abigail McCarthy
lakshmi prasuna
houjun
Gaël Jourdan-Weil
Jordan Liggitt
W Geng
whitebear009
Tom Kivlin
carolina valencia
Meha Bhalodiya
Rohit Agarwal
Sam Cook
Osuolale Emmanuel