f787489ec5
Merge pull request #40535 from aitorpazos/patch-1
...
Note on caBundle encoding in extensible-admission-controllers.md
2023-05-02 15:38:14 -07:00
50d7e85643
Migrate from fullVersion param to skew shortcode
...
Use {{< skew currentPatchVersion >}} to render the latest patch version
for the minor release being documented.
2023-05-02 23:25:30 +01:00
634c17f61c
Reorganize Working with Kubernetes Objects section
...
- move Understanding Kubernetes Objects to be section overview
- within the section, consistently link to the new (moved) page from the
first mention of “object”
- add a redirect
Co-authored-by: Divya Mohan <divya.mohan0209@gmail.com>
2023-04-29 21:39:42 +01:00
eb3e564a17
Fix the comma symbol
...
Some unknown symbol is being used currently.
2023-04-24 10:45:46 +03:00
ad7c0712c6
Fix examples test for 1.27
...
- Some examples are actually not good "examples", i.e. they are not
not ready for the users to try out.
- Some examples are failing the validation in their current format.
- Some examples skipped the test case.
These issues are fixed.
2023-04-16 17:26:12 +08:00
4a5436f42e
ClusterTrustBundles: Document service account impersonation
...
(Change message to retrigger tests)
2023-04-14 11:05:15 -07:00
2e403eba90
Merge pull request #40578 from sftim/20230409_cluster_trust_bundles
...
Document ClusterTrustBundles
2023-04-10 16:44:03 -05:00
9252eb08f5
Merge remote-tracking branch 'upstream/main' into dev-1.27
2023-04-10 12:20:33 -07:00
e95deae997
Update CSR page to encompass CSRs and trust bundles
...
Rather than mention trust bundles as a subtopic of certificate signing
requests, reshape the page so that:
- it's clear that CSRs are stable but ClusterTrustBundles are alpha
- the task for issuing a certificate to a user stands separately from
the concepts explained elsewhere in the page
- it's clear that signers are relevant to both CSRs and
ClusterTrustBundles
2023-04-09 18:51:27 +01:00
8377a675cd
ClusterTrustBundles: Add section to certificates page
...
Document the API types as they exist today, plus a hint of the future
integrations that will be available.
Co-Authored-By: Taahir Ahmed <taahm@google.com>
2023-04-09 17:27:18 +01:00
c1f4c5c4a2
Cleanup page rbac
2023-04-07 22:34:42 +08:00
cf20f82dbd
Note on caBundle encoding in extensible-admission-controllers.md
...
The note on caBundle field description mentions it is PEM encoded, but the actual field value is then encoded into Base64, which is worth mentioning.
2023-04-06 09:10:12 +00:00
31439e3d56
Merge branch 'upstream/main' into dev-1.27
2023-04-05 14:20:36 -05:00
3a3ae711d5
Cleanup page rbac
2023-04-05 22:36:28 +08:00
b1bd85a421
about apiGroups ( #40315 )
...
* about apiGroups
Look at the source code, apiGroups is an empty set and not all are allowed, you need to use * to be able to, if it is an empty set if the resource does not have apiGroups then it will not be accessible
Refer to:
https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/rbac/v1/evaluation_helpers.go#L85
https://github.com/kubernetes/api/blob/master/rbac/v1/types.go#L29
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
* Update rbac.md
* Update rbac.md
* Update content/en/docs/reference/access-authn-authz/rbac.md
the comma
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
* Update rbac.md
All changed
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
---------
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-04-04 22:01:38 -07:00
0d862b9afe
message expression and type checking.
2023-04-03 09:38:13 -07:00
cf37b594f2
KEP-3488 ValidatingAdmissionPolicy: Enforcement actions, audit annotations, and secondary authz ( #40098 )
...
* Document auditAnnotations, validationActions and authorizer
* Apply suggestions from code review
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Apply suggestions from code review
Co-authored-by: Tim Allclair <timallclair@gmail.com>
* Apply feedback
---------
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2023-04-03 08:55:52 -07:00
27460b23fa
AdmissionWebhookMatchConditions feature documentation ( #40058 )
...
* AdmissionWebhookMatchConditions feature documentation
* #squash ivelichkovich feedback
* #squash sftim feedback
* Correct statement about request.object
* #squash: sftim feedback
* #squash jpbetz feedback
* #squash: denied function removed
* #squash fix match conditions example
* #squash fix expression quoting
* #squash scope authorizatoin check example
* #squash separate RBAC webhook example
* #squash sftim feedback
* #squash add shared client config for example
* Don't use yaml anchors in example
2023-04-03 08:23:51 -07:00
4d58ea4165
Update service-accounts-admin.md
...
Fix internal links in service-accounts-admin docs
2023-04-01 13:23:50 +05:30
2da2c6c277
Merge pull request #40407 from mickeyboxell/merged-main-dev-1.27
...
Merged main dev 1.27
2023-03-31 21:49:49 -07:00
b0978a248e
Fix ServiceAccount admission controller link
...
Fix ServiceAccount admission controller link
2023-03-31 05:55:01 +05:30
b842957cf3
Merge pull request #39794 from nabokihms/ssr-beta
...
KEP-3325: Promote SelfSubjectReview to Beta
2023-03-30 11:39:49 -07:00
a15fa4ae31
Merge remote-tracking branch 'upstream/main' into dev-1.27
2023-03-29 15:54:33 -05:00
669f695ccb
Remove some duplicates in content/en/docs/reference/access-authn-authz/service-accounts-admin.md
...
Signed-off-by: liulijin <253954033@qq.com>
2023-03-23 09:25:21 +08:00
350ce035a5
Fix previous virables in exampes
2023-03-22 20:23:48 +00:00
457c26b997
Adding MatchConditions into ValidatingAdmissionPolicy
2023-03-22 20:23:48 +00:00
9e75d92cd9
Small wording change
2023-03-16 11:54:39 -04:00
bb14c6db8d
Promote SelfSubjectReview to Beta
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2023-03-12 15:09:39 +01:00
58455c59e9
Remove duplicate "the" in admission-controllers.md
...
Signed-off-by: Guangwen Feng <fenggw-fnst@fujitsu.com>
2023-03-03 16:27:25 +08:00
3fc2fa9853
Merge pull request #39142 from tengqm/cleanup-redirects-1
...
Remove redirect entries for docs/admin/... pages
2023-02-22 08:43:57 -08:00
ee4b88ed37
Merge pull request #37733 from sftim/20221105_update_docs_podsecuritypolicy_removal
...
Update documentation for PodSecurityPolicy removal
2023-02-14 12:55:51 -08:00
68b19b6f00
Specify that subresources excluded from mutating webhook example
2023-02-06 22:33:00 +00:00
c809bcc796
Merge pull request #39180 from Zhuzhenghao/certificate-signing-requests
...
Make layout prettier in certificate-signing-requests.md
2023-01-30 22:14:48 -08:00
80561f67b1
Make layout prettier in certificate-signing-requests.md
2023-01-31 13:45:44 +08:00
4164430555
Add spaces in code snippets for consistency
2023-01-30 18:15:06 +08:00
6c701a7d96
Update doc of admission plugin SecurityContextDeny
...
Note the shortcomings of the implementation of this admission plugin
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-01-29 17:27:12 +01:00
9a727efab8
Remove redirect entries for docs/admin/... pages
2023-01-29 19:56:56 +08:00
bb85d62752
Update docs for PodSecurityPolicy removal
2023-01-24 22:24:09 +00:00
4ec6fbac55
Fix errors on `ValidatingAdmissionPolicyBindings` for the CEL for Admission Control blog & doc ( #38893 )
...
* Fix errors on ValidatingAdmissionPolicyBindings for the CEL for Admission Control blog
* Fix namespaceSelector error
* Fix namespaceSelector errors
2023-01-12 08:38:54 -08:00
e97c98b27f
Merge pull request #38428 from AverageMarcus/patch-1
...
Fix typo in SA admission controller steps
2023-01-03 17:19:58 -08:00
37955a816b
Reformat the validating-admission-policy reference page
...
This commit wraps the long lines found in the
validating-admission-policy reference page.
2022-12-31 07:44:49 +08:00
3362aa9701
Add admission.k8s.io/v1 API and fix references to it
...
The `admission.k8s.io/v1` API group is not generated into the v2/v3 OpenAPI
specification as part of Kubernetes API because it is not officially "served".
However, the structs in the API group are used in other APIs that are user-facing.
This PR addes the reference API and fixes references to it.
2022-12-31 07:44:41 +08:00
912c306be4
Fixing Spec -> spec and paramsRef -> paramRef
...
Fixing Spec -> spec and paramsRef -> paramRef
2022-12-23 18:25:22 +05:30
b590431f4e
Updated the wrong format
2022-12-20 01:24:49 +05:30
f1405f274a
Merge pull request #38497 from samos123/fix-38495-validation-admission-policy
...
Fix 38495 incorrect ValidationAdmissionPolicyBindings
2022-12-16 20:51:41 -08:00
f9e113fb86
Merge pull request #38353 from SergeyKanzhelev/RotateKubeletClientCertificateIsGA
...
fix documentation for RotateKubeletClientCertificate
2022-12-16 07:18:17 -08:00
088649ec4f
Fix incorrect ValidationAdmissionPolicyBindings
2022-12-15 10:00:55 -08:00
2b5dab08f1
Fix typo in SA admission controller steps
2022-12-12 15:11:43 +00:00
ab4812140f
fix documentation for RotateKubeletClientCertificate
2022-12-09 18:24:04 +00:00
8f9446f87d
Merge branch 'main' into dev-1.26
2022-12-03 21:36:34 +00:00
50246c291b
Merge pull request #37770 from cici37/celDoc
...
Documentation for CEL in Admission Control
2022-12-01 16:33:53 -08:00
98d41f24ef
Address comments
2022-11-30 16:47:27 +00:00
4dc90ef731
Add doc for ValidatingAdmissionPolicy
2022-11-30 06:35:18 +00:00
cec61c1754
Merge pull request #38052 from krol3/merged-main-dev-1.26
...
Merge main branch into dev-1.26
2022-11-29 11:59:09 -08:00
9b4b8831ca
Merge pull request #38010 from Shubham82/Add_shell
...
Append triple backticks with shell for code snippet
2022-11-28 19:37:22 -08:00
f306471950
Merge pull request #35385 from nabokihms/patch-2
...
Add doc about how to get self subject attributes
2022-11-28 00:58:07 -08:00
cb9dc5a4ac
Update content/en/docs/reference/access-authn-authz/authentication.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2022-11-27 22:31:16 +01:00
35c3321b02
feat: Add caution note about rules field override in aggregated clusterroles
2022-11-25 16:24:13 +02:00
e100cf80c4
Added shell for code snippet.
2022-11-25 16:56:50 +05:30
707d3699ad
Append triple backticks with shell for code snippet
2022-11-22 13:37:49 +05:30
63008ca41a
Fix indentation and typos in kubelet-tls-bootstrapping.md
2022-11-21 07:40:54 +08:00
ed983897ff
Fix typos in /service-accounts-admin.md
2022-11-11 20:38:13 +08:00
5d61921a11
Apply suggestions from code review
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2022-11-10 12:53:21 +01:00
0a5e274a42
Add doc about how to get self subject attributes
...
Documentation for https://github.com/kubernetes/enhancements/issues/3325
2022-11-10 12:52:53 +01:00
f3248058fd
Merge pull request #33654 from sftim/20190601_task_configure_service_account_reword
...
Reword tasks relating to ServiceAccounts
2022-11-09 13:50:56 -08:00
6a3598661d
Merge pull request #37734 from sftim/20221105_tweak_admission_controllers_reference
...
Tweak reference for admission controllers
2022-11-06 02:02:15 -08:00
f348002c26
Tweak reference for admission controllers
...
- Improve page title
- Update page to match style guide
- Wording and correctness tweaks
2022-11-06 08:14:58 +00:00
98f310ab58
Updates page weights in reference docs section
...
Some of these pages are autogenerated, but not all. This PR updates the pages that are not autogenerated within the docs/en/reference section
2022-11-04 11:37:59 -04:00
f24c201017
Update content/en/docs/reference/access-authn-authz
2022-10-24 13:47:22 -04:00
a4629cd19b
Update ServiceAccount tasks in light of TokenRequest
...
Now that TokenRequest is the default way to get a service account token
for a Pod, update the task pages that relate to this.
2022-10-22 02:56:43 +01:00
f9db6ae934
Reword “Managing Service Accounts” task
2022-10-22 02:56:42 +01:00
bed6565a22
Merge pull request #37363 from T-Lakshmi/add-link-RFC7468
...
Added Hyperlink to RFC7468
2022-10-20 08:15:02 -07:00
4e6140bf04
Added Hyperlink to RFC7468
2022-10-18 17:06:55 +05:30
1eef742465
Favor EndpointSlice over Endpoints
...
Document EndpointSlice as the preferred and most appropriate mechanism
to record the backing endpoints of a Service.
Co-authored-by: Rob Scott <rob.scott87@gmail.com>
Co-authored-by: Shannon Kularathna <ax3shannonkularathna@gmail.com>
2022-10-11 12:38:39 +01:00
d772e76af9
Merge pull request #36709 from gaeljw/patch-1
...
docs: update OIDC documentation to mention the signing algorithms configuration
2022-09-30 06:58:29 -07:00
523b0f89b4
Fix the feature state of PodSecurity
2022-09-19 09:00:29 +08:00
ce1dbcbdfa
Merge pull request #36538 from gengwg/main
...
kube-proxy is part of the Kubernetes node components
2022-09-14 09:41:00 -07:00
d057687f6f
Merge pull request #36660 from liggitt/scrape-secrets
...
Update service account token documentation
2022-09-10 16:31:23 -07:00
699ed970ae
docs: update OIDC documentation to mention the signing algorithms configuration
2022-09-09 17:34:17 +02:00
79f26d5922
Update service account token documentation
...
* Make example service account output match 1.24+ output with auto-generated tokens omitted
* Prefer `kubectl create token` as token creation mechanism
2022-09-07 16:00:27 -04:00
e8b9538785
Merge pull request #36043 from tomkivlin/tomkivlin/issue28580
...
Mention wildcard for RBAC resources and names
2022-09-07 09:24:37 -07:00
3de5a3768b
kube-proxy is part of the Kubernetes node components
...
kube-proxy is part of the Kubernetes node components not control plane. I think it's a typo.
ref: https://kubernetes.io/docs/concepts/overview/components/#node-components
2022-09-02 11:53:57 -07:00
9acf28fce9
fix note typo
2022-08-31 17:58:31 +08:00
468442d294
Wrap long lines where appropriate
2022-08-25 16:10:39 +08:00
93abc44b8b
Fix service accounts admin page
...
This PR removes some outdated texts that are confusing today.
2022-08-25 16:04:29 +08:00
9401ab7fb3
Merge pull request #36160 from windsonsea/gracheck
...
Fix typos on /access-authn-authz
2022-08-24 11:55:49 -07:00
61a5b7b69d
Fix typos on /access-authn-authz
2022-08-22 20:10:58 +08:00
9ec115bbdb
Mention wildcard for RBAC resources and names
...
Signed-off-by: Tom Kivlin <tom.kivlin@vodafone.com>
added link to best practice doc
update from sftim comments
update from liggitt comments
Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
update from liggitt comment
2022-08-19 08:06:42 +00:00
6810fa976d
Merge remote-tracking branch 'upstream/main' into dev-1.25
2022-08-18 15:58:41 -03:00
0bd89d2c24
Merge pull request #36018 from tengqm/improve-admission-controllers
...
Update admission controllers page
2022-08-17 16:14:47 -07:00
96dd915152
Update admission controllers page
...
This PR updates the admission controllers page by:
- removing two plugins which have been removed since 1.18
- removing text about ancient history
- removing shortcode about plugins that graduated into GA a long time ago;
2022-08-16 22:33:37 +08:00
b167938367
Scrub PSP docs for 1.25
2022-08-15 21:09:41 -04:00
a472b72c33
remove insecure port option
2022-08-13 09:52:02 +05:30
4747731407
Fix --service-account-key-file description
...
--service-account-key-file flag to the kube-api-server is used to verify ServiceAccount tokens (and not to sign them).
--service-account-signing-key-file is the kube-api-server flag that's used to sign ServiceAccount tokens (short-lived ones).
--service-account-private-key-file is the kube-controller-manager flag that's used to sign ServiceAccount tokens (long-lived ones).
2022-08-02 00:37:09 -07:00
e2cda2eec3
Merge pull request #34716 from dmarinere/patch-1
...
added access to the statements explaining cluster role
2022-07-16 07:56:53 -07:00
7b4293b4fa
Batch fix links (5)
2022-07-11 13:54:18 +08:00
38ccc3383d
Merge pull request #34740 from tengqm/improve-admission-controllers
...
Tweak extensible admission controllers page
2022-07-10 18:11:47 -07:00
2f0d4a5d88
Clarify that list, get and watch can return data
...
The `get`, `list` and `watch` verbs can all be used to retrieve the full details of a resource. It is not an uncommon assumption amongst users that they return different data (e.g. that `list` only returns the names of resources; when it can return the full object).
This adds a caution block to highlight this potential gotcha.
2022-07-08 11:13:23 +01:00
a6ec7d8017
Tweak extensible admission controllers page
...
This PR removes outdated information about `admissionregistration.v1beta1` API groups
which are no longer supported in 1.24. Additional notes are added to
avoid confusion when parsing the examples.
2022-07-01 00:33:57 +08:00
c14bcdde98
added access to the statements
...
I added access to the statement explaining cluster role permissions in this document to make it clearer.
2022-06-30 03:50:31 +01:00
af65de3877
Callout that impersonation needs (ClusterRole)Binding ( #34082 )
...
* Callout that impersonation needs (ClusterRole)Binding
I learned through trial and error that impersonation does not work with Role and RoleBinding - this was not obvious. It would be good if the docs call this out.
* Update content/en/docs/reference/access-authn-authz/authentication.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/reference/access-authn-authz/authentication.md
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* Update content/en/docs/reference/access-authn-authz/authentication.md
Co-authored-by: ZSC <zacharysarah@users.noreply.github.com>
* Update content/en/docs/reference/access-authn-authz/authentication.md
Co-authored-by: ZSC <zacharysarah@users.noreply.github.com>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: ZSC <zacharysarah@users.noreply.github.com>
2022-06-14 13:09:33 -07:00
34155fed0b
Fix links for k/design-proposals-archive
...
The contributors/design-proposals in k/community was removed. It's only
available in k/design-proposals-archive repo now.
This commit also changes https://github.com/kubernetes/repo/blob/master/file.md
to https://git.k8s.io/repo/file.md for better consistency.
2022-06-10 22:49:04 +08:00
ef08c345e0
Fix an incorrect link in psp-to-pod-security-standards.md
...
Signed-off-by: Guangwen Feng <fenggw-fnst@fujitsu.com>
2022-06-08 11:40:04 +08:00
090803440d
Merge pull request #33130 from tengqm/move-kubelet-authn-authz
...
Move kubelet authn authz
2022-06-07 19:11:49 -07:00
11d56aacf6
Merge pull request #34076 from kadtendulkar/kad4
...
Update content/en/docs/reference/access-authn-authz/bootstrap-tokens.md
2022-05-31 17:33:02 -07:00
0be2557ecd
Fix CertificateSubjectRestriction in Admission Controllers docs
2022-05-31 19:35:12 +00:00
6c82e81ede
Update content/en/docs/reference/access-authn-authz/bootstrap-tokens.md
2022-05-31 22:02:36 +05:30
1cf774a05e
[zh]Update content/zh/docs/reference/access-authn-authz/admission-controllers.md
2022-05-24 02:26:02 +08:00
c992c4c04f
Add imagepolicy.v1alpha1 API
2022-05-18 14:20:20 +08:00
90a395745d
Cleanup admission-controllers page
...
This PR fixes several things in the admission-controllers page:
- The `PodSecurity` plugin is enabled by default, but it was not listed so;
- The `apiserver.config.k8s.io/v1alpha1` has been deprecated since v1.17, we are still documenting it side by side with the `apiserver.config.k8s.io/v1` API group;
- The `eventratelimit.admission.k8s.io/v1alpha1` API could use a better reference rather than the design doc; **The imagepolicy.v1alpha1 API is not documented anywhere, I'll add it later on.**
- There are statements about future, which should be removed;
- We are supposed refer to the `LimitRage` API reference rather than pointing users to the design docs;
- We are supposed refer to the `ResourceQuota` API reference rather than pointing users to the design docs;
- There are long lines in the page source which could have been wrapped properly.
2022-05-17 15:37:58 +08:00
5ead53b3e8
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-05-02 10:29:49 -07:00
b831e96c6a
[en] modify debug-cluster/audit
...
Signed-off-by: xin.li <xin.li@daocloud.io>
2022-04-29 20:40:59 +08:00
712f45dee4
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-04-26 13:11:13 -07:00
a3ea9f4caf
Update references to the kubelet security files
...
This commit updates all the existing references to the files move in the previous commit.
2022-04-23 14:32:19 +08:00
89b0b1bf8f
Move kubelet authentication/authorization out of CLI reference dir
...
The `kubelet-authentication-authorization` and the `kubelet-tls-bootstrapping`
pages do not belong to `reference/command-line-tools-reference` topic.
This PR moves them into `reference/access-authn-authz` subdirectory
which is a better fit.
The `static/_redirects` file is updated to point to the new location.
2022-04-23 14:30:14 +08:00
a3638c4fde
Update rbac.md
...
Fix description of magic service account group.
2022-04-21 14:07:32 -07:00
c62c9e9c61
Merge pull request #32909 from Sea-n/deprecate-ext
...
Remove deprecated `extensions` API group in document
2022-04-20 08:57:43 -07:00
0135d3642b
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-04-19 15:45:28 -07:00
613bb080ff
Remove deprecated `extensions` API group in document
2022-04-16 21:56:25 +08:00
01c3c53b7d
[en] Fix Markdown format
2022-04-14 01:33:53 +08:00
0bc8468bfa
The PodOverhead feature is GA
2022-04-13 11:49:50 +08:00
e65201a5b3
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-04-11 09:31:28 -07:00
eefc776e29
Fix typos in Markdown links. ( #32802 )
...
* Fix typos in Markdown links.
* Test
Co-authored-by: Mads Jensen <atombrella@users.noreply.github.com>
2022-04-08 00:16:41 -07:00
f85be125b9
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-03-31 15:18:13 -07:00
672813f3e7
Move PSP into Security concepts section
...
The logical navigation definitely works better if Pod Security admission
and PodSecurityPolicy are pages in the same section. Make It So.
Co-authored-by: Rey Lejano <rlejano@gmail.com>
2022-03-30 17:30:35 +01:00
5650e76c45
Fix typo
2022-03-29 19:27:32 +02:00
93bdfe8142
Move all volume expansion feature gates to GA
2022-03-29 10:38:58 +08:00
a364ecae1f
Remove references to client.authentication.k8s.io/v1alpha1 exec credential API
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-03-21 09:27:55 -07:00
991f671a02
Merge pull request #30721 from mlbiam/master
...
making wording clearer on extra in impersonation
2022-03-13 21:02:19 -07:00
b8264dcfc7
Link to PSP migration guide from PSP to PSS reference
2022-02-25 10:27:52 -08:00
198ae37902
Rewrite PodSecurityPolicy migration guide ( #31782 )
2022-02-24 18:07:56 -08:00
c910edd70e
Correct the name: CertificateSigningRequests
...
- This page referenced the "CertificationSigningRequests API," but this should be "CertificateSigningRequests API" or "Certificates API."
- Added a link to the documentation for CertificateSigningRequests.
2022-02-23 17:27:32 -08:00
a45bf8459d
Added Hyperlink to RFC3339. ( #31836 )
...
* Added Hyperlink to RFC3339.
* Wrapping a line!
2022-02-22 22:54:18 -08:00
bce7fb57e2
Improve configuration API for 1.23
...
The previous commit for configuration APIs has some nits to fix:
- The client-authentication API has both v1beta1 and v1 supported.
We need to include both.
- The kube-scheduler v1alpha1 is superceded by v1alpha3 which is new.
- The links to some external type definitions should point to the 1.23
API rather than old versions.
2021-12-20 09:45:38 +08:00
d4388492c5
Merge branch 'kubernetes:main' into master
2021-12-09 15:12:00 -05:00
584421fe11
Merge remote-tracking branch 'upstream/main' into dev-1.23
2021-12-06 08:55:54 -05:00
a3c6627798
Merge pull request #30125 from chirangaalwis/patch-4
...
Combine Service Account to Map with Resource Type
2021-12-05 20:08:32 -08:00
c9fb665413
Merge pull request #30741 from ptux/patch-10
...
[en] Update admission-controllers.md
2021-12-05 20:04:32 -08:00
63db6dbf66
Merge pull request #29717 from jonassteinberg1/patch-1
...
add 'the' to 'without restarting [the] API server' from Static Token …
2021-12-05 17:56:32 -08:00
8a8f9c40f9
Update admission-controllers.md
2021-12-06 09:16:27 +09:00
8dfd425486
making working clearer
...
*should* implies that an `extra` can be mixed case. but really it can't because a mixed case `extra` will mismatch on an RBAC `ClusterRole` once the header is canonicalized.
2021-12-02 22:01:07 -05:00
37532e231a
Add docs for RecoverVolumeExpansionFailure feature
2021-11-29 16:37:57 -05:00
d330226a95
Merge remote-tracking branch 'upstream/main' into dev-1.23
2021-11-17 12:55:09 -05:00
36be0ebac9
Merge pull request #30288 from drigz/patch-2
...
Remove "basic" from supported API auth methods
2021-11-16 18:51:53 -08:00
d2f227d73e
Merge pull request #29727 from jonassteinberg1/patch-2
...
"First this user must have [a] certificate issued..."
2021-11-12 21:06:46 -08:00
4b7784728a
PodSecurity beta updates
2021-11-10 10:30:51 -05:00
f3921c9028
Remove "basic" from supported API auth methods
...
This was removed in v1.19.
2021-10-28 11:57:07 +02:00
850e16fe38
Merge pull request #30193 from PranshuSrivastava/broken_link
...
fixed the broken link
2021-10-27 16:21:02 -07:00
094d9c034b
remove period and change script to command
...
Incorrect punctuative period and change the word script to command for uniformity.
2021-10-27 08:41:51 -05:00
e779d2d3fc
Update link to new project documentation site
2021-10-26 15:35:17 -04:00
8fbccfcd8f
Improvement: Correct the "empty" link in Dynamic Admission Control.
2021-10-26 13:51:38 +05:30
2642b12efc
made requested changes
2021-10-23 04:21:22 +05:30
1ee91f08c9
fixed the broken link
2021-10-22 21:29:07 +05:30
029ec4cd67
Combine Service Account to map with resource kind
2021-10-18 10:53:00 +05:30
dc326f0389
Add example for querying SA permissions
...
Add example for querying SA permissions
Add missing example for querying the API authorization layer for checking the permissions of a Service Account
Add missing SA identifying prefix
Improve suggested text to align with current content
Co-authored-by: Sam Roth <2413031+sejr@users.noreply.github.com>
Improve suggested text to align with current content
Co-authored-by: Sam Roth <2413031+sejr@users.noreply.github.com>
2021-10-11 18:14:39 +05:30
1262222578
Change master to v1.22.0
2021-10-04 15:52:46 +05:30
d4a08df1b9
Improvement: Correct the "code" link in Dynamic Admission Control.
2021-10-04 12:40:03 +05:30
780dae2785
Clarified scenarios that could lead to privilege escalation ( #29378 )
...
* Clarified scenarios that could lead to privilege escalation
Made it clearer that it's not just creating pods which enables the privilege escalation. It's all workloads, all reconfiguration of workloads, and conceptually the creation and reconfiguration of custom resources which create workloads.
* Allowing link to priv escalation heading if required
* Update content/en/docs/reference/access-authn-authz/authorization.md
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* Adding further clarifications
* Retitled escalation section
* Apply suggestions from vjftw
Co-authored-by: VJ Patel <VJftw@users.noreply.github.com>
* Clarified CRDs and reduced duplication
* Updating caution based on Geoffrey's comments
* Updating controller comment and linking out to reference docs
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: VJ Patel <VJftw@users.noreply.github.com>
2021-09-24 16:02:21 -07:00
0ad09c36d6
fix expiration of bound SA tokens
...
Signed-off-by: Sergiusz Urbaniak <sergiusz.urbaniak@gmail.com>
2021-09-21 08:21:46 +02:00
c2742b279e
"First this user must have [a] certificate issued..."
...
Added 'a' to the sentence "First this user must have certificate issued..." from the subsection "Normal Users"
2021-09-16 08:20:34 -05:00
f9d5ab0627
add 'the' to 'without restarting [the] API server' from Static Token File section
...
smol.
2021-09-15 09:29:37 -05:00
19807f866c
Update content/en/docs/reference/access-authn-authz/rbac.md
...
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
2021-08-23 21:45:10 +08:00
162da6561b
Update rbac.md: Describe in detail how to specify resourceNames when using list/watch verbs
2021-08-19 23:39:48 +08:00
87235b508d
Merge pull request #29311 from mengjiao-liu/update-githubbranch-param
...
Hard-code the name of the target repo's default branch instead of using the githubbranch parameter value
2021-08-16 06:03:18 -07:00
f945335af6
Hard-code the name of the target repo's default branch instead of using the githubbranch parameter value
2021-08-10 18:03:21 +08:00
a80328f582
Merge pull request #29295 from mfilocha/fix/rbac-links
...
Fix links in RBAC default bindings table
2021-08-09 20:37:17 -07:00
bdb4cc4603
Fix the broken link for "webhook.go"
2021-08-09 16:17:06 +05:30
647e9d6ca8
Fix links in RBAC default bindings table
...
An extra line needs to be added to allow
the link to be rendered properly.
Also reformatting link line to be better readable.
2021-08-09 12:09:29 +02:00
acc7252970
Merge pull request #29025 from robscott/endpoints-rbac
...
Adding documentation about Endpoints write access in wake of CVE-2021-25740
2021-07-26 23:20:45 -07:00
5a813f1267
Merge pull request #28430 from margocrawf/master
...
Add Impersonate-Uid description to Authentication docs page.
2021-07-26 12:02:33 -07:00
d710925768
Adding documentation about Endpoints write access in wake of CVE-2021-25740
2021-07-26 11:32:06 -07:00
9234f9454b
Merge pull request #28070 from enj/enj/f/duration_hint
...
Update CSR docs with expirationSeconds field details
2021-07-22 18:29:16 -07:00
f92e3ec2ba
Merge pull request #28903 from sejr/feat/podsecurity
...
Add Pod Security Standards documentation
2021-07-22 01:57:52 -07:00
f2b27507bd
Update CSR docs with expirationSeconds field details
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-21 16:59:02 -04:00
9329467e6e
Complete details regarding CSR garbage collection
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-21 16:04:24 -04:00
e0d4b53b1c
incorporating initial round of feedback
2021-07-21 15:33:46 +00:00
83f6cb6ed4
Merge pull request #28429 from ankeesler/exec-credential-v1
...
exec credential provider: v1 documentation
2021-07-21 06:54:07 -07:00
a30e63dcd6
exec credential provider: v1 documentation
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-07-13 10:47:14 -04:00
d77368133a
Add Impersonate-Uid description to Authentication docs page.
...
This change goes with https://github.com/kubernetes/kubernetes/pull/99961
in the Kubernetes repo.
2021-07-12 13:17:42 -07:00
548ba073da
Merge main into dev-1.22 to keep in sync
2021-07-09 18:19:13 +00:00
dd443f0238
Fix pending CSR deleted time is 24 hours
...
From the code, the `pendingExpiration = 24 * time.Hour`, so the pending CSR deleted time is 24 hours.
2021-07-09 16:49:54 +08:00
0c5a2e06da
Fixed up typo in extensible-admission-controllers.md
2021-07-05 11:41:11 +12:00
369169dbb3
Merge pull request #28570 from zshihang/main
...
update doc for BoundServiceAccountTokenVolume ga
2021-06-24 01:17:41 -07:00
3a9b198beb
update doc for BoundServiceAccountTokenVolume ga
2021-06-23 09:47:49 -07:00
5cfba9ebb2
Merge pull request #27114 from mengjiao-liu/update-signerName-desc
...
update certificate-signing-requests Signer description
2021-06-22 14:40:11 -07:00
f0f957ff21
update state for PodSecurityPolicy
2021-06-20 16:17:40 +08:00
5cf02fde98
Add Spaces.
2021-06-08 11:08:11 +05:30
baf379436b
Improvement: Managing Service Accounts
2021-06-07 17:33:58 +05:30
a6ab6dca21
docs(admission-controllers): update release status of TaintNodesByCondition
...
Signed-off-by: Jai Govindani <jai@honestbank.com>
2021-04-30 13:21:19 +07:00
1f28ec0961
Fix syntax errors ( #27735 )
...
* Fix syntax errors
- fix wrong placed line breaks
- fix command mode start and end
* remove word 'simple'
2021-04-28 17:06:50 -07:00
27b2611cbc
Update webhook server example code link
...
Fix 404 error and point to the latest released code.
2021-04-23 12:19:23 -04:00
87dd022604
Apply suggestions from code review
...
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
2021-04-21 08:14:28 -07:00
8a3d7acf03
update doc for BoundServiceAccountTokenVolume
2021-04-20 11:47:58 -07:00
d1e6a6fd24
Merge pull request #26605 from tengqm/admission-config-ref
...
Add WebhookAdmission reference
2021-04-14 01:30:42 -07:00
108149fa2f
Add WebhookAdmission reference
...
This is a reference for WebhookAdmission config generated from kubernetes-sigs/reference-docs/genref tool.
More specifically, it is generated using the following command:
```shell
./genref -include apiserver-webhookadmission
```
2021-04-07 09:13:47 +08:00
965aa51daf
Merge master into dev-1.21 to keep in sync, plus latest API reference
...
This sync merge includes API reference updates.
2021-04-06 21:38:24 +01:00
b28250b68f
Add reference for client-authentication v1beta1
...
This is a reference for client authentication API generated from kubernetes-sigs/reference-docs/genref tool.
More specifically, it is generated using the following command:
```shell
./genref -include client-authentication
```
2021-04-02 09:48:59 +08:00
ca046d9b1f
Merge master into dev-1.21 to keep in sync
2021-03-26 21:29:52 +01:00
55205a5c1f
Merge pull request #27225 from reylejano/update-denyexeconprivileged-removal
...
Update DenyExecOnPrivileged and DenyEscalatingExec deprecation notice
2021-03-26 06:40:43 -07:00
ec4840824d
Merge pull request #26472 from kbhawkey/cleanup-usage-just
...
clean up use of word: just
2021-03-26 04:34:43 -07:00
Kubernetes Prow Robot
Tim Bannister
Ismail Alidzhikov
Qiming Teng
Taahir Ahmed
Mickey Boxell
朱正浩,Zhu Zhenghao
Aitor
zmquan
Jiahui Feng
Joe Betz
Tim Allclair
samitks
liulijin
Cici Huang
Eric Fortin
m.nabokikh
Guangwen Feng
Richard Tweed
windsonsea
mtardy
Mathieu Benoit
Saloni1814
Yash Pimple
Sam Stoelinga
Marcus Noble
Sergey Kanzhelev
Maksim Nabokikh
Sergey Shevchenko
Shubham Kuchhal
Michael
Abigail McCarthy
lakshmi prasuna
houjun
Gaël Jourdan-Weil
Jordan Liggitt
W Geng
whitebear009
Tom Kivlin
carolina valencia
Meha Bhalodiya
Rohit Agarwal
Sam Cook
Osuolale Emmanuel
Raki
Sean Wei
Rishit Dagli
kadtendulkar
wei.wang
Nate W
xin.li
CJ Cullen
Mads Jensen
Cezary Czekalski
Margo Crawford
Jay Beale
Marc Boorshtein
Jesse Butler
Wang
Hemant Kumar
Rodrigo Queiro
Jonas Steinberg
Pranshu Srivastava
chirangaalwis
Sergiusz Urbaniak
Abirdcfly
Mengjiao Liu
Maciej Filocha
Rob Scott
Monis Khan
Samuel Roth
Andrew Keesler
Christopher Negus
AStraw
Edward Huang
Shihang Zhang
chenxuc
Jai Govindani
Smuu
Michael Gugino
Victor Palade