49135cefb8
Tweak line wrappings in /services-networking/ingress.md
2023-06-01 21:38:11 +08:00
821ca22ac1
Merge pull request #40915 from mrgiles/37738_securing_cluster_checklist_align
...
Add links between Securing a Cluster and Security Checklist for alignment
2023-05-15 13:45:34 -07:00
eb7c049f04
Merge pull request #40376 from dtzar/patch-1
...
clarify Windows privileged containers feature enablement
2023-05-07 03:51:16 -07:00
057766eed7
updated link
2023-05-02 00:35:47 +05:30
19a3dc0f6f
Add links between securing cluster and security checklist
2023-04-30 23:28:52 -07:00
d8a6fd602c
fixed broken link
2023-04-28 22:39:33 +05:30
8f3790c3a9
clarify Windows privileged containers feature enablement
2023-04-07 10:50:25 -07:00
7b7fa2c8ec
Merge pull request #38874 from sftim/20230110_add_logs_api_to_security_checklist
...
Add /logs API to security checklist
2023-04-03 08:31:51 -07:00
47319756be
fix links in service-accounts.md
2023-03-28 14:48:04 +09:00
458c0e3b26
Improvement: Added the Note for External applications. ( #39691 )
...
* Improvement: Added the word External applications.
* Added the Note for External Applications.
* Modify the note
2023-03-21 20:08:36 -07:00
52bb8f9282
Add /logs API to security checklist
...
It's best to disable this API, which is deprecated at the time of
writing.
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
2023-03-16 17:38:38 +00:00
da84dd8419
Merge pull request #39436 from sftim/20230213_tweak_sa_concept
...
Fix wording, punctuation and Markdown for ServiceAccount concept page
2023-02-14 15:53:41 -08:00
ee4b88ed37
Merge pull request #37733 from sftim/20221105_update_docs_podsecuritypolicy_removal
...
Update documentation for PodSecurityPolicy removal
2023-02-14 12:55:51 -08:00
96d49317a2
Fix wording for ServiceAccount concept
...
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Shannon Kularathna <ax3shannonkularathna@gmail.com>
2023-02-14 09:17:03 +00:00
cb5a8930dc
Fix broken anchor
2023-02-14 09:16:57 +00:00
9eb2767333
Add a missing anchor pound sign
2023-02-13 12:49:20 -05:00
b1f18bfa9b
Merge pull request #38289 from shannonxtreme/service-account
...
Add a new concept page for service accounts
2023-02-13 09:37:29 -08:00
7cb6d1eb35
Add a new concept page for service accounts
...
Also add a glossary definition for JWTs
Co-authored-by: Tim Bannister <tim+github@scalefactory.com>
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: stlaz <https://github.com/stlaz >
2023-02-13 17:29:12 +00:00
42e746a379
Clean up api-server-bypass-risks.md
2023-02-06 09:55:04 +08:00
fe12a4054b
Update PSS - HostPorts should be disallowed
...
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2023-01-30 13:12:45 -08:00
bb85d62752
Update docs for PodSecurityPolicy removal
2023-01-24 22:24:09 +00:00
d0779881e6
Further updates to clarify language
2023-01-19 15:32:18 -05:00
5c9af80d8c
Update content/en/docs/concepts/security/rbac-good-practices.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-01-19 15:16:19 -05:00
cc56241ccd
Update content/en/docs/concepts/security/rbac-good-practices.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-01-19 15:13:47 -05:00
d11408b9d9
Update RBAC Good Practices for PersistentVolumes
...
The docs previously referred to the reader to the now defunct PodSecurityPolicy
page to explain how PersistentVolumes can be a path of privilege escalation,
burrying the lede.
Now that PodSecurityPolicy is gone, update this bit to actually explain that it
it is unfettered access to creating hostPath-typed PersistentVolumes that are
a problem. Some words lifted from the 1.24 PodSecurityPolicy docs.
Signed-off-by: Mike Waychison <mike@waychison.com>
2023-01-19 13:45:50 -05:00
a437285212
Fix nits in markdown links
...
This PR fixes a few "bad links" identified by the `scripts/linkchecker.py` script.
2022-12-22 08:45:10 +08:00
61b13a19d0
[en] fix quotation mark in multi-tenancy page
2022-12-12 09:55:49 +01:00
f8a2d2319a
Add documentation about signed Kubernetes artifacts
...
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2022-11-28 12:05:11 +01:00
aaaa6303f4
Merge pull request #37731 from sftim/20221105_tweak_psp_removal_page
...
Tweak page about PodSecurityPolicy removal
2022-11-08 11:14:19 -08:00
4e006c898d
Tweak page about PSP removal
...
- Remove reviewers (feature was removed)
- Use semi-custom Docsy callout to note the removal
- Stop stating that the API is deprecated; it's now actually removed.
2022-11-05 18:22:27 +00:00
3174fdf2d4
Adjust page weights for /docs/concepts section
...
Changes the page weights of the index files for folders in the /docs/concepts folder. There were some overlapping weights and weights that were close together.
2022-11-04 10:13:53 -04:00
0f9b65b429
Add page weights to concepts -> security pages
2022-10-24 19:02:52 +00:00
05a17c16fc
[en] fix typo secrets-good-practices.md
2022-10-05 01:31:49 +03:00
91ecbb977c
Merge pull request #36805 from harshchauhan1988/patch-2
...
Adding recommendation for network isolation
2022-09-30 06:54:28 -07:00
d8132bcd35
Improve the RBAC policies section
...
- Change the heading to be more goal-oriented and add an anchor
- Separate list items into 'component' and 'human' users
- Add info about get access and third-party authorization mechanisms for finer control
- Add caution for granting list access
2022-09-22 16:07:06 +00:00
6ca919d4bd
Add caution callout for base64 encoding
2022-09-22 16:07:06 +00:00
89b9c18121
Split developer content into headings and remove redundant points
...
Add short description to cluster admin and dev section
2022-09-22 16:07:06 +00:00
8eb3ae60f3
Move developer content below cluster admins
...
Additionally, fixed a couple of markdown links to not line wrap
2022-09-22 16:07:06 +00:00
502eac3635
Clean up etcd wording
2022-09-22 16:07:06 +00:00
4887467aa4
Add sections for cluster admins
...
- Add section for encryption at rest
- Add section for RBAC
- Clean up RBAC bullets
- Move etcd bullets to own section on etcd management
- Add section for third party secret stores
2022-09-22 16:07:06 +00:00
1c625d0659
Update glossary and move existing info to new page
...
- Update glossary term for secrets
- Improve clarity of privileged container warning note
- Create a new page for Secrets good practices and bring existing content as-is to the page
- Add weights to pages
- Add link for good practices for secrets and remove moved content
2022-09-22 16:07:05 +00:00
de922ae019
Merge pull request #36562 from windsonsea/secovy
...
Fix typo and consistency: /security/overview.md
2022-09-18 11:12:29 -07:00
8ab4ebb376
Adding recommendation for network isolation
2022-09-14 15:00:14 +05:30
5ada01a5ce
Merge pull request #36343 from tallclair/workload-creation
...
Update RBAC best practices for workload creation
2022-09-07 09:18:37 -07:00
0df6c75da0
Reformat multi-tenancy page
...
When translating/synchronizing changes to the multi-tenancy page, we
found that the long lines are difficult for change tracking. This PR
changes nothing other than manually wrapping the long lines.
2022-09-06 13:12:14 +08:00
922aed0bf8
Fix typo and consistency: /security/overview.md
2022-09-03 22:43:12 +08:00
7e23b9e97d
Update overview.md
...
Add huawei cloud trust center link
2022-09-03 17:45:26 +08:00
32e47b31bb
Fix a few mini typos in the API bypass security page
2022-09-02 19:41:24 +02:00
09707c0aef
Merge pull request #35908 from raesene/main
...
New Docs page for API Server Bypass Risks
2022-09-02 09:14:06 -07:00
a5e96bfbc5
Merge pull request #33992 from mtardy/security-checklist
...
Add a security checklist for clusters
2022-09-01 13:13:19 -07:00
Michael
Kubernetes Prow Robot
niranjandarshann
Marcelo Giles
David Tesar
Hiroki Takatsuka
Shubham
Tim Bannister
Shannon Kularathna
zhuzhenghao
Rita Zhang
Mike Waychison
Qiming Teng
Oscar Utbult
Sascha Grunert
Abigail McCarthy
Christopher Negus
Arhell
harshchauhan1988
windsonsea
liufangwai
mtardy