9f5a35978f
RBAC guide is presented as a checklist item
2022-09-01 11:44:55 +02:00
eb962b4c12
Rewrite the part on the Pod Security standards and admission
2022-09-01 11:43:28 +02:00
a4305381fb
Reword the service mesh suggestion
2022-08-31 18:29:59 +02:00
d4fcf2fc7c
Reword the secret injection suggestion
2022-08-31 18:29:43 +02:00
f14a7544e5
Rewrite the admission plugins list
2022-08-31 18:26:49 +02:00
239dc4c2fe
Fix a typo on the word securely
2022-08-31 17:54:20 +02:00
c006a43f97
Replace a wrong unicode space character
2022-08-31 17:51:51 +02:00
63ae0a9521
Split checklist item and explanation
2022-08-31 17:38:42 +02:00
d40e9cfa89
Remove an empty line
2022-08-31 17:37:01 +02:00
2f8388e830
Add precision about pod security with pod security standards
...
Co-authored-by: Rey Lejano <rlejano@gmail.com>
2022-08-31 17:35:03 +02:00
0e81bfd8ef
Detail and add info on the CPU and memory limit item
2022-08-31 17:32:00 +02:00
7139aba954
Add some guidelines on how to read the doc
2022-08-31 17:17:56 +02:00
949e499db3
Rewrite the checklist item on minimal container images
2022-08-31 16:55:31 +02:00
5167ab5c88
Use correct name for PodSecurityPolicy admission controller
2022-08-31 16:55:05 +02:00
777d396905
Remove warning on PodSecurityPolicy removal in 1.25
2022-08-31 16:54:30 +02:00
19894182dc
Explain namespace subdividing better
2022-08-29 15:14:28 -07:00
6162bcde28
Update RBAC best practices for workload creation
2022-08-26 16:46:27 -07:00
49bc9b34eb
New docs page for API Server Bypass Risks
...
New Docs page for API Server Bypass Risks
This is a new documentation page for the Security Concepts section, looking at the risks of attackers bypassing the Kubernetes API server.
We've been working on this in Kubernetes SIG-Security docs (issue [here](https://github.com/kubernetes/sig-security/issues/42 ))
Co-Authored-By: Shannon Kularathna <ax3shannonkularathna@gmail.com>
Co-Authored-By: Qiming Teng <tengqm@outlook.com>
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
Co-Authored-By: Jordan Liggitt <jordan@liggitt.net>
2022-08-25 17:25:58 +01:00
56e78c2011
Merge pull request #34920 from mk46/en_crlftolf
...
Convert CRLF to LF
2022-08-24 14:15:50 -07:00
28b1854383
Merge pull request #36198 from davidmlentz/patch-2
...
Fix typo
2022-08-23 21:57:48 -07:00
603f810903
Fix typo
...
There are redundant instances of "future" in this sentence.
2022-08-23 14:43:41 -06:00
c4a36a8067
Merge pull request #36165 from cathchu/merged-main-dev-1.25
...
Merged main branch into dev-1.25
2022-08-22 15:12:09 -07:00
e5ea8833be
Merge remote-tracking branch 'upstream/main' into dev-1.25
2022-08-22 08:35:18 -04:00
a3064b1a36
[en] typo fix "privilge -> privilege"
2022-08-19 16:37:47 +03:00
a1f6615206
Update pod security standards to use PodOS field
2022-08-18 15:47:41 -04:00
b167938367
Scrub PSP docs for 1.25
2022-08-15 21:09:41 -04:00
1476ac9203
Merge pull request #35618 from tallclair/psa-stable-1.25
...
Update Pod Security Admission docs for graduation to stable
2022-08-14 12:34:13 -07:00
b3a7965e3e
Add the security checklist guide
...
From the collaborative document with Savitha, Skybound and p4ck3t0,
after many edits thanks to the collaborators on the PR.
Co-authored-by: rschosser <88308339+rschosser@users.noreply.github.com>
Co-authored-by: Cailyn <cailyn.s.e@gmail.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Rey Lejano <rlejano@gmail.com>
Co-authored-by: Benjamin Koltermann <48812495+p4ck3t0@users.noreply.github.com>
Co-authored-by: Skybound1 <github@skybound.link>
Co-authored-by: divya-mohan0209 <divya.mohan0209@gmail.com>
2022-08-12 11:22:14 +02:00
29d9fa5a5f
Remove prerequisites
2022-08-05 14:39:39 -07:00
a96eb1118f
Convert CRLF to LF
2022-08-04 11:05:16 +05:30
ce898c50be
Update Pod Security Admission docs for graduation to stable
2022-08-01 16:57:21 -07:00
4e5cc42fc9
fix typo -> remove extra word "in"
2022-08-01 22:59:46 +03:00
30eb2cc0cf
Update content/en/docs/concepts/security/rbac-good-practices.md
...
Co-authored-by: divya-mohan0209 <divya.mohan0209@gmail.com>
2022-07-27 14:12:15 +02:00
7deb7e78cd
Merge branch 'main' into patch-1
2022-07-27 14:00:51 +02:00
54d2e71509
Merge pull request #34675 from mtardy/psp-annotation
...
Document the deprecated kubernetes.io/psp annotation
2022-07-25 02:26:35 -07:00
e39409e0ee
Merge pull request #34098 from Nirusu/patch-1
...
Remove section about the localhost port
2022-07-11 01:23:49 -07:00
94c832e49f
Merge pull request #34380 from tengqm/fix-links-3
...
Batch fix links (3)
2022-07-10 18:27:48 -07:00
959cb92224
Integrate flags into "Transport security" section
2022-07-09 04:55:43 -07:00
d705d9ed1c
Batch fix links (3)
2022-07-09 09:14:06 +08:00
ade7ed2e36
Fix minor typo
2022-07-06 19:57:58 +05:30
34721abcac
Use relative links for k8s.io
2022-06-30 12:08:14 +08:00
1d55061a5a
Remove the part about defining a PSP in a file
2022-06-29 09:37:23 +02:00
8a4e62fb76
Separate commands from their outputs
2022-06-29 09:36:11 +02:00
3b8a2a01fa
Clarify the reference to the psp annotation in the concept page
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2022-06-29 09:26:06 +02:00
9ffd24b78d
Use absolute URL in the tuto for the example PSP
2022-06-28 21:20:08 +02:00
453f4e61f6
Reference the kubernetes.io/psp annotation on the PodSecurityPolicy concept page
2022-06-28 21:17:10 +02:00
5c19702944
Merge pull request #33934 from JimBugwadia/multi-tenancy
...
multi-tenancy section for docs
2022-06-23 14:31:20 -07:00
d71951bdf9
squash review updates
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-06-23 13:50:56 -07:00
d2b92602b3
Fix minor missing spaces typos in Pod Security Admission doc
2022-06-23 12:19:46 +02:00
9ae05ea5b3
Improvement: Clarifiy the release which include Pod Security admission by default. ( #34300 )
...
* Improvement: Clarifiy the release which include Pod Security admission by default.
* Modify: wrapped the long lines.
2022-06-22 08:35:43 -07:00
e7caadc564
Replace skew shortcode parameters
2022-06-17 16:17:01 +09:00
c61be7d79c
Update pod-security-standards-hostprocess-state ( #34264 )
...
* Update pod-security-standards-hostprocess-state
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
* using hugo short-code
2022-06-16 11:08:48 -07:00
3eb9334ee2
suggested changes
2022-06-15 14:04:18 +02:00
1b90f44da6
Fixed typos
...
Fixed some typos and improved grammar.
2022-06-10 12:40:02 +02:00
c5d8916092
Remove section about the removed localhost port
2022-06-01 16:27:15 +02:00
f15cfaeb39
Merge pull request #33974 from JimBugwadia/pss
...
move other policy engines
2022-06-01 04:19:02 -07:00
f2dc19a07a
Merge pull request #34061 from howieyuen/windows-security
...
fix broken link in Security For Windows Nodes
2022-05-31 20:35:04 -07:00
58f572e4af
fix broken link in Security For Windows Nodes
2022-06-01 11:01:49 +08:00
89a8ad3951
Fix a typo in rbac-good-practices.md
...
Signed-off-by: Guangwen Feng <fenggw-fnst@fujitsu.com>
2022-05-31 13:37:41 +08:00
fb97ad2140
Update content/en/docs/concepts/security/pod-security-standards.md
...
Co-authored-by: Rey Lejano <rlejano@gmail.com>
2022-05-30 07:49:41 -07:00
fd9e0acacb
Merge pull request #33833 from liggitt/pss-privileged
...
Clarify privileged Pod Security Standard description
2022-05-29 23:02:52 -07:00
2517ad6c77
small modification
2022-05-29 16:06:25 +05:30
d686637140
Removed Authorizing Policies.
2022-05-27 11:02:15 +05:30
495642c688
Update content/en/docs/concepts/security/pod-security-standards.md
...
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2022-05-26 17:43:29 -07:00
7c5f243af7
move other policy engines
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-05-26 16:17:26 -07:00
8ce38a6625
added what's next in RBAC good practice guide
2022-05-26 13:27:44 +05:30
789935a35d
fixed the RBAC good practice guide.
2022-05-26 12:15:20 +05:30
39afd8538d
initial draft
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-05-24 22:27:00 -07:00
79c01ff06d
Update content/en/docs/concepts/security/pod-security-standards.md
...
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2022-05-19 17:03:39 -04:00
03f0d23228
Clarify privileged Pod Security Standard description
2022-05-19 14:51:51 -04:00
93a11b1007
Merge pull request #32812 from raesene/main
...
Add RBAC good practice guide
2022-05-15 14:12:16 -07:00
412571886c
Add RBAC Good Practices Guide
2022-05-15 21:45:11 +02:00
ffb7e4bc67
Small edit of pod security doc
2022-05-04 14:03:42 +00:00
5ead53b3e8
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-05-02 10:29:49 -07:00
b831e96c6a
[en] modify debug-cluster/audit
...
Signed-off-by: xin.li <xin.li@daocloud.io>
2022-04-29 20:40:59 +08:00
a1ef2afd7f
Merge pull request #31953 from sftim/20220227_update_pod_security_admission_concept_v1.24
...
Update Pod Security Admission concept for v1.24
2022-04-27 16:05:35 -07:00
59d3e1e7a2
Update pod security docs for dockershim removal
2022-04-26 13:39:55 +00:00
0135d3642b
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-04-19 15:45:28 -07:00
7e0a2162d7
Fix missing links
2022-04-12 16:46:38 +08:00
f85be125b9
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-03-31 15:18:13 -07:00
b53955eed4
Merge pull request #32628 from waynerv/patch-3
...
Update pod-security-admission.md
2022-03-31 14:43:07 -07:00
70dbc89f33
Merge pull request #32283 from PriyanshuAhlawat/adding_auditing
...
Update controlling-access.md issue-32224
2022-03-30 20:44:59 -07:00
e62d2f7302
Update content/en/docs/concepts/security/controlling-access.md
...
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2022-03-31 08:30:44 +05:30
672813f3e7
Move PSP into Security concepts section
...
The logical navigation definitely works better if Pod Security admission
and PodSecurityPolicy are pages in the same section. Make It So.
Co-authored-by: Rey Lejano <rlejano@gmail.com>
2022-03-30 17:30:35 +01:00
adde98e681
Update pod-security-admission.md
...
No need to use the ssh protocol to access a public repository
2022-03-30 10:13:53 +08:00
2bdb3fe416
Merge pull request #31851 from marosset/move-windows-security-1.24
...
Moving Windows security info to new page
2022-03-24 23:09:50 -07:00
c7952b2c3e
Update controlling-access.md
2022-03-16 19:16:46 +05:30
7e54b18dd4
Update controlling-access.md
2022-03-16 01:31:54 +05:30
a5a94f0f5b
Update Pod Security Admission concept for v1.24
...
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2022-03-08 14:07:16 +00:00
1e95dbe901
fix: modify article ( #31922 )
...
* fix: modify article
* fix: add missing preposition
2022-02-26 18:11:16 -08:00
26cf43b261
Merge pull request #31896 from meysam81/meysam/fix-typo
...
fix: typo
2022-02-25 00:39:51 -08:00
6e8093e260
apply suggestions from code review
...
Co-authored-by: Jihoon Seo <46767780+jihoon-seo@users.noreply.github.com>
2022-02-25 10:49:28 +03:00
198ae37902
Rewrite PodSecurityPolicy migration guide ( #31782 )
2022-02-24 18:07:56 -08:00
9b6876726c
Moving Windows security info to new page
...
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
2022-02-24 15:32:42 -08:00
94fd5b9698
fix: typo
2022-02-24 23:36:03 +03:00
4ca5ff6b3c
PodSecurity: remove optional non-root group check
2022-01-24 10:10:12 -05:00
8917b26250
PodSecurity: switch restricted volume check to positive check
2022-01-24 10:09:00 -05:00
e6a9fd269e
Update webhook anchor
2021-11-29 09:46:22 -05:00
d330226a95
Merge remote-tracking branch 'upstream/main' into dev-1.23
2021-11-17 12:55:09 -05:00
f235dc6cb6
Merge pull request #30225 from liggitt/podsecurity-runasuser
...
PodSecurity: runAsUser docs
2021-11-16 15:59:54 -08:00
mtardy
Tim Allclair
Rory McCune
Kubernetes Prow Robot
David M. Lentz
cathchu
Stanislav Kardashov
ravisantoshgudimetla
Jordan Liggitt
Manish Kumar
Paszymaja
Nils Hanke
Qiming Teng
Abhishek Patra
Sean Wei
Jim Bugwadia
Shubham
Jihoon Seo
Mark Rossetti
SzymonPrzepiora
Nils Hanke
howieyuen
Guangwen Feng
harshitasao
Christopher Negus
Nate W
xin.li
Mengjiao Liu
Priyanshu Ahlawat
Tim Bannister
Waynerv
PriyanshuAhlawat
Meysam
Jesse Butler