kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
28,435 Commits 69 Branches 73 Tags 934 MiB
Commit Graph

359 Commits

Author SHA1 Message Date
Tim Allclair b8264dcfc7 Link to PSP migration guide from PSP to PSS reference 2022-02-25 10:27:52 -08:00
Tim Allclair 198ae37902
Rewrite PodSecurityPolicy migration guide (#31782) 2022-02-24 18:07:56 -08:00
Jay Beale c910edd70e
Correct the name: CertificateSigningRequests 
- This page referenced the "CertificationSigningRequests API," but this should be "CertificateSigningRequests API" or "Certificates API." 
- Added a link to the documentation for CertificateSigningRequests.
 2022-02-23 17:27:32 -08:00
Shubham a45bf8459d
Added Hyperlink to RFC3339. (#31836) 
* Added Hyperlink to RFC3339.

* Wrapping a line!
 2022-02-22 22:54:18 -08:00
Qiming Teng bce7fb57e2 Improve configuration API for 1.23 
The previous commit for configuration APIs has some nits to fix:

- The client-authentication API has both v1beta1 and v1 supported.
  We need to include both.
- The kube-scheduler v1alpha1 is superceded by v1alpha3 which is new.
- The links to some external type definitions should point to the 1.23
  API rather than old versions.
 2021-12-20 09:45:38 +08:00
Jesse Butler 584421fe11 Merge remote-tracking branch 'upstream/main' into dev-1.23 2021-12-06 08:55:54 -05:00
Kubernetes Prow Robot a3c6627798
Merge pull request #30125 from chirangaalwis/patch-4 
Combine Service Account to Map with Resource Type
 2021-12-05 20:08:32 -08:00
Kubernetes Prow Robot c9fb665413
Merge pull request #30741 from ptux/patch-10 
[en] Update admission-controllers.md
 2021-12-05 20:04:32 -08:00
Kubernetes Prow Robot 63db6dbf66
Merge pull request #29717 from jonassteinberg1/patch-1 
add 'the' to 'without restarting [the] API server' from Static Token …
 2021-12-05 17:56:32 -08:00
Wang 8a8f9c40f9 Update admission-controllers.md 2021-12-06 09:16:27 +09:00
Hemant Kumar 37532e231a Add docs for RecoverVolumeExpansionFailure feature 2021-11-29 16:37:57 -05:00
Jesse Butler d330226a95 Merge remote-tracking branch 'upstream/main' into dev-1.23 2021-11-17 12:55:09 -05:00
Kubernetes Prow Robot 36be0ebac9
Merge pull request #30288 from drigz/patch-2 
Remove "basic" from supported API auth methods
 2021-11-16 18:51:53 -08:00
Kubernetes Prow Robot d2f227d73e
Merge pull request #29727 from jonassteinberg1/patch-2 
"First this user must have [a] certificate issued..."
 2021-11-12 21:06:46 -08:00
Jordan Liggitt 4b7784728a PodSecurity beta updates 2021-11-10 10:30:51 -05:00
Rodrigo Queiro f3921c9028
Remove "basic" from supported API auth methods 
This was removed in v1.19.
 2021-10-28 11:57:07 +02:00
Kubernetes Prow Robot 850e16fe38
Merge pull request #30193 from PranshuSrivastava/broken_link 
fixed the broken link
 2021-10-27 16:21:02 -07:00
Jonas Steinberg 094d9c034b
remove period and change script to command 
Incorrect punctuative period and change the word script to command for uniformity.
 2021-10-27 08:41:51 -05:00
Marc Boorshtein e779d2d3fc
Update link to new project documentation site 2021-10-26 15:35:17 -04:00
Shubham Kuchhal 8fbccfcd8f Improvement: Correct the "empty" link in Dynamic Admission Control. 2021-10-26 13:51:38 +05:30
Pranshu Srivastava 2642b12efc made requested changes 2021-10-23 04:21:22 +05:30
Pranshu Srivastava 1ee91f08c9 fixed the broken link 2021-10-22 21:29:07 +05:30
chirangaalwis 029ec4cd67 Combine Service Account to map with resource kind 2021-10-18 10:53:00 +05:30
Chiranga Alwis dc326f0389 Add example for querying SA permissions 
Add example for querying SA permissions

Add missing example for querying the API authorization layer for checking the permissions of a Service Account

Add missing SA identifying prefix

Improve suggested text to align with current content

Co-authored-by: Sam Roth <2413031+sejr@users.noreply.github.com>

Improve suggested text to align with current content

Co-authored-by: Sam Roth <2413031+sejr@users.noreply.github.com>
 2021-10-11 18:14:39 +05:30
Shubham Kuchhal 1262222578 Change master to v1.22.0 2021-10-04 15:52:46 +05:30
Shubham Kuchhal d4a08df1b9 Improvement: Correct the "code" link in Dynamic Admission Control. 2021-10-04 12:40:03 +05:30
Richard Tweed 780dae2785
Clarified scenarios that could lead to privilege escalation (#29378) 
* Clarified scenarios that could lead to privilege escalation

Made it clearer that it's not just creating pods which enables the privilege escalation. It's all workloads, all reconfiguration of workloads, and conceptually the creation and reconfiguration of custom resources which create workloads.

* Allowing link to priv escalation heading if required

* Update content/en/docs/reference/access-authn-authz/authorization.md

Co-authored-by: Tim Bannister <tim@scalefactory.com>

* Adding further clarifications

* Retitled escalation section

* Apply suggestions from vjftw

Co-authored-by: VJ Patel <VJftw@users.noreply.github.com>

* Clarified CRDs and reduced duplication

* Updating caution based on Geoffrey's comments

* Updating controller comment and linking out to reference docs

Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: VJ Patel <VJftw@users.noreply.github.com>
 2021-09-24 16:02:21 -07:00
Sergiusz Urbaniak 0ad09c36d6
fix expiration of bound SA tokens 
Signed-off-by: Sergiusz Urbaniak <sergiusz.urbaniak@gmail.com>
 2021-09-21 08:21:46 +02:00
Jonas Steinberg c2742b279e
"First this user must have [a] certificate issued..." 
Added 'a' to the sentence "First this user must have certificate issued..." from the subsection "Normal Users"
 2021-09-16 08:20:34 -05:00
Jonas Steinberg f9d5ab0627
add 'the' to 'without restarting [the] API server' from Static Token File section 
smol.
 2021-09-15 09:29:37 -05:00
Abirdcfly 19807f866c
Update content/en/docs/reference/access-authn-authz/rbac.md 
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
 2021-08-23 21:45:10 +08:00
Abirdcfly 162da6561b Update rbac.md: Describe in detail how to specify resourceNames when using list/watch verbs 2021-08-19 23:39:48 +08:00
Kubernetes Prow Robot 87235b508d
Merge pull request #29311 from mengjiao-liu/update-githubbranch-param 
Hard-code the name of the target repo's default branch instead of using the githubbranch parameter value
 2021-08-16 06:03:18 -07:00
Mengjiao Liu f945335af6 Hard-code the name of the target repo's default branch instead of using the githubbranch parameter value 2021-08-10 18:03:21 +08:00
Kubernetes Prow Robot a80328f582
Merge pull request #29295 from mfilocha/fix/rbac-links 
Fix links in RBAC default bindings table
 2021-08-09 20:37:17 -07:00
Shubham Kuchhal bdb4cc4603 Fix the broken link for "webhook.go" 2021-08-09 16:17:06 +05:30
Maciej Filocha 647e9d6ca8 Fix links in RBAC default bindings table 
An extra line needs to be added to allow
the link to be rendered properly.
Also reformatting link line to be better readable.
 2021-08-09 12:09:29 +02:00
Kubernetes Prow Robot acc7252970
Merge pull request #29025 from robscott/endpoints-rbac 
Adding documentation about Endpoints write access in wake of CVE-2021-25740
 2021-07-26 23:20:45 -07:00
Kubernetes Prow Robot 5a813f1267
Merge pull request #28430 from margocrawf/master 
Add Impersonate-Uid description to Authentication docs page.
 2021-07-26 12:02:33 -07:00
Rob Scott d710925768
Adding documentation about Endpoints write access in wake of CVE-2021-25740 2021-07-26 11:32:06 -07:00
Kubernetes Prow Robot 9234f9454b
Merge pull request #28070 from enj/enj/f/duration_hint 
Update CSR docs with expirationSeconds field details
 2021-07-22 18:29:16 -07:00
Kubernetes Prow Robot f92e3ec2ba
Merge pull request #28903 from sejr/feat/podsecurity 
Add Pod Security Standards documentation
 2021-07-22 01:57:52 -07:00
Monis Khan f2b27507bd
Update CSR docs with expirationSeconds field details 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-21 16:59:02 -04:00
Monis Khan 9329467e6e
Complete details regarding CSR garbage collection 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-21 16:04:24 -04:00
Samuel Roth e0d4b53b1c incorporating initial round of feedback 2021-07-21 15:33:46 +00:00
Kubernetes Prow Robot 83f6cb6ed4
Merge pull request #28429 from ankeesler/exec-credential-v1 
exec credential provider: v1 documentation
 2021-07-21 06:54:07 -07:00
Andrew Keesler a30e63dcd6
exec credential provider: v1 documentation 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-07-13 10:47:14 -04:00
Margo Crawford d77368133a Add Impersonate-Uid description to Authentication docs page. 
This change goes with https://github.com/kubernetes/kubernetes/pull/99961
in the Kubernetes repo.
 2021-07-12 13:17:42 -07:00
Christopher Negus 548ba073da Merge main into dev-1.22 to keep in sync 2021-07-09 18:19:13 +00:00
AStraw dd443f0238
Fix pending CSR deleted time is 24 hours 
From the code, the `pendingExpiration  = 24 * time.Hour`, so the pending CSR deleted time is 24 hours.
 2021-07-09 16:49:54 +08:00