This is a reference for WebhookAdmission config generated from kubernetes-sigs/reference-docs/genref tool.
More specifically, it is generated using the following command:
```shell
./genref -include apiserver-webhookadmission
```
This is a reference for kube-scheduler policy config generated from
kubernetes-sigs/reference-docs/genref tool.
More specifically, it is generated using the following command:
```
./genref --include kube-scheduler-policy-config
```
The `imagePullPolicy` field is set automatically based on the image tag
if it's initially omitted, but it is not updated if the image tag later
changes. This can lead to [confusing
behaviour](https://itnext.io/defaults-are-hard-kubernetes-deployment-edition-3b11095792f2).
This change attempts to warn users of this potential pitfall.
The "Automatic mounting of manually created Secrets" section of the
Secrets documentation previously suggesting using PodPresets. PodPresets
have been removed, there is no alternate facility described, and it's
unclear if auto-mounting secrets based on associations with
ServiceAccounts was ever supported. Accordingly, the section should be
removed.
As suggested, removed the language related to common vernacular. I think the documentation is well written in the common labels section, and can possibly be enhanced as more and more of these labels are implemented. So, just a link in the best practice section is sufficient as suggested by you.
Adds a `caution` note that SSH key pairs do not establish trust between
clients and servers. A secondary method is required to establish trust
between an SSH client and host server, such as fixed `known_hosts` file.
Clients which do not establish adequate trust are vulnerable to "man in
the middle" impersonation attacks.
Signed-off-by: Adam Kaplan <adam.kaplan@redhat.com>
This PR adds a paragraph explaining the insecure by default nature of k8s secrets, and points users at the documentation to turn on encryption at rest and RBAC.
I think a second page needs to be created showing the correct combination of RBAC rules for various cases, which should eventually replace the link to the RBAC documentation.
Yuval Avrahami
Grace Nguyen
Qiming Teng
Niko Felger
Zulai Wang
Shannon Kularathna
Kubernetes Prow Robot
Tim Bannister
Victor Palade
Rey Lejano
Karen Bradshaw
Tobias
ChandaniM123
Adrian Ludwin
wojtekt
Jacob Henner
Federico Gallo
Bartlomiej Takuski
Tom Kivlin
Qiming Teng
Rajesh Jain
Rajesh Jain
lostsquirrel
Johnny Lim
Pavel Nosov
Sylvain Coulombel
Adam Kaplan
amyXia1994
Kristin Martin
Adam Jacob
reylejano-rxm