29b1f8f482
Tweak line wrappings for the node authorization page
2023-10-02 17:11:14 +08:00
eaf599bd20
Remove oudated information about Node authorization
...
The content about v1.6-1.8 should be removed to avoid confusion.
2023-10-02 17:11:07 +08:00
f932a74483
fix description --oidc-issuer-url.md ( #42941 )
...
* fix description --oidc-issuer-url.md
https://accounts.google.com/ <= above
└─ .well-known/openid-configuration <= below
* Update authentication.md
Fixed the description of `--oidc-issuer-url`.
2023-09-27 16:22:38 -07:00
c64c7837c8
add CEL Playground link
2023-09-08 16:42:43 -03:00
e8b136c3b3
Use code_sample shortcode instead of code shortcode
2023-09-05 17:10:14 +08:00
60bf42a527
Update test cases for v1.28
...
This PR makes sure the manifests under `content/en/examples`
are valid in v1.28. The primary fixes are:
- Updated the go.mod/go.sum file for testing against v1.28.0 release.
- Revise test case code to ensure newly added manifests are tested;
- Adapt Pod validation options to upstream validation code change;
- Move a ValidatingWebhookConfiguration YAML back to inline because
the manifest cannot validate against the validator. The CA bundle
referenced is not a valid string (base64 encoded). That means the
YAML cannot be used/tested as is by users.
2023-08-18 09:03:30 +08:00
5755e4362a
Merge pull request #42060 from a-hilaly/beta-match-conditions
...
Graduate AdmissionWebhookMatchConditions to beta
2023-08-09 08:49:51 -07:00
20b43d6095
Merge branch 'main' into 'dev-1.28'
2023-08-09 11:13:31 +01:00
42078a08fb
Fix typos and add comments to the match conditions example
2023-08-09 09:38:48 +02:00
fe7759b734
ValidatingAdmissionPolicy: add docs for new per namespace policy params feature ( #42219 )
...
* document per namespace params
* switch examples to codenew, fixup some typos
* more formatting and codenew
* use codenew instead of code
* fixup headings
2023-08-08 13:35:52 -07:00
2218f3d573
Remove note stating that we need AdmissionWebhookMatchConditions to be enabled explicitely
2023-08-08 20:02:35 +02:00
4dfef3e53f
Document ValidatingAdmissionPolicy variable composition and namespaceObject ( #42220 )
...
* variable composition.
* mention namespaceObject.
* Apply suggestions from code review
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* separate commands from output.
* YAML comment.
* Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* no shell prompt.
* Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md
Co-authored-by: Joe Betz <jpbetz@google.com>
* Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md
Co-authored-by: Joe Betz <jpbetz@google.com>
---------
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Joe Betz <jpbetz@google.com>
2023-08-08 07:52:16 -07:00
e168005b37
Merge pull request #42270 from skrobul/validating-and-mutation-controllers
...
admission controllers: document types
2023-08-03 15:46:20 -07:00
68ba9633a2
Switch English to use code not codenew shortcode
2023-08-01 16:57:17 +08:00
f900debc63
admission controllers: put type information at top of section
...
Signed-off-by: Marek Skrobacki <skrobul@skrobul.com>
2023-07-28 18:02:02 +01:00
fce6bfc32f
admission controllers: document types
...
Signed-off-by: Marek Skrobacki <skrobul@skrobul.com>
2023-07-28 11:08:32 +01:00
9bac8cfc1a
Add note on max number of match condition elements a user can define per webhook
2023-07-25 19:54:51 +01:00
eb522c126f
Replace {{< codenew ... >}} with {{% codenew ... %}} in all English docs ( #42180 )
...
* Replaced {{< codenew ... >}} with {{% codenew ... %}} in all files
* Reverted changes in non-english localizations
2023-07-25 05:54:06 -07:00
f9c824917f
convert the `ValidatingWebhookConfiguration` example into a manifest using a codenew shortcode
2023-07-24 23:10:55 +01:00
5fa005a106
fix bullets in validating-admission-policy
2023-07-10 13:00:43 +08:00
e7cf1ca19b
Merge dev-1.28 into main
2023-07-04 19:21:49 -04:00
83bb609c1e
add authorization config documentation
...
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
2023-06-30 23:25:34 +05:30
0e7302f383
Merge pull request #41556 from Zhuzhenghao/cleanup/abac
...
cleanup page abac
2023-06-30 06:18:42 -07:00
4cb9a82b2a
Merge pull request #40166 from mtardy/scdeny-deprecation
...
Update scdeny plugin documentation for deprecation
2023-06-30 02:49:45 -07:00
c32b30f457
Update scdeny plugin documentation for deprecation
2023-06-30 10:52:50 +02:00
b47948af36
Merge pull request #41156 from dprotaso/patch-1
...
Update service-accounts-admin.md
2023-06-28 15:06:45 -07:00
1cb1390388
Merge pull request #41000 from zlabjp/fix-key-usage
...
Fix permitted key usages
2023-06-26 17:32:29 -07:00
d873f03e78
Add -subj Command Option.
2023-06-19 15:38:54 +05:30
b1e9fbe945
[zh] cleanup page abac
2023-06-18 11:46:28 +08:00
610b895266
Merge pull request #41308 from kubernetes/main
...
Sync `dev-1.28` branch with `main`
2023-05-29 23:01:44 -07:00
f023295351
Update content/en/docs/reference/access-authn-authz/service-accounts-admin.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-05-23 13:16:26 -04:00
5d6e0ca1bb
remove ericchiang from reviewers
2023-05-16 18:13:33 +00:00
7323fddca9
Merge branch 'merged-main-dev1.28' into dev-1.28
2023-05-16 02:39:25 -04:00
eb21c7af96
Update service-accounts-admin.md
2023-05-15 11:28:47 -04:00
edc769baa4
Merge pull request #39576 from sftim/20220108_improve_api_documentation_objects_part_1
...
Reorganize Working with Kubernetes Objects section
2023-05-10 18:39:09 -07:00
d384f118b2
Fix permitted key usages
2023-05-08 13:54:52 +09:00
7bdcd3da4c
Merge pull request #40968 from nnmin-aws/nnmin-dev
...
update certificate-signing-requests.md to reflect https://github.com/ …
2023-05-07 02:51:15 -07:00
35771026a1
update certificate-signing-requests.md to reflect https://github.com/kubernetes/kubernetes/pull/111660 introduced in 1.27
2023-05-05 13:15:39 -07:00
a413d89528
Merge pull request #40051 from EricFortin/patch-1
...
Small wording change
2023-05-05 02:51:12 -07:00
30841950a6
Apply suggestions from code review
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-05-04 22:25:45 +02:00
d2d1242815
KEP-3325: Promote SelfSubjectReview to GA
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2023-05-04 11:37:01 +02:00
6bf15f514b
Merge pull request #40692 from sftim/20230414_automatically_use_latest_patch_for_minor_version
...
Use release data to calculate latest patch version
2023-05-03 00:38:12 -07:00
f787489ec5
Merge pull request #40535 from aitorpazos/patch-1
...
Note on caBundle encoding in extensible-admission-controllers.md
2023-05-02 15:38:14 -07:00
50d7e85643
Migrate from fullVersion param to skew shortcode
...
Use {{< skew currentPatchVersion >}} to render the latest patch version
for the minor release being documented.
2023-05-02 23:25:30 +01:00
634c17f61c
Reorganize Working with Kubernetes Objects section
...
- move Understanding Kubernetes Objects to be section overview
- within the section, consistently link to the new (moved) page from the
first mention of “object”
- add a redirect
Co-authored-by: Divya Mohan <divya.mohan0209@gmail.com>
2023-04-29 21:39:42 +01:00
eb3e564a17
Fix the comma symbol
...
Some unknown symbol is being used currently.
2023-04-24 10:45:46 +03:00
ad7c0712c6
Fix examples test for 1.27
...
- Some examples are actually not good "examples", i.e. they are not
not ready for the users to try out.
- Some examples are failing the validation in their current format.
- Some examples skipped the test case.
These issues are fixed.
2023-04-16 17:26:12 +08:00
4a5436f42e
ClusterTrustBundles: Document service account impersonation
...
(Change message to retrigger tests)
2023-04-14 11:05:15 -07:00
2e403eba90
Merge pull request #40578 from sftim/20230409_cluster_trust_bundles
...
Document ClusterTrustBundles
2023-04-10 16:44:03 -05:00
9252eb08f5
Merge remote-tracking branch 'upstream/main' into dev-1.27
2023-04-10 12:20:33 -07:00
e95deae997
Update CSR page to encompass CSRs and trust bundles
...
Rather than mention trust bundles as a subtopic of certificate signing
requests, reshape the page so that:
- it's clear that CSRs are stable but ClusterTrustBundles are alpha
- the task for issuing a certificate to a user stands separately from
the concepts explained elsewhere in the page
- it's clear that signers are relevant to both CSRs and
ClusterTrustBundles
2023-04-09 18:51:27 +01:00
8377a675cd
ClusterTrustBundles: Add section to certificates page
...
Document the API types as they exist today, plus a hint of the future
integrations that will be available.
Co-Authored-By: Taahir Ahmed <taahm@google.com>
2023-04-09 17:27:18 +01:00
c1f4c5c4a2
Cleanup page rbac
2023-04-07 22:34:42 +08:00
cf20f82dbd
Note on caBundle encoding in extensible-admission-controllers.md
...
The note on caBundle field description mentions it is PEM encoded, but the actual field value is then encoded into Base64, which is worth mentioning.
2023-04-06 09:10:12 +00:00
31439e3d56
Merge branch 'upstream/main' into dev-1.27
2023-04-05 14:20:36 -05:00
3a3ae711d5
Cleanup page rbac
2023-04-05 22:36:28 +08:00
b1bd85a421
about apiGroups ( #40315 )
...
* about apiGroups
Look at the source code, apiGroups is an empty set and not all are allowed, you need to use * to be able to, if it is an empty set if the resource does not have apiGroups then it will not be accessible
Refer to:
https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/rbac/v1/evaluation_helpers.go#L85
https://github.com/kubernetes/api/blob/master/rbac/v1/types.go#L29
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
* Update rbac.md
* Update rbac.md
* Update content/en/docs/reference/access-authn-authz/rbac.md
the comma
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
* Update rbac.md
All changed
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
---------
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-04-04 22:01:38 -07:00
0d862b9afe
message expression and type checking.
2023-04-03 09:38:13 -07:00
cf37b594f2
KEP-3488 ValidatingAdmissionPolicy: Enforcement actions, audit annotations, and secondary authz ( #40098 )
...
* Document auditAnnotations, validationActions and authorizer
* Apply suggestions from code review
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Apply suggestions from code review
Co-authored-by: Tim Allclair <timallclair@gmail.com>
* Apply feedback
---------
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2023-04-03 08:55:52 -07:00
27460b23fa
AdmissionWebhookMatchConditions feature documentation ( #40058 )
...
* AdmissionWebhookMatchConditions feature documentation
* #squash ivelichkovich feedback
* #squash sftim feedback
* Correct statement about request.object
* #squash: sftim feedback
* #squash jpbetz feedback
* #squash: denied function removed
* #squash fix match conditions example
* #squash fix expression quoting
* #squash scope authorizatoin check example
* #squash separate RBAC webhook example
* #squash sftim feedback
* #squash add shared client config for example
* Don't use yaml anchors in example
2023-04-03 08:23:51 -07:00
4d58ea4165
Update service-accounts-admin.md
...
Fix internal links in service-accounts-admin docs
2023-04-01 13:23:50 +05:30
2da2c6c277
Merge pull request #40407 from mickeyboxell/merged-main-dev-1.27
...
Merged main dev 1.27
2023-03-31 21:49:49 -07:00
b0978a248e
Fix ServiceAccount admission controller link
...
Fix ServiceAccount admission controller link
2023-03-31 05:55:01 +05:30
b842957cf3
Merge pull request #39794 from nabokihms/ssr-beta
...
KEP-3325: Promote SelfSubjectReview to Beta
2023-03-30 11:39:49 -07:00
a15fa4ae31
Merge remote-tracking branch 'upstream/main' into dev-1.27
2023-03-29 15:54:33 -05:00
669f695ccb
Remove some duplicates in content/en/docs/reference/access-authn-authz/service-accounts-admin.md
...
Signed-off-by: liulijin <253954033@qq.com>
2023-03-23 09:25:21 +08:00
350ce035a5
Fix previous virables in exampes
2023-03-22 20:23:48 +00:00
457c26b997
Adding MatchConditions into ValidatingAdmissionPolicy
2023-03-22 20:23:48 +00:00
9e75d92cd9
Small wording change
2023-03-16 11:54:39 -04:00
bb14c6db8d
Promote SelfSubjectReview to Beta
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2023-03-12 15:09:39 +01:00
58455c59e9
Remove duplicate "the" in admission-controllers.md
...
Signed-off-by: Guangwen Feng <fenggw-fnst@fujitsu.com>
2023-03-03 16:27:25 +08:00
3fc2fa9853
Merge pull request #39142 from tengqm/cleanup-redirects-1
...
Remove redirect entries for docs/admin/... pages
2023-02-22 08:43:57 -08:00
ee4b88ed37
Merge pull request #37733 from sftim/20221105_update_docs_podsecuritypolicy_removal
...
Update documentation for PodSecurityPolicy removal
2023-02-14 12:55:51 -08:00
68b19b6f00
Specify that subresources excluded from mutating webhook example
2023-02-06 22:33:00 +00:00
c809bcc796
Merge pull request #39180 from Zhuzhenghao/certificate-signing-requests
...
Make layout prettier in certificate-signing-requests.md
2023-01-30 22:14:48 -08:00
80561f67b1
Make layout prettier in certificate-signing-requests.md
2023-01-31 13:45:44 +08:00
4164430555
Add spaces in code snippets for consistency
2023-01-30 18:15:06 +08:00
6c701a7d96
Update doc of admission plugin SecurityContextDeny
...
Note the shortcomings of the implementation of this admission plugin
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-01-29 17:27:12 +01:00
9a727efab8
Remove redirect entries for docs/admin/... pages
2023-01-29 19:56:56 +08:00
bb85d62752
Update docs for PodSecurityPolicy removal
2023-01-24 22:24:09 +00:00
4ec6fbac55
Fix errors on `ValidatingAdmissionPolicyBindings` for the CEL for Admission Control blog & doc ( #38893 )
...
* Fix errors on ValidatingAdmissionPolicyBindings for the CEL for Admission Control blog
* Fix namespaceSelector error
* Fix namespaceSelector errors
2023-01-12 08:38:54 -08:00
e97c98b27f
Merge pull request #38428 from AverageMarcus/patch-1
...
Fix typo in SA admission controller steps
2023-01-03 17:19:58 -08:00
37955a816b
Reformat the validating-admission-policy reference page
...
This commit wraps the long lines found in the
validating-admission-policy reference page.
2022-12-31 07:44:49 +08:00
3362aa9701
Add admission.k8s.io/v1 API and fix references to it
...
The `admission.k8s.io/v1` API group is not generated into the v2/v3 OpenAPI
specification as part of Kubernetes API because it is not officially "served".
However, the structs in the API group are used in other APIs that are user-facing.
This PR addes the reference API and fixes references to it.
2022-12-31 07:44:41 +08:00
912c306be4
Fixing Spec -> spec and paramsRef -> paramRef
...
Fixing Spec -> spec and paramsRef -> paramRef
2022-12-23 18:25:22 +05:30
b590431f4e
Updated the wrong format
2022-12-20 01:24:49 +05:30
f1405f274a
Merge pull request #38497 from samos123/fix-38495-validation-admission-policy
...
Fix 38495 incorrect ValidationAdmissionPolicyBindings
2022-12-16 20:51:41 -08:00
f9e113fb86
Merge pull request #38353 from SergeyKanzhelev/RotateKubeletClientCertificateIsGA
...
fix documentation for RotateKubeletClientCertificate
2022-12-16 07:18:17 -08:00
088649ec4f
Fix incorrect ValidationAdmissionPolicyBindings
2022-12-15 10:00:55 -08:00
2b5dab08f1
Fix typo in SA admission controller steps
2022-12-12 15:11:43 +00:00
ab4812140f
fix documentation for RotateKubeletClientCertificate
2022-12-09 18:24:04 +00:00
8f9446f87d
Merge branch 'main' into dev-1.26
2022-12-03 21:36:34 +00:00
50246c291b
Merge pull request #37770 from cici37/celDoc
...
Documentation for CEL in Admission Control
2022-12-01 16:33:53 -08:00
98d41f24ef
Address comments
2022-11-30 16:47:27 +00:00
4dc90ef731
Add doc for ValidatingAdmissionPolicy
2022-11-30 06:35:18 +00:00
cec61c1754
Merge pull request #38052 from krol3/merged-main-dev-1.26
...
Merge main branch into dev-1.26
2022-11-29 11:59:09 -08:00
9b4b8831ca
Merge pull request #38010 from Shubham82/Add_shell
...
Append triple backticks with shell for code snippet
2022-11-28 19:37:22 -08:00
f306471950
Merge pull request #35385 from nabokihms/patch-2
...
Add doc about how to get self subject attributes
2022-11-28 00:58:07 -08:00
cb9dc5a4ac
Update content/en/docs/reference/access-authn-authz/authentication.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2022-11-27 22:31:16 +01:00
35c3321b02
feat: Add caution note about rules field override in aggregated clusterroles
2022-11-25 16:24:13 +02:00
Qiming Teng
nnlkcncff
Matheus Moraes
Mengjiao Liu
Kubernetes Prow Robot
Tim Bannister
Amine
Alex Zielenski
Jiahui Feng
Marek Skrobacki
Andrey Goran
windsonsea
Rishit Dagli
Nabarun Pal
mtardy
shubham82
zhenghao.zhu
Dave Protasowski
Eric Chiang
Tomoya Usami
Min Ni
Maksim Nabokikh
m.nabokikh
Ismail Alidzhikov
Taahir Ahmed
Mickey Boxell
Aitor
zmquan
Joe Betz
Tim Allclair
samitks
liulijin
Cici Huang
Eric Fortin
Guangwen Feng
Richard Tweed
Mathieu Benoit
Saloni1814
Yash Pimple
Sam Stoelinga
Marcus Noble
Sergey Kanzhelev
Sergey Shevchenko