d2f227d73e
Merge pull request #29727 from jonassteinberg1/patch-2
...
"First this user must have [a] certificate issued..."
2021-11-12 21:06:46 -08:00
4b7784728a
PodSecurity beta updates
2021-11-10 10:30:51 -05:00
f3921c9028
Remove "basic" from supported API auth methods
...
This was removed in v1.19.
2021-10-28 11:57:07 +02:00
850e16fe38
Merge pull request #30193 from PranshuSrivastava/broken_link
...
fixed the broken link
2021-10-27 16:21:02 -07:00
094d9c034b
remove period and change script to command
...
Incorrect punctuative period and change the word script to command for uniformity.
2021-10-27 08:41:51 -05:00
e779d2d3fc
Update link to new project documentation site
2021-10-26 15:35:17 -04:00
8fbccfcd8f
Improvement: Correct the "empty" link in Dynamic Admission Control.
2021-10-26 13:51:38 +05:30
2642b12efc
made requested changes
2021-10-23 04:21:22 +05:30
1ee91f08c9
fixed the broken link
2021-10-22 21:29:07 +05:30
029ec4cd67
Combine Service Account to map with resource kind
2021-10-18 10:53:00 +05:30
dc326f0389
Add example for querying SA permissions
...
Add example for querying SA permissions
Add missing example for querying the API authorization layer for checking the permissions of a Service Account
Add missing SA identifying prefix
Improve suggested text to align with current content
Co-authored-by: Sam Roth <2413031+sejr@users.noreply.github.com>
Improve suggested text to align with current content
Co-authored-by: Sam Roth <2413031+sejr@users.noreply.github.com>
2021-10-11 18:14:39 +05:30
1262222578
Change master to v1.22.0
2021-10-04 15:52:46 +05:30
d4a08df1b9
Improvement: Correct the "code" link in Dynamic Admission Control.
2021-10-04 12:40:03 +05:30
780dae2785
Clarified scenarios that could lead to privilege escalation ( #29378 )
...
* Clarified scenarios that could lead to privilege escalation
Made it clearer that it's not just creating pods which enables the privilege escalation. It's all workloads, all reconfiguration of workloads, and conceptually the creation and reconfiguration of custom resources which create workloads.
* Allowing link to priv escalation heading if required
* Update content/en/docs/reference/access-authn-authz/authorization.md
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* Adding further clarifications
* Retitled escalation section
* Apply suggestions from vjftw
Co-authored-by: VJ Patel <VJftw@users.noreply.github.com>
* Clarified CRDs and reduced duplication
* Updating caution based on Geoffrey's comments
* Updating controller comment and linking out to reference docs
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: VJ Patel <VJftw@users.noreply.github.com>
2021-09-24 16:02:21 -07:00
0ad09c36d6
fix expiration of bound SA tokens
...
Signed-off-by: Sergiusz Urbaniak <sergiusz.urbaniak@gmail.com>
2021-09-21 08:21:46 +02:00
c2742b279e
"First this user must have [a] certificate issued..."
...
Added 'a' to the sentence "First this user must have certificate issued..." from the subsection "Normal Users"
2021-09-16 08:20:34 -05:00
f9d5ab0627
add 'the' to 'without restarting [the] API server' from Static Token File section
...
smol.
2021-09-15 09:29:37 -05:00
19807f866c
Update content/en/docs/reference/access-authn-authz/rbac.md
...
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
2021-08-23 21:45:10 +08:00
162da6561b
Update rbac.md: Describe in detail how to specify resourceNames when using list/watch verbs
2021-08-19 23:39:48 +08:00
87235b508d
Merge pull request #29311 from mengjiao-liu/update-githubbranch-param
...
Hard-code the name of the target repo's default branch instead of using the githubbranch parameter value
2021-08-16 06:03:18 -07:00
f945335af6
Hard-code the name of the target repo's default branch instead of using the githubbranch parameter value
2021-08-10 18:03:21 +08:00
a80328f582
Merge pull request #29295 from mfilocha/fix/rbac-links
...
Fix links in RBAC default bindings table
2021-08-09 20:37:17 -07:00
bdb4cc4603
Fix the broken link for "webhook.go"
2021-08-09 16:17:06 +05:30
647e9d6ca8
Fix links in RBAC default bindings table
...
An extra line needs to be added to allow
the link to be rendered properly.
Also reformatting link line to be better readable.
2021-08-09 12:09:29 +02:00
acc7252970
Merge pull request #29025 from robscott/endpoints-rbac
...
Adding documentation about Endpoints write access in wake of CVE-2021-25740
2021-07-26 23:20:45 -07:00
5a813f1267
Merge pull request #28430 from margocrawf/master
...
Add Impersonate-Uid description to Authentication docs page.
2021-07-26 12:02:33 -07:00
d710925768
Adding documentation about Endpoints write access in wake of CVE-2021-25740
2021-07-26 11:32:06 -07:00
9234f9454b
Merge pull request #28070 from enj/enj/f/duration_hint
...
Update CSR docs with expirationSeconds field details
2021-07-22 18:29:16 -07:00
f92e3ec2ba
Merge pull request #28903 from sejr/feat/podsecurity
...
Add Pod Security Standards documentation
2021-07-22 01:57:52 -07:00
f2b27507bd
Update CSR docs with expirationSeconds field details
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-21 16:59:02 -04:00
9329467e6e
Complete details regarding CSR garbage collection
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-21 16:04:24 -04:00
e0d4b53b1c
incorporating initial round of feedback
2021-07-21 15:33:46 +00:00
83f6cb6ed4
Merge pull request #28429 from ankeesler/exec-credential-v1
...
exec credential provider: v1 documentation
2021-07-21 06:54:07 -07:00
a30e63dcd6
exec credential provider: v1 documentation
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-07-13 10:47:14 -04:00
d77368133a
Add Impersonate-Uid description to Authentication docs page.
...
This change goes with https://github.com/kubernetes/kubernetes/pull/99961
in the Kubernetes repo.
2021-07-12 13:17:42 -07:00
548ba073da
Merge main into dev-1.22 to keep in sync
2021-07-09 18:19:13 +00:00
dd443f0238
Fix pending CSR deleted time is 24 hours
...
From the code, the `pendingExpiration = 24 * time.Hour`, so the pending CSR deleted time is 24 hours.
2021-07-09 16:49:54 +08:00
0c5a2e06da
Fixed up typo in extensible-admission-controllers.md
2021-07-05 11:41:11 +12:00
369169dbb3
Merge pull request #28570 from zshihang/main
...
update doc for BoundServiceAccountTokenVolume ga
2021-06-24 01:17:41 -07:00
3a9b198beb
update doc for BoundServiceAccountTokenVolume ga
2021-06-23 09:47:49 -07:00
5cfba9ebb2
Merge pull request #27114 from mengjiao-liu/update-signerName-desc
...
update certificate-signing-requests Signer description
2021-06-22 14:40:11 -07:00
f0f957ff21
update state for PodSecurityPolicy
2021-06-20 16:17:40 +08:00
5cf02fde98
Add Spaces.
2021-06-08 11:08:11 +05:30
baf379436b
Improvement: Managing Service Accounts
2021-06-07 17:33:58 +05:30
a6ab6dca21
docs(admission-controllers): update release status of TaintNodesByCondition
...
Signed-off-by: Jai Govindani <jai@honestbank.com>
2021-04-30 13:21:19 +07:00
1f28ec0961
Fix syntax errors ( #27735 )
...
* Fix syntax errors
- fix wrong placed line breaks
- fix command mode start and end
* remove word 'simple'
2021-04-28 17:06:50 -07:00
27b2611cbc
Update webhook server example code link
...
Fix 404 error and point to the latest released code.
2021-04-23 12:19:23 -04:00
87dd022604
Apply suggestions from code review
...
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
2021-04-21 08:14:28 -07:00
8a3d7acf03
update doc for BoundServiceAccountTokenVolume
2021-04-20 11:47:58 -07:00
d1e6a6fd24
Merge pull request #26605 from tengqm/admission-config-ref
...
Add WebhookAdmission reference
2021-04-14 01:30:42 -07:00
108149fa2f
Add WebhookAdmission reference
...
This is a reference for WebhookAdmission config generated from kubernetes-sigs/reference-docs/genref tool.
More specifically, it is generated using the following command:
```shell
./genref -include apiserver-webhookadmission
```
2021-04-07 09:13:47 +08:00
965aa51daf
Merge master into dev-1.21 to keep in sync, plus latest API reference
...
This sync merge includes API reference updates.
2021-04-06 21:38:24 +01:00
b28250b68f
Add reference for client-authentication v1beta1
...
This is a reference for client authentication API generated from kubernetes-sigs/reference-docs/genref tool.
More specifically, it is generated using the following command:
```shell
./genref -include client-authentication
```
2021-04-02 09:48:59 +08:00
ca046d9b1f
Merge master into dev-1.21 to keep in sync
2021-03-26 21:29:52 +01:00
55205a5c1f
Merge pull request #27225 from reylejano/update-denyexeconprivileged-removal
...
Update DenyExecOnPrivileged and DenyEscalatingExec deprecation notice
2021-03-26 06:40:43 -07:00
ec4840824d
Merge pull request #26472 from kbhawkey/cleanup-usage-just
...
clean up use of word: just
2021-03-26 04:34:43 -07:00
59d1b368c1
Merge pull request #26018 from CharlyRipp/patch-1
...
Update misleading webhook authentication documentation
2021-03-26 04:22:44 -07:00
16fcbcba69
Merge pull request #25735 from mpatters72/patch-2
...
Include missing cert export step
2021-03-26 03:30:45 -07:00
7a461e5f13
update doc for BoundServiceAccountTokenVolume and RootCAConfigMap
2021-03-25 22:57:44 -07:00
a6f829f29a
update denyexeconprivileged removal to release 1.21
...
update denyexeconprivileged removal to release 1.21
update denyexeconprivileged removal to release 1.21
2021-03-25 18:02:29 -07:00
b2bc2fe7c2
update certificate-signing-requests Signer description
2021-03-18 18:01:32 +08:00
3ff5ec1eff
clean up use of word: just
2021-03-17 19:57:40 -04:00
f7506a3d98
Drop vagrant path and use generic name.
2021-03-17 15:38:56 -07:00
1c237dabfa
Update content/en/docs/reference/access-authn-authz/certificate-signing-requests.md
...
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
2021-03-17 15:15:34 -07:00
70096affc5
Merge remote-tracking branch 'upstream/master' into dev-1.21
2021-03-05 17:05:24 +01:00
2b6074e8ed
changes
2021-02-22 19:13:26 -06:00
903ee369b2
Merge pull request #26119 from neha-viswanathan/25833-migrate-page
...
Migrate https://kubernetes.io/docs/concepts/cluster-administration/certificates/ to tasks section
2021-02-27 18:26:38 -08:00
a7bab8d6ca
Merge pull request #26751 from JensHeinrich/JensHeinrich-patch-sentence
...
Fix sentence
2021-02-27 16:12:39 -08:00
4103230c18
Clarify stability level of admission plugins
2021-02-27 12:46:20 -05:00
e864d7f3ca
Fix sentence
...
Add missing verb
2021-02-27 15:37:33 +01:00
41220636ec
Migrate https://kubernetes.io/docs/concepts/cluster-administration/certificates/ to tasks section
2021-02-24 18:33:38 -08:00
67a342aae3
Update certificate-signing-requests.md
...
Maintain original docs `/home/vagrant/work/`working directory to be consistent.
2021-02-19 13:18:53 -08:00
736139e3e7
Merge master into dev-1.21 to keep in sync - SIG-Release 1.21 Docs team 2/19/21
2021-02-19 12:23:22 -08:00
6a166cf511
Update content/en/docs/reference/access-authn-authz/certificate-signing-requests.md
...
Co-authored-by: Irvi Aini <7439590+irvifa@users.noreply.github.com>
2021-02-17 17:34:31 -08:00
4a0574a083
Update authentication.md
2021-02-13 17:19:13 +06:00
bfcea97d39
Merge remote-tracking branch 'upstream/master' into dev-1.21
2021-02-12 20:05:18 -05:00
11f542a599
Update authentication.md
2021-02-12 22:38:11 +06:00
5ad27062f6
Update content/en/docs/reference/access-authn-authz/authentication.md
...
Co-authored-by: Irvi Aini <7439590+irvifa@users.noreply.github.com>
2021-02-12 22:33:37 +06:00
2ae6da3c19
Merge branch 'master' into master
2021-02-12 17:04:39 +06:00
c0770869ff
fixed some grammatical mistakes
2021-02-12 16:57:50 +06:00
d7d113abb7
Merge pull request #26297 from thockin/docs-kep2200
...
Add docs for KEP 2200 (DenyServiceExternalIPs)
2021-02-09 08:13:10 -08:00
c111b4ac62
Docs for KEP 2200
...
* Document DenyServiceExternalIPs admission controller
* Re-order other admission controller blocks to be alphabetical
* Document DefaultIngressClass (missing)
2021-02-08 16:21:42 -08:00
3fd65482e8
clean up use of word: simply
2021-02-07 12:15:29 -05:00
d2e7f4acab
Merge pull request #26352 from kbhawkey/fixup-remove-word-easy
...
clean up use of word: easy
2021-02-04 10:48:26 -08:00
d148026f23
Merge pull request #26065 from margocrawf/master
...
Rewording of paragraph about provideClusterInfo key on Authentication page
2021-02-03 03:02:29 -08:00
67a750b5e0
Incorporated suggestions for provideClusterInfo paragraph
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-01 15:35:49 -08:00
7d9916af0c
clean up use of word: easy
2021-02-01 15:14:25 -05:00
f079aa8214
Update validatingadmissionwebhook and mutatingadmissionwebhook docs as they have been promoted to v1
2021-01-30 16:09:29 +08:00
c782fd6738
Merge pull request #25982 from ydFu/add-code-blocks-in-authorization
...
Add the code blocks in authorization.md
2021-01-29 10:25:41 -08:00
34e8b55faf
Merge pull request #26027 from tengqm/clean-podpreset
...
Clean PodPreset docs, examples and links
2021-01-15 07:39:51 -08:00
08fe76be1a
Update rbac.md
2021-01-14 09:50:57 -05:00
a11047c153
Clean PodPreset docs, examples and links
2021-01-14 13:26:29 +08:00
2135ed8002
Merge pull request #25856 from edwardrosen/patch-1
...
Update rbac.md
2021-01-12 16:00:36 -08:00
5accf8f128
Rewording of paragraph about provideClusterInfo key
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-01-12 13:51:15 -08:00
a37b8a9fee
Update rbac.md
...
I've deleted the line break. The example in line 89 now seems to render ok in the preview. Could you please take a look?
2021-01-12 15:22:39 -05:00
7347a9d008
Remove code reference
...
Remove reference in favor of https://github.com/kubernetes/website/issues/23889
2021-01-11 11:57:32 -06:00
1b70e98626
Add the code blocks in authorization.md
...
* Add the code blocks in the Markdown spec to make it easy to read.
* Add description that distinguish between **command** and **output** make it easy to read.
* Adjust description in Kubernetes components for smoother reading.
Signed-off-by: ydFu <ader.ydfu@gmail.com>
2021-01-09 11:57:24 +08:00
e72ec8fbd0
Update misleading documentation
...
Update misleading information that HTTPS is required and link to self-documented code to find more edge-case configuration options
2021-01-08 13:40:07 -06:00
284d725ee0
Update rbac.md
...
I added a <br> after the end of the third bullet and backed out all of the other changes I suggested in the original pull request. I think this better matches the author's original intent. The only difference now between what's currently published and this edit is the line break coded after the third bullet.
2021-01-08 14:10:01 -05:00
0245ad3aad
Remove too old content
2021-01-05 20:57:13 +02:00
Kubernetes Prow Robot
Jordan Liggitt
Rodrigo Queiro
Jonas Steinberg
Marc Boorshtein
Shubham Kuchhal
Pranshu Srivastava
chirangaalwis
Richard Tweed
Sergiusz Urbaniak
Abirdcfly
Mengjiao Liu
Maciej Filocha
Rob Scott
Monis Khan
Samuel Roth
Andrew Keesler
Margo Crawford
Christopher Negus
AStraw
Edward Huang
Shihang Zhang
chenxuc
Jai Govindani
Smuu
Michael Gugino
Qiming Teng
Tim Bannister
Victor Palade
Rey Lejano
Karen Bradshaw
Mike Patterson
raghvenders
Jens Heinrich
Neha Viswanathan
Sahadat Hossain
ChandaniM123
Sahadat Hossain
Tim Hockin
RainbowMango
Edward Rosen
Qiming Teng
Charly Rippenkroeger
ydFu
Roman Marusyk