7b7fa2c8ec
Merge pull request #38874 from sftim/20230110_add_logs_api_to_security_checklist
...
Add /logs API to security checklist
2023-04-03 08:31:51 -07:00
47319756be
fix links in service-accounts.md
2023-03-28 14:48:04 +09:00
458c0e3b26
Improvement: Added the Note for External applications. ( #39691 )
...
* Improvement: Added the word External applications.
* Added the Note for External Applications.
* Modify the note
2023-03-21 20:08:36 -07:00
52bb8f9282
Add /logs API to security checklist
...
It's best to disable this API, which is deprecated at the time of
writing.
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
2023-03-16 17:38:38 +00:00
da84dd8419
Merge pull request #39436 from sftim/20230213_tweak_sa_concept
...
Fix wording, punctuation and Markdown for ServiceAccount concept page
2023-02-14 15:53:41 -08:00
ee4b88ed37
Merge pull request #37733 from sftim/20221105_update_docs_podsecuritypolicy_removal
...
Update documentation for PodSecurityPolicy removal
2023-02-14 12:55:51 -08:00
96d49317a2
Fix wording for ServiceAccount concept
...
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Shannon Kularathna <ax3shannonkularathna@gmail.com>
2023-02-14 09:17:03 +00:00
cb5a8930dc
Fix broken anchor
2023-02-14 09:16:57 +00:00
9eb2767333
Add a missing anchor pound sign
2023-02-13 12:49:20 -05:00
b1f18bfa9b
Merge pull request #38289 from shannonxtreme/service-account
...
Add a new concept page for service accounts
2023-02-13 09:37:29 -08:00
7cb6d1eb35
Add a new concept page for service accounts
...
Also add a glossary definition for JWTs
Co-authored-by: Tim Bannister <tim+github@scalefactory.com>
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: stlaz <https://github.com/stlaz >
2023-02-13 17:29:12 +00:00
42e746a379
Clean up api-server-bypass-risks.md
2023-02-06 09:55:04 +08:00
fe12a4054b
Update PSS - HostPorts should be disallowed
...
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2023-01-30 13:12:45 -08:00
bb85d62752
Update docs for PodSecurityPolicy removal
2023-01-24 22:24:09 +00:00
d0779881e6
Further updates to clarify language
2023-01-19 15:32:18 -05:00
5c9af80d8c
Update content/en/docs/concepts/security/rbac-good-practices.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-01-19 15:16:19 -05:00
cc56241ccd
Update content/en/docs/concepts/security/rbac-good-practices.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-01-19 15:13:47 -05:00
d11408b9d9
Update RBAC Good Practices for PersistentVolumes
...
The docs previously referred to the reader to the now defunct PodSecurityPolicy
page to explain how PersistentVolumes can be a path of privilege escalation,
burrying the lede.
Now that PodSecurityPolicy is gone, update this bit to actually explain that it
it is unfettered access to creating hostPath-typed PersistentVolumes that are
a problem. Some words lifted from the 1.24 PodSecurityPolicy docs.
Signed-off-by: Mike Waychison <mike@waychison.com>
2023-01-19 13:45:50 -05:00
a437285212
Fix nits in markdown links
...
This PR fixes a few "bad links" identified by the `scripts/linkchecker.py` script.
2022-12-22 08:45:10 +08:00
61b13a19d0
[en] fix quotation mark in multi-tenancy page
2022-12-12 09:55:49 +01:00
f8a2d2319a
Add documentation about signed Kubernetes artifacts
...
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2022-11-28 12:05:11 +01:00
aaaa6303f4
Merge pull request #37731 from sftim/20221105_tweak_psp_removal_page
...
Tweak page about PodSecurityPolicy removal
2022-11-08 11:14:19 -08:00
4e006c898d
Tweak page about PSP removal
...
- Remove reviewers (feature was removed)
- Use semi-custom Docsy callout to note the removal
- Stop stating that the API is deprecated; it's now actually removed.
2022-11-05 18:22:27 +00:00
3174fdf2d4
Adjust page weights for /docs/concepts section
...
Changes the page weights of the index files for folders in the /docs/concepts folder. There were some overlapping weights and weights that were close together.
2022-11-04 10:13:53 -04:00
0f9b65b429
Add page weights to concepts -> security pages
2022-10-24 19:02:52 +00:00
05a17c16fc
[en] fix typo secrets-good-practices.md
2022-10-05 01:31:49 +03:00
91ecbb977c
Merge pull request #36805 from harshchauhan1988/patch-2
...
Adding recommendation for network isolation
2022-09-30 06:54:28 -07:00
d8132bcd35
Improve the RBAC policies section
...
- Change the heading to be more goal-oriented and add an anchor
- Separate list items into 'component' and 'human' users
- Add info about get access and third-party authorization mechanisms for finer control
- Add caution for granting list access
2022-09-22 16:07:06 +00:00
6ca919d4bd
Add caution callout for base64 encoding
2022-09-22 16:07:06 +00:00
89b9c18121
Split developer content into headings and remove redundant points
...
Add short description to cluster admin and dev section
2022-09-22 16:07:06 +00:00
8eb3ae60f3
Move developer content below cluster admins
...
Additionally, fixed a couple of markdown links to not line wrap
2022-09-22 16:07:06 +00:00
502eac3635
Clean up etcd wording
2022-09-22 16:07:06 +00:00
4887467aa4
Add sections for cluster admins
...
- Add section for encryption at rest
- Add section for RBAC
- Clean up RBAC bullets
- Move etcd bullets to own section on etcd management
- Add section for third party secret stores
2022-09-22 16:07:06 +00:00
1c625d0659
Update glossary and move existing info to new page
...
- Update glossary term for secrets
- Improve clarity of privileged container warning note
- Create a new page for Secrets good practices and bring existing content as-is to the page
- Add weights to pages
- Add link for good practices for secrets and remove moved content
2022-09-22 16:07:05 +00:00
de922ae019
Merge pull request #36562 from windsonsea/secovy
...
Fix typo and consistency: /security/overview.md
2022-09-18 11:12:29 -07:00
8ab4ebb376
Adding recommendation for network isolation
2022-09-14 15:00:14 +05:30
5ada01a5ce
Merge pull request #36343 from tallclair/workload-creation
...
Update RBAC best practices for workload creation
2022-09-07 09:18:37 -07:00
0df6c75da0
Reformat multi-tenancy page
...
When translating/synchronizing changes to the multi-tenancy page, we
found that the long lines are difficult for change tracking. This PR
changes nothing other than manually wrapping the long lines.
2022-09-06 13:12:14 +08:00
922aed0bf8
Fix typo and consistency: /security/overview.md
2022-09-03 22:43:12 +08:00
7e23b9e97d
Update overview.md
...
Add huawei cloud trust center link
2022-09-03 17:45:26 +08:00
32e47b31bb
Fix a few mini typos in the API bypass security page
2022-09-02 19:41:24 +02:00
09707c0aef
Merge pull request #35908 from raesene/main
...
New Docs page for API Server Bypass Risks
2022-09-02 09:14:06 -07:00
a5e96bfbc5
Merge pull request #33992 from mtardy/security-checklist
...
Add a security checklist for clusters
2022-09-01 13:13:19 -07:00
9f5a35978f
RBAC guide is presented as a checklist item
2022-09-01 11:44:55 +02:00
eb962b4c12
Rewrite the part on the Pod Security standards and admission
2022-09-01 11:43:28 +02:00
a4305381fb
Reword the service mesh suggestion
2022-08-31 18:29:59 +02:00
d4fcf2fc7c
Reword the secret injection suggestion
2022-08-31 18:29:43 +02:00
f14a7544e5
Rewrite the admission plugins list
2022-08-31 18:26:49 +02:00
239dc4c2fe
Fix a typo on the word securely
2022-08-31 17:54:20 +02:00
c006a43f97
Replace a wrong unicode space character
2022-08-31 17:51:51 +02:00
Kubernetes Prow Robot
Hiroki Takatsuka
Shubham
Tim Bannister
Shannon Kularathna
zhuzhenghao
Rita Zhang
Mike Waychison
Qiming Teng
Oscar Utbult
Sascha Grunert
Abigail McCarthy
Christopher Negus
Arhell
harshchauhan1988
windsonsea
liufangwai
mtardy