ad7c0712c6
Fix examples test for 1.27
...
- Some examples are actually not good "examples", i.e. they are not
not ready for the users to try out.
- Some examples are failing the validation in their current format.
- Some examples skipped the test case.
These issues are fixed.
2023-04-16 17:26:12 +08:00
4a5436f42e
ClusterTrustBundles: Document service account impersonation
...
(Change message to retrigger tests)
2023-04-14 11:05:15 -07:00
2e403eba90
Merge pull request #40578 from sftim/20230409_cluster_trust_bundles
...
Document ClusterTrustBundles
2023-04-10 16:44:03 -05:00
9252eb08f5
Merge remote-tracking branch 'upstream/main' into dev-1.27
2023-04-10 12:20:33 -07:00
e95deae997
Update CSR page to encompass CSRs and trust bundles
...
Rather than mention trust bundles as a subtopic of certificate signing
requests, reshape the page so that:
- it's clear that CSRs are stable but ClusterTrustBundles are alpha
- the task for issuing a certificate to a user stands separately from
the concepts explained elsewhere in the page
- it's clear that signers are relevant to both CSRs and
ClusterTrustBundles
2023-04-09 18:51:27 +01:00
8377a675cd
ClusterTrustBundles: Add section to certificates page
...
Document the API types as they exist today, plus a hint of the future
integrations that will be available.
Co-Authored-By: Taahir Ahmed <taahm@google.com>
2023-04-09 17:27:18 +01:00
c1f4c5c4a2
Cleanup page rbac
2023-04-07 22:34:42 +08:00
31439e3d56
Merge branch 'upstream/main' into dev-1.27
2023-04-05 14:20:36 -05:00
3a3ae711d5
Cleanup page rbac
2023-04-05 22:36:28 +08:00
b1bd85a421
about apiGroups ( #40315 )
...
* about apiGroups
Look at the source code, apiGroups is an empty set and not all are allowed, you need to use * to be able to, if it is an empty set if the resource does not have apiGroups then it will not be accessible
Refer to:
https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/rbac/v1/evaluation_helpers.go#L85
https://github.com/kubernetes/api/blob/master/rbac/v1/types.go#L29
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
* Update rbac.md
* Update rbac.md
* Update content/en/docs/reference/access-authn-authz/rbac.md
the comma
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
* Update rbac.md
All changed
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
---------
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-04-04 22:01:38 -07:00
0d862b9afe
message expression and type checking.
2023-04-03 09:38:13 -07:00
cf37b594f2
KEP-3488 ValidatingAdmissionPolicy: Enforcement actions, audit annotations, and secondary authz ( #40098 )
...
* Document auditAnnotations, validationActions and authorizer
* Apply suggestions from code review
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Apply suggestions from code review
Co-authored-by: Tim Allclair <timallclair@gmail.com>
* Apply feedback
---------
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2023-04-03 08:55:52 -07:00
27460b23fa
AdmissionWebhookMatchConditions feature documentation ( #40058 )
...
* AdmissionWebhookMatchConditions feature documentation
* #squash ivelichkovich feedback
* #squash sftim feedback
* Correct statement about request.object
* #squash: sftim feedback
* #squash jpbetz feedback
* #squash: denied function removed
* #squash fix match conditions example
* #squash fix expression quoting
* #squash scope authorizatoin check example
* #squash separate RBAC webhook example
* #squash sftim feedback
* #squash add shared client config for example
* Don't use yaml anchors in example
2023-04-03 08:23:51 -07:00
4d58ea4165
Update service-accounts-admin.md
...
Fix internal links in service-accounts-admin docs
2023-04-01 13:23:50 +05:30
2da2c6c277
Merge pull request #40407 from mickeyboxell/merged-main-dev-1.27
...
Merged main dev 1.27
2023-03-31 21:49:49 -07:00
b0978a248e
Fix ServiceAccount admission controller link
...
Fix ServiceAccount admission controller link
2023-03-31 05:55:01 +05:30
b842957cf3
Merge pull request #39794 from nabokihms/ssr-beta
...
KEP-3325: Promote SelfSubjectReview to Beta
2023-03-30 11:39:49 -07:00
a15fa4ae31
Merge remote-tracking branch 'upstream/main' into dev-1.27
2023-03-29 15:54:33 -05:00
669f695ccb
Remove some duplicates in content/en/docs/reference/access-authn-authz/service-accounts-admin.md
...
Signed-off-by: liulijin <253954033@qq.com>
2023-03-23 09:25:21 +08:00
350ce035a5
Fix previous virables in exampes
2023-03-22 20:23:48 +00:00
457c26b997
Adding MatchConditions into ValidatingAdmissionPolicy
2023-03-22 20:23:48 +00:00
bb14c6db8d
Promote SelfSubjectReview to Beta
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2023-03-12 15:09:39 +01:00
58455c59e9
Remove duplicate "the" in admission-controllers.md
...
Signed-off-by: Guangwen Feng <fenggw-fnst@fujitsu.com>
2023-03-03 16:27:25 +08:00
3fc2fa9853
Merge pull request #39142 from tengqm/cleanup-redirects-1
...
Remove redirect entries for docs/admin/... pages
2023-02-22 08:43:57 -08:00
ee4b88ed37
Merge pull request #37733 from sftim/20221105_update_docs_podsecuritypolicy_removal
...
Update documentation for PodSecurityPolicy removal
2023-02-14 12:55:51 -08:00
68b19b6f00
Specify that subresources excluded from mutating webhook example
2023-02-06 22:33:00 +00:00
c809bcc796
Merge pull request #39180 from Zhuzhenghao/certificate-signing-requests
...
Make layout prettier in certificate-signing-requests.md
2023-01-30 22:14:48 -08:00
80561f67b1
Make layout prettier in certificate-signing-requests.md
2023-01-31 13:45:44 +08:00
4164430555
Add spaces in code snippets for consistency
2023-01-30 18:15:06 +08:00
6c701a7d96
Update doc of admission plugin SecurityContextDeny
...
Note the shortcomings of the implementation of this admission plugin
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-01-29 17:27:12 +01:00
9a727efab8
Remove redirect entries for docs/admin/... pages
2023-01-29 19:56:56 +08:00
bb85d62752
Update docs for PodSecurityPolicy removal
2023-01-24 22:24:09 +00:00
4ec6fbac55
Fix errors on `ValidatingAdmissionPolicyBindings` for the CEL for Admission Control blog & doc ( #38893 )
...
* Fix errors on ValidatingAdmissionPolicyBindings for the CEL for Admission Control blog
* Fix namespaceSelector error
* Fix namespaceSelector errors
2023-01-12 08:38:54 -08:00
e97c98b27f
Merge pull request #38428 from AverageMarcus/patch-1
...
Fix typo in SA admission controller steps
2023-01-03 17:19:58 -08:00
37955a816b
Reformat the validating-admission-policy reference page
...
This commit wraps the long lines found in the
validating-admission-policy reference page.
2022-12-31 07:44:49 +08:00
3362aa9701
Add admission.k8s.io/v1 API and fix references to it
...
The `admission.k8s.io/v1` API group is not generated into the v2/v3 OpenAPI
specification as part of Kubernetes API because it is not officially "served".
However, the structs in the API group are used in other APIs that are user-facing.
This PR addes the reference API and fixes references to it.
2022-12-31 07:44:41 +08:00
912c306be4
Fixing Spec -> spec and paramsRef -> paramRef
...
Fixing Spec -> spec and paramsRef -> paramRef
2022-12-23 18:25:22 +05:30
b590431f4e
Updated the wrong format
2022-12-20 01:24:49 +05:30
f1405f274a
Merge pull request #38497 from samos123/fix-38495-validation-admission-policy
...
Fix 38495 incorrect ValidationAdmissionPolicyBindings
2022-12-16 20:51:41 -08:00
f9e113fb86
Merge pull request #38353 from SergeyKanzhelev/RotateKubeletClientCertificateIsGA
...
fix documentation for RotateKubeletClientCertificate
2022-12-16 07:18:17 -08:00
088649ec4f
Fix incorrect ValidationAdmissionPolicyBindings
2022-12-15 10:00:55 -08:00
2b5dab08f1
Fix typo in SA admission controller steps
2022-12-12 15:11:43 +00:00
ab4812140f
fix documentation for RotateKubeletClientCertificate
2022-12-09 18:24:04 +00:00
8f9446f87d
Merge branch 'main' into dev-1.26
2022-12-03 21:36:34 +00:00
50246c291b
Merge pull request #37770 from cici37/celDoc
...
Documentation for CEL in Admission Control
2022-12-01 16:33:53 -08:00
98d41f24ef
Address comments
2022-11-30 16:47:27 +00:00
4dc90ef731
Add doc for ValidatingAdmissionPolicy
2022-11-30 06:35:18 +00:00
cec61c1754
Merge pull request #38052 from krol3/merged-main-dev-1.26
...
Merge main branch into dev-1.26
2022-11-29 11:59:09 -08:00
9b4b8831ca
Merge pull request #38010 from Shubham82/Add_shell
...
Append triple backticks with shell for code snippet
2022-11-28 19:37:22 -08:00
f306471950
Merge pull request #35385 from nabokihms/patch-2
...
Add doc about how to get self subject attributes
2022-11-28 00:58:07 -08:00
Qiming Teng
Taahir Ahmed
Mickey Boxell
Tim Bannister
朱正浩,Zhu Zhenghao
zmquan
Jiahui Feng
Joe Betz
Tim Allclair
samitks
Kubernetes Prow Robot
liulijin
Cici Huang
m.nabokikh
Guangwen Feng
Richard Tweed
windsonsea
mtardy
Mathieu Benoit
Saloni1814
Yash Pimple
Sam Stoelinga
Marcus Noble
Sergey Kanzhelev