kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,798 Commits 69 Branches 73 Tags 934 MiB
Commit Graph

243 Commits

Author SHA1 Message Date
Kristin Martin 86d9492ccb Merge remote-tracking branch 'upstream/master' into merged-master-dev-1.20 2020-12-03 11:58:44 -08:00
TAKAHASHI Shuuji 2bc7fbad27
Fix the text in the authorization diagram 2020-11-26 19:09:42 +09:00
Kubernetes Prow Robot cb802d23b1
Merge pull request #25147 from timhughes/patch-1 
Updates links to Dex
 2020-11-25 21:46:19 -08:00
reylejano-rxm d8ae37587e Merge remote-tracking branch 'upstream/master' into dev-1.20 to keep in sync - 11-25-2020 2020-11-25 07:03:22 -08:00
Tim Hughes f5132af21e Updates links to Dex 2020-11-25 13:48:56 +00:00
TAKAHASHI Shuuji b5c0e5ea14 Replace the diagram on authentication page with the one by mermaid. 2020-11-23 14:12:21 +09:00
mkontani c2a33c3403 fix dex/kubernetes link 2020-11-19 18:09:22 +00:00
Kubernetes Prow Robot 20546141c0
Merge pull request #24698 from SergeyKanzhelev/runtimeGA 
RuntimeClass GA
 2020-11-12 03:10:50 -08:00
Irvi Aini bb33373bb3
Merge branch 'master' into dev-1.20 2020-11-11 14:55:30 +01:00
Kubernetes Prow Robot 6d90079245
Merge pull request #23842 from tengqm/improve-sa-admin 
Improve ServiceAccount administration doc
 2020-11-10 18:25:48 -08:00
Shihang Zhang 0b4952dd88 separate RootCAConfigMap from BoundServiceAccountToken and Beta 2020-11-10 15:18:29 -08:00
Kubernetes Prow Robot 358bc69dde
Merge pull request #24878 from ebriand/patch-5 
Update default admission plugins for 1.19
 2020-11-08 12:07:37 -08:00
Eric Briand cee9e620ca
Use different wording to not quote current version 2020-11-05 17:21:08 +01:00
Kubernetes Prow Robot b436a816e9
Merge pull request #24889 from reylejano-rxm/merged-master-dev-1.20 
Merge master into dev-1.20 to keep in sync - 11-4-20
 2020-11-04 12:46:53 -08:00
Kubernetes Prow Robot 44fd64ef5c
Merge pull request #24639 from ankeesler/exec-cred-prov-cluster-info 
exec credential provider: cluster info details
 2020-11-04 11:20:52 -08:00
reylejano-rxm 48266bd653 Merge remote-tracking branch 'upstream/master' into dev-1.20 2020-11-04 10:32:10 -08:00
Eric Briand c869ef67a8
Update default admission plugins for 1.19 2020-11-04 09:56:20 +01:00
Tim Hockin 300c2e8545 Better docs for standard topology labels 
As per KEP 1659, topology labels are now more formalized.  Move away
from the older `failure-domain.beta` names ands use `topology` names
instead.
 2020-11-03 11:27:58 -08:00
Andrew Keesler c855d5d68c
exec credential provider: make arbitrary JSON more explicit 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-03 12:19:16 -05:00
Sergey Kanzhelev 63283f5c31
Update content/en/docs/reference/access-authn-authz/admission-controllers.md 2020-10-29 17:22:26 -07:00
Sergey Kanzhelev 6d51948652
Update content/en/docs/reference/access-authn-authz/admission-controllers.md 
Co-authored-by: Tim Bannister <tim@scalefactory.com>
 2020-10-29 17:19:11 -07:00
Sergey Kanzhelev 72a66b6969 RuntimeClass GA 2020-10-23 20:57:54 +00:00
eagleusb 45ec60bed5
Merge master into dev-1.20 to keep in sync 2020-10-22 17:44:02 +02:00
Qiming Teng 00fd1a68f2 Fix links in reference section 2020-10-22 15:19:30 +08:00
Qiming Teng 2ff3d1f7d3 Improve ServiceAccount administration doc 
This PR fixes some nits in the doc and slightly revised the content to
conform to content guidelines.
 2020-10-21 10:47:08 +08:00
Tim Bannister 78351ecaf5 Transfer “Controlling Access to the Kubernetes API” to the Concepts section 
Readers from several different backgrounds will find it useful to know
about how Kubernetes controls access to its API. Promote this overview
to the Security subsection of Concepts.
 2020-10-20 23:41:56 +01:00
Tim Bannister 3edb970570 Move API overview to be a Docsy section overview 2020-10-20 23:41:54 +01:00
Kubernetes Prow Robot ac8ce96c08
Merge pull request #24653 from jpetazzo/clarify-csr-cluster-signing-duration 
Clarify expiration of certificates signed by kube-controller-manager
 2020-10-20 14:28:19 -07:00
Kubernetes Prow Robot 7cfdee6b87
Merge pull request #22715 from logicalhan/monitoring 
add documentation for system:monitoring rbac policy
 2020-10-20 14:22:21 -07:00
Jerome Petazzoni 1932647552 Clarify expiration/lifetime of certificates signed by kube-controller-manager 
The current wording of the documentation suggests that the duration/expiration
of the certificates can be changed by asking a specific time in the CSR. While
it's technically possible to specify a duration (e.g. as a custom annotation),
there is no agreed-upon method to do so, and the built-in signer uses a fixed
expiration time anyway.

This clarifies the situation.

See kubernetes/kubernetes#92678 for discussion.

Signed-off-by: Jerome Petazzoni <jerome.petazzoni@gmail.com>
 2020-10-20 22:37:25 +02:00
Kubernetes Prow Robot df5f80f69b
Merge pull request #24604 from mdgrotheer/patch-1 
Update authentication.md
 2020-10-20 11:48:19 -07:00
Qiming Teng 92a09b23fa Style tweaking for CSR reference page 2020-10-20 09:08:54 +08:00
Andrew Keesler 6fc4e102b8
exec credential provider: cluster info details 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-19 10:44:37 -04:00
Matthew Grotheer 519f8ec5bc
Update authentication.md 
Small grammatical corrections
 2020-10-16 09:20:23 -07:00
luzg 5dab375fd3 Translate reference/certificate-signing-requests.md into Chinese and fix a bug in origin file, 24065 
make change according to Tengqm's comment
 2020-10-16 22:27:15 +08:00
Chen, Xu Chun (Simon) 4688a3679c
Update API group url 
The "core API group" url points to a wrong page that does not explain anything about "core API group". Update the url to point to the correct page.
 2020-10-09 15:21:58 +08:00
Han Kang f37f473210 add documentation for system:monitoring rbac policy 2020-10-08 15:50:49 -07:00
Kubernetes Prow Robot 0703805305
Merge pull request #24349 from liggitt/tokenreview 
Clarify tokenreview API
 2020-10-07 16:00:15 -07:00
Jordan Liggitt 5ff7c64134 Clarify tokenreview API 2020-10-07 10:21:30 -04:00
makocchi-git 23a13ec9d8
fix indent 2020-10-07 16:54:11 +09:00
Kumar Gaurav 2551034ebd
fix api version in certificate signing request doc 2020-10-06 22:42:32 +11:00
Kubernetes Prow Robot 9e01fb5560
Merge pull request #24037 from RULCSoft/fix-typos 
Fix typos
 2020-10-02 07:25:20 -07:00
santadasu 2a25de3a78
Update certificate-signing-requests.md 
Reworded the sentence for easy comprehension.
 2020-09-30 15:47:08 -07:00
Alain De Carolis 65e706e346
add signerName to CertificateSigningRequest 
signerName is now mandatory. The provided example fails in 1.19.2 with: `kubernetes missing required field "signerName"`
 2020-09-25 18:01:21 -04:00
Jorge Vallecillo 1213635880 Fix typos 2020-09-21 15:36:01 -06:00
Kubernetes Prow Robot 51d910e1eb
Merge pull request #24004 from negz/patch-1 
Clarify that bind verb does not require resourceNames
 2020-09-20 08:22:30 -07:00
Nic Cope 2f9b5e122e
Move bind verb resourceNames hint inline of example 2020-09-19 16:34:06 -07:00
Nic Cope f6496b0de5
Clarify that bind verb does not require resourceNames 
This may be intuitive for most, but the existing phrasing read to me as
if `bind` were a special-case verb that _required_ me to explicitly state
which Roles or ClusterRoles it should apply to.

> You can only create/update a role binding if you […] or if you have
> been authorized to perform the bind verb on the referenced role.

> Grant them permissions needed to bind a particular role […]
> explicitly, by giving them permission to perform the bind verb on the
> particular Role (or ClusterRole).
 2020-09-19 03:30:30 -07:00
Ramkumar Gowrishankar 147668a7d2 Add reference to default-not-ready-toleration-seconds and default-unreachable-toleration-seconds k8s-apiserver input parameters in the subsection describing the DefaultTolerationSeconds admission controller 2020-09-18 11:38:18 -04:00
povsister ba9bb9d916 Fix non-existing taint example 2020-09-17 17:41:20 +08:00