kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
26,261 Commits 69 Branches 73 Tags 884 MiB
Commit Graph

336 Commits

Author SHA1 Message Date
Jordan Liggitt 4b7784728a PodSecurity beta updates 2021-11-10 10:30:51 -05:00
Shubham Kuchhal 8fbccfcd8f Improvement: Correct the "empty" link in Dynamic Admission Control. 2021-10-26 13:51:38 +05:30
Chiranga Alwis dc326f0389 Add example for querying SA permissions 
Add example for querying SA permissions

Add missing example for querying the API authorization layer for checking the permissions of a Service Account

Add missing SA identifying prefix

Improve suggested text to align with current content

Co-authored-by: Sam Roth <2413031+sejr@users.noreply.github.com>

Improve suggested text to align with current content

Co-authored-by: Sam Roth <2413031+sejr@users.noreply.github.com>
 2021-10-11 18:14:39 +05:30
Shubham Kuchhal 1262222578 Change master to v1.22.0 2021-10-04 15:52:46 +05:30
Shubham Kuchhal d4a08df1b9 Improvement: Correct the "code" link in Dynamic Admission Control. 2021-10-04 12:40:03 +05:30
Richard Tweed 780dae2785
Clarified scenarios that could lead to privilege escalation (#29378) 
* Clarified scenarios that could lead to privilege escalation

Made it clearer that it's not just creating pods which enables the privilege escalation. It's all workloads, all reconfiguration of workloads, and conceptually the creation and reconfiguration of custom resources which create workloads.

* Allowing link to priv escalation heading if required

* Update content/en/docs/reference/access-authn-authz/authorization.md

Co-authored-by: Tim Bannister <tim@scalefactory.com>

* Adding further clarifications

* Retitled escalation section

* Apply suggestions from vjftw

Co-authored-by: VJ Patel <VJftw@users.noreply.github.com>

* Clarified CRDs and reduced duplication

* Updating caution based on Geoffrey's comments

* Updating controller comment and linking out to reference docs

Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: VJ Patel <VJftw@users.noreply.github.com>
 2021-09-24 16:02:21 -07:00
Sergiusz Urbaniak 0ad09c36d6
fix expiration of bound SA tokens 
Signed-off-by: Sergiusz Urbaniak <sergiusz.urbaniak@gmail.com>
 2021-09-21 08:21:46 +02:00
Abirdcfly 19807f866c
Update content/en/docs/reference/access-authn-authz/rbac.md 
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
 2021-08-23 21:45:10 +08:00
Abirdcfly 162da6561b Update rbac.md: Describe in detail how to specify resourceNames when using list/watch verbs 2021-08-19 23:39:48 +08:00
Kubernetes Prow Robot 87235b508d
Merge pull request #29311 from mengjiao-liu/update-githubbranch-param 
Hard-code the name of the target repo's default branch instead of using the githubbranch parameter value
 2021-08-16 06:03:18 -07:00
Mengjiao Liu f945335af6 Hard-code the name of the target repo's default branch instead of using the githubbranch parameter value 2021-08-10 18:03:21 +08:00
Kubernetes Prow Robot a80328f582
Merge pull request #29295 from mfilocha/fix/rbac-links 
Fix links in RBAC default bindings table
 2021-08-09 20:37:17 -07:00
Shubham Kuchhal bdb4cc4603 Fix the broken link for "webhook.go" 2021-08-09 16:17:06 +05:30
Maciej Filocha 647e9d6ca8 Fix links in RBAC default bindings table 
An extra line needs to be added to allow
the link to be rendered properly.
Also reformatting link line to be better readable.
 2021-08-09 12:09:29 +02:00
Kubernetes Prow Robot acc7252970
Merge pull request #29025 from robscott/endpoints-rbac 
Adding documentation about Endpoints write access in wake of CVE-2021-25740
 2021-07-26 23:20:45 -07:00
Kubernetes Prow Robot 5a813f1267
Merge pull request #28430 from margocrawf/master 
Add Impersonate-Uid description to Authentication docs page.
 2021-07-26 12:02:33 -07:00
Rob Scott d710925768
Adding documentation about Endpoints write access in wake of CVE-2021-25740 2021-07-26 11:32:06 -07:00
Kubernetes Prow Robot 9234f9454b
Merge pull request #28070 from enj/enj/f/duration_hint 
Update CSR docs with expirationSeconds field details
 2021-07-22 18:29:16 -07:00
Kubernetes Prow Robot f92e3ec2ba
Merge pull request #28903 from sejr/feat/podsecurity 
Add Pod Security Standards documentation
 2021-07-22 01:57:52 -07:00
Monis Khan f2b27507bd
Update CSR docs with expirationSeconds field details 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-21 16:59:02 -04:00
Monis Khan 9329467e6e
Complete details regarding CSR garbage collection 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-21 16:04:24 -04:00
Samuel Roth e0d4b53b1c incorporating initial round of feedback 2021-07-21 15:33:46 +00:00
Kubernetes Prow Robot 83f6cb6ed4
Merge pull request #28429 from ankeesler/exec-credential-v1 
exec credential provider: v1 documentation
 2021-07-21 06:54:07 -07:00
Andrew Keesler a30e63dcd6
exec credential provider: v1 documentation 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-07-13 10:47:14 -04:00
Margo Crawford d77368133a Add Impersonate-Uid description to Authentication docs page. 
This change goes with https://github.com/kubernetes/kubernetes/pull/99961
in the Kubernetes repo.
 2021-07-12 13:17:42 -07:00
Christopher Negus 548ba073da Merge main into dev-1.22 to keep in sync 2021-07-09 18:19:13 +00:00
AStraw dd443f0238
Fix pending CSR deleted time is 24 hours 
From the code, the `pendingExpiration  = 24 * time.Hour`, so the pending CSR deleted time is 24 hours.
 2021-07-09 16:49:54 +08:00
Edward Huang 0c5a2e06da Fixed up typo in extensible-admission-controllers.md 2021-07-05 11:41:11 +12:00
Kubernetes Prow Robot 369169dbb3
Merge pull request #28570 from zshihang/main 
update doc for BoundServiceAccountTokenVolume ga
 2021-06-24 01:17:41 -07:00
Shihang Zhang 3a9b198beb update doc for BoundServiceAccountTokenVolume ga 2021-06-23 09:47:49 -07:00
Kubernetes Prow Robot 5cfba9ebb2
Merge pull request #27114 from mengjiao-liu/update-signerName-desc 
update certificate-signing-requests Signer description
 2021-06-22 14:40:11 -07:00
chenxuc f0f957ff21 update state for PodSecurityPolicy 2021-06-20 16:17:40 +08:00
Shubham Kuchhal 5cf02fde98 Add Spaces. 2021-06-08 11:08:11 +05:30
Shubham Kuchhal baf379436b Improvement: Managing Service Accounts 2021-06-07 17:33:58 +05:30
Jai Govindani a6ab6dca21
docs(admission-controllers): update release status of TaintNodesByCondition 
Signed-off-by: Jai Govindani <jai@honestbank.com>
 2021-04-30 13:21:19 +07:00
Smuu 1f28ec0961
Fix syntax errors (#27735) 
* Fix syntax errors

- fix wrong placed line breaks
- fix command mode start and end

* remove word 'simple'
 2021-04-28 17:06:50 -07:00
Michael Gugino 27b2611cbc
Update webhook server example code link 
Fix 404 error and point to the latest released code.
 2021-04-23 12:19:23 -04:00
Shihang Zhang 87dd022604
Apply suggestions from code review 
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
 2021-04-21 08:14:28 -07:00
Shihang Zhang 8a3d7acf03 update doc for BoundServiceAccountTokenVolume 2021-04-20 11:47:58 -07:00
Kubernetes Prow Robot d1e6a6fd24
Merge pull request #26605 from tengqm/admission-config-ref 
Add WebhookAdmission reference
 2021-04-14 01:30:42 -07:00
Qiming Teng 108149fa2f Add WebhookAdmission reference 
This is a reference for WebhookAdmission config generated from kubernetes-sigs/reference-docs/genref tool.
More specifically, it is generated using the following command:

```shell
./genref -include apiserver-webhookadmission
```
 2021-04-07 09:13:47 +08:00
Tim Bannister 965aa51daf Merge master into dev-1.21 to keep in sync, plus latest API reference 
This sync merge includes API reference updates.
 2021-04-06 21:38:24 +01:00
Qiming Teng b28250b68f Add reference for client-authentication v1beta1 
This is a reference for client authentication API generated from kubernetes-sigs/reference-docs/genref tool.
More specifically, it is generated using the following command:

```shell
./genref -include client-authentication
```
 2021-04-02 09:48:59 +08:00
Victor Palade ca046d9b1f Merge master into dev-1.21 to keep in sync 2021-03-26 21:29:52 +01:00
Kubernetes Prow Robot 55205a5c1f
Merge pull request #27225 from reylejano/update-denyexeconprivileged-removal 
Update DenyExecOnPrivileged and DenyEscalatingExec deprecation notice
 2021-03-26 06:40:43 -07:00
Kubernetes Prow Robot ec4840824d
Merge pull request #26472 from kbhawkey/cleanup-usage-just 
clean up use of word: just
 2021-03-26 04:34:43 -07:00
Kubernetes Prow Robot 59d1b368c1
Merge pull request #26018 from CharlyRipp/patch-1 
Update misleading webhook authentication documentation
 2021-03-26 04:22:44 -07:00
Kubernetes Prow Robot 16fcbcba69
Merge pull request #25735 from mpatters72/patch-2 
Include missing cert export step
 2021-03-26 03:30:45 -07:00
Shihang Zhang 7a461e5f13 update doc for BoundServiceAccountTokenVolume and RootCAConfigMap 2021-03-25 22:57:44 -07:00
Rey Lejano a6f829f29a update denyexeconprivileged removal to release 1.21 
update denyexeconprivileged removal to release 1.21

update denyexeconprivileged removal to release 1.21
 2021-03-25 18:02:29 -07:00