cb5a8930dc
Fix broken anchor
2023-02-14 09:16:57 +00:00
9eb2767333
Add a missing anchor pound sign
2023-02-13 12:49:20 -05:00
b1f18bfa9b
Merge pull request #38289 from shannonxtreme/service-account
...
Add a new concept page for service accounts
2023-02-13 09:37:29 -08:00
7cb6d1eb35
Add a new concept page for service accounts
...
Also add a glossary definition for JWTs
Co-authored-by: Tim Bannister <tim+github@scalefactory.com>
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: stlaz <https://github.com/stlaz >
2023-02-13 17:29:12 +00:00
42e746a379
Clean up api-server-bypass-risks.md
2023-02-06 09:55:04 +08:00
fe12a4054b
Update PSS - HostPorts should be disallowed
...
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2023-01-30 13:12:45 -08:00
bb85d62752
Update docs for PodSecurityPolicy removal
2023-01-24 22:24:09 +00:00
d0779881e6
Further updates to clarify language
2023-01-19 15:32:18 -05:00
5c9af80d8c
Update content/en/docs/concepts/security/rbac-good-practices.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-01-19 15:16:19 -05:00
cc56241ccd
Update content/en/docs/concepts/security/rbac-good-practices.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-01-19 15:13:47 -05:00
d11408b9d9
Update RBAC Good Practices for PersistentVolumes
...
The docs previously referred to the reader to the now defunct PodSecurityPolicy
page to explain how PersistentVolumes can be a path of privilege escalation,
burrying the lede.
Now that PodSecurityPolicy is gone, update this bit to actually explain that it
it is unfettered access to creating hostPath-typed PersistentVolumes that are
a problem. Some words lifted from the 1.24 PodSecurityPolicy docs.
Signed-off-by: Mike Waychison <mike@waychison.com>
2023-01-19 13:45:50 -05:00
a437285212
Fix nits in markdown links
...
This PR fixes a few "bad links" identified by the `scripts/linkchecker.py` script.
2022-12-22 08:45:10 +08:00
61b13a19d0
[en] fix quotation mark in multi-tenancy page
2022-12-12 09:55:49 +01:00
f8a2d2319a
Add documentation about signed Kubernetes artifacts
...
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2022-11-28 12:05:11 +01:00
aaaa6303f4
Merge pull request #37731 from sftim/20221105_tweak_psp_removal_page
...
Tweak page about PodSecurityPolicy removal
2022-11-08 11:14:19 -08:00
4e006c898d
Tweak page about PSP removal
...
- Remove reviewers (feature was removed)
- Use semi-custom Docsy callout to note the removal
- Stop stating that the API is deprecated; it's now actually removed.
2022-11-05 18:22:27 +00:00
3174fdf2d4
Adjust page weights for /docs/concepts section
...
Changes the page weights of the index files for folders in the /docs/concepts folder. There were some overlapping weights and weights that were close together.
2022-11-04 10:13:53 -04:00
0f9b65b429
Add page weights to concepts -> security pages
2022-10-24 19:02:52 +00:00
05a17c16fc
[en] fix typo secrets-good-practices.md
2022-10-05 01:31:49 +03:00
91ecbb977c
Merge pull request #36805 from harshchauhan1988/patch-2
...
Adding recommendation for network isolation
2022-09-30 06:54:28 -07:00
d8132bcd35
Improve the RBAC policies section
...
- Change the heading to be more goal-oriented and add an anchor
- Separate list items into 'component' and 'human' users
- Add info about get access and third-party authorization mechanisms for finer control
- Add caution for granting list access
2022-09-22 16:07:06 +00:00
6ca919d4bd
Add caution callout for base64 encoding
2022-09-22 16:07:06 +00:00
89b9c18121
Split developer content into headings and remove redundant points
...
Add short description to cluster admin and dev section
2022-09-22 16:07:06 +00:00
8eb3ae60f3
Move developer content below cluster admins
...
Additionally, fixed a couple of markdown links to not line wrap
2022-09-22 16:07:06 +00:00
502eac3635
Clean up etcd wording
2022-09-22 16:07:06 +00:00
4887467aa4
Add sections for cluster admins
...
- Add section for encryption at rest
- Add section for RBAC
- Clean up RBAC bullets
- Move etcd bullets to own section on etcd management
- Add section for third party secret stores
2022-09-22 16:07:06 +00:00
1c625d0659
Update glossary and move existing info to new page
...
- Update glossary term for secrets
- Improve clarity of privileged container warning note
- Create a new page for Secrets good practices and bring existing content as-is to the page
- Add weights to pages
- Add link for good practices for secrets and remove moved content
2022-09-22 16:07:05 +00:00
de922ae019
Merge pull request #36562 from windsonsea/secovy
...
Fix typo and consistency: /security/overview.md
2022-09-18 11:12:29 -07:00
8ab4ebb376
Adding recommendation for network isolation
2022-09-14 15:00:14 +05:30
5ada01a5ce
Merge pull request #36343 from tallclair/workload-creation
...
Update RBAC best practices for workload creation
2022-09-07 09:18:37 -07:00
0df6c75da0
Reformat multi-tenancy page
...
When translating/synchronizing changes to the multi-tenancy page, we
found that the long lines are difficult for change tracking. This PR
changes nothing other than manually wrapping the long lines.
2022-09-06 13:12:14 +08:00
922aed0bf8
Fix typo and consistency: /security/overview.md
2022-09-03 22:43:12 +08:00
7e23b9e97d
Update overview.md
...
Add huawei cloud trust center link
2022-09-03 17:45:26 +08:00
32e47b31bb
Fix a few mini typos in the API bypass security page
2022-09-02 19:41:24 +02:00
09707c0aef
Merge pull request #35908 from raesene/main
...
New Docs page for API Server Bypass Risks
2022-09-02 09:14:06 -07:00
a5e96bfbc5
Merge pull request #33992 from mtardy/security-checklist
...
Add a security checklist for clusters
2022-09-01 13:13:19 -07:00
9f5a35978f
RBAC guide is presented as a checklist item
2022-09-01 11:44:55 +02:00
eb962b4c12
Rewrite the part on the Pod Security standards and admission
2022-09-01 11:43:28 +02:00
a4305381fb
Reword the service mesh suggestion
2022-08-31 18:29:59 +02:00
d4fcf2fc7c
Reword the secret injection suggestion
2022-08-31 18:29:43 +02:00
f14a7544e5
Rewrite the admission plugins list
2022-08-31 18:26:49 +02:00
239dc4c2fe
Fix a typo on the word securely
2022-08-31 17:54:20 +02:00
c006a43f97
Replace a wrong unicode space character
2022-08-31 17:51:51 +02:00
63ae0a9521
Split checklist item and explanation
2022-08-31 17:38:42 +02:00
d40e9cfa89
Remove an empty line
2022-08-31 17:37:01 +02:00
2f8388e830
Add precision about pod security with pod security standards
...
Co-authored-by: Rey Lejano <rlejano@gmail.com>
2022-08-31 17:35:03 +02:00
0e81bfd8ef
Detail and add info on the CPU and memory limit item
2022-08-31 17:32:00 +02:00
7139aba954
Add some guidelines on how to read the doc
2022-08-31 17:17:56 +02:00
949e499db3
Rewrite the checklist item on minimal container images
2022-08-31 16:55:31 +02:00
5167ab5c88
Use correct name for PodSecurityPolicy admission controller
2022-08-31 16:55:05 +02:00
777d396905
Remove warning on PodSecurityPolicy removal in 1.25
2022-08-31 16:54:30 +02:00
19894182dc
Explain namespace subdividing better
2022-08-29 15:14:28 -07:00
6162bcde28
Update RBAC best practices for workload creation
2022-08-26 16:46:27 -07:00
49bc9b34eb
New docs page for API Server Bypass Risks
...
New Docs page for API Server Bypass Risks
This is a new documentation page for the Security Concepts section, looking at the risks of attackers bypassing the Kubernetes API server.
We've been working on this in Kubernetes SIG-Security docs (issue [here](https://github.com/kubernetes/sig-security/issues/42 ))
Co-Authored-By: Shannon Kularathna <ax3shannonkularathna@gmail.com>
Co-Authored-By: Qiming Teng <tengqm@outlook.com>
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
Co-Authored-By: Jordan Liggitt <jordan@liggitt.net>
2022-08-25 17:25:58 +01:00
56e78c2011
Merge pull request #34920 from mk46/en_crlftolf
...
Convert CRLF to LF
2022-08-24 14:15:50 -07:00
28b1854383
Merge pull request #36198 from davidmlentz/patch-2
...
Fix typo
2022-08-23 21:57:48 -07:00
603f810903
Fix typo
...
There are redundant instances of "future" in this sentence.
2022-08-23 14:43:41 -06:00
c4a36a8067
Merge pull request #36165 from cathchu/merged-main-dev-1.25
...
Merged main branch into dev-1.25
2022-08-22 15:12:09 -07:00
e5ea8833be
Merge remote-tracking branch 'upstream/main' into dev-1.25
2022-08-22 08:35:18 -04:00
a3064b1a36
[en] typo fix "privilge -> privilege"
2022-08-19 16:37:47 +03:00
a1f6615206
Update pod security standards to use PodOS field
2022-08-18 15:47:41 -04:00
b167938367
Scrub PSP docs for 1.25
2022-08-15 21:09:41 -04:00
1476ac9203
Merge pull request #35618 from tallclair/psa-stable-1.25
...
Update Pod Security Admission docs for graduation to stable
2022-08-14 12:34:13 -07:00
b3a7965e3e
Add the security checklist guide
...
From the collaborative document with Savitha, Skybound and p4ck3t0,
after many edits thanks to the collaborators on the PR.
Co-authored-by: rschosser <88308339+rschosser@users.noreply.github.com>
Co-authored-by: Cailyn <cailyn.s.e@gmail.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Rey Lejano <rlejano@gmail.com>
Co-authored-by: Benjamin Koltermann <48812495+p4ck3t0@users.noreply.github.com>
Co-authored-by: Skybound1 <github@skybound.link>
Co-authored-by: divya-mohan0209 <divya.mohan0209@gmail.com>
2022-08-12 11:22:14 +02:00
29d9fa5a5f
Remove prerequisites
2022-08-05 14:39:39 -07:00
a96eb1118f
Convert CRLF to LF
2022-08-04 11:05:16 +05:30
ce898c50be
Update Pod Security Admission docs for graduation to stable
2022-08-01 16:57:21 -07:00
4e5cc42fc9
fix typo -> remove extra word "in"
2022-08-01 22:59:46 +03:00
30eb2cc0cf
Update content/en/docs/concepts/security/rbac-good-practices.md
...
Co-authored-by: divya-mohan0209 <divya.mohan0209@gmail.com>
2022-07-27 14:12:15 +02:00
7deb7e78cd
Merge branch 'main' into patch-1
2022-07-27 14:00:51 +02:00
54d2e71509
Merge pull request #34675 from mtardy/psp-annotation
...
Document the deprecated kubernetes.io/psp annotation
2022-07-25 02:26:35 -07:00
e39409e0ee
Merge pull request #34098 from Nirusu/patch-1
...
Remove section about the localhost port
2022-07-11 01:23:49 -07:00
94c832e49f
Merge pull request #34380 from tengqm/fix-links-3
...
Batch fix links (3)
2022-07-10 18:27:48 -07:00
959cb92224
Integrate flags into "Transport security" section
2022-07-09 04:55:43 -07:00
d705d9ed1c
Batch fix links (3)
2022-07-09 09:14:06 +08:00
ade7ed2e36
Fix minor typo
2022-07-06 19:57:58 +05:30
34721abcac
Use relative links for k8s.io
2022-06-30 12:08:14 +08:00
1d55061a5a
Remove the part about defining a PSP in a file
2022-06-29 09:37:23 +02:00
8a4e62fb76
Separate commands from their outputs
2022-06-29 09:36:11 +02:00
3b8a2a01fa
Clarify the reference to the psp annotation in the concept page
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2022-06-29 09:26:06 +02:00
9ffd24b78d
Use absolute URL in the tuto for the example PSP
2022-06-28 21:20:08 +02:00
453f4e61f6
Reference the kubernetes.io/psp annotation on the PodSecurityPolicy concept page
2022-06-28 21:17:10 +02:00
5c19702944
Merge pull request #33934 from JimBugwadia/multi-tenancy
...
multi-tenancy section for docs
2022-06-23 14:31:20 -07:00
d71951bdf9
squash review updates
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-06-23 13:50:56 -07:00
d2b92602b3
Fix minor missing spaces typos in Pod Security Admission doc
2022-06-23 12:19:46 +02:00
9ae05ea5b3
Improvement: Clarifiy the release which include Pod Security admission by default. ( #34300 )
...
* Improvement: Clarifiy the release which include Pod Security admission by default.
* Modify: wrapped the long lines.
2022-06-22 08:35:43 -07:00
e7caadc564
Replace skew shortcode parameters
2022-06-17 16:17:01 +09:00
c61be7d79c
Update pod-security-standards-hostprocess-state ( #34264 )
...
* Update pod-security-standards-hostprocess-state
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
* using hugo short-code
2022-06-16 11:08:48 -07:00
3eb9334ee2
suggested changes
2022-06-15 14:04:18 +02:00
1b90f44da6
Fixed typos
...
Fixed some typos and improved grammar.
2022-06-10 12:40:02 +02:00
c5d8916092
Remove section about the removed localhost port
2022-06-01 16:27:15 +02:00
f15cfaeb39
Merge pull request #33974 from JimBugwadia/pss
...
move other policy engines
2022-06-01 04:19:02 -07:00
f2dc19a07a
Merge pull request #34061 from howieyuen/windows-security
...
fix broken link in Security For Windows Nodes
2022-05-31 20:35:04 -07:00
58f572e4af
fix broken link in Security For Windows Nodes
2022-06-01 11:01:49 +08:00
89a8ad3951
Fix a typo in rbac-good-practices.md
...
Signed-off-by: Guangwen Feng <fenggw-fnst@fujitsu.com>
2022-05-31 13:37:41 +08:00
fb97ad2140
Update content/en/docs/concepts/security/pod-security-standards.md
...
Co-authored-by: Rey Lejano <rlejano@gmail.com>
2022-05-30 07:49:41 -07:00
fd9e0acacb
Merge pull request #33833 from liggitt/pss-privileged
...
Clarify privileged Pod Security Standard description
2022-05-29 23:02:52 -07:00
2517ad6c77
small modification
2022-05-29 16:06:25 +05:30
d686637140
Removed Authorizing Policies.
2022-05-27 11:02:15 +05:30
495642c688
Update content/en/docs/concepts/security/pod-security-standards.md
...
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2022-05-26 17:43:29 -07:00
Tim Bannister
Shannon Kularathna
Kubernetes Prow Robot
zhuzhenghao
Rita Zhang
Mike Waychison
Qiming Teng
Oscar Utbult
Sascha Grunert
Abigail McCarthy
Christopher Negus
Arhell
harshchauhan1988
windsonsea
liufangwai
mtardy
Tim Allclair
Rory McCune
David M. Lentz
cathchu
Stanislav Kardashov
ravisantoshgudimetla
Jordan Liggitt
Manish Kumar
Paszymaja
Nils Hanke
Abhishek Patra
Sean Wei
Jim Bugwadia
Shubham
Jihoon Seo
Mark Rossetti
SzymonPrzepiora
Nils Hanke
howieyuen
Guangwen Feng
harshitasao