777d396905
Remove warning on PodSecurityPolicy removal in 1.25
2022-08-31 16:54:30 +02:00
19894182dc
Explain namespace subdividing better
2022-08-29 15:14:28 -07:00
6162bcde28
Update RBAC best practices for workload creation
2022-08-26 16:46:27 -07:00
49bc9b34eb
New docs page for API Server Bypass Risks
...
New Docs page for API Server Bypass Risks
This is a new documentation page for the Security Concepts section, looking at the risks of attackers bypassing the Kubernetes API server.
We've been working on this in Kubernetes SIG-Security docs (issue [here](https://github.com/kubernetes/sig-security/issues/42 ))
Co-Authored-By: Shannon Kularathna <ax3shannonkularathna@gmail.com>
Co-Authored-By: Qiming Teng <tengqm@outlook.com>
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
Co-Authored-By: Jordan Liggitt <jordan@liggitt.net>
2022-08-25 17:25:58 +01:00
56e78c2011
Merge pull request #34920 from mk46/en_crlftolf
...
Convert CRLF to LF
2022-08-24 14:15:50 -07:00
28b1854383
Merge pull request #36198 from davidmlentz/patch-2
...
Fix typo
2022-08-23 21:57:48 -07:00
603f810903
Fix typo
...
There are redundant instances of "future" in this sentence.
2022-08-23 14:43:41 -06:00
c4a36a8067
Merge pull request #36165 from cathchu/merged-main-dev-1.25
...
Merged main branch into dev-1.25
2022-08-22 15:12:09 -07:00
e5ea8833be
Merge remote-tracking branch 'upstream/main' into dev-1.25
2022-08-22 08:35:18 -04:00
a3064b1a36
[en] typo fix "privilge -> privilege"
2022-08-19 16:37:47 +03:00
a1f6615206
Update pod security standards to use PodOS field
2022-08-18 15:47:41 -04:00
b167938367
Scrub PSP docs for 1.25
2022-08-15 21:09:41 -04:00
1476ac9203
Merge pull request #35618 from tallclair/psa-stable-1.25
...
Update Pod Security Admission docs for graduation to stable
2022-08-14 12:34:13 -07:00
b3a7965e3e
Add the security checklist guide
...
From the collaborative document with Savitha, Skybound and p4ck3t0,
after many edits thanks to the collaborators on the PR.
Co-authored-by: rschosser <88308339+rschosser@users.noreply.github.com>
Co-authored-by: Cailyn <cailyn.s.e@gmail.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Rey Lejano <rlejano@gmail.com>
Co-authored-by: Benjamin Koltermann <48812495+p4ck3t0@users.noreply.github.com>
Co-authored-by: Skybound1 <github@skybound.link>
Co-authored-by: divya-mohan0209 <divya.mohan0209@gmail.com>
2022-08-12 11:22:14 +02:00
29d9fa5a5f
Remove prerequisites
2022-08-05 14:39:39 -07:00
a96eb1118f
Convert CRLF to LF
2022-08-04 11:05:16 +05:30
ce898c50be
Update Pod Security Admission docs for graduation to stable
2022-08-01 16:57:21 -07:00
4e5cc42fc9
fix typo -> remove extra word "in"
2022-08-01 22:59:46 +03:00
30eb2cc0cf
Update content/en/docs/concepts/security/rbac-good-practices.md
...
Co-authored-by: divya-mohan0209 <divya.mohan0209@gmail.com>
2022-07-27 14:12:15 +02:00
7deb7e78cd
Merge branch 'main' into patch-1
2022-07-27 14:00:51 +02:00
54d2e71509
Merge pull request #34675 from mtardy/psp-annotation
...
Document the deprecated kubernetes.io/psp annotation
2022-07-25 02:26:35 -07:00
e39409e0ee
Merge pull request #34098 from Nirusu/patch-1
...
Remove section about the localhost port
2022-07-11 01:23:49 -07:00
94c832e49f
Merge pull request #34380 from tengqm/fix-links-3
...
Batch fix links (3)
2022-07-10 18:27:48 -07:00
959cb92224
Integrate flags into "Transport security" section
2022-07-09 04:55:43 -07:00
d705d9ed1c
Batch fix links (3)
2022-07-09 09:14:06 +08:00
ade7ed2e36
Fix minor typo
2022-07-06 19:57:58 +05:30
34721abcac
Use relative links for k8s.io
2022-06-30 12:08:14 +08:00
1d55061a5a
Remove the part about defining a PSP in a file
2022-06-29 09:37:23 +02:00
8a4e62fb76
Separate commands from their outputs
2022-06-29 09:36:11 +02:00
3b8a2a01fa
Clarify the reference to the psp annotation in the concept page
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2022-06-29 09:26:06 +02:00
9ffd24b78d
Use absolute URL in the tuto for the example PSP
2022-06-28 21:20:08 +02:00
453f4e61f6
Reference the kubernetes.io/psp annotation on the PodSecurityPolicy concept page
2022-06-28 21:17:10 +02:00
5c19702944
Merge pull request #33934 from JimBugwadia/multi-tenancy
...
multi-tenancy section for docs
2022-06-23 14:31:20 -07:00
d71951bdf9
squash review updates
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-06-23 13:50:56 -07:00
d2b92602b3
Fix minor missing spaces typos in Pod Security Admission doc
2022-06-23 12:19:46 +02:00
9ae05ea5b3
Improvement: Clarifiy the release which include Pod Security admission by default. ( #34300 )
...
* Improvement: Clarifiy the release which include Pod Security admission by default.
* Modify: wrapped the long lines.
2022-06-22 08:35:43 -07:00
e7caadc564
Replace skew shortcode parameters
2022-06-17 16:17:01 +09:00
c61be7d79c
Update pod-security-standards-hostprocess-state ( #34264 )
...
* Update pod-security-standards-hostprocess-state
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
* using hugo short-code
2022-06-16 11:08:48 -07:00
3eb9334ee2
suggested changes
2022-06-15 14:04:18 +02:00
1b90f44da6
Fixed typos
...
Fixed some typos and improved grammar.
2022-06-10 12:40:02 +02:00
c5d8916092
Remove section about the removed localhost port
2022-06-01 16:27:15 +02:00
f15cfaeb39
Merge pull request #33974 from JimBugwadia/pss
...
move other policy engines
2022-06-01 04:19:02 -07:00
f2dc19a07a
Merge pull request #34061 from howieyuen/windows-security
...
fix broken link in Security For Windows Nodes
2022-05-31 20:35:04 -07:00
58f572e4af
fix broken link in Security For Windows Nodes
2022-06-01 11:01:49 +08:00
89a8ad3951
Fix a typo in rbac-good-practices.md
...
Signed-off-by: Guangwen Feng <fenggw-fnst@fujitsu.com>
2022-05-31 13:37:41 +08:00
fb97ad2140
Update content/en/docs/concepts/security/pod-security-standards.md
...
Co-authored-by: Rey Lejano <rlejano@gmail.com>
2022-05-30 07:49:41 -07:00
fd9e0acacb
Merge pull request #33833 from liggitt/pss-privileged
...
Clarify privileged Pod Security Standard description
2022-05-29 23:02:52 -07:00
2517ad6c77
small modification
2022-05-29 16:06:25 +05:30
d686637140
Removed Authorizing Policies.
2022-05-27 11:02:15 +05:30
495642c688
Update content/en/docs/concepts/security/pod-security-standards.md
...
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2022-05-26 17:43:29 -07:00
7c5f243af7
move other policy engines
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-05-26 16:17:26 -07:00
8ce38a6625
added what's next in RBAC good practice guide
2022-05-26 13:27:44 +05:30
789935a35d
fixed the RBAC good practice guide.
2022-05-26 12:15:20 +05:30
39afd8538d
initial draft
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-05-24 22:27:00 -07:00
79c01ff06d
Update content/en/docs/concepts/security/pod-security-standards.md
...
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2022-05-19 17:03:39 -04:00
03f0d23228
Clarify privileged Pod Security Standard description
2022-05-19 14:51:51 -04:00
93a11b1007
Merge pull request #32812 from raesene/main
...
Add RBAC good practice guide
2022-05-15 14:12:16 -07:00
412571886c
Add RBAC Good Practices Guide
2022-05-15 21:45:11 +02:00
ffb7e4bc67
Small edit of pod security doc
2022-05-04 14:03:42 +00:00
5ead53b3e8
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-05-02 10:29:49 -07:00
b831e96c6a
[en] modify debug-cluster/audit
...
Signed-off-by: xin.li <xin.li@daocloud.io>
2022-04-29 20:40:59 +08:00
a1ef2afd7f
Merge pull request #31953 from sftim/20220227_update_pod_security_admission_concept_v1.24
...
Update Pod Security Admission concept for v1.24
2022-04-27 16:05:35 -07:00
59d3e1e7a2
Update pod security docs for dockershim removal
2022-04-26 13:39:55 +00:00
0135d3642b
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-04-19 15:45:28 -07:00
7e0a2162d7
Fix missing links
2022-04-12 16:46:38 +08:00
f85be125b9
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-03-31 15:18:13 -07:00
b53955eed4
Merge pull request #32628 from waynerv/patch-3
...
Update pod-security-admission.md
2022-03-31 14:43:07 -07:00
70dbc89f33
Merge pull request #32283 from PriyanshuAhlawat/adding_auditing
...
Update controlling-access.md issue-32224
2022-03-30 20:44:59 -07:00
e62d2f7302
Update content/en/docs/concepts/security/controlling-access.md
...
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2022-03-31 08:30:44 +05:30
672813f3e7
Move PSP into Security concepts section
...
The logical navigation definitely works better if Pod Security admission
and PodSecurityPolicy are pages in the same section. Make It So.
Co-authored-by: Rey Lejano <rlejano@gmail.com>
2022-03-30 17:30:35 +01:00
adde98e681
Update pod-security-admission.md
...
No need to use the ssh protocol to access a public repository
2022-03-30 10:13:53 +08:00
2bdb3fe416
Merge pull request #31851 from marosset/move-windows-security-1.24
...
Moving Windows security info to new page
2022-03-24 23:09:50 -07:00
c7952b2c3e
Update controlling-access.md
2022-03-16 19:16:46 +05:30
7e54b18dd4
Update controlling-access.md
2022-03-16 01:31:54 +05:30
a5a94f0f5b
Update Pod Security Admission concept for v1.24
...
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2022-03-08 14:07:16 +00:00
1e95dbe901
fix: modify article ( #31922 )
...
* fix: modify article
* fix: add missing preposition
2022-02-26 18:11:16 -08:00
26cf43b261
Merge pull request #31896 from meysam81/meysam/fix-typo
...
fix: typo
2022-02-25 00:39:51 -08:00
6e8093e260
apply suggestions from code review
...
Co-authored-by: Jihoon Seo <46767780+jihoon-seo@users.noreply.github.com>
2022-02-25 10:49:28 +03:00
198ae37902
Rewrite PodSecurityPolicy migration guide ( #31782 )
2022-02-24 18:07:56 -08:00
9b6876726c
Moving Windows security info to new page
...
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
2022-02-24 15:32:42 -08:00
94fd5b9698
fix: typo
2022-02-24 23:36:03 +03:00
4ca5ff6b3c
PodSecurity: remove optional non-root group check
2022-01-24 10:10:12 -05:00
8917b26250
PodSecurity: switch restricted volume check to positive check
2022-01-24 10:09:00 -05:00
e6a9fd269e
Update webhook anchor
2021-11-29 09:46:22 -05:00
d330226a95
Merge remote-tracking branch 'upstream/main' into dev-1.23
2021-11-17 12:55:09 -05:00
f235dc6cb6
Merge pull request #30225 from liggitt/podsecurity-runasuser
...
PodSecurity: runAsUser docs
2021-11-16 15:59:54 -08:00
4b7784728a
PodSecurity beta updates
2021-11-10 10:30:51 -05:00
e50ce5f269
PodSecurity: runAsUser
2021-10-28 11:21:02 -04:00
b1d1fc369e
Minor typo corrections and improvements for 'Overview of Cloud Native Security' page ( #30185 )
...
* Update overview.md
Minor typo corrections and improvements.
* Update overview.md
* Fix broken link
2021-10-27 05:53:25 -07:00
dc84f0cb97
Mark figures' intended size
...
This commit activates Sass styling to make image sizes more responsive
on the rendered page.
2021-10-17 21:31:52 +01:00
740c8762e2
Include Oracle Cloud Infrastructure
...
Including Oracle Cloud Infrastructure Security page.
2021-09-27 11:08:02 -05:00
8155f1d16d
Update controlling-access.md as --insecure-port flag deprecated ( #29447 )
...
* Update English version of controlling-access.md as --insecure-port flag deprecated
* Update controlling-access.md as --insecure-port flag deprecated
* Update content/en/docs/concepts/security/controlling-access.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2021-09-08 19:30:10 -07:00
3dc86945ed
Fix link in pod-security-admission
2021-08-25 00:57:35 -04:00
315e290107
Avoid word-break on narrow page widths
2021-08-19 10:04:34 -04:00
8c3eb6e414
Clarify audit annotation destination
2021-08-19 09:59:19 -04:00
dad01370f8
add kyverno and fix OPA/GK link
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2021-08-18 11:07:02 -07:00
7c2e229f60
Merge pull request #29236 from reylejano/add-kubewarden-option
...
Add kubewarden as an alternative to enforce security profiles
2021-08-11 05:26:47 -07:00
08387d8434
add kubewarden as an alternative to enforce security profiles
...
add third-party content shortcode and list
2021-08-10 07:41:30 -07:00
b5c1e98957
Merge pull request #29241 from YuikoTakada/fix_relative_paths
...
Replace with relative path
2021-08-06 06:51:19 -07:00
11a2e54d7a
Fix a broken link
2021-08-06 20:42:30 +08:00
8f301ea379
Replace with relative path
2021-08-05 11:54:46 +09:00
ddf46cfd6b
Merge pull request #29124 from tallclair/podsecurity
...
[PodSecurity] Correct and clarify a few things
2021-07-28 11:26:47 -07:00
6ac692be8e
[PodSecurity] Correct and clarify a few things
2021-07-28 10:41:59 -07:00
af2f72ad59
Windows HostProcess Container Documentation ( #28413 )
...
* Rebasing HostProcess security changes.
* Incorporated initial round of feedback
* Minor wording updates
* Finished up remaining todo items
* Apply suggestions from code review
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: Mark Rossetti <marosset@microsoft.com>
* Moved HostProcess security documentation into PSS and create-host-process-pod docs
* Updated with for James' review
* Apply suggestions from code review
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: James Sturtevant <jsturtevant@gmail.com>
* Minor edits
* Modifications for additional feedback
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: Mark Rossetti <marosset@microsoft.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: James Sturtevant <jsturtevant@gmail.com>
2021-07-27 00:50:45 -07:00
e0d4b53b1c
incorporating initial round of feedback
2021-07-21 15:33:46 +00:00
37dd90d81a
feature: Pod Security Standards documentation
2021-07-12 12:53:36 +00:00
b3aef35da7
Use shortcode for PodSecurityPolicy examples
2021-06-19 01:47:52 +01:00
dcd2dd4852
Update SELinux standards ( #27653 )
...
* Update SELinux standards
* address feedback
2021-05-14 11:19:59 -07:00
3ff5ec1eff
clean up use of word: just
2021-03-17 19:57:40 -04:00
6645f390f6
Remove "defalut" from the baseline policy name
2021-02-16 11:36:36 -08:00
ee8e67ce9a
Update controlling-access.md
2021-02-13 17:18:20 +06:00
2ae6da3c19
Merge branch 'master' into master
2021-02-12 17:04:39 +06:00
2c942aeb79
fixed grammatical mistake
2021-02-12 15:27:01 +06:00
d053563e8b
fixed some typos and grammatical mistakes
2021-02-12 14:53:34 +06:00
9a3347cd2d
security: add container runtime class as an option to provider extra container security
2021-02-11 10:41:08 +11:00
78351ecaf5
Transfer “Controlling Access to the Kubernetes API” to the Concepts section
...
Readers from several different backgrounds will find it useful to know
about how Kubernetes controls access to its API. Promote this overview
to the Security subsection of Concepts.
2020-10-20 23:41:56 +01:00
70eba58d3b
Contex to Context
2020-09-19 16:48:42 +05:30
70b75e16f0
Merge pull request #22981 from shuuji3/en/replace-special-quote-with-normal-ones
...
Replace special quote characters with normal ones
2020-08-26 14:55:02 -07:00
95c94c03d5
resolving conflicts
2020-08-23 12:13:37 -04:00
c6a96128c4
Replace special quote characters with normal ones.
2020-08-11 21:05:22 +09:00
0a861ca7c0
use traditional UNIX language
...
Refer to the 02000 and 04000 bits in file permissions as "set-user-ID mode" and "set-group-ID mode", as the UNIX manuals have done since 4th edition per suggestion by sftim
2020-08-06 21:55:41 -05:00
aa8e0d6677
Correct Privilege Escalation section
2020-08-04 14:23:42 -05:00
e2a861c2f9
Merge remote-tracking branch 'upstream/master' into dev-1.19
2020-07-27 19:10:42 -04:00
3ad7ea77f1
Add documentation for generally available seccomp functionality
...
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
2020-07-20 13:51:17 -05:00
259655797b
Remove container level supplementalGroups and fsgroup
2020-07-02 11:07:24 -07:00
3ff7312cff
Add descriptions to Concept sections
...
Each section directly beneath Concepts gains a description.
2020-06-25 17:09:58 +01:00
edafb080e6
Merge pull request #21493 from kbhawkey/kb-security-overview-cleanup
...
modify security overview
2020-06-12 21:57:57 -07:00
29f3c2858c
Merge pull request #21591 from scottstout/master
...
Changed whitelist to allowlist and blacklist to denylist.
2020-06-10 16:12:56 -07:00
6820d60f04
fixup security overview
2020-06-10 16:21:49 -04:00
ecc27bbbe7
add en pages
2020-06-09 19:33:15 -04:00
e38b9dc9c6
revised to minumize usage of whitelist/blacklist
2020-06-09 14:14:52 -05:00
9065e168f0
Minor cleanup of standardized pod security
2020-06-04 11:22:52 -07:00
44db1a13c9
Add missing PSP restrictions to standard security profiles
2020-06-02 17:13:12 -07:00
75652e8585
Standardized pod security profiles
2020-05-20 16:54:37 -07:00
8a8e7ed41a
Fix owasp broken links
2020-04-17 08:35:45 -03:00
98ea2cdfc0
Refined unclear sentence on 3rd party dependencies ( #18015 )
...
* Refined unclear sentence on 3rd party dependencies
I reworded the sentence on third party dependencies a bit in order to make it more sound
* Update content/en/docs/concepts/security/overview.md
Sounds much better
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2020-02-07 10:09:46 -08:00
cc5060da22
spelling and grammar corrections ( #15837 )
2019-08-13 06:45:42 -07:00
86e887bb72
fix for issue #15238 removed extra "for" ( #15239 )
...
fix for issue #15238 ,removed extra for
2019-07-02 01:35:08 -07:00
704aa645f1
Link from Security concept to related pages ( #14726 )
2019-06-04 20:57:52 -07:00
60266ff1a9
Cloud Native Security Intro ( #14495 )
...
* initial aggregation of security recommendations
* Update content/en/docs/concepts/security/overview.md
Co-Authored-By: Jim Angel <jimangel@users.noreply.github.com>
* Update content/en/docs/concepts/security/overview.md
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
* address concerns in PR comments
2019-05-30 14:24:22 -07:00
Mahé
Tim Allclair
Rory McCune
Kubernetes Prow Robot
David M. Lentz
cathchu
Stanislav Kardashov
ravisantoshgudimetla
Jordan Liggitt
Manish Kumar
Paszymaja
Nils Hanke
Qiming Teng
Abhishek Patra
Sean Wei
Jim Bugwadia
Shubham
Jihoon Seo
Mark Rossetti
SzymonPrzepiora
Nils Hanke
howieyuen
Guangwen Feng
harshitasao
Christopher Negus
Nate W
xin.li
Mengjiao Liu
Priyanshu Ahlawat
Tim Bannister
Waynerv
PriyanshuAhlawat
Meysam
Jesse Butler
Guilherme Macedo
Gilson Melo
Siman
Tyler Auerbeck
Rey Lejano
Huang Huang
Yuiko Mouri
Tim Allclair
Brandon Smith
Samuel Roth
Karen Bradshaw
Sahadat Hossain
Sahadat Hossain
Bin Chen
Tej-Singh-Rana
Savitha Raghunathan
TAKAHASHI Shuuji
Tabitha Sable
hasheddan
Sertaç Özercan
Scott Stout
viniciusbds
tom1299
Bill Mulligan
shub-asa1
Zach Arnold