7c5f243af7
move other policy engines
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-05-26 16:17:26 -07:00
8ce38a6625
added what's next in RBAC good practice guide
2022-05-26 13:27:44 +05:30
789935a35d
fixed the RBAC good practice guide.
2022-05-26 12:15:20 +05:30
39afd8538d
initial draft
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-05-24 22:27:00 -07:00
79c01ff06d
Update content/en/docs/concepts/security/pod-security-standards.md
...
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2022-05-19 17:03:39 -04:00
03f0d23228
Clarify privileged Pod Security Standard description
2022-05-19 14:51:51 -04:00
93a11b1007
Merge pull request #32812 from raesene/main
...
Add RBAC good practice guide
2022-05-15 14:12:16 -07:00
412571886c
Add RBAC Good Practices Guide
2022-05-15 21:45:11 +02:00
ffb7e4bc67
Small edit of pod security doc
2022-05-04 14:03:42 +00:00
5ead53b3e8
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-05-02 10:29:49 -07:00
b831e96c6a
[en] modify debug-cluster/audit
...
Signed-off-by: xin.li <xin.li@daocloud.io>
2022-04-29 20:40:59 +08:00
a1ef2afd7f
Merge pull request #31953 from sftim/20220227_update_pod_security_admission_concept_v1.24
...
Update Pod Security Admission concept for v1.24
2022-04-27 16:05:35 -07:00
59d3e1e7a2
Update pod security docs for dockershim removal
2022-04-26 13:39:55 +00:00
0135d3642b
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-04-19 15:45:28 -07:00
7e0a2162d7
Fix missing links
2022-04-12 16:46:38 +08:00
f85be125b9
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-03-31 15:18:13 -07:00
b53955eed4
Merge pull request #32628 from waynerv/patch-3
...
Update pod-security-admission.md
2022-03-31 14:43:07 -07:00
70dbc89f33
Merge pull request #32283 from PriyanshuAhlawat/adding_auditing
...
Update controlling-access.md issue-32224
2022-03-30 20:44:59 -07:00
e62d2f7302
Update content/en/docs/concepts/security/controlling-access.md
...
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2022-03-31 08:30:44 +05:30
672813f3e7
Move PSP into Security concepts section
...
The logical navigation definitely works better if Pod Security admission
and PodSecurityPolicy are pages in the same section. Make It So.
Co-authored-by: Rey Lejano <rlejano@gmail.com>
2022-03-30 17:30:35 +01:00
adde98e681
Update pod-security-admission.md
...
No need to use the ssh protocol to access a public repository
2022-03-30 10:13:53 +08:00
2bdb3fe416
Merge pull request #31851 from marosset/move-windows-security-1.24
...
Moving Windows security info to new page
2022-03-24 23:09:50 -07:00
c7952b2c3e
Update controlling-access.md
2022-03-16 19:16:46 +05:30
7e54b18dd4
Update controlling-access.md
2022-03-16 01:31:54 +05:30
a5a94f0f5b
Update Pod Security Admission concept for v1.24
...
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2022-03-08 14:07:16 +00:00
1e95dbe901
fix: modify article ( #31922 )
...
* fix: modify article
* fix: add missing preposition
2022-02-26 18:11:16 -08:00
26cf43b261
Merge pull request #31896 from meysam81/meysam/fix-typo
...
fix: typo
2022-02-25 00:39:51 -08:00
6e8093e260
apply suggestions from code review
...
Co-authored-by: Jihoon Seo <46767780+jihoon-seo@users.noreply.github.com>
2022-02-25 10:49:28 +03:00
198ae37902
Rewrite PodSecurityPolicy migration guide ( #31782 )
2022-02-24 18:07:56 -08:00
9b6876726c
Moving Windows security info to new page
...
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
2022-02-24 15:32:42 -08:00
94fd5b9698
fix: typo
2022-02-24 23:36:03 +03:00
4ca5ff6b3c
PodSecurity: remove optional non-root group check
2022-01-24 10:10:12 -05:00
8917b26250
PodSecurity: switch restricted volume check to positive check
2022-01-24 10:09:00 -05:00
e6a9fd269e
Update webhook anchor
2021-11-29 09:46:22 -05:00
d330226a95
Merge remote-tracking branch 'upstream/main' into dev-1.23
2021-11-17 12:55:09 -05:00
f235dc6cb6
Merge pull request #30225 from liggitt/podsecurity-runasuser
...
PodSecurity: runAsUser docs
2021-11-16 15:59:54 -08:00
4b7784728a
PodSecurity beta updates
2021-11-10 10:30:51 -05:00
e50ce5f269
PodSecurity: runAsUser
2021-10-28 11:21:02 -04:00
b1d1fc369e
Minor typo corrections and improvements for 'Overview of Cloud Native Security' page ( #30185 )
...
* Update overview.md
Minor typo corrections and improvements.
* Update overview.md
* Fix broken link
2021-10-27 05:53:25 -07:00
dc84f0cb97
Mark figures' intended size
...
This commit activates Sass styling to make image sizes more responsive
on the rendered page.
2021-10-17 21:31:52 +01:00
740c8762e2
Include Oracle Cloud Infrastructure
...
Including Oracle Cloud Infrastructure Security page.
2021-09-27 11:08:02 -05:00
8155f1d16d
Update controlling-access.md as --insecure-port flag deprecated ( #29447 )
...
* Update English version of controlling-access.md as --insecure-port flag deprecated
* Update controlling-access.md as --insecure-port flag deprecated
* Update content/en/docs/concepts/security/controlling-access.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2021-09-08 19:30:10 -07:00
3dc86945ed
Fix link in pod-security-admission
2021-08-25 00:57:35 -04:00
315e290107
Avoid word-break on narrow page widths
2021-08-19 10:04:34 -04:00
8c3eb6e414
Clarify audit annotation destination
2021-08-19 09:59:19 -04:00
dad01370f8
add kyverno and fix OPA/GK link
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2021-08-18 11:07:02 -07:00
7c2e229f60
Merge pull request #29236 from reylejano/add-kubewarden-option
...
Add kubewarden as an alternative to enforce security profiles
2021-08-11 05:26:47 -07:00
08387d8434
add kubewarden as an alternative to enforce security profiles
...
add third-party content shortcode and list
2021-08-10 07:41:30 -07:00
b5c1e98957
Merge pull request #29241 from YuikoTakada/fix_relative_paths
...
Replace with relative path
2021-08-06 06:51:19 -07:00
11a2e54d7a
Fix a broken link
2021-08-06 20:42:30 +08:00
8f301ea379
Replace with relative path
2021-08-05 11:54:46 +09:00
ddf46cfd6b
Merge pull request #29124 from tallclair/podsecurity
...
[PodSecurity] Correct and clarify a few things
2021-07-28 11:26:47 -07:00
6ac692be8e
[PodSecurity] Correct and clarify a few things
2021-07-28 10:41:59 -07:00
af2f72ad59
Windows HostProcess Container Documentation ( #28413 )
...
* Rebasing HostProcess security changes.
* Incorporated initial round of feedback
* Minor wording updates
* Finished up remaining todo items
* Apply suggestions from code review
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: Mark Rossetti <marosset@microsoft.com>
* Moved HostProcess security documentation into PSS and create-host-process-pod docs
* Updated with for James' review
* Apply suggestions from code review
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: James Sturtevant <jsturtevant@gmail.com>
* Minor edits
* Modifications for additional feedback
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: Mark Rossetti <marosset@microsoft.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: James Sturtevant <jsturtevant@gmail.com>
2021-07-27 00:50:45 -07:00
e0d4b53b1c
incorporating initial round of feedback
2021-07-21 15:33:46 +00:00
37dd90d81a
feature: Pod Security Standards documentation
2021-07-12 12:53:36 +00:00
b3aef35da7
Use shortcode for PodSecurityPolicy examples
2021-06-19 01:47:52 +01:00
dcd2dd4852
Update SELinux standards ( #27653 )
...
* Update SELinux standards
* address feedback
2021-05-14 11:19:59 -07:00
3ff5ec1eff
clean up use of word: just
2021-03-17 19:57:40 -04:00
6645f390f6
Remove "defalut" from the baseline policy name
2021-02-16 11:36:36 -08:00
ee8e67ce9a
Update controlling-access.md
2021-02-13 17:18:20 +06:00
2ae6da3c19
Merge branch 'master' into master
2021-02-12 17:04:39 +06:00
2c942aeb79
fixed grammatical mistake
2021-02-12 15:27:01 +06:00
d053563e8b
fixed some typos and grammatical mistakes
2021-02-12 14:53:34 +06:00
9a3347cd2d
security: add container runtime class as an option to provider extra container security
2021-02-11 10:41:08 +11:00
78351ecaf5
Transfer “Controlling Access to the Kubernetes API” to the Concepts section
...
Readers from several different backgrounds will find it useful to know
about how Kubernetes controls access to its API. Promote this overview
to the Security subsection of Concepts.
2020-10-20 23:41:56 +01:00
70eba58d3b
Contex to Context
2020-09-19 16:48:42 +05:30
70b75e16f0
Merge pull request #22981 from shuuji3/en/replace-special-quote-with-normal-ones
...
Replace special quote characters with normal ones
2020-08-26 14:55:02 -07:00
95c94c03d5
resolving conflicts
2020-08-23 12:13:37 -04:00
c6a96128c4
Replace special quote characters with normal ones.
2020-08-11 21:05:22 +09:00
0a861ca7c0
use traditional UNIX language
...
Refer to the 02000 and 04000 bits in file permissions as "set-user-ID mode" and "set-group-ID mode", as the UNIX manuals have done since 4th edition per suggestion by sftim
2020-08-06 21:55:41 -05:00
aa8e0d6677
Correct Privilege Escalation section
2020-08-04 14:23:42 -05:00
e2a861c2f9
Merge remote-tracking branch 'upstream/master' into dev-1.19
2020-07-27 19:10:42 -04:00
3ad7ea77f1
Add documentation for generally available seccomp functionality
...
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
2020-07-20 13:51:17 -05:00
259655797b
Remove container level supplementalGroups and fsgroup
2020-07-02 11:07:24 -07:00
3ff7312cff
Add descriptions to Concept sections
...
Each section directly beneath Concepts gains a description.
2020-06-25 17:09:58 +01:00
edafb080e6
Merge pull request #21493 from kbhawkey/kb-security-overview-cleanup
...
modify security overview
2020-06-12 21:57:57 -07:00
29f3c2858c
Merge pull request #21591 from scottstout/master
...
Changed whitelist to allowlist and blacklist to denylist.
2020-06-10 16:12:56 -07:00
6820d60f04
fixup security overview
2020-06-10 16:21:49 -04:00
ecc27bbbe7
add en pages
2020-06-09 19:33:15 -04:00
e38b9dc9c6
revised to minumize usage of whitelist/blacklist
2020-06-09 14:14:52 -05:00
9065e168f0
Minor cleanup of standardized pod security
2020-06-04 11:22:52 -07:00
44db1a13c9
Add missing PSP restrictions to standard security profiles
2020-06-02 17:13:12 -07:00
75652e8585
Standardized pod security profiles
2020-05-20 16:54:37 -07:00
8a8e7ed41a
Fix owasp broken links
2020-04-17 08:35:45 -03:00
98ea2cdfc0
Refined unclear sentence on 3rd party dependencies ( #18015 )
...
* Refined unclear sentence on 3rd party dependencies
I reworded the sentence on third party dependencies a bit in order to make it more sound
* Update content/en/docs/concepts/security/overview.md
Sounds much better
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2020-02-07 10:09:46 -08:00
cc5060da22
spelling and grammar corrections ( #15837 )
2019-08-13 06:45:42 -07:00
86e887bb72
fix for issue #15238 removed extra "for" ( #15239 )
...
fix for issue #15238 ,removed extra for
2019-07-02 01:35:08 -07:00
704aa645f1
Link from Security concept to related pages ( #14726 )
2019-06-04 20:57:52 -07:00
60266ff1a9
Cloud Native Security Intro ( #14495 )
...
* initial aggregation of security recommendations
* Update content/en/docs/concepts/security/overview.md
Co-Authored-By: Jim Angel <jimangel@users.noreply.github.com>
* Update content/en/docs/concepts/security/overview.md
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
* address concerns in PR comments
2019-05-30 14:24:22 -07:00
Jim Bugwadia
harshitasao
Jordan Liggitt
Kubernetes Prow Robot
Rory
Christopher Negus
Nate W
xin.li
Mengjiao Liu
Priyanshu Ahlawat
Tim Bannister
Waynerv
PriyanshuAhlawat
Meysam
Tim Allclair
Mark Rossetti
Jesse Butler
Guilherme Macedo
Gilson Melo
Siman
Tyler Auerbeck
Rey Lejano
Huang Huang
Yuiko Mouri
Tim Allclair
Brandon Smith
Samuel Roth
Karen Bradshaw
Sahadat Hossain
Sahadat Hossain
Bin Chen
Tej-Singh-Rana
Savitha Raghunathan
TAKAHASHI Shuuji
Tabitha Sable
hasheddan
Sertaç Özercan
Scott Stout
viniciusbds
tom1299
Bill Mulligan
shub-asa1
Zach Arnold