0e7302f383
Merge pull request #41556 from Zhuzhenghao/cleanup/abac
...
cleanup page abac
2023-06-30 06:18:42 -07:00
4cb9a82b2a
Merge pull request #40166 from mtardy/scdeny-deprecation
...
Update scdeny plugin documentation for deprecation
2023-06-30 02:49:45 -07:00
c32b30f457
Update scdeny plugin documentation for deprecation
2023-06-30 10:52:50 +02:00
b47948af36
Merge pull request #41156 from dprotaso/patch-1
...
Update service-accounts-admin.md
2023-06-28 15:06:45 -07:00
1cb1390388
Merge pull request #41000 from zlabjp/fix-key-usage
...
Fix permitted key usages
2023-06-26 17:32:29 -07:00
d873f03e78
Add -subj Command Option.
2023-06-19 15:38:54 +05:30
b1e9fbe945
[zh] cleanup page abac
2023-06-18 11:46:28 +08:00
610b895266
Merge pull request #41308 from kubernetes/main
...
Sync `dev-1.28` branch with `main`
2023-05-29 23:01:44 -07:00
f023295351
Update content/en/docs/reference/access-authn-authz/service-accounts-admin.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-05-23 13:16:26 -04:00
5d6e0ca1bb
remove ericchiang from reviewers
2023-05-16 18:13:33 +00:00
7323fddca9
Merge branch 'merged-main-dev1.28' into dev-1.28
2023-05-16 02:39:25 -04:00
eb21c7af96
Update service-accounts-admin.md
2023-05-15 11:28:47 -04:00
edc769baa4
Merge pull request #39576 from sftim/20220108_improve_api_documentation_objects_part_1
...
Reorganize Working with Kubernetes Objects section
2023-05-10 18:39:09 -07:00
d384f118b2
Fix permitted key usages
2023-05-08 13:54:52 +09:00
7bdcd3da4c
Merge pull request #40968 from nnmin-aws/nnmin-dev
...
update certificate-signing-requests.md to reflect https://github.com/ …
2023-05-07 02:51:15 -07:00
35771026a1
update certificate-signing-requests.md to reflect https://github.com/kubernetes/kubernetes/pull/111660 introduced in 1.27
2023-05-05 13:15:39 -07:00
a413d89528
Merge pull request #40051 from EricFortin/patch-1
...
Small wording change
2023-05-05 02:51:12 -07:00
30841950a6
Apply suggestions from code review
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2023-05-04 22:25:45 +02:00
d2d1242815
KEP-3325: Promote SelfSubjectReview to GA
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2023-05-04 11:37:01 +02:00
6bf15f514b
Merge pull request #40692 from sftim/20230414_automatically_use_latest_patch_for_minor_version
...
Use release data to calculate latest patch version
2023-05-03 00:38:12 -07:00
f787489ec5
Merge pull request #40535 from aitorpazos/patch-1
...
Note on caBundle encoding in extensible-admission-controllers.md
2023-05-02 15:38:14 -07:00
50d7e85643
Migrate from fullVersion param to skew shortcode
...
Use {{< skew currentPatchVersion >}} to render the latest patch version
for the minor release being documented.
2023-05-02 23:25:30 +01:00
634c17f61c
Reorganize Working with Kubernetes Objects section
...
- move Understanding Kubernetes Objects to be section overview
- within the section, consistently link to the new (moved) page from the
first mention of “object”
- add a redirect
Co-authored-by: Divya Mohan <divya.mohan0209@gmail.com>
2023-04-29 21:39:42 +01:00
eb3e564a17
Fix the comma symbol
...
Some unknown symbol is being used currently.
2023-04-24 10:45:46 +03:00
ad7c0712c6
Fix examples test for 1.27
...
- Some examples are actually not good "examples", i.e. they are not
not ready for the users to try out.
- Some examples are failing the validation in their current format.
- Some examples skipped the test case.
These issues are fixed.
2023-04-16 17:26:12 +08:00
4a5436f42e
ClusterTrustBundles: Document service account impersonation
...
(Change message to retrigger tests)
2023-04-14 11:05:15 -07:00
2e403eba90
Merge pull request #40578 from sftim/20230409_cluster_trust_bundles
...
Document ClusterTrustBundles
2023-04-10 16:44:03 -05:00
9252eb08f5
Merge remote-tracking branch 'upstream/main' into dev-1.27
2023-04-10 12:20:33 -07:00
e95deae997
Update CSR page to encompass CSRs and trust bundles
...
Rather than mention trust bundles as a subtopic of certificate signing
requests, reshape the page so that:
- it's clear that CSRs are stable but ClusterTrustBundles are alpha
- the task for issuing a certificate to a user stands separately from
the concepts explained elsewhere in the page
- it's clear that signers are relevant to both CSRs and
ClusterTrustBundles
2023-04-09 18:51:27 +01:00
8377a675cd
ClusterTrustBundles: Add section to certificates page
...
Document the API types as they exist today, plus a hint of the future
integrations that will be available.
Co-Authored-By: Taahir Ahmed <taahm@google.com>
2023-04-09 17:27:18 +01:00
c1f4c5c4a2
Cleanup page rbac
2023-04-07 22:34:42 +08:00
cf20f82dbd
Note on caBundle encoding in extensible-admission-controllers.md
...
The note on caBundle field description mentions it is PEM encoded, but the actual field value is then encoded into Base64, which is worth mentioning.
2023-04-06 09:10:12 +00:00
31439e3d56
Merge branch 'upstream/main' into dev-1.27
2023-04-05 14:20:36 -05:00
3a3ae711d5
Cleanup page rbac
2023-04-05 22:36:28 +08:00
b1bd85a421
about apiGroups ( #40315 )
...
* about apiGroups
Look at the source code, apiGroups is an empty set and not all are allowed, you need to use * to be able to, if it is an empty set if the resource does not have apiGroups then it will not be accessible
Refer to:
https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/rbac/v1/evaluation_helpers.go#L85
https://github.com/kubernetes/api/blob/master/rbac/v1/types.go#L29
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
* Update rbac.md
* Update rbac.md
* Update content/en/docs/reference/access-authn-authz/rbac.md
the comma
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
* Update rbac.md
All changed
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
---------
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-04-04 22:01:38 -07:00
0d862b9afe
message expression and type checking.
2023-04-03 09:38:13 -07:00
cf37b594f2
KEP-3488 ValidatingAdmissionPolicy: Enforcement actions, audit annotations, and secondary authz ( #40098 )
...
* Document auditAnnotations, validationActions and authorizer
* Apply suggestions from code review
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Apply suggestions from code review
Co-authored-by: Tim Allclair <timallclair@gmail.com>
* Apply feedback
---------
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Tim Allclair <timallclair@gmail.com>
2023-04-03 08:55:52 -07:00
27460b23fa
AdmissionWebhookMatchConditions feature documentation ( #40058 )
...
* AdmissionWebhookMatchConditions feature documentation
* #squash ivelichkovich feedback
* #squash sftim feedback
* Correct statement about request.object
* #squash: sftim feedback
* #squash jpbetz feedback
* #squash: denied function removed
* #squash fix match conditions example
* #squash fix expression quoting
* #squash scope authorizatoin check example
* #squash separate RBAC webhook example
* #squash sftim feedback
* #squash add shared client config for example
* Don't use yaml anchors in example
2023-04-03 08:23:51 -07:00
4d58ea4165
Update service-accounts-admin.md
...
Fix internal links in service-accounts-admin docs
2023-04-01 13:23:50 +05:30
2da2c6c277
Merge pull request #40407 from mickeyboxell/merged-main-dev-1.27
...
Merged main dev 1.27
2023-03-31 21:49:49 -07:00
b0978a248e
Fix ServiceAccount admission controller link
...
Fix ServiceAccount admission controller link
2023-03-31 05:55:01 +05:30
b842957cf3
Merge pull request #39794 from nabokihms/ssr-beta
...
KEP-3325: Promote SelfSubjectReview to Beta
2023-03-30 11:39:49 -07:00
a15fa4ae31
Merge remote-tracking branch 'upstream/main' into dev-1.27
2023-03-29 15:54:33 -05:00
669f695ccb
Remove some duplicates in content/en/docs/reference/access-authn-authz/service-accounts-admin.md
...
Signed-off-by: liulijin <253954033@qq.com>
2023-03-23 09:25:21 +08:00
350ce035a5
Fix previous virables in exampes
2023-03-22 20:23:48 +00:00
457c26b997
Adding MatchConditions into ValidatingAdmissionPolicy
2023-03-22 20:23:48 +00:00
9e75d92cd9
Small wording change
2023-03-16 11:54:39 -04:00
bb14c6db8d
Promote SelfSubjectReview to Beta
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2023-03-12 15:09:39 +01:00
58455c59e9
Remove duplicate "the" in admission-controllers.md
...
Signed-off-by: Guangwen Feng <fenggw-fnst@fujitsu.com>
2023-03-03 16:27:25 +08:00
3fc2fa9853
Merge pull request #39142 from tengqm/cleanup-redirects-1
...
Remove redirect entries for docs/admin/... pages
2023-02-22 08:43:57 -08:00
ee4b88ed37
Merge pull request #37733 from sftim/20221105_update_docs_podsecuritypolicy_removal
...
Update documentation for PodSecurityPolicy removal
2023-02-14 12:55:51 -08:00
68b19b6f00
Specify that subresources excluded from mutating webhook example
2023-02-06 22:33:00 +00:00
c809bcc796
Merge pull request #39180 from Zhuzhenghao/certificate-signing-requests
...
Make layout prettier in certificate-signing-requests.md
2023-01-30 22:14:48 -08:00
80561f67b1
Make layout prettier in certificate-signing-requests.md
2023-01-31 13:45:44 +08:00
4164430555
Add spaces in code snippets for consistency
2023-01-30 18:15:06 +08:00
6c701a7d96
Update doc of admission plugin SecurityContextDeny
...
Note the shortcomings of the implementation of this admission plugin
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
2023-01-29 17:27:12 +01:00
9a727efab8
Remove redirect entries for docs/admin/... pages
2023-01-29 19:56:56 +08:00
bb85d62752
Update docs for PodSecurityPolicy removal
2023-01-24 22:24:09 +00:00
4ec6fbac55
Fix errors on `ValidatingAdmissionPolicyBindings` for the CEL for Admission Control blog & doc ( #38893 )
...
* Fix errors on ValidatingAdmissionPolicyBindings for the CEL for Admission Control blog
* Fix namespaceSelector error
* Fix namespaceSelector errors
2023-01-12 08:38:54 -08:00
e97c98b27f
Merge pull request #38428 from AverageMarcus/patch-1
...
Fix typo in SA admission controller steps
2023-01-03 17:19:58 -08:00
37955a816b
Reformat the validating-admission-policy reference page
...
This commit wraps the long lines found in the
validating-admission-policy reference page.
2022-12-31 07:44:49 +08:00
3362aa9701
Add admission.k8s.io/v1 API and fix references to it
...
The `admission.k8s.io/v1` API group is not generated into the v2/v3 OpenAPI
specification as part of Kubernetes API because it is not officially "served".
However, the structs in the API group are used in other APIs that are user-facing.
This PR addes the reference API and fixes references to it.
2022-12-31 07:44:41 +08:00
912c306be4
Fixing Spec -> spec and paramsRef -> paramRef
...
Fixing Spec -> spec and paramsRef -> paramRef
2022-12-23 18:25:22 +05:30
b590431f4e
Updated the wrong format
2022-12-20 01:24:49 +05:30
f1405f274a
Merge pull request #38497 from samos123/fix-38495-validation-admission-policy
...
Fix 38495 incorrect ValidationAdmissionPolicyBindings
2022-12-16 20:51:41 -08:00
f9e113fb86
Merge pull request #38353 from SergeyKanzhelev/RotateKubeletClientCertificateIsGA
...
fix documentation for RotateKubeletClientCertificate
2022-12-16 07:18:17 -08:00
088649ec4f
Fix incorrect ValidationAdmissionPolicyBindings
2022-12-15 10:00:55 -08:00
2b5dab08f1
Fix typo in SA admission controller steps
2022-12-12 15:11:43 +00:00
ab4812140f
fix documentation for RotateKubeletClientCertificate
2022-12-09 18:24:04 +00:00
8f9446f87d
Merge branch 'main' into dev-1.26
2022-12-03 21:36:34 +00:00
50246c291b
Merge pull request #37770 from cici37/celDoc
...
Documentation for CEL in Admission Control
2022-12-01 16:33:53 -08:00
98d41f24ef
Address comments
2022-11-30 16:47:27 +00:00
4dc90ef731
Add doc for ValidatingAdmissionPolicy
2022-11-30 06:35:18 +00:00
cec61c1754
Merge pull request #38052 from krol3/merged-main-dev-1.26
...
Merge main branch into dev-1.26
2022-11-29 11:59:09 -08:00
9b4b8831ca
Merge pull request #38010 from Shubham82/Add_shell
...
Append triple backticks with shell for code snippet
2022-11-28 19:37:22 -08:00
f306471950
Merge pull request #35385 from nabokihms/patch-2
...
Add doc about how to get self subject attributes
2022-11-28 00:58:07 -08:00
cb9dc5a4ac
Update content/en/docs/reference/access-authn-authz/authentication.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2022-11-27 22:31:16 +01:00
35c3321b02
feat: Add caution note about rules field override in aggregated clusterroles
2022-11-25 16:24:13 +02:00
e100cf80c4
Added shell for code snippet.
2022-11-25 16:56:50 +05:30
707d3699ad
Append triple backticks with shell for code snippet
2022-11-22 13:37:49 +05:30
63008ca41a
Fix indentation and typos in kubelet-tls-bootstrapping.md
2022-11-21 07:40:54 +08:00
ed983897ff
Fix typos in /service-accounts-admin.md
2022-11-11 20:38:13 +08:00
5d61921a11
Apply suggestions from code review
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2022-11-10 12:53:21 +01:00
0a5e274a42
Add doc about how to get self subject attributes
...
Documentation for https://github.com/kubernetes/enhancements/issues/3325
2022-11-10 12:52:53 +01:00
f3248058fd
Merge pull request #33654 from sftim/20190601_task_configure_service_account_reword
...
Reword tasks relating to ServiceAccounts
2022-11-09 13:50:56 -08:00
6a3598661d
Merge pull request #37734 from sftim/20221105_tweak_admission_controllers_reference
...
Tweak reference for admission controllers
2022-11-06 02:02:15 -08:00
f348002c26
Tweak reference for admission controllers
...
- Improve page title
- Update page to match style guide
- Wording and correctness tweaks
2022-11-06 08:14:58 +00:00
98f310ab58
Updates page weights in reference docs section
...
Some of these pages are autogenerated, but not all. This PR updates the pages that are not autogenerated within the docs/en/reference section
2022-11-04 11:37:59 -04:00
f24c201017
Update content/en/docs/reference/access-authn-authz
2022-10-24 13:47:22 -04:00
a4629cd19b
Update ServiceAccount tasks in light of TokenRequest
...
Now that TokenRequest is the default way to get a service account token
for a Pod, update the task pages that relate to this.
2022-10-22 02:56:43 +01:00
f9db6ae934
Reword “Managing Service Accounts” task
2022-10-22 02:56:42 +01:00
bed6565a22
Merge pull request #37363 from T-Lakshmi/add-link-RFC7468
...
Added Hyperlink to RFC7468
2022-10-20 08:15:02 -07:00
4e6140bf04
Added Hyperlink to RFC7468
2022-10-18 17:06:55 +05:30
1eef742465
Favor EndpointSlice over Endpoints
...
Document EndpointSlice as the preferred and most appropriate mechanism
to record the backing endpoints of a Service.
Co-authored-by: Rob Scott <rob.scott87@gmail.com>
Co-authored-by: Shannon Kularathna <ax3shannonkularathna@gmail.com>
2022-10-11 12:38:39 +01:00
d772e76af9
Merge pull request #36709 from gaeljw/patch-1
...
docs: update OIDC documentation to mention the signing algorithms configuration
2022-09-30 06:58:29 -07:00
523b0f89b4
Fix the feature state of PodSecurity
2022-09-19 09:00:29 +08:00
ce1dbcbdfa
Merge pull request #36538 from gengwg/main
...
kube-proxy is part of the Kubernetes node components
2022-09-14 09:41:00 -07:00
d057687f6f
Merge pull request #36660 from liggitt/scrape-secrets
...
Update service account token documentation
2022-09-10 16:31:23 -07:00
699ed970ae
docs: update OIDC documentation to mention the signing algorithms configuration
2022-09-09 17:34:17 +02:00
79f26d5922
Update service account token documentation
...
* Make example service account output match 1.24+ output with auto-generated tokens omitted
* Prefer `kubectl create token` as token creation mechanism
2022-09-07 16:00:27 -04:00
Kubernetes Prow Robot
mtardy
shubham82
zhenghao.zhu
Dave Protasowski
Eric Chiang
Rishit Dagli
Tomoya Usami
Min Ni
Maksim Nabokikh
m.nabokikh
Tim Bannister
Ismail Alidzhikov
Qiming Teng
Taahir Ahmed
Mickey Boxell
Aitor
zmquan
Jiahui Feng
Joe Betz
Tim Allclair
samitks
liulijin
Cici Huang
Eric Fortin
Guangwen Feng
Richard Tweed
windsonsea
Mathieu Benoit
Saloni1814
Yash Pimple
Sam Stoelinga
Marcus Noble
Sergey Kanzhelev
Sergey Shevchenko
Michael
Abigail McCarthy
lakshmi prasuna
houjun
Gaël Jourdan-Weil
Jordan Liggitt