e8b9538785
Merge pull request #36043 from tomkivlin/tomkivlin/issue28580
...
Mention wildcard for RBAC resources and names
2022-09-07 09:24:37 -07:00
3de5a3768b
kube-proxy is part of the Kubernetes node components
...
kube-proxy is part of the Kubernetes node components not control plane. I think it's a typo.
ref: https://kubernetes.io/docs/concepts/overview/components/#node-components
2022-09-02 11:53:57 -07:00
9acf28fce9
fix note typo
2022-08-31 17:58:31 +08:00
468442d294
Wrap long lines where appropriate
2022-08-25 16:10:39 +08:00
93abc44b8b
Fix service accounts admin page
...
This PR removes some outdated texts that are confusing today.
2022-08-25 16:04:29 +08:00
9401ab7fb3
Merge pull request #36160 from windsonsea/gracheck
...
Fix typos on /access-authn-authz
2022-08-24 11:55:49 -07:00
61a5b7b69d
Fix typos on /access-authn-authz
2022-08-22 20:10:58 +08:00
9ec115bbdb
Mention wildcard for RBAC resources and names
...
Signed-off-by: Tom Kivlin <tom.kivlin@vodafone.com>
added link to best practice doc
update from sftim comments
update from liggitt comments
Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
update from liggitt comment
2022-08-19 08:06:42 +00:00
6810fa976d
Merge remote-tracking branch 'upstream/main' into dev-1.25
2022-08-18 15:58:41 -03:00
0bd89d2c24
Merge pull request #36018 from tengqm/improve-admission-controllers
...
Update admission controllers page
2022-08-17 16:14:47 -07:00
96dd915152
Update admission controllers page
...
This PR updates the admission controllers page by:
- removing two plugins which have been removed since 1.18
- removing text about ancient history
- removing shortcode about plugins that graduated into GA a long time ago;
2022-08-16 22:33:37 +08:00
b167938367
Scrub PSP docs for 1.25
2022-08-15 21:09:41 -04:00
a472b72c33
remove insecure port option
2022-08-13 09:52:02 +05:30
4747731407
Fix --service-account-key-file description
...
--service-account-key-file flag to the kube-api-server is used to verify ServiceAccount tokens (and not to sign them).
--service-account-signing-key-file is the kube-api-server flag that's used to sign ServiceAccount tokens (short-lived ones).
--service-account-private-key-file is the kube-controller-manager flag that's used to sign ServiceAccount tokens (long-lived ones).
2022-08-02 00:37:09 -07:00
e2cda2eec3
Merge pull request #34716 from dmarinere/patch-1
...
added access to the statements explaining cluster role
2022-07-16 07:56:53 -07:00
7b4293b4fa
Batch fix links (5)
2022-07-11 13:54:18 +08:00
38ccc3383d
Merge pull request #34740 from tengqm/improve-admission-controllers
...
Tweak extensible admission controllers page
2022-07-10 18:11:47 -07:00
2f0d4a5d88
Clarify that list, get and watch can return data
...
The `get`, `list` and `watch` verbs can all be used to retrieve the full details of a resource. It is not an uncommon assumption amongst users that they return different data (e.g. that `list` only returns the names of resources; when it can return the full object).
This adds a caution block to highlight this potential gotcha.
2022-07-08 11:13:23 +01:00
a6ec7d8017
Tweak extensible admission controllers page
...
This PR removes outdated information about `admissionregistration.v1beta1` API groups
which are no longer supported in 1.24. Additional notes are added to
avoid confusion when parsing the examples.
2022-07-01 00:33:57 +08:00
c14bcdde98
added access to the statements
...
I added access to the statement explaining cluster role permissions in this document to make it clearer.
2022-06-30 03:50:31 +01:00
af65de3877
Callout that impersonation needs (ClusterRole)Binding ( #34082 )
...
* Callout that impersonation needs (ClusterRole)Binding
I learned through trial and error that impersonation does not work with Role and RoleBinding - this was not obvious. It would be good if the docs call this out.
* Update content/en/docs/reference/access-authn-authz/authentication.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/reference/access-authn-authz/authentication.md
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* Update content/en/docs/reference/access-authn-authz/authentication.md
Co-authored-by: ZSC <zacharysarah@users.noreply.github.com>
* Update content/en/docs/reference/access-authn-authz/authentication.md
Co-authored-by: ZSC <zacharysarah@users.noreply.github.com>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: ZSC <zacharysarah@users.noreply.github.com>
2022-06-14 13:09:33 -07:00
34155fed0b
Fix links for k/design-proposals-archive
...
The contributors/design-proposals in k/community was removed. It's only
available in k/design-proposals-archive repo now.
This commit also changes https://github.com/kubernetes/repo/blob/master/file.md
to https://git.k8s.io/repo/file.md for better consistency.
2022-06-10 22:49:04 +08:00
ef08c345e0
Fix an incorrect link in psp-to-pod-security-standards.md
...
Signed-off-by: Guangwen Feng <fenggw-fnst@fujitsu.com>
2022-06-08 11:40:04 +08:00
090803440d
Merge pull request #33130 from tengqm/move-kubelet-authn-authz
...
Move kubelet authn authz
2022-06-07 19:11:49 -07:00
11d56aacf6
Merge pull request #34076 from kadtendulkar/kad4
...
Update content/en/docs/reference/access-authn-authz/bootstrap-tokens.md
2022-05-31 17:33:02 -07:00
0be2557ecd
Fix CertificateSubjectRestriction in Admission Controllers docs
2022-05-31 19:35:12 +00:00
6c82e81ede
Update content/en/docs/reference/access-authn-authz/bootstrap-tokens.md
2022-05-31 22:02:36 +05:30
1cf774a05e
[zh]Update content/zh/docs/reference/access-authn-authz/admission-controllers.md
2022-05-24 02:26:02 +08:00
c992c4c04f
Add imagepolicy.v1alpha1 API
2022-05-18 14:20:20 +08:00
90a395745d
Cleanup admission-controllers page
...
This PR fixes several things in the admission-controllers page:
- The `PodSecurity` plugin is enabled by default, but it was not listed so;
- The `apiserver.config.k8s.io/v1alpha1` has been deprecated since v1.17, we are still documenting it side by side with the `apiserver.config.k8s.io/v1` API group;
- The `eventratelimit.admission.k8s.io/v1alpha1` API could use a better reference rather than the design doc; **The imagepolicy.v1alpha1 API is not documented anywhere, I'll add it later on.**
- There are statements about future, which should be removed;
- We are supposed refer to the `LimitRage` API reference rather than pointing users to the design docs;
- We are supposed refer to the `ResourceQuota` API reference rather than pointing users to the design docs;
- There are long lines in the page source which could have been wrapped properly.
2022-05-17 15:37:58 +08:00
5ead53b3e8
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-05-02 10:29:49 -07:00
b831e96c6a
[en] modify debug-cluster/audit
...
Signed-off-by: xin.li <xin.li@daocloud.io>
2022-04-29 20:40:59 +08:00
712f45dee4
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-04-26 13:11:13 -07:00
a3ea9f4caf
Update references to the kubelet security files
...
This commit updates all the existing references to the files move in the previous commit.
2022-04-23 14:32:19 +08:00
89b0b1bf8f
Move kubelet authentication/authorization out of CLI reference dir
...
The `kubelet-authentication-authorization` and the `kubelet-tls-bootstrapping`
pages do not belong to `reference/command-line-tools-reference` topic.
This PR moves them into `reference/access-authn-authz` subdirectory
which is a better fit.
The `static/_redirects` file is updated to point to the new location.
2022-04-23 14:30:14 +08:00
a3638c4fde
Update rbac.md
...
Fix description of magic service account group.
2022-04-21 14:07:32 -07:00
c62c9e9c61
Merge pull request #32909 from Sea-n/deprecate-ext
...
Remove deprecated `extensions` API group in document
2022-04-20 08:57:43 -07:00
0135d3642b
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-04-19 15:45:28 -07:00
613bb080ff
Remove deprecated `extensions` API group in document
2022-04-16 21:56:25 +08:00
01c3c53b7d
[en] Fix Markdown format
2022-04-14 01:33:53 +08:00
0bc8468bfa
The PodOverhead feature is GA
2022-04-13 11:49:50 +08:00
e65201a5b3
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-04-11 09:31:28 -07:00
eefc776e29
Fix typos in Markdown links. ( #32802 )
...
* Fix typos in Markdown links.
* Test
Co-authored-by: Mads Jensen <atombrella@users.noreply.github.com>
2022-04-08 00:16:41 -07:00
f85be125b9
Merge remote-tracking branch 'upstream/main' into dev-1.24
2022-03-31 15:18:13 -07:00
672813f3e7
Move PSP into Security concepts section
...
The logical navigation definitely works better if Pod Security admission
and PodSecurityPolicy are pages in the same section. Make It So.
Co-authored-by: Rey Lejano <rlejano@gmail.com>
2022-03-30 17:30:35 +01:00
5650e76c45
Fix typo
2022-03-29 19:27:32 +02:00
93bdfe8142
Move all volume expansion feature gates to GA
2022-03-29 10:38:58 +08:00
a364ecae1f
Remove references to client.authentication.k8s.io/v1alpha1 exec credential API
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-03-21 09:27:55 -07:00
991f671a02
Merge pull request #30721 from mlbiam/master
...
making wording clearer on extra in impersonation
2022-03-13 21:02:19 -07:00
b8264dcfc7
Link to PSP migration guide from PSP to PSS reference
2022-02-25 10:27:52 -08:00
198ae37902
Rewrite PodSecurityPolicy migration guide ( #31782 )
2022-02-24 18:07:56 -08:00
c910edd70e
Correct the name: CertificateSigningRequests
...
- This page referenced the "CertificationSigningRequests API," but this should be "CertificateSigningRequests API" or "Certificates API."
- Added a link to the documentation for CertificateSigningRequests.
2022-02-23 17:27:32 -08:00
a45bf8459d
Added Hyperlink to RFC3339. ( #31836 )
...
* Added Hyperlink to RFC3339.
* Wrapping a line!
2022-02-22 22:54:18 -08:00
bce7fb57e2
Improve configuration API for 1.23
...
The previous commit for configuration APIs has some nits to fix:
- The client-authentication API has both v1beta1 and v1 supported.
We need to include both.
- The kube-scheduler v1alpha1 is superceded by v1alpha3 which is new.
- The links to some external type definitions should point to the 1.23
API rather than old versions.
2021-12-20 09:45:38 +08:00
d4388492c5
Merge branch 'kubernetes:main' into master
2021-12-09 15:12:00 -05:00
584421fe11
Merge remote-tracking branch 'upstream/main' into dev-1.23
2021-12-06 08:55:54 -05:00
a3c6627798
Merge pull request #30125 from chirangaalwis/patch-4
...
Combine Service Account to Map with Resource Type
2021-12-05 20:08:32 -08:00
c9fb665413
Merge pull request #30741 from ptux/patch-10
...
[en] Update admission-controllers.md
2021-12-05 20:04:32 -08:00
63db6dbf66
Merge pull request #29717 from jonassteinberg1/patch-1
...
add 'the' to 'without restarting [the] API server' from Static Token …
2021-12-05 17:56:32 -08:00
8a8f9c40f9
Update admission-controllers.md
2021-12-06 09:16:27 +09:00
8dfd425486
making working clearer
...
*should* implies that an `extra` can be mixed case. but really it can't because a mixed case `extra` will mismatch on an RBAC `ClusterRole` once the header is canonicalized.
2021-12-02 22:01:07 -05:00
37532e231a
Add docs for RecoverVolumeExpansionFailure feature
2021-11-29 16:37:57 -05:00
d330226a95
Merge remote-tracking branch 'upstream/main' into dev-1.23
2021-11-17 12:55:09 -05:00
36be0ebac9
Merge pull request #30288 from drigz/patch-2
...
Remove "basic" from supported API auth methods
2021-11-16 18:51:53 -08:00
d2f227d73e
Merge pull request #29727 from jonassteinberg1/patch-2
...
"First this user must have [a] certificate issued..."
2021-11-12 21:06:46 -08:00
4b7784728a
PodSecurity beta updates
2021-11-10 10:30:51 -05:00
f3921c9028
Remove "basic" from supported API auth methods
...
This was removed in v1.19.
2021-10-28 11:57:07 +02:00
850e16fe38
Merge pull request #30193 from PranshuSrivastava/broken_link
...
fixed the broken link
2021-10-27 16:21:02 -07:00
094d9c034b
remove period and change script to command
...
Incorrect punctuative period and change the word script to command for uniformity.
2021-10-27 08:41:51 -05:00
e779d2d3fc
Update link to new project documentation site
2021-10-26 15:35:17 -04:00
8fbccfcd8f
Improvement: Correct the "empty" link in Dynamic Admission Control.
2021-10-26 13:51:38 +05:30
2642b12efc
made requested changes
2021-10-23 04:21:22 +05:30
1ee91f08c9
fixed the broken link
2021-10-22 21:29:07 +05:30
029ec4cd67
Combine Service Account to map with resource kind
2021-10-18 10:53:00 +05:30
dc326f0389
Add example for querying SA permissions
...
Add example for querying SA permissions
Add missing example for querying the API authorization layer for checking the permissions of a Service Account
Add missing SA identifying prefix
Improve suggested text to align with current content
Co-authored-by: Sam Roth <2413031+sejr@users.noreply.github.com>
Improve suggested text to align with current content
Co-authored-by: Sam Roth <2413031+sejr@users.noreply.github.com>
2021-10-11 18:14:39 +05:30
1262222578
Change master to v1.22.0
2021-10-04 15:52:46 +05:30
d4a08df1b9
Improvement: Correct the "code" link in Dynamic Admission Control.
2021-10-04 12:40:03 +05:30
780dae2785
Clarified scenarios that could lead to privilege escalation ( #29378 )
...
* Clarified scenarios that could lead to privilege escalation
Made it clearer that it's not just creating pods which enables the privilege escalation. It's all workloads, all reconfiguration of workloads, and conceptually the creation and reconfiguration of custom resources which create workloads.
* Allowing link to priv escalation heading if required
* Update content/en/docs/reference/access-authn-authz/authorization.md
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* Adding further clarifications
* Retitled escalation section
* Apply suggestions from vjftw
Co-authored-by: VJ Patel <VJftw@users.noreply.github.com>
* Clarified CRDs and reduced duplication
* Updating caution based on Geoffrey's comments
* Updating controller comment and linking out to reference docs
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: VJ Patel <VJftw@users.noreply.github.com>
2021-09-24 16:02:21 -07:00
0ad09c36d6
fix expiration of bound SA tokens
...
Signed-off-by: Sergiusz Urbaniak <sergiusz.urbaniak@gmail.com>
2021-09-21 08:21:46 +02:00
c2742b279e
"First this user must have [a] certificate issued..."
...
Added 'a' to the sentence "First this user must have certificate issued..." from the subsection "Normal Users"
2021-09-16 08:20:34 -05:00
f9d5ab0627
add 'the' to 'without restarting [the] API server' from Static Token File section
...
smol.
2021-09-15 09:29:37 -05:00
19807f866c
Update content/en/docs/reference/access-authn-authz/rbac.md
...
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
2021-08-23 21:45:10 +08:00
162da6561b
Update rbac.md: Describe in detail how to specify resourceNames when using list/watch verbs
2021-08-19 23:39:48 +08:00
87235b508d
Merge pull request #29311 from mengjiao-liu/update-githubbranch-param
...
Hard-code the name of the target repo's default branch instead of using the githubbranch parameter value
2021-08-16 06:03:18 -07:00
f945335af6
Hard-code the name of the target repo's default branch instead of using the githubbranch parameter value
2021-08-10 18:03:21 +08:00
a80328f582
Merge pull request #29295 from mfilocha/fix/rbac-links
...
Fix links in RBAC default bindings table
2021-08-09 20:37:17 -07:00
bdb4cc4603
Fix the broken link for "webhook.go"
2021-08-09 16:17:06 +05:30
647e9d6ca8
Fix links in RBAC default bindings table
...
An extra line needs to be added to allow
the link to be rendered properly.
Also reformatting link line to be better readable.
2021-08-09 12:09:29 +02:00
acc7252970
Merge pull request #29025 from robscott/endpoints-rbac
...
Adding documentation about Endpoints write access in wake of CVE-2021-25740
2021-07-26 23:20:45 -07:00
5a813f1267
Merge pull request #28430 from margocrawf/master
...
Add Impersonate-Uid description to Authentication docs page.
2021-07-26 12:02:33 -07:00
d710925768
Adding documentation about Endpoints write access in wake of CVE-2021-25740
2021-07-26 11:32:06 -07:00
9234f9454b
Merge pull request #28070 from enj/enj/f/duration_hint
...
Update CSR docs with expirationSeconds field details
2021-07-22 18:29:16 -07:00
f92e3ec2ba
Merge pull request #28903 from sejr/feat/podsecurity
...
Add Pod Security Standards documentation
2021-07-22 01:57:52 -07:00
f2b27507bd
Update CSR docs with expirationSeconds field details
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-21 16:59:02 -04:00
9329467e6e
Complete details regarding CSR garbage collection
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-21 16:04:24 -04:00
e0d4b53b1c
incorporating initial round of feedback
2021-07-21 15:33:46 +00:00
83f6cb6ed4
Merge pull request #28429 from ankeesler/exec-credential-v1
...
exec credential provider: v1 documentation
2021-07-21 06:54:07 -07:00
a30e63dcd6
exec credential provider: v1 documentation
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-07-13 10:47:14 -04:00
d77368133a
Add Impersonate-Uid description to Authentication docs page.
...
This change goes with https://github.com/kubernetes/kubernetes/pull/99961
in the Kubernetes repo.
2021-07-12 13:17:42 -07:00
548ba073da
Merge main into dev-1.22 to keep in sync
2021-07-09 18:19:13 +00:00
dd443f0238
Fix pending CSR deleted time is 24 hours
...
From the code, the `pendingExpiration = 24 * time.Hour`, so the pending CSR deleted time is 24 hours.
2021-07-09 16:49:54 +08:00
0c5a2e06da
Fixed up typo in extensible-admission-controllers.md
2021-07-05 11:41:11 +12:00
369169dbb3
Merge pull request #28570 from zshihang/main
...
update doc for BoundServiceAccountTokenVolume ga
2021-06-24 01:17:41 -07:00
3a9b198beb
update doc for BoundServiceAccountTokenVolume ga
2021-06-23 09:47:49 -07:00
5cfba9ebb2
Merge pull request #27114 from mengjiao-liu/update-signerName-desc
...
update certificate-signing-requests Signer description
2021-06-22 14:40:11 -07:00
f0f957ff21
update state for PodSecurityPolicy
2021-06-20 16:17:40 +08:00
5cf02fde98
Add Spaces.
2021-06-08 11:08:11 +05:30
baf379436b
Improvement: Managing Service Accounts
2021-06-07 17:33:58 +05:30
a6ab6dca21
docs(admission-controllers): update release status of TaintNodesByCondition
...
Signed-off-by: Jai Govindani <jai@honestbank.com>
2021-04-30 13:21:19 +07:00
1f28ec0961
Fix syntax errors ( #27735 )
...
* Fix syntax errors
- fix wrong placed line breaks
- fix command mode start and end
* remove word 'simple'
2021-04-28 17:06:50 -07:00
27b2611cbc
Update webhook server example code link
...
Fix 404 error and point to the latest released code.
2021-04-23 12:19:23 -04:00
87dd022604
Apply suggestions from code review
...
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
2021-04-21 08:14:28 -07:00
8a3d7acf03
update doc for BoundServiceAccountTokenVolume
2021-04-20 11:47:58 -07:00
d1e6a6fd24
Merge pull request #26605 from tengqm/admission-config-ref
...
Add WebhookAdmission reference
2021-04-14 01:30:42 -07:00
108149fa2f
Add WebhookAdmission reference
...
This is a reference for WebhookAdmission config generated from kubernetes-sigs/reference-docs/genref tool.
More specifically, it is generated using the following command:
```shell
./genref -include apiserver-webhookadmission
```
2021-04-07 09:13:47 +08:00
965aa51daf
Merge master into dev-1.21 to keep in sync, plus latest API reference
...
This sync merge includes API reference updates.
2021-04-06 21:38:24 +01:00
b28250b68f
Add reference for client-authentication v1beta1
...
This is a reference for client authentication API generated from kubernetes-sigs/reference-docs/genref tool.
More specifically, it is generated using the following command:
```shell
./genref -include client-authentication
```
2021-04-02 09:48:59 +08:00
ca046d9b1f
Merge master into dev-1.21 to keep in sync
2021-03-26 21:29:52 +01:00
55205a5c1f
Merge pull request #27225 from reylejano/update-denyexeconprivileged-removal
...
Update DenyExecOnPrivileged and DenyEscalatingExec deprecation notice
2021-03-26 06:40:43 -07:00
ec4840824d
Merge pull request #26472 from kbhawkey/cleanup-usage-just
...
clean up use of word: just
2021-03-26 04:34:43 -07:00
59d1b368c1
Merge pull request #26018 from CharlyRipp/patch-1
...
Update misleading webhook authentication documentation
2021-03-26 04:22:44 -07:00
16fcbcba69
Merge pull request #25735 from mpatters72/patch-2
...
Include missing cert export step
2021-03-26 03:30:45 -07:00
7a461e5f13
update doc for BoundServiceAccountTokenVolume and RootCAConfigMap
2021-03-25 22:57:44 -07:00
a6f829f29a
update denyexeconprivileged removal to release 1.21
...
update denyexeconprivileged removal to release 1.21
update denyexeconprivileged removal to release 1.21
2021-03-25 18:02:29 -07:00
b2bc2fe7c2
update certificate-signing-requests Signer description
2021-03-18 18:01:32 +08:00
3ff5ec1eff
clean up use of word: just
2021-03-17 19:57:40 -04:00
f7506a3d98
Drop vagrant path and use generic name.
2021-03-17 15:38:56 -07:00
1c237dabfa
Update content/en/docs/reference/access-authn-authz/certificate-signing-requests.md
...
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
2021-03-17 15:15:34 -07:00
70096affc5
Merge remote-tracking branch 'upstream/master' into dev-1.21
2021-03-05 17:05:24 +01:00
2b6074e8ed
changes
2021-02-22 19:13:26 -06:00
903ee369b2
Merge pull request #26119 from neha-viswanathan/25833-migrate-page
...
Migrate https://kubernetes.io/docs/concepts/cluster-administration/certificates/ to tasks section
2021-02-27 18:26:38 -08:00
a7bab8d6ca
Merge pull request #26751 from JensHeinrich/JensHeinrich-patch-sentence
...
Fix sentence
2021-02-27 16:12:39 -08:00
4103230c18
Clarify stability level of admission plugins
2021-02-27 12:46:20 -05:00
e864d7f3ca
Fix sentence
...
Add missing verb
2021-02-27 15:37:33 +01:00
41220636ec
Migrate https://kubernetes.io/docs/concepts/cluster-administration/certificates/ to tasks section
2021-02-24 18:33:38 -08:00
67a342aae3
Update certificate-signing-requests.md
...
Maintain original docs `/home/vagrant/work/`working directory to be consistent.
2021-02-19 13:18:53 -08:00
736139e3e7
Merge master into dev-1.21 to keep in sync - SIG-Release 1.21 Docs team 2/19/21
2021-02-19 12:23:22 -08:00
6a166cf511
Update content/en/docs/reference/access-authn-authz/certificate-signing-requests.md
...
Co-authored-by: Irvi Aini <7439590+irvifa@users.noreply.github.com>
2021-02-17 17:34:31 -08:00
4a0574a083
Update authentication.md
2021-02-13 17:19:13 +06:00
bfcea97d39
Merge remote-tracking branch 'upstream/master' into dev-1.21
2021-02-12 20:05:18 -05:00
11f542a599
Update authentication.md
2021-02-12 22:38:11 +06:00
5ad27062f6
Update content/en/docs/reference/access-authn-authz/authentication.md
...
Co-authored-by: Irvi Aini <7439590+irvifa@users.noreply.github.com>
2021-02-12 22:33:37 +06:00
2ae6da3c19
Merge branch 'master' into master
2021-02-12 17:04:39 +06:00
c0770869ff
fixed some grammatical mistakes
2021-02-12 16:57:50 +06:00
d7d113abb7
Merge pull request #26297 from thockin/docs-kep2200
...
Add docs for KEP 2200 (DenyServiceExternalIPs)
2021-02-09 08:13:10 -08:00
c111b4ac62
Docs for KEP 2200
...
* Document DenyServiceExternalIPs admission controller
* Re-order other admission controller blocks to be alphabetical
* Document DefaultIngressClass (missing)
2021-02-08 16:21:42 -08:00
3fd65482e8
clean up use of word: simply
2021-02-07 12:15:29 -05:00
d2e7f4acab
Merge pull request #26352 from kbhawkey/fixup-remove-word-easy
...
clean up use of word: easy
2021-02-04 10:48:26 -08:00
d148026f23
Merge pull request #26065 from margocrawf/master
...
Rewording of paragraph about provideClusterInfo key on Authentication page
2021-02-03 03:02:29 -08:00
67a750b5e0
Incorporated suggestions for provideClusterInfo paragraph
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-02-01 15:35:49 -08:00
7d9916af0c
clean up use of word: easy
2021-02-01 15:14:25 -05:00
f079aa8214
Update validatingadmissionwebhook and mutatingadmissionwebhook docs as they have been promoted to v1
2021-01-30 16:09:29 +08:00
c782fd6738
Merge pull request #25982 from ydFu/add-code-blocks-in-authorization
...
Add the code blocks in authorization.md
2021-01-29 10:25:41 -08:00
34e8b55faf
Merge pull request #26027 from tengqm/clean-podpreset
...
Clean PodPreset docs, examples and links
2021-01-15 07:39:51 -08:00
08fe76be1a
Update rbac.md
2021-01-14 09:50:57 -05:00
a11047c153
Clean PodPreset docs, examples and links
2021-01-14 13:26:29 +08:00
2135ed8002
Merge pull request #25856 from edwardrosen/patch-1
...
Update rbac.md
2021-01-12 16:00:36 -08:00
5accf8f128
Rewording of paragraph about provideClusterInfo key
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-01-12 13:51:15 -08:00
a37b8a9fee
Update rbac.md
...
I've deleted the line break. The example in line 89 now seems to render ok in the preview. Could you please take a look?
2021-01-12 15:22:39 -05:00
7347a9d008
Remove code reference
...
Remove reference in favor of https://github.com/kubernetes/website/issues/23889
2021-01-11 11:57:32 -06:00
1b70e98626
Add the code blocks in authorization.md
...
* Add the code blocks in the Markdown spec to make it easy to read.
* Add description that distinguish between **command** and **output** make it easy to read.
* Adjust description in Kubernetes components for smoother reading.
Signed-off-by: ydFu <ader.ydfu@gmail.com>
2021-01-09 11:57:24 +08:00
e72ec8fbd0
Update misleading documentation
...
Update misleading information that HTTPS is required and link to self-documented code to find more edge-case configuration options
2021-01-08 13:40:07 -06:00
284d725ee0
Update rbac.md
...
I added a <br> after the end of the third bullet and backed out all of the other changes I suggested in the original pull request. I think this better matches the author's original intent. The only difference now between what's currently published and this edit is the line break coded after the third bullet.
2021-01-08 14:10:01 -05:00
0245ad3aad
Remove too old content
2021-01-05 20:57:13 +02:00
95577c1fa5
Update rbac.md
...
The page renders the third bullet as a run-on sentence. I'm suggesting the example be placed in parentheses.
2020-12-29 16:20:54 -05:00
7a175d551a
Update rbac.md
...
The language "For all service accounts in the "qa" namespace" in the example is confusing namespaces and groups. Language fixed to disambiguate between group and namespace. An additional example provided which uses both the group ("dev") AND the namespace ("development") to further illustrate this point
2020-12-26 13:41:02 -08:00
ad85bdb054
Include missing cert export step
...
Updating the instructions to include missing step of getting issued cert exported from kubernetes, decoded, and ready for kubeconfig setup.
2020-12-20 11:36:20 -08:00
86d9492ccb
Merge remote-tracking branch 'upstream/master' into merged-master-dev-1.20
2020-12-03 11:58:44 -08:00
2bc7fbad27
Fix the text in the authorization diagram
2020-11-26 19:09:42 +09:00
cb802d23b1
Merge pull request #25147 from timhughes/patch-1
...
Updates links to Dex
2020-11-25 21:46:19 -08:00
d8ae37587e
Merge remote-tracking branch 'upstream/master' into dev-1.20 to keep in sync - 11-25-2020
2020-11-25 07:03:22 -08:00
f5132af21e
Updates links to Dex
2020-11-25 13:48:56 +00:00
b5c0e5ea14
Replace the diagram on authentication page with the one by mermaid.
2020-11-23 14:12:21 +09:00
c2a33c3403
fix dex/kubernetes link
2020-11-19 18:09:22 +00:00
20546141c0
Merge pull request #24698 from SergeyKanzhelev/runtimeGA
...
RuntimeClass GA
2020-11-12 03:10:50 -08:00
bb33373bb3
Merge branch 'master' into dev-1.20
2020-11-11 14:55:30 +01:00
6d90079245
Merge pull request #23842 from tengqm/improve-sa-admin
...
Improve ServiceAccount administration doc
2020-11-10 18:25:48 -08:00
0b4952dd88
separate RootCAConfigMap from BoundServiceAccountToken and Beta
2020-11-10 15:18:29 -08:00
358bc69dde
Merge pull request #24878 from ebriand/patch-5
...
Update default admission plugins for 1.19
2020-11-08 12:07:37 -08:00
cee9e620ca
Use different wording to not quote current version
2020-11-05 17:21:08 +01:00
b436a816e9
Merge pull request #24889 from reylejano-rxm/merged-master-dev-1.20
...
Merge master into dev-1.20 to keep in sync - 11-4-20
2020-11-04 12:46:53 -08:00
44fd64ef5c
Merge pull request #24639 from ankeesler/exec-cred-prov-cluster-info
...
exec credential provider: cluster info details
2020-11-04 11:20:52 -08:00
48266bd653
Merge remote-tracking branch 'upstream/master' into dev-1.20
2020-11-04 10:32:10 -08:00
c869ef67a8
Update default admission plugins for 1.19
2020-11-04 09:56:20 +01:00
300c2e8545
Better docs for standard topology labels
...
As per KEP 1659, topology labels are now more formalized. Move away
from the older `failure-domain.beta` names ands use `topology` names
instead.
2020-11-03 11:27:58 -08:00
c855d5d68c
exec credential provider: make arbitrary JSON more explicit
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-11-03 12:19:16 -05:00
63283f5c31
Update content/en/docs/reference/access-authn-authz/admission-controllers.md
2020-10-29 17:22:26 -07:00
6d51948652
Update content/en/docs/reference/access-authn-authz/admission-controllers.md
...
Co-authored-by: Tim Bannister <tim@scalefactory.com>
2020-10-29 17:19:11 -07:00
72a66b6969
RuntimeClass GA
2020-10-23 20:57:54 +00:00
45ec60bed5
Merge master into dev-1.20 to keep in sync
2020-10-22 17:44:02 +02:00
00fd1a68f2
Fix links in reference section
2020-10-22 15:19:30 +08:00
2ff3d1f7d3
Improve ServiceAccount administration doc
...
This PR fixes some nits in the doc and slightly revised the content to
conform to content guidelines.
2020-10-21 10:47:08 +08:00
78351ecaf5
Transfer “Controlling Access to the Kubernetes API” to the Concepts section
...
Readers from several different backgrounds will find it useful to know
about how Kubernetes controls access to its API. Promote this overview
to the Security subsection of Concepts.
2020-10-20 23:41:56 +01:00
3edb970570
Move API overview to be a Docsy section overview
2020-10-20 23:41:54 +01:00
ac8ce96c08
Merge pull request #24653 from jpetazzo/clarify-csr-cluster-signing-duration
...
Clarify expiration of certificates signed by kube-controller-manager
2020-10-20 14:28:19 -07:00
7cfdee6b87
Merge pull request #22715 from logicalhan/monitoring
...
add documentation for system:monitoring rbac policy
2020-10-20 14:22:21 -07:00
1932647552
Clarify expiration/lifetime of certificates signed by kube-controller-manager
...
The current wording of the documentation suggests that the duration/expiration
of the certificates can be changed by asking a specific time in the CSR. While
it's technically possible to specify a duration (e.g. as a custom annotation),
there is no agreed-upon method to do so, and the built-in signer uses a fixed
expiration time anyway.
This clarifies the situation.
See kubernetes/kubernetes#92678 for discussion.
Signed-off-by: Jerome Petazzoni <jerome.petazzoni@gmail.com>
2020-10-20 22:37:25 +02:00
df5f80f69b
Merge pull request #24604 from mdgrotheer/patch-1
...
Update authentication.md
2020-10-20 11:48:19 -07:00
92a09b23fa
Style tweaking for CSR reference page
2020-10-20 09:08:54 +08:00
6fc4e102b8
exec credential provider: cluster info details
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-19 10:44:37 -04:00
Kubernetes Prow Robot
W Geng
whitebear009
Qiming Teng
windsonsea
Tom Kivlin
carolina valencia
Jordan Liggitt
Meha Bhalodiya
Rohit Agarwal
Sam Cook
Osuolale Emmanuel
Raki
Sean Wei
Guangwen Feng
Rishit Dagli
kadtendulkar
wei.wang
Nate W
xin.li
CJ Cullen
Mads Jensen
Tim Bannister
Cezary Czekalski
Margo Crawford
Tim Allclair
Jay Beale
Shubham
Marc Boorshtein
Jesse Butler
Wang
Hemant Kumar
Rodrigo Queiro
Jonas Steinberg
Pranshu Srivastava
chirangaalwis
Richard Tweed
Sergiusz Urbaniak
Abirdcfly
Mengjiao Liu
Maciej Filocha
Rob Scott
Monis Khan
Samuel Roth
Andrew Keesler
Christopher Negus
AStraw
Edward Huang
Shihang Zhang
chenxuc
Jai Govindani
Smuu
Michael Gugino
Victor Palade
Rey Lejano
Karen Bradshaw
Mike Patterson
raghvenders
Jens Heinrich
Neha Viswanathan
Sahadat Hossain
ChandaniM123
Sahadat Hossain
Tim Hockin
RainbowMango
Edward Rosen
Qiming Teng
Charly Rippenkroeger
ydFu
Roman Marusyk
Rajesh Jain
Kristin Martin
TAKAHASHI Shuuji
reylejano-rxm
Tim Hughes
mkontani
Irvi Aini
Eric Briand
Sergey Kanzhelev
eagleusb
Jerome Petazzoni